Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Missing Operating System [Solved]


  • This topic is locked This topic is locked

#1
salt4502

salt4502

    Member

  • Member
  • PipPip
  • 10 posts
I have a dell laptop that was infected with a rootkit. I tried malwarebytes anti-rootkit beta instead of tds killer. Once I had cleaned the laptop and rebooted all that was displayed was "missing operating system" on the screen. Tried to restore the os with win 7 recovery disk, diskpart, several flavors of unbutu, and flinging it against the wall(just kidding). Then I found your site and yours was the first one that described my problem almost to a "t".

I ran frst64 and will post the logs at the end

If someone can help it would be appreciated

Thanks
salt4502


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-11-2012
Ran by SYSTEM at 18-11-2012 18:12:28
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

Tcpip\Parameters: [DhcpNameServer] 172.31.79.142 172.31.79.144 157.54.104.75 157.54.14.146 157.54.14.162 157.54.80.10

==================== Services (Whitelisted) ===================


==================== Drivers (Whitelisted) =====================


==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-11-18 15:23 - 2012-11-18 15:23 - 00000000 ____D C:\Windows\Panther
2012-11-18 15:23 - 2011-02-15 18:11 - 00000028 __RAH C:\Windows\version
2012-11-18 15:23 - 2011-02-15 18:11 - 00000013 ___RA C:\Windows\csup.txt
2012-11-18 15:10 - 2012-11-18 15:10 - 00000000 ____D C:\Windows.old.000
2012-11-18 15:09 - 2012-11-18 15:23 - 00000000 ____D C:\$WINDOWS.~LS
2012-11-18 15:09 - 2012-11-18 15:09 - 00000000 ____D C:\$WINDOWS.~BT
2012-11-18 14:48 - 2012-11-18 15:10 - 536870912 __ASH C:\WinPEpge.sys
2012-11-18 14:48 - 2012-11-18 14:48 - 00000000 ____D C:\Windows.old
2012-11-17 02:31 - 2012-11-17 02:31 - 00024576 ____A C:\BCD_Backup
2012-11-17 02:31 - 2012-11-17 02:31 - 00021504 __ASH C:\BCD_Backup.LOG


==================== One Month Modified Files and Folders =======

2012-11-18 17:44 - 2012-11-18 17:44 - 00000000 ____D C:\FRST
2012-11-18 15:23 - 2012-11-18 15:23 - 00000000 ____D C:\Windows\Panther
2012-11-18 15:23 - 2012-11-18 15:09 - 00000000 ____D C:\$WINDOWS.~LS
2012-11-18 15:23 - 2011-12-02 11:22 - 00008192 _RASH C:\BOOTSECT.BAK
2012-11-18 15:23 - 2009-07-13 21:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2012-11-18 15:23 - 2009-07-13 21:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
2012-11-18 15:23 - 2009-07-13 20:45 - 00000000 ____D C:\Windows\Setup
2012-11-18 15:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\Recovery
2012-11-18 15:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\oobe
2012-11-18 15:10 - 2012-11-18 15:10 - 00000000 ____D C:\Windows.old.000
2012-11-18 15:10 - 2012-11-18 14:48 - 536870912 __ASH C:\WinPEpge.sys
2012-11-18 15:09 - 2012-11-18 15:09 - 00000000 ____D C:\$WINDOWS.~BT
2012-11-18 14:48 - 2012-11-18 14:48 - 00000000 ____D C:\Windows.old
2012-11-17 02:31 - 2012-11-17 02:31 - 00024576 ____A C:\BCD_Backup
2012-11-17 02:31 - 2012-11-17 02:31 - 00021504 __ASH C:\BCD_Backup.LOG

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-06 10:27:21
Restore point made on: 2012-11-09 17:18:18
Restore point made on: 2012-11-13 06:42:09
Restore point made on: 2012-11-14 15:57:22
Restore point made on: 2012-11-16 20:29:46
Restore point made on: 2012-11-16 21:51:39

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 6038.17 MB
Available physical RAM: 5392.08 MB
Total Pagefile: 6036.32 MB
Available Pagefile: 5378.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (OSDisk) (Fixed) (Total:97.66 GB) (Free:40.35 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Graphics) (Fixed) (Total:484.83 GB) (Free:474.26 GB) NTFS
3 Drive e: (Recovery) (Fixed) (Total:13.67 GB) (Free:6.99 GB) NTFS
5 Drive g: (Mainframe 5) (Removable) (Total:14.93 GB) (Free:14.66 GB) NTFS
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 2048 KB
Disk 1 Online 14 GB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 97 GB 1024 KB
Partition 0 Extended 484 GB 97 GB
Partition 3 Logical 484 GB 97 GB
Partition 2 Primary 13 GB 582 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C OSDisk NTFS Partition 97 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D Graphics NTFS Partition 484 GB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 13 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G Mainframe 5 NTFS Removable 14 GB Healthy

=========================================================
==================== End Of Log =============================
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi can you remember what was deleted with MBAM ?

I will initially try a system restore point and then go from there

Download the attached Fixlist.txt to the same location as FRST
[attachment=61603:fixlist.txt]
Run FRST and click fix
On completion try to boot back to normal windows .. If it should fail then let me know what errors you get
  • 0

#3
salt4502

salt4502

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
All I remember was "unknown rootkit on mbr". It did not save any logs. Tried the fixlist text, still the same.

Edited by salt4502, 19 November 2012 - 12:48 PM.

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ah ok that is a start, do you say you have the disc ?

If so then boot from the disc
Select "Repair my Computer"
Select Startup Repair

If that does not succeed then :

Start from the disc again
Select Repair my Computer
Select Command prompt
Type in the following Commands pressing enter after each :

Bootrec.exe /fixboot
Bootrec.exe /fixmbr

  • 0

#5
salt4502

salt4502

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I already did all that with no success, should I try it again?
  • 0

#6
salt4502

salt4502

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Essexboy

Now that I'm awake (late night person) now I see in my earlier post I forgot to mention that I had also tried reinstalling the os. It did install ok but it still won't boot.
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did you use the two bootrec commands ?
  • 0

#8
salt4502

salt4502

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Yes. Still the same "missing operating system" message.
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK next we will again use the bootrec tool

First we will see if windows can recognise any OS's

From the command prompt

bootrec.exe /ScanOs

Does this list your windows installation ?

If so then :

Bootrec.exe /RebuildBcd

Does this now allow a boot
  • 0

#10
salt4502

salt4502

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
The ScanOs shows only 2 .old\windows installs which are just the folders that were made during installation.
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That was what I noticed from FRST no drivers and no system 32 folder files of import

I feel your best bet at this stage would be to format the entire drive and start afresh. Use the windows CD to delete all partitions and then reformat

Sorry I could not be of more help
  • 0

#12
salt4502

salt4502

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Can I use gparted to format the c: partition and then install the os?
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Certainly, do you have a copy available or would you like some links to make a USB copy ?
  • 0

#14
salt4502

salt4502

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Yes I Do. I have 2 partitions on the drive I didn't want to lose totally. But when I do will that fix my problem? I have already saved all the files I can off of C: drive that I need to rebuild my wife's system.
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You will need to ensure that no one of the other partitions are marked as active and are set as simple partitions

Otherwise a full wipe would be recommended
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP