BleepingComputer.com: Windows 7 will NOT boot no matter what options I try

I will try to explain as detailed as possible. I was trying to remove system fix/check on a friends computer as a few of them had recently gotten the virus upon which i was able to remove successfully. When I received this computer I correctly removed system fix/check from the computer but there were several other viruses hanging about. Not being familiar with them, after running SuperAntiSpyware (i believe was the name) I then installed Avast which ran a complete scan and found 7 viruses considered to be a serious threat. I opted to delete them as they did not appear to be system files and avast promptly asked me if i would like to run a boot time scan or boot scan to which i replied "yes". at 5% it found, or claimed to have found a virus in C:/hp/bin/endprocess.exe and listed several options. next to deleted it said (recommended) so I chose that option. I don't know why the name and location stuck out to me as it was 2am and I was really not paying attention giving complete control to avast...well the scan continued after these finding several files and by its own choice, deleting them. it reached around 67% and the screen went black.

since then i am stuck in a loop and the computer will NOT reboot...i have tried restore to a previously known stable state, safe mode, repair, recovery, even the windows advanced recovery option for processors or something like that and it will appear to be starting but nothing ever does...i either get the "starting windows" black screen and then goes to black or reboots to launch system repair. then i try to power down and f8 for yet another option and i have tried everything...nothing seems to work..this is a compaq presario and the recovery disc is located on the d drive and the owner bought from best buy without recovery disc or software...

PLEASE HELP!!! '''' I don't know what i have done and can't think of any other way other than dos and i don't even know if thats still an option and its been over 15 years since i had to do anything in dos mode.

This post has been edited by hamluis: 21 January 2012 - 05:37 PM
Reason for edit: Moved to Am I Infected from Win 7.

I've put in a request for assistance by placing it on the list we maintain for systems which are unbootable due to malware. Some one will assist you as quickly as possible .

Louis

thank u so much!

Hello, please start your computer and tap F10 until the Edit Boot Menu comes up. Let me know what is listed between the brackets [... ]

when i hit f10 the insydeh20 setup utility menu appears. in brackets is the time then date. if i go to system configuration from there i can get to boot options? is that where you want me to go? I have gone there and it just has options that are enabled and disabled but nothing in brackets. thank you for answering!!!

now when i hit f9 it takes me to the boot manager and there are two things listed on the screen under the heading boot options menu

HP DVD RW AD-7581S
WDC WD2500BEKT-60V5T1

is that what you were looking for?

No, you need to wait a bit longer before hitting F10 (after the POST screen disappears and the screen goes black).

sorry it took so long...i was down with the flu...okay so i hit f10 it says the following

Launch start up repair and Start Windows Normally

In that case, tap the F8 key when the computer starts until the Advanced Boot Options menu comes up. Select Repair Windows and wait until the recovery environment is loaded.

Once loaded, select Command Prompt and type the following lines and press enter after each of them.

c:

bcdedit /set {default} winpe no

Restart and let me know if it reboots normally now.

ok the only option is to "repair your computer" three safe mode options, directory services repair and start windows normal. so i tried the repair option and it starts beeping on and off for aboutt 15 seconds then the screen goes black and nothing again

Please try the following:

You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer

• Run GETxPUD.exe
  
• A new folder will appear on the desktop.
  
• Open the GETxPUD folder and click on the get&burn.bat
  
• The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  
• Click on Start and follow the prompts to burn the image to a CD.
  
• Remove the USB & CD and insert it in the sick computer
  
• Boot the Sick computer with the CD you just burned
  
• The computer must be set to boot from the CD
  
• Gently tap F12 and choose to boot from the CD
  
• Follow the prompts
  
• A Welcome to xPUD screen will appear
  
• Press File
  
• Expand mnt
  
• sda1,2...usually corresponds to your HDD
  
• sdb1 is likely your USB
  
• Click on the folder that represents your USB drive (sdb1 ?)
  
• Press Tool at the top
  
• Choose Open Terminal
  
• Type the following and press enter:
  
  dd if=/dev/sda of=mbr.bin bs=512 count=1
  
  
  
• Press Enter
  
• After it has finished a file will be located on your USB drive named mbr.bin
  
• Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

sorry it took so long...i had to get a disc to burn to...here it is attached and thank you SO much again for your help!!

oops here it is  mbr.zip (532bytes)
Number of downloads: 10

No problem! The MBR dump shows indeed a hidden, malicious partition.

• Download tdl_fix.sh and save it to the USB flash drive.
• Insert USB drive into sick machine
• Boot into xPUD from the CD as beforethen click the File tab.
• Press File
• Expand mnt
• Click on the folder under mnt that represents your USB drive (sdb1 ?)
• You should see the tdl_fix.sh file in the main window.
• Select Tool from the Menu
• Choose Open Terminal
• Type bash tdl_fix.sh -delete then press Enter.
• ** Make sure to leave a space to either side of tdl_fix.sh in the command.
• Type y at the warning you'll receive.
• You should be notified of a hidden partition found and prompted to delete it.
• Type y then press Enter.
• The script will complete and prompt you to reboot the computer.
• Close the Terminal window and restart back into Windows.
• Post the contents of the tdl_delete.txt file that was created on your flash drive.

ok i got the following error after typing y and giving it permission to delete the hidden partition it found:

Fatal Error! The hidden partition is marked active.
run this script with no switch and mark the correct partition active
aborting procedure

just a note, because i have NO clue what I am talking about, but there is a recovery partition...hp and compaq's have them instead of having a recovery cd...would that be the hidden one? although i know it does show up in the list so that doesn't seem "hidden" to me but just thought i should mention JIC it was something important...i am sure the hidden one is malicious and has nothing to do with the recovery but again just to be safe...