Error Message: Rootkit scan cancelled due to a corrupt disk

Hi,  

If you're getting a blue screen something pretty serious must be mappening, I would suggest doing the following;

1.Ensure that you have your machine configured to create a full memory dump (ideally).

To do so, under computer properties, go into "Advanced system settings" and from there into the "Startup and recovery" section settings.   You should be able to set it at least to a Kernel dump which will be written by default to %SystemRoot%\MEMORY.DMP.

2. When the BSOD next happens, it will write the state to the above file.

On next bootup move %SystemRoot%\MEMORY.DMP to your desktop.  I figure it's best to move it as quick as possible incase the machine BSODs again.  If you are unable to find the file, we can settle for the next best thing which is a minidump,  to get that, it should be in \windows\minidump\ please copy the latest written to your desktop.

Either way at this point we should have a memory dump to work with which is either:

Full Dump

Kernel Dump

Mini dump

In terms of size, looking at the above list they get smaller but they also contain less information as to the state of the machine at the point it crashes but we'll have to work with what we can obtain.

3. download WinDBG

http://msdn.microsoft.com/en-us/windows/hardware/gg463009.aspx

Once installed you should have a link in the startmenu to Windbg, start it up.

4. "File" - "Open Crash Dump"

5. Once complete.  It will give you a link to hit that looks like:

!analyze -v

If noy you can just type it in to the command line at the bottom.  Once WinDbg has finished anlayzing the crash dump it will tell you the most likely component that caused the crash.  That's not to say it's going to be 100% accurate but the above procedure is standard procedure, first steps when getting a BSOD.

http://support.microsoft.com/kb/315263

Pretty much covers the above steps.

Also, regading the root kit corrupt disk message, I've had some success disabling the Windows background task that performs the defrag.  As an example, if you look through the history of this error, see if it aligns with the times for the degrag taks.  On Windows 7 you can go to:

Control Panel - Administrative Tools - Task Scheduler - Expand: "Task scheduler library" - Microsoft - Windows - Defrag

Under the properties of the "Scheduled Defrag" task you can see the history.  I've found that Windows 7 scheduled tasks seem to run when they want (even considering the option "Run as soon as possible after a scheduled task is missed") on my machine so it's worth checking when they ran rather than when they were meant to run.  I last had the error on the 17th of Feb which was the last time this task ran.  Also there are many utility applications that come pre-bundled with laptops that try and perform such maintenance tasks, so it would be worth checking those as well.

Hope this info gives other something to try, I'd be interested to hear any feedback.

Regards,

Jak

Hi,  

If you're getting a blue screen something pretty serious must be mappening, I would suggest doing the following;

1.Ensure that you have your machine configured to create a full memory dump (ideally).

To do so, under computer properties, go into "Advanced system settings" and from there into the "Startup and recovery" section settings.   You should be able to set it at least to a Kernel dump which will be written by default to %SystemRoot%\MEMORY.DMP.

2. When the BSOD next happens, it will write the state to the above file.

On next bootup move %SystemRoot%\MEMORY.DMP to your desktop.  I figure it's best to move it as quick as possible incase the machine BSODs again.  If you are unable to find the file, we can settle for the next best thing which is a minidump,  to get that, it should be in \windows\minidump\ please copy the latest written to your desktop.

Either way at this point we should have a memory dump to work with which is either:

Full Dump

Kernel Dump

Mini dump

In terms of size, looking at the above list they get smaller but they also contain less information as to the state of the machine at the point it crashes but we'll have to work with what we can obtain.

3. download WinDBG

http://msdn.microsoft.com/en-us/windows/hardware/gg463009.aspx

Once installed you should have a link in the startmenu to Windbg, start it up.

4. "File" - "Open Crash Dump"

5. Once complete.  It will give you a link to hit that looks like:

!analyze -v

If noy you can just type it in to the command line at the bottom.  Once WinDbg has finished anlayzing the crash dump it will tell you the most likely component that caused the crash.  That's not to say it's going to be 100% accurate but the above procedure is standard procedure, first steps when getting a BSOD.

http://support.microsoft.com/kb/315263

Pretty much covers the above steps.

Also, regading the root kit corrupt disk message, I've had some success disabling the Windows background task that performs the defrag.  As an example, if you look through the history of this error, see if it aligns with the times for the degrag taks.  On Windows 7 you can go to:

Control Panel - Administrative Tools - Task Scheduler - Expand: "Task scheduler library" - Microsoft - Windows - Defrag

Under the properties of the "Scheduled Defrag" task you can see the history.  I've found that Windows 7 scheduled tasks seem to run when they want (even considering the option "Run as soon as possible after a scheduled task is missed") on my machine so it's worth checking when they ran rather than when they were meant to run.  I last had the error on the 17th of Feb which was the last time this task ran.  Also there are many utility applications that come pre-bundled with laptops that try and perform such maintenance tasks, so it would be worth checking those as well.

Hope this info gives other something to try, I'd be interested to hear any feedback.

Regards,

Jak