External HDD locks Windows XP
I have 1TB Seagate Portable External Hard Drive STAX1000102. When I attach it (USB) to the laptop (Dell Latitude D530) with Windows XP version 2002 SP3, the Operation System goes into strange state. I cannot run simple app like Total Commander, I cannot just do even simple operations, I cannot browse in already launched web browser, I can do nothing - everything takes forever. I cannot even shut down the computer - it must be done by the laptop on/off button. It is not consuming a lot of CPU nor a lot of HDD - it seems that the Operation System itself gets locked somehow.
Just by simply running msconfig, I disabled all items in the Startup tab, all non-Microsoft items in Services tab, and the issue is still present! I also tried to disable some of the Microsoft services, but it didn't help either. Only thing that helped was to run Windows in safe mode.
The HDD works fine on many other laptops and desktop PCs.
Do you have any idea what could cause the trouble?
EDIT - result of @STTR's script:
I have run your script (usbrest.cmd) and unfortunatelly it didn't help. Here is the output (unfortunatelly I have localised Win, I will try to translate where needed):
C:\Documents and Settings\Tomas> C:\Documents and Settings\Tomas>REG DELETE "HKLM\SYSTEM\CurrentControlSet\Contro l\Class\{36FC9E60-C465-11CF-8056-444553540000}" /v LowerFilters /f
Chyba: Systém nenalezl zadaný klíč registru nebo požadovanou hodnotu.
(translation: error: registry key or value not found)
C:\Documents and Settings\Tomas>REG DELETE "HKLM\SYSTEM\CurrentControlSet\Contro l\Class\{36FC9E60-C465-11CF-8056-444553540000}" /v UpperFilters /f
Chyba: Systém nenalezl zadaný klíč registru nebo požadovanou hodnotu.
(translation: error: registry key or value not found)
C:\Documents and Settings\Tomas>REG DELETE "HKLM\SYSTEM\CurrentControlSet\Contro l\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}" /v LowerFilters /f
Chyba: Systém nenalezl zadaný klíč registru nebo požadovanou hodnotu.
(translation: error: registry key or value not found)
C:\Documents and Settings\Tomas>del /F /A:- %windir%\inf\INFCACHE.1
C:\Documents and Settings\Tomas>sc config stisvc start= auto [SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Tomas>sc start stisvc
SERVICE_NAME: stisvc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 2 START_PENDING
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x7d0
PID : 1540
FLAGS :
C:\Documents and Settings\Tomas>sc config ShellHWDetection start= auto
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Tomas>sc start ShellHWDetection
[SC] StartService FAILED 1056:
Instance tÚto slu
I have been also looking at the registry key you have mentioned but I have not found the LowerFilters, UpperFilters values.
EDIT 2, output of STTR's script getusb-file.cmd:
C:\Documents and Settings\Tomas>dir /B /A:- %windir%\system32\Drivers\usb*
usb8023.sys
usb8023x.sys
usbcamd.sys
usbcamd2.sys
usbccgp.sys
usbd.sys
usbehci.sys
usbhub.sys
usbintel.sys
usbohci.sys
usbport.sys
usbstor.sys
usbuhci.sys
usbvideo.sys
C:\Documents and Settings\Tomas>dir /B /A:- %windir%\inf\usb* | find /i ".inf"
usb.inf
usbport.inf
usbprint.inf
usbstor.inf
usbvideo.inf
C:\Documents and Settings\Tomas>
EDIT 3:
C:\Documents and Settings\Tomas>wmic BASEBOARD get Product, SerialNumber, Version, Manufacturer
Chyba: (= error)
Kód = 0x80070422
Popis = Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení. (= The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.)
Prostředek = Win32
F:\sw\pstools>REG QUERY "HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE103??18}" /v UpperFilters
Chyba: Systém nenalezl zadaný klíč registru nebo požadovanou hodnotu.
(= registry key or value was not found)
I have dumped whole HKLM\SYSTEM\CurrentControlSet\Control\Class registry for you to see.
EDIT 4
Here is the output of RestoreServiceSetting.cmd (there were some errors):
C:\Documents and Settings\Tomas>::HID Input Service
C:\Documents and Settings\Tomas>sc config HidServ start= auto
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Tomas>sc start HidServ
[SC] StartService FAILED 1056:
Instance tÚto slu
C:\Documents and Settings\Tomas>
C:\Documents and Settings\Tomas>::Shell Hardware Detection
C:\Documents and Settings\Tomas>sc config ShellHWDetection start= auto
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Tomas>sc start ShellHWDetection
[SC] StartService FAILED 1056:
Instance tÚto slu
C:\Documents and Settings\Tomas>
C:\Documents and Settings\Tomas>::Windows Image Acquisition (WIA)
C:\Documents and Settings\Tomas>sc config stisvc start= auto
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Tomas>sc start stisvc
[SC] StartService FAILED 1056:
Instance tÚto slu
C:\Documents and Settings\Tomas>
C:\Documents and Settings\Tomas>::Windows Management Instrumentation
C:\Documents and Settings\Tomas>sc config winmgmt start= auto
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Tomas>sc start winmgmt
SERVICE_NAME: winmgmt
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 2 START_PENDING
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x7d0
PID : 1796
FLAGS :
C:\Documents and Settings\Tomas>
C:\Documents and Settings\Tomas>::Remote Registry
C:\Documents and Settings\Tomas>sc config RemoteRegistry start= auto
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Tomas>sc start RemoteRegistry
SERVICE_NAME: RemoteRegistry
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 2 START_PENDING
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x7d0
PID : 2000
FLAGS :
C:\Documents and Settings\Tomas>
C:\Documents and Settings\Tomas>::Logical Disk Manager
C:\Documents and Settings\Tomas>sc config dmserver start= auto
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Tomas>sc start dmserver
SERVICE_NAME: dmserver
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 2 START_PENDING
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x7d0
PID : 1796
FLAGS :
C:\Documents and Settings\Tomas>
C:\Documents and Settings\Tomas>::Logical Disk Manager Administrative Service
C:\Documents and Settings\Tomas>sc config dmadmin start= demand
[SC] ChangeServiceConfig SUCCESS
After restart:
C:\Documents and Settings\Tomas>wmic BASEBOARD get Product, SerialNumber, Version, Manufacturer
Manufacturer Product SerialNumber Version
Dell Inc. 0HP728 .721HP3J.CN4864383F5721.
EDIT5:
After running secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose and
secedit /configure /cfg %windir%\repair\secDC.inf /db secDC.sdb /verbose I got this output (translated, commented):
C:\Documents and Settings\Tomas>secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose
Úloha je dokončena. Některé soubory uvedené v konfiguraci nebyly v tomto systému
nalezeny, nelze tedy nastavit ani zjišťovat zabezpečení. Zprávu můžete ignorova
t.
Podrobnosti naleznete v souboru %windir%\security\logs\scesrv.log.
(task is finished. Some of the files were not found so the security level cannot be
found out. You can ignore this. Details in the scesrv.log -- actually this command
took quite a long time, showing progress in percent)
C:\Documents and Settings\Tomas>secedit /configure /cfg %windir%\repair\secDC.inf /db secDC.sdb /verbose
Systém nemůže nalézt uvedený soubor.
Úloha byla dokončena s chybou.
Podrobnosti naleznete v souboru %windir%\security\logs\scesrv.log.
(File was not found -- the secDC.in does not exist. THis terminated immediatelly.
The log file just said that the secDC.inf file could not be found.)
Then I rebooted and the problem persisted. So I hard-rebooted and tried RestoreServiceSetting.cmd script again, but there were similar errors as in the last run:
C:\Documents and Settings\Tomas>::HID Input Service
C:\Documents and Settings\Tomas>sc config HidServ start= auto
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Tomas>sc start HidServ
[SC] StartService FAILED 1056:
Instance tÚto slu
C:\Documents and Settings\Tomas>
C:\Documents and Settings\Tomas>::Shell Hardware Detection
C:\Documents and Settings\Tomas>sc config ShellHWDetection start= auto
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Tomas>sc start ShellHWDetection
[SC] StartService FAILED 1056:
Instance tÚto slu
C:\Documents and Settings\Tomas>
C:\Documents and Settings\Tomas>::Windows Image Acquisition (WIA)
C:\Documents and Settings\Tomas>sc config stisvc start= auto
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Tomas>sc start stisvc
[SC] StartService FAILED 1056:
Instance tÚto slu
C:\Documents and Settings\Tomas>
C:\Documents and Settings\Tomas>::Windows Management Instrumentation
C:\Documents and Settings\Tomas>sc config winmgmt start= auto
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Tomas>sc start winmgmt
[SC] StartService FAILED 1056:
Instance tÚto slu
C:\Documents and Settings\Tomas>
C:\Documents and Settings\Tomas>::Remote Registry
C:\Documents and Settings\Tomas>sc config RemoteRegistry start= auto
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Tomas>sc start RemoteRegistry
[SC] StartService FAILED 1056:
Instance tÚto slu
C:\Documents and Settings\Tomas>
C:\Documents and Settings\Tomas>::Logical Disk Manager
C:\Documents and Settings\Tomas>sc config dmserver start= auto
[SC] ChangeServiceConfig SUCCESS
C:\Documents and Settings\Tomas>sc start dmserver
[SC] StartService FAILED 1056:
Instance tÚto slu
C:\Documents and Settings\Tomas>
C:\Documents and Settings\Tomas>::Logical Disk Manager Administrative Service
C:\Documents and Settings\Tomas>sc config dmadmin start= demand
[SC] ChangeServiceConfig SUCCESS
I connected the drive again and the problem still persists.
EDIT: today I tried to attach normal (internal) HDD using the USB adapter and it did lock the computer the same way.
Tomas1 Answer
Most likely a problem in the Keys:
HKLM\SYSTEM\CurrentControlSet\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}
HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}
LowerFilters, UpperFilters value.
and as variant:
mountpoint:
mountvol /L | find "\\"
mountpoint, registry:
HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices
remove unwanted entries mount points:
USB ID device:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USBSTOR
Windows XP:
backup registry and run:
usbrest.cmd:
REG DELETE "HKLM\SYSTEM\CurrentControlSet\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}" /v LowerFilters /f
REG DELETE "HKLM\SYSTEM\CurrentControlSet\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}" /v UpperFilters /f
REG DELETE "HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}" /v LowerFilters /f
del /F /A:- %windir%\inf\INFCACHE.1
sc config stisvc start= auto
sc start stisvc
sc config ShellHWDetection start= auto
sc start ShellHWDetection
need reboot.
usbdevice-delete-all.cmd:
REG DELETE "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB" /f
REG DELETE "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USBSTOR" /f
delete all USB at device:
psexec -i -d -s usbdevice-delete-all.cmd
psexec
need reboot.
Run in cmd, getusb-file.cmd
getusb-file.cmd:
dir /B /A:- %windir%\system32\Drivers\usb*
dir /B /A:- %windir%\inf\usb* | find /i ".inf"
Run in cmd get UpperFilters disk device:
REG QUERY "HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}" /v UpperFilters
Run in cmd, get systemboard info:
wmic BASEBOARD get Product, SerialNumber, Version, Manufacturer
Output:
Manufacturer Product SerialNumber Version
ASUSTeK Computer INC. P5Q MS1C8CBKC500124 Rev 1.xx
RestoreServiceSetting.cmd:
::HID Input Service
sc config HidServ start= auto
sc start HidServ
::Shell Hardware Detection
sc config ShellHWDetection start= auto
sc start ShellHWDetection
::Windows Image Acquisition (WIA)
sc config stisvc start= auto
sc start stisvc
::Windows Management Instrumentation
sc config winmgmt start= auto
sc start winmgmt
::Remote Registry
sc config RemoteRegistry start= auto
sc start RemoteRegistry
::Logical Disk Manager
sc config dmserver start= auto
sc start dmserver
::Logical Disk Manager Administrative Service
sc config dmadmin start= demand
usbrest2.cmd:
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}" /v UpperFilters /t REG_MULTI_SZ /d PartMgr\0 /f
Disables automatic mounting of new volumes:
mountvol /N
Re-enables automatic mounting of new volumes:
mountvol /E
Restore default registry and filesystem settings:
secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose
secedit /configure /cfg %windir%\repair\secDC.inf /db secDC.sdb /verbose
See eventlog disk event:
powershell Get-Eventlog system -Source Disk
See 10 last disk error:
powershell Get-Eventlog system -newest 10 -EntryType Error -Source Disk
STTRUser contributions licensed under CC BY-SA 3.0