Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 wont boot after hitman pro


  • Please log in to reply
30 replies to this topic

#1 Tygo

Tygo

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 18 August 2012 - 05:30 PM

Hi my name is Tygo and am in deep trouble I have an HP Pavilion dm1 Netbook PC (Product # Lm829AV) Amd E-350 Processor with3072 mb of memory and it stopped Booting up after i ran hitman pro before it had a google redirect but other then that if ran fine. I did not see what was removed i was going to look at the logs after the rebooted but all i get is "No bootable device -- insert boot disk and press any key" I tested the drive and it passed and ran disk and partition list

Diskpart> List Disk

Disk ### Status Size Free Dyn Gpt
---------- ----------- ------- --------- -------- -------
Disk 0 Online 298 GB 221 GB
Disk 1 Online 14 GB 0 B

________________________________________________________________

Diskpart> select disk 0

Disk 0 is now the selected disk.

Diskpart> detail disk


Disk ID: EDB74529
Type : SATA
Status : Online
Path : 0
Target : 0
LUN ID : 0
Location Path : PCIROOT (0)#PCI(1100)#ATA(c00T00L00)
Current Read-Only State : No
Read-Only : No
Boot Disk : No
Pagefile Disk : No
Hibernation File Disk : No
Crashdump Disk : No
Clustered Disk : No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------------- ------- --------- --------
Volume 0 c RAW Partition 76 GB Healthy
Volume 1 d RAW Partition 400 MB Healthy

_______________________________________________________________________________________________


I made a usb recovery disk and ran FRST.exe here is the lOG:

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 10-08-2012
Ran by SYSTEM at 18-08-2012 15:06:24
Running from E:\
Service Pack 1 (X86) OS Language: English(US)
Attention: Could not load system hive.Attention: System hive is missing.

========================== Registry (Whitelisted) =============

Attention: Software hive is missing.

HKLM\...\Winlogon: [Userinit] [x]
HKLM\...\Winlogon: [Shell] [x ] ()

================================ Services (Whitelisted) ==================


========================== Drivers (Whitelisted) =============


========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============


============ 3 Months Modified Files ========================


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!

========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 2665.89 MB
Available physical RAM: 2299.62 MB
Total Pagefile: 2664.18 MB
Available Pagefile: 2295.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1958.61 MB

======================= Partitions =========================

2 Drive e: () (Removable) (Total:14.89 GB) (Free:12.49 GB) FAT32
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 221 GB
Disk 1 Online 14 GB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 76 GB 200 MB
Partition 2 Primary 400 MB 76 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 Y RAW Partition 76 GB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RAW Partition 400 MB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E FAT32 Removable 14 GB Healthy

==================================================================================
======================= End Of Log ==========================

Can any one give me some hope? or point me in the right derection please.
Thank you for any help you can share

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,202 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:49 PM

Posted 19 August 2012 - 07:12 AM

It looks like FRST didn't see your windows installation.
Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:

    dd if=/dev/sda of=mbr.bin bs=512 count=1

  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Tygo

Tygo
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 19 August 2012 - 01:45 PM

Thank you for your help Blonde i Downloaded GETxPUD.exe the proublem is Hp netbook has no CD player so i can only run USB is there a way to make it into xPUD bootable USB?

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,202 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:49 PM

Posted 19 August 2012 - 02:28 PM

Yes, we can do that as well.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Remove the USB and insert it in the sick computer

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Tygo

Tygo
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 19 August 2012 - 03:57 PM

I followed the instructions and installed to USB and Booted i hit english in the language menu then I get this message.

___________________________________________________________________________________________

09 i686
Kernel command line: noisapnp quit initrd=/opt/media lang=en kmap=us boot_E-/boot/xpud
build date: 26 october 2009 05:15:02pm
xorg-server 2:1.6.4-2ubuntu4 (buildd@)
Befor reporting problems, check http://wiki.x.org
to make sure you have the latest version.
Markers: (--) probed, (**) from config file, (==) default setting.
(ww) warning, (EE) error, (NI) not implemented, (??) unknown.
(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(==) Log file: "/var/log.0.log", time: Sun Aug 19 17:06:14 2012
(==) Using config file: "ect/X11/xorg.conf

(EE) no device detected.

Fatal server error:
no screen found

PleThe X.Org Foundation support
at http://wiki.x.org
for help.
please also check the log file at "var/log/xorg.0.log" for additional information on.

ddxSigGiveuP: Closing log
[ 6.286386] sd 0:0:0:0: [sdb] Assuming drive cache : write through
[ 6.292292] sd 0:0:0:0: [sdb] Assuming drive cache : write through
[ 6.306928] sd 0:0:0:0: [sdb] Assuming drive cache : write through
giveing up.
xinit: no such file or directory (errno 2): unable to connect to X server
xini: no such process (errno 3): Server error.
xauth: (argv):1: bad display name :"(none) :0" in "remove" command
sh: no job control in this shell
sh-4.0#

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,202 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:49 PM

Posted 20 August 2012 - 01:47 AM

Most likely xPUD doesn't support your display/video drivers.

I'd like you to follow the instructions given at Ubuntu Windows Installer to allow you to run Ubuntu alongside your current system.

Now boot your machine into Ubuntu:
  • Once the Ubuntu desktop is loaded, click the top icon in the left panel.
  • Type terminal in the search box.
  • Click on the frirst Terminal icon that is displayed - this will open a command prompt window
  • Type the following line and press enter
sudo dd if=/dev/sda of=mbr.txt bs=512 count=1
  • Now open Home Folder (click the third icon from the top in the left panel)
  • Right click on mbr.txt and select copy
  • Next select File System from the left side of the Home Folder
  • Now double click on host folder
  • Move mouse into space, right click and select paste
  • Now reboot your machine into Windows
  • Attach c:\mbr.txt to your next reply

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Tygo

Tygo
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 21 August 2012 - 04:02 AM

I used ubuntu (very cool) and got a mbr.txt but it shows a lock on the icon and I did'nt see a host folder in File System so I compressed the file and sent it to another USB this is what is in it

mbr.txt
__________________________________________________________

3м |ؾ |  Ph ~ | V UFF AU]rUu  tFf`~ t&fh fvh h |h h BV  |V vNnfasNu ~  U2V ]랁>}Uunv ud `| du f#u;fTCPAu2r,fh fh  fh fSfSfUfh fh | fah Z2 | 2 < t  +d $$Invalid partition table Error loading operating system Missing operating system c{)E ~& @ @ U

___________________________________________________________

i hope this is what you needed.

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,202 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:49 PM

Posted 21 August 2012 - 05:32 AM

You need to attach the file, not copy/paste its content. This file is not a text file, we merely used the .txt format as it allows attaching to this forum in that format.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Tygo

Tygo
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 21 August 2012 - 09:07 AM

sorry about that here it is Attached File  mbr.txt   512bytes   7 downloads

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,202 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:49 PM

Posted 21 August 2012 - 10:37 AM

The partition table indeed doesn't look good.

Download xPUDtd and save it to an USB drive. (if the download opens in a separate tab, right-click the link and select Save Link/Target As)
  • Remove the USB & xPUD CD and insert it in the sick computer
  • Boot the Sick computer with the xPUD CD
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Doubleclick on xPUDtd to extract and run it.
The first screen will present log options - press Enter to continue.

Posted Image

TestDisk will scan the system and show drive information.
If more than 1 drive, select the correct drive, make sure [Proceed] is selected then press Enter to continue.

Posted Image

Select [Intel] partiton and press Enter to continue.

Posted Image

Select [Analyse] and press Enter to continue.

Posted Image

Select Quick Search and press Enter.

If you receive a warning, select continue and press Enter.

At the following screen please see if the correct partition structure is displayed (meaning that Testdisk should show you the right sizes of partitions you know you have on disk). If you are not sure just quit at this point and post me the Testdisk log created on your USB drive.

Press Q repeatedly until TestDisk exits and post the log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 Tygo

Tygo
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 22 August 2012 - 02:22 AM

xPUD doesn't support my display/video drivers. i searched for more drivers to add to the opt folder but didnt find any. so I couldnt get it to run i have it In a my USB with the xPUDtd it boots to the welcome screen then i get the (EE) no devices detected :(

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,202 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:49 PM

Posted 22 August 2012 - 02:54 AM

Sorry about that. Please download it from here: http://www.cgsecurity.org/testdisk-6.14-WIP.linux26-x86_64.tar.bz2

You will have to unzip this on Ubuntu, then run the executable by doubleclicking on it. From there the instructions are identical.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 Tygo

Tygo
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 23 August 2012 - 10:56 AM

Okay I extracted testdisk into the Ubuntu Folder and Ran testdisk in terminal and I get "sudo apt-get install testdisk you will have to enable the component called univers" I also tried double clicking testdisk_static and I couldn't get it to run.

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,202 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:49 PM

Posted 23 August 2012 - 11:24 AM

Was this the command you executed or was it suggested in terminal to be executed?: sudo apt-get install testdisk

If the latter, then please execute that command.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 Tygo

Tygo
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 23 August 2012 - 02:08 PM

It was saggested by terminal when I try sudo apt-get
said the same thing to enable univers




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users