Boot Disk Failure

December 5, 2010 at 15:31:31
Specs: Windows XP Media Center
Hi all,

I am trying to recover a hard disk for a neighbor. (2nd one of these projects in 2 days!) This one is an e-machine running Windows XP. System comes up with a Boot Disk Failure message on startup. Checked cables etc. (and swapped a new one in to be sure) but all seems OK there.

Booted and loaded my new best friend testdisk from CD. It correctly detected the disk as

/dev/sda - 160 GB / 149 GiB - CHS 19457 255 63

and reports the following -

Partition Start End Size in sectors

1 * HPFS - NTFS 580 0 1 19456 254 63 303259005
2 P FAT32 0 1 1 579 254 63 9317637 [RECOVERY]

When I do a quick search it reverses the order of these 2.
It lists the FAT32 partition 1st marked as * (primary bootable)
and HPFS -NTFS listed second as P (primary)

Doing a [Deeper Search] yields the following -

Partition Start End Size in sectors

FAT32 0 1 1 579 254 58 9317632 [RECOVERY]
FAT32 0 1 1 579 254 58 9317632 [RECOVERY]
HPFS - NTFS 580 0 1 19456 254 63 303259005

The above is listed while the deep scan is taking place then i am returned to a screen listing the original 2 (which I take to mean no others were found). I am including this only because I noticed the end of the FAT32 partition was listed slightly different here.

Having just been through a somewhat similar exercise with a friend's HP Pavilion (details posted here as well) the cure in that case was to use testdisk to repair the MFT. Since this seems just a bit different, I thought I would float this out there for any opinions/suggestions before proceeding. Any help you might have to offer is appreciated! Thanks!

See More: Boot Disk Failure

December 5, 2010 at 15:57:54
I do not see anything wrong in the partitions report. The CHS values show the right order anyway.

The possibilities are:

Damaged or inaccessible Allocation Table - Testdisk is your friend
MBR problems - Try Recovery fixmbr
BOOT.INI problems - Boot with a Live CD giving you access to the filesystem and check it
Hard drive not detected by BIOS - Check it is detected and in the boot order

yinzguy you had a similar problem here, does it help:

You could use gparted and/or Ranish Partition Manager to view the partition information. These sometime find things that other utilities do not.

Once you have done this you may find that it is still test disk you need to fix a possible MFT corruption.

When everything else fails, read the instructions.

Report •

December 7, 2010 at 09:35:14
Hi Mosaddique,

Sorry for the delay in posting back - was in the office yesterday. At any rate, I have made some progress in the interim.

Per your suggestion, before trying some of the other steps, I decided to have a look in the BIOS. Found that the BIOS was p/w protected and user had no clue as to what it was. So I reset the BIOS by using the jumper next to the battery on the motherboard.

Entered BIOS and set BIOS to Optimum defaults. On exit I was able to boot into Windows.

Not there yet however. Once in Windows it was obvious this machine was crawling with malware. Did the following -

1. ran chkdsk /f /r
2. Rebooted and ran chkdsk /f
(several problems reported and fixed)
3. Booted into Safe Mode
4. Downloaded Malwarebytes on another machine then installed on neighbor's PC via USB drive.
4. Ran full scan and removed all that it found.
5. Turned off System restore
6. Rebooted, started in Safe Mode again
7. Ran Malwarebytes again - removed all that it found (much less this time)
8. Rebooted into Safe mode - malwarebytes now reported clean
9. Installed CCleaner and ran registry cleaner
9. Booted normally into XP
10. Tried installing driver for a wireless USB card I had so i could access internet, however have not been able to get Internet up and running.

Which is where I am now.

Launching the RAlink wireless utitlity for my wireless card, it detects my network and allows me to connect.

Cannot access the Internet via IE however. Running diagnostics reports the following

Last diagnostic run time: 12/07/10 11:39:33 WinSock Diagnostic
WinSock status

info All base service provider entries are present in the Winsock catalog.
info The Winsock Service provider chains are valid.
error Provider entry MSAFD Tcpip [TCP/IP] could not perform simple loopback communication. Error 10050.
error Provider entry MSAFD Tcpip [UDP/IP] could not perform simple loopback communication. Error 10050.
error Provider entry RSVP UDP Service Provider could not perform simple loopback communication. Error 10091.
error Provider entry RSVP TCP Service Provider could not perform simple loopback communication. Error 10091.
error A connectivity problem exists with an installed LSP.
info The user didn't approve the proposed automated repair attempt: Reset WinSock catalog
info Redirecting user to support call

Network Adapter Diagnostic
Network location detection

info Using home Internet connection
Network adapter identification

info Network connection: Name=Wireless Network Connection 4, Device=RT73 USB Wireless LAN Card, MediaType=LAN, SubMediaType=WIRELESS
info Network connection: Name=Local Area Connection, Device=NVIDIA nForce Networking Controller, MediaType=LAN, SubMediaType=LAN
info Both Ethernet and Wireless connections available, prompting user for selection
action User input required: Select network connection
info Wireless connection selected
Network adapter status

info Network connection status: Connected

HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity

warn HTTP: Error 12007 connecting to The server name or address could not be resolved
warn HTTPS: Error 12007 connecting to The server name or address could not be resolved
warn FTP (Passive): Error 12007 connecting to The server name or address could not be resolved
warn HTTP: Error 12007 connecting to The server name or address could not be resolved
warn HTTPS: Error 12007 connecting to The server name or address could not be resolved
warn FTP (Active): Error 12007 connecting to The server name or address could not be resolved
error Could not make an HTTP connection.
error Could not make an HTTPS connection.
error Could not make an FTP connection.

I tried running the following commands from the command prompt but it had no effect.

netsh winsock reset catalog
netsh int ip reset reset.log

Not sure what to try next. On the chance that it might be helpful or in case malware might still be an issue, I am posting the Hijackthis log (see below). Any help anyone can give will be greatly appreciated! I would like to be able to get the Internet connection working so I can install SpyBots, AVG and some other utilities to make sure this PC is clean. Thanks.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:37:00 AM, on 12/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\\VSO\oasclnt.exe
C:\Program Files\Search Guard PlusU\sgpUpdaters.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\RALINK\Common\RaUI.exe
c:\program files\\agent\mcdetect.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\\vso\mcvsshl.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SGPUpdater] C:\Program Files\Search Guard PlusU\sgpUpdaters.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lmab_device - Lexmark International, Inc. - C:\WINDOWS\system32\LMabcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\\agent\mcdetect.exe
O23 - Service: McShield (McShield) - McAfee Inc. - c:\PROGRA~1\\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

End of file - 8879 bytes

Report •

December 7, 2010 at 11:03:06
Use Windows rather than RAlink wireless utitlity to manage your internet connectivity.

Windows has a built in Wireless Zero Configuration (WZC) utility. Try to use that for your internet access instead of the proprietary RAlink wireless utitlity.

Proprietary wireless utilities sometimes seem to be problematic (don't exactly know why).
I had a similar problem with Intel PROset Utility.Changing to use the windows inbuilt WZC fixed it.

To use WZC uninstall the RAlink wireless utitlity. This may also uninstall the driver as well as that is how some uninstallers are designed.

If it does uninstall the driver as well, then install using the RAlink wireless utitlity install disk/file but only install the driver and NOT the utility. If there is no driver only install option, you may be able to manually install the driver by browsing to and selecting the driver as part of the driver update process in device manager.

You should find then (assuming no hardware problems) windows will report that there are available wireless networks and you will see a wireless icon in the task tray.

Opening it up will reveal the wireless networks in your neighbourhoood. Select yours, provide the encryption key if one is required and you should be able to connect.

Hope it helps.

When everything else fails, read the instructions.

Report •

Related Solutions

December 7, 2010 at 12:08:36
Thanks for the post Mosaddique.

Sorry, no go on that one. I have a single executable file that launches the installl utility - no option for driver only.

Any other thoughts?

Worst case I may have to see if i can plug this directly into router (inconvenient) to get a net connection.

Report •

December 7, 2010 at 13:55:30
Can you check, that may be, as it is a USB device, the driver is already built into the OS. So all you need to do is un-install the utility and use WZC?

When everything else fails, read the instructions.

Report •

December 7, 2010 at 19:45:16
no such luck I'm afraid. What I've done in the meantime has rendered this moot though.

Given the malware and other symptoms that had been present, I was pretty sure that the problem was most likely due to a corrupt component of the OS. After talking with my neighbor and determining that he had very little of importance on the machine, and doing some research to see that his eMachine offered a non-destructive recovery mode, I opted to initiate this and repair the corrupt installation of Windows. This went very smoothly and all of his data (what little there was) survived intact. I reinstalled the driver and wireless utility for my USB adapter and was online immediately. I have since rigged him up with some good defenses and will be returning his PC to him tomorrow.

He and his family will be vey grateful since they did not have the extra money for a new PC and were not expecting this one to be salvageable (another neighbor who works with computers told them their hard drive was bad and they would probably be better off looking for a new PC).

So thanks to all of you who helped on this and the previous "good-will" project I took on. May your stockings runneth over! :)


Report •

December 7, 2010 at 23:38:56
Thanks for the feedback.

When everything else fails, read the instructions.

Report •

Ask Question