Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Tool 2011-related boot issue


  • Please log in to reply
13 replies to this topic

#1 FOmar151

FOmar151

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 19 January 2011 - 09:02 PM

This appeared on my computer today. After it tried to get me to buy some antispyware program, I went about trying to get rid of it. It stopped everything I tried to open (Malwarebytes, McAfee, Task Manager, and regedit). It eventually seemed to freeze and I shut it down manually, hoping to reboot in safe mode and try again.

When I turned it back on, it loaded normally until it got to the hardware specifications part. It hangs there and won't move on, so I can't boot in any mode, safe or otherwise. This is what the screen displays when it stops.

Serial ATA AHCI BIOS, Version iSrc 1.02.23 11212006
Copyright © 2003-2006 Intel Corporation

Controller Bus#00, Device #1F, Function#02: 02 Ports, 02 Devices
Port-00: Hard Disk, ST3250820AS
Port-01: CDROM, TSSTcorp DvD+/-RW TS-H653A
AHCI BIOS installed
Intel® Matrix Storage Manager option ROM v6.0.0.1022 ICH8R
Copyright© 2003-06 Intel Corporation. All Rights Reserved.

I'm pretty sure that's what it always says when it boots. I've tried pressing F8 and not, both give the same result. Does anyone have any advice?

Edited by hamluis, 20 January 2011 - 09:18 AM.
Moved from XP forum to Am I Infected.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:37 PM

Posted 21 January 2011 - 05:51 AM

Hello, what version of Windows is this and do you have an installation CD/DVD at hand we can use?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 FOmar151

FOmar151
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 22 January 2011 - 01:12 PM

The OS is Vista SP2, and I don't have my installation disk handy.

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:37 PM

Posted 22 January 2011 - 04:24 PM

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Download xPUDtestdisk.exe and save it to the USB device
  • Double click xPUDtestdisk.exe to extract the contents to your USB device
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type testdisk/testdisk_static
  • Press Enter
    • The TestDisk command window will open
    • Choose Create and press Enter
    • TestDisk will now detect all local hard drives
    • Use the arrow (up and down) keys to highlight the disk called /dev/sda if it represents your primary hard drive and press Enter
    • If your not sure then note everything you see and post it for my review
    • Select Intel (even if you have an AMD processor) and press Enter
    • Select Advanced and press Enter
    • Select [Boot] and press Enter
    • Select [Dump] and press Enter
    • Select [Quit] to exit
  • A log will be created in the root of the usb device
  • Remove the USB drive and insert back in your working computer

    Please note - all text entries are case sensitive
Copy and paste the resultant log for my review

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 FOmar151

FOmar151
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 22 January 2011 - 07:54 PM

Here's the log. On the [Dump] screen, I scrolled through the information a bit and found a section where, in the fourth and eighth columns, it said "..A disk read error occured...BOOTMGR is missing...BOOTMGR is compressed...Press Ctrl_Alt_Del to restart......." All of that was formatted to fit into the 8-character wide column. I don't know if that's pertinent or if that information is included in the log below in some way, but I thought it safer to mention it.

Thanks for your help so far.

Sat Jan 22 19:45:12 2011
Command line: TestDisk

TestDisk 6.12-WIP, Data Recovery Utility, April 2010
Christophe GRENIER <grenier@cgsecurity.org>
http://www.cgsecurity.org
OS: Linux, kernel 2.6.31.2 (#5 SMP Mon Dec 7 11:56:35 UTC 2009) i686
Compiler: GCC 4.4 - Jul 27 2010 17:00:22
ext2fs lib: 1.41.9, ntfs lib: 10:0:0, reiserfs lib: 0.3.1-rc8, ewf lib: 20080501
/dev/sda: LBA, HPA, LBA48 support
/dev/sda: size 488281250 sectors
/dev/sda: user_max 488281250 sectors
/dev/sda: native_max 488281250 sectors
Warning: can't get size for Disk /dev/mapper/control - 0 B - CHS 1 1 1, sector size=512
/dev/sr0 is not an ATA disk
Hard disk list
Disk /dev/sda - 250 GB / 232 GiB - CHS 30394 255 63, sector size=512 - ATA ST3250820AS
Disk /dev/sdd - 1031 MB / 984 MiB - CHS 1015 32 62, sector size=512 - Memorex TD Classic 003C
Disk /dev/sr0 - 67 MB / 64 MiB - CHS 32768 1 1 (RO), sector size=2048 - TSSTcorp DVD+-RW TS-H653A

Partition table type (auto): Intel
Disk /dev/sda - 250 GB / 232 GiB - ATA ST3250820AS
Partition table type: Intel

Interface Advanced
Geometry from i386 MBR: head=255 sector=63
check_part_i386 1 type DE: no test
NTFS at 6/30/25
NTFS at 1311/136/42
get_geometry_from_list_part_aux head=255 nbr=2
get_geometry_from_list_part_aux head=8 nbr=1
get_geometry_from_list_part_aux head=16 nbr=1
get_geometry_from_list_part_aux head=32 nbr=1
get_geometry_from_list_part_aux head=64 nbr=1
get_geometry_from_list_part_aux head=128 nbr=1
get_geometry_from_list_part_aux head=240 nbr=1
get_geometry_from_list_part_aux head=255 nbr=2
1 P Dell Utility 0 1 1 5 254 63 96327
2 P HPFS - NTFS 6 30 25 1311 136 41 20971520 [RECOVERY]
NTFS, 10 GB / 10 GiB
3 * HPFS - NTFS 1311 136 42 30393 229 44 467208192 [OS]
NTFS, 239 GB / 222 GiB

ntfs_boot_sector
3 * HPFS - NTFS 1311 136 42 30393 229 44 467208192 [OS]
NTFS, 239 GB / 222 GiB
NTFS at 1311/136/42
NTFS at 1311/136/42
filesystem size 467208192
sectors_per_cluster 8
mft_lcn 786432
mftmirr_lcn 29200511
clusters_per_mft_record -10
clusters_per_index_record 1
Boot sector
Status: OK

Backup boot sector
Status: OK

Sectors are identical.

A valid NTFS Boot sector must be present in order to access
any data; even if the partition is not bootable.

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:37 PM

Posted 23 January 2011 - 03:08 AM

Start TestDisk.
The first screen will present log options - press Enter to continue.

Posted Image

TestDisk will scan the system and show drive information.
If more than 1 drive, select the correct drive, make sure [Proceed] is selected then press Enter to continue.

Posted Image

Select [Intel] partiton and press Enter to continue.

Posted Image

Select [MBR Code] and press Enter to continue.

Posted Image

Type Y when prompted to write a new mbr code to the first sector, then confirm at the next screen by typing Y again.

Posted Image

Press Q repeatedly until TestDisk exits then reboot.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 FOmar151

FOmar151
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 23 January 2011 - 02:06 PM

I followed the instructions and rebooted. Instead of hanging on the screen I posted before, it goes to a blank screen and starts the booting process over. It continued doing that until I hit F12 to bring up the boot device menu. I tried pressing F8 and nothing changed.

#8 FOmar151

FOmar151
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 23 January 2011 - 02:09 PM

From the boot device menu, I decided to try booting the utility partition; it didn't work before, but now it does. Should I run a Memory Test or System Test from there?

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:37 PM

Posted 23 January 2011 - 02:12 PM

Please rerun Testdisk, and after creating the log, choose the Intel option and press Enter
Select Analyze and press Enter.

Search and when asked to search for Vista partitions, press Y and enter.

After the search completes, press Q until you exit and post me the new log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 FOmar151

FOmar151
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 23 January 2011 - 06:36 PM

Sun Jan 23 18:30:19 2011
Command line: TestDisk

TestDisk 6.12-WIP, Data Recovery Utility, April 2010
Christophe GRENIER <grenier@cgsecurity.org>
http://www.cgsecurity.org
OS: Linux, kernel 2.6.31.2 (#5 SMP Mon Dec 7 11:56:35 UTC 2009) i686
Compiler: GCC 4.4 - Jul 27 2010 17:00:22
ext2fs lib: 1.41.9, ntfs lib: 10:0:0, reiserfs lib: 0.3.1-rc8, ewf lib: 20080501
/dev/sda: LBA, HPA, LBA48 support
/dev/sda: size 488281250 sectors
/dev/sda: user_max 488281250 sectors
/dev/sda: native_max 488281250 sectors
Warning: can't get size for Disk /dev/mapper/control - 0 B - CHS 1 1 1, sector size=512
/dev/sr0 is not an ATA disk
Hard disk list
Disk /dev/sda - 250 GB / 232 GiB - CHS 30394 255 63, sector size=512 - ATA ST3250820AS
Disk /dev/sdb - 1031 MB / 984 MiB - CHS 1015 32 62, sector size=512 - Memorex TD Classic 003C
Disk /dev/sr0 - 67 MB / 64 MiB - CHS 32768 1 1 (RO), sector size=2048 - TSSTcorp DVD+-RW TS-H653A

Partition table type (auto): Intel
Disk /dev/sda - 250 GB / 232 GiB - ATA ST3250820AS
Partition table type: Intel

Analyse Disk /dev/sda - 250 GB / 232 GiB - CHS 30394 255 63
Geometry from i386 MBR: head=255 sector=63
check_part_i386 1 type DE: no test
NTFS at 6/30/25
NTFS at 1311/136/42
get_geometry_from_list_part_aux head=255 nbr=2
get_geometry_from_list_part_aux head=8 nbr=1
get_geometry_from_list_part_aux head=16 nbr=1
get_geometry_from_list_part_aux head=32 nbr=1
get_geometry_from_list_part_aux head=64 nbr=1
get_geometry_from_list_part_aux head=128 nbr=1
get_geometry_from_list_part_aux head=240 nbr=1
get_geometry_from_list_part_aux head=255 nbr=2
Current partition structure:
1 P Dell Utility 0 1 1 5 254 63 96327
2 P HPFS - NTFS 6 30 25 1311 136 41 20971520 [RECOVERY]
3 * HPFS - NTFS 1311 136 42 30393 229 44 467208192 [OS]

#11 FOmar151

FOmar151
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 23 January 2011 - 10:00 PM

I thought it would be prudent to enumerate the things I did, because I'm not sure I did it right. First, I reran testdisk according to the specifications in your second post. I then exited testdisk, restarted it, and followed the instructions in your last post (Intel to Analyze). From that screen, I chose quick search. It scanned, but never asked me about Vista partitions. I then exited and posted the log. Do I need to do something differently?

Thank you for your continuing help.

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:37 PM

Posted 24 January 2011 - 03:46 AM

Can you please try this?

From xPUD, click Power Off on the Home tab, then Switch Mode.
This will load a grub menu and pause at a grub> prompt.
Type the following command then press Enter.

chainloader /bootmgr

This should result in a message similar to the following:

Will boot Bootmgr from drive=0x250, partition=0x0 (hidden sectors=0x800).

Then return to a grub> prompt.
Type boot then hit Enter.

Let me know what happens.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 FOmar151

FOmar151
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:37 AM

Posted 24 January 2011 - 06:57 PM

I tried twice and it froze both times when I clicked on Switch Mode.

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:37 PM

Posted 25 January 2011 - 05:44 AM

The OS is Vista SP2, and I don't have my installation disk handy.

Any chance you can get the disk or borrow one from a friend/family member?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users