Jump to content


Blue Screen of Death- WIndows 7 x64 Home Premium


  • Please log in to reply
31 replies to this topic

#26 OFFLINE   ross549

ross549

    I live here.

  • Forum MVP
  • 9,185 posts

Posted 19 April 2012 - 04:37 AM

http://www.cgsecurit...g/wiki/TestDisk

This wonderful open source program immediately discovered the partitions on the drive and re-wrote the MBR. I had to do a quick boot repair with the Windows install DVD, but it looks like windows actually will boot. I did not let it get far, because my primary concern is the recovery of the user data on this drive. I am going to have the customer bring his USB drive in and copy the data over in safe mode. When that is done, I will attempt to repair Windows however i can.

J. C.,

The BIOS on this laptop is strange - first of this type I have ever seen - it does not show the hard disks in the system. It is quite locked down. In linux, I could see the drive, but no partitions. Active Partition Recovery was not the right tool to run on the drive, I think. I am not sure exactly what it was doing, and it took quite a while to accomplish an analysis on the drive. Testdisk picked the partitions up within about a second of starting the analysis of the disk.

In any case, the MBR was definitely corrupted somehow. How it got that way, I am not sure. Windows might have messed with it (not sure how), or it may have been hit by one of the malware threats Corrine thinks may be present on this machine.

I think the best course of action is to get the user data off and wipe the machine and reinstall Windows. What do you think?

Adam
I don't suffer from insanity, I enjoy it.
Posted Image Posted Image Posted Image Posted Image

#27 OFFLINE   ross549

ross549

    I live here.

  • Forum MVP
  • 9,185 posts

Posted 19 April 2012 - 06:30 AM

A friend of mine at work has a USB drive with a PE environment in it and it is loded with tools.

Running Spybot Search and Destry on it, and it confirmed that the "misplaced" svchost.exe was in fact malware.

We are waiting to see if the scan finds anything else.

Adam

EDIT: The only other thing S&D found was a few tracking cookies.
I don't suffer from insanity, I enjoy it.
Posted Image Posted Image Posted Image Posted Image

#28 OFFLINE   ross549

ross549

    I live here.

  • Forum MVP
  • 9,185 posts

Posted 19 April 2012 - 05:22 PM

We also ran AntiVir on it, and it removed a few images that had exploit code.

After that, Mike (co-worker) began a defrag of the drive (still in PE environment), and it was running with no end in sight when we left five hours later. Yikes!

Adam
I don't suffer from insanity, I enjoy it.
Posted Image Posted Image Posted Image Posted Image

#29 OFFLINE   LilBambi

LilBambi

    Australisches Googler

  • Forum Admins
  • 22,513 posts

Posted 19 April 2012 - 06:40 PM

Joy! Sounds like fun...
Bambi
AKA Fran

Posted Image
My Public Key for Email :: BambisMusings Blog :: Fran's Computer Services Blog :: MyPassionIsBooks Blog :: 5BuckReview :: CNIRadio
"The Net interprets censorship as damage and routes around it." ~John Gilmore (Time Magazine, Dec 6, 1993)

#30 OFFLINE   ross549

ross549

    I live here.

  • Forum MVP
  • 9,185 posts

Posted 20 April 2012 - 08:58 AM

Yeah. It was finished when we can in this morning. Looks like Windows is actually running smoothly. I am installing Microsoft Security Essentials and Win Patrol on it so the owner at least has some protection.

I've rebooted it several times this morning. So far, so good.

Mike also ran some system stress tests on it and those passed with flying colors.

It also boots a LOT faster.

Adam
I don't suffer from insanity, I enjoy it.
Posted Image Posted Image Posted Image Posted Image

#31 OFFLINE   jcgriff2

jcgriff2

    Message Adept

  • Members
  • PipPipPip
  • 47 posts

Posted 20 April 2012 - 12:02 PM

How fast is "a lot faster"?

If you would like the system to measure and report boot time to Desktop, download and save this  VBS script to Desktop -

bootspeed.vbs - http://sysnative.com/0x1/bootspeed.vbs

Close all Windows.  Double-click on bootspeed.vbs

Your system will reboot.  Upon reaching Desktop, it will display the boot time

Regards. . .

jcgriff2
Posted Image
J. C. Griffith
Windows Expert - Consumer
mvp.microsoft.com/en-us/mvp/Griffith

#32 OFFLINE   ross549

ross549

    I live here.

  • Forum MVP
  • 9,185 posts

Posted 20 April 2012 - 03:21 PM

J.C.,

It seems that it is booting in about half the time it took before. The hard drive had not been defragmented for quite some time, it seems.

This was a computer for a client, and not my machine.

Adam
I don't suffer from insanity, I enjoy it.
Posted Image Posted Image Posted Image Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users