Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot boot Wndows 7


  • This topic is locked This topic is locked
32 replies to this topic

#16 Clauslester

Clauslester
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 10 October 2012 - 08:29 PM

Much appreciated.

BC AdBot (Login to Remove)

 


#17 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:09 PM

Posted 10 October 2012 - 08:33 PM

I experienced the same issues. Seems that the scripts are not compatible with this version of Puppy. They are compatible with xPUD, but in turn, xPUD is not compatible with your display. I need to do some more testing. Will post back soon.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#18 Clauslester

Clauslester
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 10 October 2012 - 09:31 PM

Ah, gotcha. Talk to you then.

#19 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:09 PM

Posted 11 October 2012 - 09:10 AM

Do you have access to a working Windows 7 computer using the same 32bit or 64bit version? If you do, create a System Repair Disc.

How to Create a Windows 7 System Repair Disc

Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.

  • Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:

    recdisc.exe

  • Allow the UAC(User Account Control) prompt via selecting Yes.
  • You should now see a menu like the below:-
Posted Image

  • Put a blank rewritable CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
  • Note: If a AutoPlay window pops up, just close it.
  • When the SRD has been created you will see the below:-
Posted Image

  • Now click on Close >> OK. Leave the disc in the drive as we will be using it shortly.
  • You now have a Windows 7 System Repair Disc.

Boot the computer with it and attempt to reach a Command prompt. Let me know the outcome.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#20 Clauslester

Clauslester
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 11 October 2012 - 11:09 AM

My Laptop is running Windows 7 Ultimate 64-bit... could this still work if I had my friend do this from his Windows 7 Home Premium 64-bit OS?
I ask simply because I don't believe I know anyone with the same exact version as mine.

-Edit-
Would it be possible for me to find a download for the same needed files in an .iso format to burn to a disk for the same results?

Edited by Clauslester, 11 October 2012 - 01:17 PM.


#21 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:09 PM

Posted 11 October 2012 - 08:16 PM

Would it be possible for me to find a download for the same needed files in an .iso format to burn to a disk for the same results?

Perhaps, but not without violating Microsoft Copyrights. I cannot suggest this at the forum.

My Laptop is running Windows 7 Ultimate 64-bit... could this still work if I had my friend do this from his Windows 7 Home Premium 64-bit OS?


Yes.

Edited by JSntgRvr, 11 October 2012 - 08:16 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#22 Clauslester

Clauslester
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 12 October 2012 - 11:48 AM

Unfortunately, I had the same results as I did when I tried booting from my own Windows disk. While the screen is still black, the windows files load fine. When it loads to the screen with the default Windows background, nothing else loads on the screen.

#23 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:09 PM

Posted 12 October 2012 - 01:42 PM

I was able to determine why the scripts weren't working in Puppy linux. All drives must be mounted before the scripts are ran. Follow these steps:

Insert the the USB drive in the ailing computer and boot to Puppy Linux. Once loaded, click on every drive on the lower left corner of your display. A window will open on every icon clicked. Close those windows. You will see a (x) symbol on every icon. That mean the drive is mounted.

  • Click on the icon that represent the USB drive (sdb1?)
  • Click on an empty space on the window, then Right click on it. Select Windows, then Terminal Here.
  • Typebash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Then type bash driver.sh -af
  • Press Enter
  • You will be prompted to input a filename.
  • Type the following:

    Winload.exe

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    Winlogon.exe

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    volsnap.sys

  • Press Enter
  • If successful, the script will search for this file.
  • After it has completed the search enter the next file to be searched
  • Type the following:

    explorer.exe

  • Press Enter
  • After it has completed the search enter the next file to be searched
  • Type the following:

    Userinit.exe

  • Press Enter
  • After the search is completed type Exit and press Enter.
  • After it has finished a report will be located in the USB drive as filefind.txt
  • While still in the Open Terminal, type bash query.sh
  • Press Enter
  • After it has finished a report will be located in the USB drive as RegReport.txt
  • Type dd if=/dev/sda of=mbr.zip bs=512 count=1


    Leave a space among the following Statements:

    dd is the executable application used to create the backup
    if=/dev/sda is the device the backup is created from - the hard drive when only one HDD exists
    of=mbr.zip is the backup file to create - note the lack of a path - it will be created in the directory currently open in the Terminal
    bs=512 is the number of bytes in the backup
    count=1 says to backup just 1 sector


    It is extremely important that the if and of statements are correctly entered.

  • Press Enter
  • After it has finished a report will be located on your USB drive named mbr.zip
  • Plug the USB back into the clean computer post the contents of the report.txt, filefind.txt and RegReport.txt in your next reply. The mbr.zip file must be attached to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#24 Clauslester

Clauslester
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 12 October 2012 - 06:15 PM

Report.txt

Fri Oct 12 19:04:36 GMT-8 2012


Filefind.txt

Search results for Winload.exe


Search results for Winlogon.exe


Search results for volsnap.sys


Search results for explorer.exe


Search results for Userinit.exe


Regreport.txt

Remote Registry Report

Attached Files

  • Attached File  mbr.zip   512bytes   1 downloads


#25 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:09 PM

Posted 12 October 2012 - 11:16 PM

The MBR looks clear, but it is very strange that the file search, as well as the registry report is empty. Were all drives mounted? If you click on the icon representing your hard drive, are you able to browse and see the Windows folder? If you do, click on the Windows folder. Are you able to see the System32 folder.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#26 Clauslester

Clauslester
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 14 October 2012 - 02:29 PM

The MBR looks clear, but it is very strange that the file search, as well as the registry report is empty. Were all drives mounted? If you click on the icon representing your hard drive, are you able to browse and see the Windows folder? If you do, click on the Windows folder. Are you able to see the System32 folder.

When I checked my hard drive, yes it was mounted. However, it took about 25 minutes for the files to load/become click-able. When I could finally open my System32 folder the files never appeared, though the loading cursor was on screen so I left it to an overnight wait but to no avail. It should also be noted that the system resource usage in the toolbar tray was fluctuating from 75-100% the entire time it was loading.

#27 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:09 PM

Posted 14 October 2012 - 08:19 PM

I believe the main issue is the hardrive.

Lets try TestDisk.

  • Download xPUDtestdisk.exe and save it to the USB device
  • In the working computer, double click xPUDtestdisk.exe within the USB drive to extract its contents.
  • Remove the USB and insert it in the ailing computer
  • Boot the ailing computer to Puppy Linux
  • Mount the hard drive
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Right click and under Window, select Open Terminal
  • Type testdisk/testdisk_static
  • Press Enter
  • You will now be at a scary looking text-based command window:

    Posted Image

  • Press Enter here to create a new log file.
  • TestDisk will now detect all local hard drives, and present them in a list like this:

    Posted Image

  • Use the arrow (up and down) keys to highlight the disk called /dev/sda.
  • With /dev/sda selected, press Enter
  • Select Intel (even if you have an AMD processor) on the next window.

    Posted Image

  • Press Enter.
  • Select Analyse and press Enter.

    Posted Image

  • The next screen will list all found partitions.

    Posted Image

  • At this point exit by pressing Q and locate the log. Post it on your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#28 Clauslester

Clauslester
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:09 PM

Posted 14 October 2012 - 09:42 PM

Sun Oct 14 22:33:09 2012
Command line: TestDisk

TestDisk 6.12-WIP, Data Recovery Utility, April 2010
Christophe GRENIER <grenier@cgsecurity.org>
http://www.cgsecurity.org
OS: Linux, kernel 2.6.37.6 (#1 SMP Sun Jul 10 08:27:28 EST 2011) i686
Compiler: GCC 4.4 - Jul 27 2010 17:00:22
ext2fs lib: 1.41.9, ntfs lib: 10:0:0, reiserfs lib: 0.3.1-rc8, ewf lib: 20080501
/dev/sda: LBA, HPA, LBA48, DCO support
/dev/sda: size 625142448 sectors
/dev/sda: user_max 625142448 sectors
/dev/sda: native_max 625142448 sectors
/dev/sr0 is not an ATA disk
Hard disk list
Disk /dev/sda - 320 GB / 298 GiB - CHS 38913 255 63, sector size=512 - ATA ST9320423AS
Disk /dev/sdb - 4041 MB / 3854 MiB - CHS 1018 125 62, sector size=512 - PNY USB 2.0 FD
Disk /dev/sr0 - 132 MB / 126 MiB - CHS 64713 1 1 (RO), sector size=2048 - TSSTcorp CDDVDW TS-L633F

Partition table type (auto): Intel
Disk /dev/sda - 320 GB / 298 GiB - ATA ST9320423AS
Partition table type: Intel

Analyse Disk /dev/sda - 320 GB / 298 GiB - CHS 38913 255 63
Geometry from i386 MBR: head=255 sector=63
NTFS at 0/32/33
NTFS at 12/223/20
Current partition structure:
1 * HPFS - NTFS 0 32 33 12 223 19 204800
2 P HPFS - NTFS 12 223 20 38913 37 36 624932864
Computes LBA from CHS for Disk /dev/sda - 320 GB / 298 GiB - CHS 38914 255 63
Allow partial last cylinder : Yes
search_vista_part: 1

search_part()
Disk /dev/sda - 320 GB / 298 GiB - CHS 38914 255 63
NTFS at 0/1/1
filesystem size 625137282
sectors_per_cluster 8
mft_lcn 786432
mftmirr_lcn 2
clusters_per_mft_record -10
clusters_per_index_record 1
file_pread(4,4096,buffer,6291519(391/160/25)) read err: Input/output error
file_pread(4,1,buffer,6291519(391/160/25)) read err: Input/output error
NTFS: Can't read MFT
HPFS - NTFS 0 1 1 38912 254 63 625137282
NTFS, 320 GB / 298 GiB
get_geometry_from_list_part_aux head=255 nbr=2
get_geometry_from_list_part_aux head=8 nbr=1
get_geometry_from_list_part_aux head=16 nbr=1
get_geometry_from_list_part_aux head=32 nbr=1
get_geometry_from_list_part_aux head=64 nbr=1
get_geometry_from_list_part_aux head=128 nbr=1
get_geometry_from_list_part_aux head=240 nbr=1
get_geometry_from_list_part_aux head=255 nbr=2

Results
* HPFS - NTFS 0 1 1 38912 254 63 625137282
NTFS, 320 GB / 298 GiB

interface_write()
1 * HPFS - NTFS 0 1 1 38912 254 63 625137282
SIGINT detected! TestDisk has been killed.

#29 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:09 PM

Posted 15 October 2012 - 12:05 AM

It is definitely the hard drive. As I understand this report, the Master File Table (MFT) is either corrupted or damaged.

I am consulting with an expert. Will post back soon.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#30 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,635 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:03:09 PM

Posted 15 October 2012 - 07:18 PM

All seems to indicate you have a dying hard drive.

Lets try CHKDSK. If that does not work, You will need another hard drive. I would suggest you backup any personal data using Puppy Linux before proceeding.

  • Download NTBR_CD by noahdfear.
  • Extract its contents to the desktop.
  • Once extracted, open the NTBR_CD folder and click on the BurnItCD application.
  • Insert a blank CD when prompted. The .iso image will be burned to the CD.
  • Boot the computer with the CD you just burned and follow the prompts.
  • Press Enter for English.
  • At the menu type 5 to select Command prompt then hit Enter
  • At the prompt type the following and press Enter after each line:

    cd tools
    cd ntfs4dos
    CHKDSK /F
  • Once CHKDSK is completed, press Ctrl+Alt+Del to restart the machine.
  • Eject the CD upon restart and boot normally.

let me know the outcome.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users