Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win XP pro w/SP3 hangs


  • Please log in to reply
48 replies to this topic

#1 jaf

jaf

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 31 August 2011 - 08:25 PM

Seeking help to regain access to my Win XP Pro w/SP3.
I do not suspect virus since I have used Norton Internet Security 2011 to scan my C: drive and also Kaspersky TDSSKiller 2.5.132.0 standalone tool.

Normal boot progresses to black background with Windows XP text and blue progress bar, then black screen w/cursor in center, no hourglass, and all lights of keyboard turned off.

Safe Mode boot goes through many drivers loading with text on black background ending with giveio.sys followed by "Press ESC to cancel loading SPTD.sys". System continues with disk activity, no keyboard response, then black screen with no cursor, no keyboard lights and no disk activity.

I am able to run Norton Bootable Recovery Tool and employ Command Prompt from there. Keyboard works fine during this and I've run a scandisk to validate my C: drive.

I am NOT able to boot to any Win XP install disk that I can find/borrow/build.
I have Win XP Pro install disk w/SP3 and Intel RAID drivers built with nLite.
I have borrowed a Win XP Pro w/SP3 install disk for a Dell system.
These all progress through "press any key to boot from CD", then finish at "Welcome to Setup" screen when the keyboard lights are all off and no key entry works ("R" for Recovery, "F3" for new install).
I've tried different keyboards (PS2 and USB) and all work till Welcome to Setup.

I've used a MEMTEST CD and no memory problems surfaced.

I have tried so many different ideas gathered from your forums and other places that I am lost as to how many failures I've faced trying to get this system back up and running.
I would very much appreciate some handholding for a systematic investigation of what has me trapped.

John F.

BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:23 AM

Posted 31 August 2011 - 08:44 PM

Hi jaf,

These all progress through "press any key to boot from CD", then finish at "Welcome to Setup" screen when the keyboard lights are all off and no key entry works ("R" for Recovery, "F3" for new install).

Have you tried unplugging the device that does not work and plugging it back in again while the system was still powered on? This can sometimes cause the device to be recognized and usable immediately.

...Sometimes...

Also, have you tried using other USB ports for your mouse/keyboard before powering up?

Hope this helps! :thumbsup:


bloopie

Edited by bloopie reborn, 31 August 2011 - 08:52 PM.


#3 jaf

jaf
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 31 August 2011 - 09:09 PM

Thanks bloopie,

I tried different USB ports and unplugging/replugging in the USB keyboard but nothing works at the "Windows XP Professional Setup - Welcome to Setup" screen to enter an "R" for Recovery Console, or "Enter" to continue, or "F3" to quit.
Neither does the original PS2 keyboard work.

All those keyboards work fine through the BIOS setup and all "DOS" based boot processes.
The failure only occurs after the Windows drivers are loaded from the Install CD.

John F.

#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:23 AM

Posted 31 August 2011 - 09:19 PM

When did this problem start?

And what manufacturer and model computer are you running?


bloopie

#5 jaf

jaf
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 31 August 2011 - 09:53 PM

This began back in November of 2010.
Since I have my Windows 7 Pro machine, I did not put a full scale effort into recovering the Win XP machine.
My memory may not be accurate, but I thought a MS Auto Update might have set this in motion.

ASUS P5W DH Deluxe 3001 BIOS, Intel Core 2 Duo E6700, 2x2GB Corsair TWIN2X2048-6400C4 DDR2-800, 2x320GB ST3320620AS (RAID1), 2x500GB WD5000AAKS (RAID1), ATI All-in-Wonder HD Premium PCIE, Zalman CNPS9500 LED, PC Power & Cooling Silencer 750W, Samsung SH-S203B, Plextor PX-850A, Windows XP Pro-SP3.

Built this one myself in early 2007.

#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:23 AM

Posted 01 September 2011 - 10:00 PM

I am able to run Norton Bootable Recovery Tool and employ Command Prompt from there. Keyboard works fine during this and I've run a scandisk to validate my C: drive.


I'd like to see the log from this. See if a log has been produced...here's how:

A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:
  • Go to Start > Run > and type eventvwr and press the <ENTER> key.
    The Event Viewer window will open.
  • In the left pane, click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Winlogon", with an entry corresponding to the date and time of the disk check.
  • Double-click on that entry to view the log.
  • Click on the Posted Image button to copy the log text to the clipboard.
  • Paste the log text into your next reply.

If you have no log to show, please see if you can get to the Norton Bootable Recovery Tool and command prompt.

If you can get to the command prompt, please type in checkdsk /r...(note the space between the "k" and the "/"), then press enter. It will say that the disk is in use and cannot be checked until next reboot...type "y", then press enter.

You may be required to reboot which is normal...if not, reboot anyway manually to force the checkdisk.

Then please use the instructions above on how to find the log, and post it!


bloopie

Edited by bloopie reborn, 01 September 2011 - 10:02 PM.


#7 jaf

jaf
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 02 September 2011 - 01:19 AM

I'm very sorry bloopie, but you've not understood my situation.
I can NOT get into Windows!
I described the path when I choose "Normal" start.
I also described the results when I choose "Safe Mode" boot.
They both stall before the Windows chime of starting up.

There is NO Event Viewer when booted to the NBRT CD.

I did use the NBRT CD just as you suggested, but the "chkdsk /r /x" ran fine in the command prompt window.
Since the system is running from the NBRT CD, the C: drive is NOT in use.

There is NO rebooting back into Windows to retrieve the log file.

I have been able to copy some files from the C: drive to a USB thumbdrive.
Perhaps you could describe where I might find the log file created by that NBRT/command prompt/chkdsk run?

John F.

#8 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:04:23 PM

Posted 02 September 2011 - 01:26 AM

There won't be any log to find, unfortunately.

I would like to tackle this with you, but hesitate simply because you are employing a RAID setup, with which I am not overly familiar when it comes to repair jobs.

I would like to ask what you think about dismantling the RAID setup ... and working with ONLY the one hard drive attached to the system (remove the two WD hard drives too). Then you might make some progress?

Do you have all your important files off the system, or do you still require some recovery of data ... apart from trying to get the Windows system operational again?
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#9 jaf

jaf
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 02 September 2011 - 01:50 AM

AustrAlien,

Your offer is welcome, but was bloopie "handling" this thread?
I don't wish to offend them by "running off" with someone else.

I was hoping someone might have an idea of how I might recover some log of the Windows XP boot process that could shed some light on what driver causes the system to freeze (and what is preventing all the Windows install disks to fail during their boot process).

Since the NBRT CD works to boot on my system hardware and the MEMTEST works for it's purpose, I'm thinking my hardware is NOT "broken" but somehow newly incompatible with Windows drivers.

I would consider rebuilding my system from scratch (as your idea suggests), but I have imagined there might be someone in the Bleeping Computer realm who could come up with an idea I've overlooked.
I've been thoroughly perplexed by my inability to boot to any Windows XP install CD, despite including (using nLite) the drivers for my Intel Raid array.

I do not wish to decline you kind offer of help, but have we exhausted the Bleeping Computer resources and volunteers?

#10 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:04:23 PM

Posted 02 September 2011 - 02:14 AM

Trust me ... bloop won't mind me poking my nose in here. Anybody and everybody is free to offer whatever assistance they can on any topic in the BC forums ... except for the dedicated Malware Removal Forum, which is closed to all except members of the Malware Removal Team.

I was not previously suggesting that you rebuild your system from scratch; simply that you temporarily work with only ONE hard drive (which you can do without problem since you are using RAID 1) to find and fix the issue. After which you could then re-build the RAID 1 setup with the other Seagate HDD and continue on your merry way.

I have noticed that no one here at BC (or anywhere else that I have been) is particularly keen to work on problems on a RAID setup.

My immediate thought after reading your posts was ... an infected MBR is likely: This is in spite of the fact that you have used Norton and TDSSKiller. Let's see if we can test that by having a look at it. I think the following is likely to work satisfactorily on a RAID setup.

Please try the following: You will need a USB drive/flashdrive and a new blank writable CD.

:step1: Please do the following on a working computer:
  • Download GETxPUD.exe to the Desktop.
  • Run GETxPUD.exe
    A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on get&burn.bat
  • The program will download xpud_0.9.2.iso, and when finished will open BurnCDCC ready to burn the image.
    Please be patient: This could take awhile - download file size 63MB.
  • Click on Start and follow the prompts to burn the image to a CD.
You will use this CD to boot the ailing computer from.


:step2: Boot the ailing computer with the xPUD CD.
  • (You may have to configure the Boot Menu or BIOS Setup Menu to boot first from the optical/CD/DVD drive.)
    A Welcome to xPUD screen will appear.
  • Click on File.
  • Expand the mnt icon on the left (click on the little arrow beside the icon).
    • sda1, sda2 etc. ...usually correspond to your HDD partitions
    • sdb1, sdc1 is likely to correspond to a USB flashdrive, external USB hard drive etc.
  • Click on the folder that represents your USB drive (sdb1 ?).
  • Click Tool on the top menu, and choose Open Terminal.
  • Type the following at the hash prompt:

    dd if=/dev/sda of=mbr.bin bs=512 count=1

    • Note: Leave a space between the following:
      • dd ... the executable application used to create the backup
      • if=/dev/sda ... the device the backup is created from (the hard drive when only one HDD exists)
      • of=mbr.bin ... the backup file to create - note the lack of a path - it will be created in the directory currently open in the Terminal
      • bs=512 ... the number of bytes in the backup
      • count=1 ... says to backup just 1 sector
        It is extremely important that the if and of statements are correctly entered.
  • Press the <ENTER> key.
    After it has finished a file will be located on your USB drive named mbr.bin.
  • Remove the USB drive from the ailing computer.

:step3: On the working computer:
  • Insert the USB drive, and navigate to the file mbr.bin
  • Zip-up the mbr.bin file:
    • Right-click on the file and choose Send to .. > Compressed (zipped) Folder.
      A zipped folder will appear in the same location as the mbr.bin file.
  • Please attach the zipped file to your next reply.
    This will allow the MasterBootRecord of your drive to be checked to see whether or not it is infected.

Edited by AustrAlien, 02 September 2011 - 02:31 AM.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#11 jaf

jaf
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 02 September 2011 - 03:54 AM

Thanks for your reassurance.
My previous experience was, indeed, in the Malware Removal Forum.

I have followed your directions and attached the archive file mbr_JAF.zip.
All 4 drives showed up in the File pane.
sda1 and sdc1 seem to be the drives combined with RAID1 as my C: drive "Little Dog".
sdb1 and sdd1 are the drives combined with RAID1 as my D: drive "Big Dog".
I ran "dd" for each of the sdX1 drives and the mbrX.bin files match (X= a, b, c, d).

I also found (and included as Chkdsk_JAF.zip) a couple Chkdsk log files that appear to match my using chkdsk from the NBRT CD boot environment.

I am willing to try your suggestion to "simplify" down to a single drive when you feel we can discover nothing further.
I have my "My Documents" directed to "D:\Document" and lots of valuable programs installed on the system, so I was hoping to avoid "starting from scratch".

Thank you for providing such a clear and "newbie" level of tools and guidance.
I'd like to think I am a bit more experienced, but am not bothered by you keeping things simple.

Thank you for your help. John F.

Attached Files



#12 jaf

jaf
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 02 September 2011 - 04:59 AM

For consideration -
I'm baffled by the fact that my machine will boot from:
1. Norton Bootable Recovery Tool CD (from Norton Internet Security 2011)
2. Norton Ghost 15.0 Custom Recovery Disk (from Norton Ghost 15.0)
3. xPUD CD (from Bleeping Computer)
and the keyboard and mouse work fine to select and use the tools from those CD booted systems.

and yet every one of the Windows XP Pro install disks boots to the "Windows XP Professional Setup - Welcome to Setup" screen when the keyboard (PS2 or USB) ceases to function!

#13 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:04:23 PM

Posted 02 September 2011 - 05:09 AM

Yes, I am pondering on that at the present time.

For your information the MBRs check out as free of malware. That is not to say they are in a functioning state though: From your description, it seems likely that the booting process stops very early, when the BIOS is trying to read the MBR on the first hard drive .... OR the MBR is passing to the Boot Sector .... or the Boot Sector is looking for NTLDR.

Silly questions? Have you checked that BIOS is set to look at/boot from the correct hard drive? Have you checked that you do not have a stray floppy, flashdrive or CD hiding in there somewhere that is upsetting the normal boot up?
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#14 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:04:23 PM

Posted 02 September 2011 - 05:29 AM

You mentioned in one of your earlier posts that you have tried/tested many things: Have you done the very basic tests to determine that all your hard drives are in good order ie. run the hdd manufacturer's diagnostic utilities on each of the hard drives?

Edit: There is one major difference between booting with a "Windows" CD/DVD and booting with some other utility (generally based on Linux) is that the Windows disk looks to find an existing hard drive/Windows operating system, whereas the others do not. If the Windows disk can't find exactly what it is looking for, it will falter: The other types of bootable disks will load regardless.

Edited by AustrAlien, 02 September 2011 - 05:38 AM.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#15 jaf

jaf
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 02 September 2011 - 05:56 AM

I've used the F8 during my BIOS boot process which allows me to select where to boot from.
I have choosen either of my CD drives and "Little Dog" (C: drive) and the boot continues as expected from the selected device.
I think that should rule out an error in the BIOS boot order, though I've confirmed that as well.

The RAID BIOS shows the 4 drives configured as two primary drives with "status" of each drive.
The 4 drives show as "healthy" though the RAID volumes call for "Verify" due to having to force shutdown when the boot freezes.
When I ran the Chkdsk from the NBRT command prompt, the "Little Dog" array went back to "Valid".

Were the Chkdsk log files normal?
From the NBRT, Norton Ghost 15.0 Custom Recovery Disk, and your xPUD CD, I can access any folder/file and copy it to a USB drive (as I did for the mbr.bin files).
Can we get some log of the Normal or Safe Mode boot process to identify what locks up?
I've explored the Boot.ini file before, but I don't remember if it can call for a log file to be created.
I've heard of a "Debug" mode. Can that provide any insight?

I need to get some sleep for awhile. I'm on the West coast of US and we're coming up on 4AM here.
Looks like you're approaching 9PM at your end. I'll look for any further updates from you when I get going again.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users