Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't boot (XP Pro SP2)


  • Please log in to reply
3 replies to this topic

#1 sibi

sibi

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 24 May 2010 - 05:41 AM

Hello!
I'm deeply sorry for my first post! It was intended to appear within Introductions... [I still don't know what I did for it to end up here...]
And now to the point:
I have a Compaq Evo D510 CMT computer, and I am running Windows XP Professional SP2. The computer originally had a 40GB WD harddisk. Three years ago I added a second HD: an 80 GB Seagate Barracuda. At that moment, I also reorganised the partitions and data as follows: The "old" WD was left with only one partition on it (38plus GB), hosting only the system and program files; the "new" HD was parted into two equal partitions (D and E), hosting all my documents.
One day last week I went to work, leaving the computer on. It was not for the first time that I did that, and on some other occasions I had even left it with some applications (e.g. uTorrent) running. This time NOTHING was running, and the only reason for my not turning it off was my being late, and thus not having enough time to correctly unmount the four USB devices that I had connected to my system (three external HDs and a DVD Writer).
When I came back home in the evening, a BLACK screen was waiting for me, saying something like that: "Attempt to boot from CD-Rom... Attempt to boot from Floppy A... from USB device..." and concluding 'Missing operating system'!
Since then I have tried everything I knew, read or heard about to make my C: drive and its partition boot again, and it was all in vain...
In order to spare those who might reply to this post an effort, I have to briefly list what indices about the crash I could gather, and what I already did about it with no result (after a horrible week of sleepless nights, maybe you'll excuse my lack of precision and coherence in what follows):
- I managed to access the partition in question (which is the system one) via the virtual (running on RAM) Linux partition supplied by Parted Magic (Ultimate Boot CD), and read the Windows log. It ended at 1 p.m. on that fatidic day (2010. 05.14) with 3 error reports about IdeChnDr being stopped. (Please, don't tell me to uninstall the Intel Accelerator, because, I repeat, I CANNOT access my system, and this includes Safe Mode and Last Known Good Configuration, System Restore or other of the like "solutions"... To say nothing about the fact that my old computer has run with Intel Accelerator for years, and I haven't done any change / upgrade recently.)
- Avira's Rescue System scan (provided by the same UBCD) found an infection with the worm Palevo affecting mainly the current user's temp files and some windows/system 32 files, occurring (again!) from 1.00 p.m. to 1.06 p.m. on that same day. I repeat, I left my computer with 0 applications running, I was away at that moment of the day and, of course, did not connect remotely to my computer, nobody lives with me and nobody has the keys to my house and/or the password of my computer, and nobody can remotely connect to my computer without my permission and assistance... yet, the computer was, naturally, connected to the internet... and my awful ISP offers PPPoE - with unsecured password! - as the ONLY possibility of having an internet connection!... And I still don't have a router! [A few weeks ago I discovered a "kind of" keylogger on my computer, one that was so stupid as to tell the server destination of its logs in plain text... you may probably guess that the server belonged to my ISP...] Otherwise, needless to say that my Avira Anti-virus is always up to date, (I also double-check with Clamwin, since, according to the Clamwin website, they can co-exist), I often scan my computer with Spybot S&D, I occasionally use some other online scanners (Trend Micro etc) and specialised for certain threats applets, I use Sandboxie for uncertain at first downloads, I regularly clean my registry (Glary Utilities, CCleaner), I do not use Messenger, Skype or any other form of live chat, and I never open suspicious mails, even from acquaintances... The night before the "catastrophe" I scanned with both Avira and Spybot, and both scans came out clean...)
I noted down the files signalled by Avira's Rescue System, and I deleted them via Linux, then re-scanned till the partition came out clean...
Unfortunately, till now I couldn't find a way to access the registry, in order to check whether the Palevo worm has left any modifications there, as predicted by its description on anti-malware sites... All the various applications within Ultimate Boot CD and Hiren's Boot CD promising a registry editor have returned an error when trying to use this function.
- Repair XP using the original Windows XP Professional SP2 CD that came with the computer... not working! Setup detects the Windows installation to repair, loads everything, and... when it reaches the second stage (reboot and starting install) ends up in BSOD!
- Recovery Console using the XP CD... not working! Tried Copy NTLDR and NTDETECT, chkdsk /r, fixboot, fixmbr etc... nothing! Edited boot.ini... nothing!
- Since chkdsk lingers around 50%, and then quickly covers the rest, I tested for hardware problems... My ancient WD harddisk passed all hardware tests with ease!...
- Fixed MBR and bootsector repeatedly with various programs and commandline utilities on the two previously mentioned CDs... nothing! Interestingly enough, when such a comparison is offered, the backup and the new MBR are identical!
[I am aware of the fact that some worms affecting the MBR may "substitute" standard MBR information with their own, so that the computer is still booting only "by means of" the malware, and so, when the latter is removed, the computer is left unbootable... but my computer did not boot at all after the "mysterious" infection that hit it out of the blue and in my absence...]
I have to mention another oddity: ALL utilities (Windows Recovery Console included) SEE the unbootable disk 0 (=partition 1) and/or they can explore it (all my programs and system files seem intact); none lists it as "lost", "hidden" or "invisible" or as an "unmountable" disk vol; all can read its real and correct characteristics (size 38plus GB, filesystem NTFS 07, used and free space, geometry, no. of sectors, primary, active, bootable, healthy [!], mounted vol), and yet I cannot boot my system from it!!!!! In other words, everything is OK, except its working!
Of course, after deleting the infected files, I used Ghost to copy the volume in question (once as disk, and another time as partition) to one of the external USB HDs. (Yes, I am aware of it: they, too, have been infected. I deleted via Parted Magic Linux the autorun.inf in the USB HD used for storing the copies.) Nevertheless, I'm afraid that both these possibilities offered by the respective program have also unfortunately "ensured" the copying (and therefore, the perpetuation) of the yet unidentified flaw that prevents my system from booting, since the resulting images are announced to include booting information and, respectively, partition table information. Thus, I'm not so eager to rely on them for a possible recovery, in case that something happens with the original information.
- I almost forgot: I also did the frequently recommended in such cases resetting of the BIOS back to the default values, in spite of the fact that my customised settings have worked perfectly for a long time.
- I also fixed the Harddisk Controller.
(Maybe I forget some other things that I did during this nightmare week, but they have all been based upon the most non-destructive options provided by the utilities included in the two mentioned CDs or by the Recovery Console.)
I underline this aspect: I did NOT take any risks of destroying the data on the unbootable disk / partition! And this despite the fact that my documents were all on other two partitions (D and E - all three being created with Partition Magic), situated on a second harddisk, which I physically disconnected from the system immediately after the disaster... [And yes, I know, that one is infected - and, probably, affected! - too!...] But I still hope to avoid fdisk and save the system partition... I have spent a lot of time building and customising this system, and I don't even want to think about losing the 300plus programs (and their settings), the overloaded with addons browser, the appearance settings, all my screensavers, wallpapers etc etc etc...
So, what else can I do?
Hope you'll find what I missed...
[If someone shows interest and replies to this post, asking for more precise data about my computer or system configuration, I'll be more than happy to provide the required information... For the time being, I considered that the general exposition of circumstances and facts connected to the booting problem would suffice, the more so as I was not able to find a similar case / situation described on the net.
Please excuse me for this super-long post!
Thank you in advance!
Sibi

EDIT: I moved your other post to Introductions ~ Hamluis.

Edited by hamluis, 24 May 2010 - 09:13 AM.


BC AdBot (Login to Remove)

 


#2 Baltboy

Baltboy

    Bleepin' Flame Head


  • BC Advisor
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:04:35 PM

Posted 24 May 2010 - 07:13 AM

A couple of comments first.....1. You mention you regularly use registry cleaners...bad idea. Unless you know the registry extremely well and you review every line item found by such programs as Ccleaner you are asking for problems. There is a sticky somewhere on this site all about it. 2.Just becaude the recovery console and other utilities can access the disk and say it is okay means little to nothing other than that the physical workings of the disk are okay. There could still be massive file corruption. 3. Although I see many references to many different kinds of scanners I see nothing about firewalls. The one included with windows is worthless so if you don't have a dedicated one installed, I use zonealarm, I would put some serious thought to using one.

Okay now to the problem.......What I see so far is that your HD seems to be in working order but there are some serious file problems with the OS. Repairing is the best way to go so lets try that route first. I know you said it BSOD's when attempting. We need all of the info from that BSOD to begin. We need to gain access to the OS to fix any remaining problems so figuring out what the BSOD problem is and fixing that will hopefully give us the ability to do a repair install and get access.

I am familiar with the hardware setup since I have two of them at my house but you may still want to post it here so other people have reference.
Get your facts first, then you can distort them as you please.
Mark Twain

#3 sibi

sibi
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:35 AM

Posted 24 May 2010 - 08:11 AM

Dear Baltboy,
Thank you for your quick reply!
Far from me the thought to deny your good will and sincere wish to help!... And yet... You seem to have either not understood or deliberately avoided the main point... Therefore, and since I am in a situation in which I really do NOT HAVE ANY TIME TO WASTE - the more so as I am not using a computer that I own to write these posts! -, I not only refrain from answering / commenting your lines (trust me, there are lots of things to object to what you wrote!) but I also hope that you will agree to us both stopping this discussion.
Thanks again and all the best!
Sibi

#4 Baltboy

Baltboy

    Bleepin' Flame Head


  • BC Advisor
  • 1,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pennsylvania
  • Local time:04:35 PM

Posted 24 May 2010 - 10:55 AM

Best of luck to you then. I will still be here.
Get your facts first, then you can distort them as you please.
Mark Twain




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users