Archived from groups: comp.sys.ibm.pc.hardware.storage (More info?)
Here's how I got where I am:
System is a few months old HP Pavilion, with a single 200Gig SATA
drive. It came from the store with 2 partitions - a "Recovery
Partition" of about 6 Gig, and another partition of about 180Gig where
WinXP Home was installed. I upgraded WinXP Home to WinXP Pro by running
an in-place upgrade. Applied Service Pack 2. Everything seemed to work
fine.
The system became infected with numerous spyware, etc, and I had to
clean it up. I used the MS Antispyware. I booted into Safe Mode and ran
the MS Antispyware scan. The following day, my wife said it wasn't
working. I wasn't able to boot, with an error - "Windows could not
start because of an error in the software. Please report this problem
as : load needed DLLs for kernel. Please contact your support person to
report this problem.".
I booted into BartPE (built with from a SP2-slipstreamed WinXP Pro disk
amd UBCD from ubcd4win.com), and wanted to see the event logs, so I
looked for them in %systemroot%\system32\config where they are
normally. They weren't there. This seemed quite odd to me. However,
most everything else looked normal - including that my personal data
files were where I expected them to be.
Booted with my original "non-slipstreamed" Windows XP Pro CD, loading
the SATA drivers by pressing F6 during startup of the CD. I tried to do
a repair, but was not allowed. The only thing I could do was format the
partition where "C:" was, because it was labeled with "(Unknown)". I
then booted into the Recovery Console using the same CD, and ran
"fixboot", hoping to fix the partition. (Duh! I didn't know about the
48-bit LBA issues then. I suspect that the 48-bit LBA issues are why it
was labeled "(Unknown)", right?)
Afterwards, the 180Gig volume appears to be only 10Meg, and FAT12
instead of ~180Gig an NTFS. The directory listing on the drive (using
BartPE again) shows a bunch of odd characters, but no files of mine.
I tried looking at it with Partition Magic 8, but that wasn't helpful.
I haven't modified the drive since the goof with "fixboot".
Here's what I've done so far using findpart. I'm not sure where to go
from here. I've tried to delete the incorrect partition table entries
(see output below), but it appears not to be working. What am I doing
wrong? What should I do? Any help sincerely appreciated!
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# # # # #
# # first run of findpart # #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# # # # #
Findpart, version 4.67 - for Windows 95/98/ME/NT/2000/XP.
Copyright Svend Olaf Mikkelsen, 1999-2005.
OS: Windows 5.1.2600 Service Pack 2
Disk: 2 Cylinders: 25841 Heads: 240 Sectors: 63 MB: 190779
--PCyl N ID -----Rel -----Num ---MB --Start CHS- ---End CHS-- BS CHS
0 - 0B 63 12746096 6223 0 1 1 842 239 62 B OK
No jump 0 1 1
842+- 01 1 20739 10 843 0 1 844 89 12 B OK
0 - 0C 42487200 1058400 516 2810 0 1 2879 239 63 B OK
0 - 07 12746160377954640184548 843 0 1 25839 239 63 BU OK
------FAT CHS -Size Cl --Root -Good -Rep. Maybe --Bad YY-MM-DD DataMB
0 1 33 12424 4 2 12424 0 0 0 04-10-21 5497
2810 0 33 1032 4 2 1032 0 0 0 03-02-06 188
Partitions according to partition tables on second harddisk:
--PCyl N ID -----Rel -----Num ---MB --Start CHS- ---End CHS-- BS CHS
0 1 0B 63 12746097 6223 0 1 1 842 239 63 NB OK
0 2*07 12746160377954640184548 843 0 1 25839*239 63 NB OK
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# # # # #
# # ran this command # #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# # # # #
>findpart 2 843 2 * 00 843 0 1 844 89 12 842 25841 240 63 42
Editpart, version 4.2. Copyright Svend Olaf Mikkelsen, 2005.
Disk 2 Cylinder 843
Entry 2:
--PCyl N ID -----Rel -----Num ---MB --Start CHS- ---End CHS-- BS CHS
843 2 00 0 0 0 0 0 0 0 0 0 NB
OK
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# # # # #
# # reran findpart after reboot # #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# # # # #
>findpart 2
Findpart, version 4.67 - for Windows 95/98/ME/NT/2000/XP.
Copyright Svend Olaf Mikkelsen, 1999-2005.
OS: Windows 5.1.2600 Service Pack 2
Disk: 2 Cylinders: 25841 Heads: 240 Sectors: 63 MB: 190779
--PCyl N ID -----Rel -----Num ---MB --Start CHS- ---End CHS-- BS CHS
0 - 0B 63 12746096 6223 0 1 1 842 239 62 B OK
No jump 0 1 1
842+- 01 1 20739 10 843 0 1 844 89 12 B OK
0 - 0C 42487200 1058400 516 2810 0 1 2879 239 63 B OK
0 - 07 12746160377954640184548 843 0 1 25839 239 63 BU OK
------FAT CHS -Size Cl --Root -Good -Rep. Maybe --Bad YY-MM-DD DataMB
0 1 33 12424 4 2 12424 0 0 0 04-10-21 5497
2810 0 33 1032 4 2 1032 0 0 0 03-02-06 188
Partitions according to partition tables on second harddisk:
--PCyl N ID -----Rel -----Num ---MB --Start CHS- ---End CHS-- BS CHS
0 1 0B 63 12746097 6223 0 1 1 842 239 63 NB OK
0 2*07 12746160377954640184548 843 0 1 25839*239 63 NB OK
>
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# # # # #
# # ran this command # #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# # # # #
> findpart 2 0 3 - 00 2810 0 1 2879 239 63 0 25841 240 63 42
Editpart, version 4.2. Copyright Svend Olaf Mikkelsen, 2005.
Disk 2 Cylinder 0
Entry 3:
--PCyl N ID -----Rel -----Num ---MB --Start CHS- ---End CHS-- BS CHS
0 3 00 0 0 0 0 0 0 0 0 0 NB
OK
>
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# # # # #
# # reran findpart after reboot # #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# # # # #
C:\DataRecovery\findntfs_fntfs165>findpart 2
Findpart, version 4.67 - for Windows 95/98/ME/NT/2000/XP.
Copyright Svend Olaf Mikkelsen, 1999-2005.
OS: Windows 5.1.2600 Service Pack 2
Disk: 2 Cylinders: 25841 Heads: 240 Sectors: 63 MB: 190779
--PCyl N ID -----Rel -----Num ---MB --Start CHS- ---End CHS-- BS CHS
0 - 0B 63 12746096 6223 0 1 1 842 239 62 B OK
No jump 0 1 1
842+- 01 1 20739 10 843 0 1 844 89 12 B OK
0 - 0C 42487200 1058400 516 2810 0 1 2879 239 63 B OK
0 - 07 12746160377954640184548 843 0 1 25839 239 63 BU OK
------FAT CHS -Size Cl --Root -Good -Rep. Maybe --Bad YY-MM-DD DataMB
0 1 33 12424 4 2 12424 0 0 0 04-10-21 5497
2810 0 33 1032 4 2 1032 0 0 0 03-02-06 188
Partitions according to partition tables on second harddisk:
--PCyl N ID -----Rel -----Num ---MB --Start CHS- ---End CHS-- BS CHS
0 1 0B 63 12746097 6223 0 1 1 842 239 63 NB OK
0 2*07 12746160377954640184548 843 0 1 25839*239 63 NB OK
What should I do now? Please help!
Here's how I got where I am:
System is a few months old HP Pavilion, with a single 200Gig SATA
drive. It came from the store with 2 partitions - a "Recovery
Partition" of about 6 Gig, and another partition of about 180Gig where
WinXP Home was installed. I upgraded WinXP Home to WinXP Pro by running
an in-place upgrade. Applied Service Pack 2. Everything seemed to work
fine.
The system became infected with numerous spyware, etc, and I had to
clean it up. I used the MS Antispyware. I booted into Safe Mode and ran
the MS Antispyware scan. The following day, my wife said it wasn't
working. I wasn't able to boot, with an error - "Windows could not
start because of an error in the software. Please report this problem
as : load needed DLLs for kernel. Please contact your support person to
report this problem.".
I booted into BartPE (built with from a SP2-slipstreamed WinXP Pro disk
amd UBCD from ubcd4win.com), and wanted to see the event logs, so I
looked for them in %systemroot%\system32\config where they are
normally. They weren't there. This seemed quite odd to me. However,
most everything else looked normal - including that my personal data
files were where I expected them to be.
Booted with my original "non-slipstreamed" Windows XP Pro CD, loading
the SATA drivers by pressing F6 during startup of the CD. I tried to do
a repair, but was not allowed. The only thing I could do was format the
partition where "C:" was, because it was labeled with "(Unknown)". I
then booted into the Recovery Console using the same CD, and ran
"fixboot", hoping to fix the partition. (Duh! I didn't know about the
48-bit LBA issues then. I suspect that the 48-bit LBA issues are why it
was labeled "(Unknown)", right?)
Afterwards, the 180Gig volume appears to be only 10Meg, and FAT12
instead of ~180Gig an NTFS. The directory listing on the drive (using
BartPE again) shows a bunch of odd characters, but no files of mine.
I tried looking at it with Partition Magic 8, but that wasn't helpful.
I haven't modified the drive since the goof with "fixboot".
Here's what I've done so far using findpart. I'm not sure where to go
from here. I've tried to delete the incorrect partition table entries
(see output below), but it appears not to be working. What am I doing
wrong? What should I do? Any help sincerely appreciated!
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# # # # #
# # first run of findpart # #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# # # # #
Findpart, version 4.67 - for Windows 95/98/ME/NT/2000/XP.
Copyright Svend Olaf Mikkelsen, 1999-2005.
OS: Windows 5.1.2600 Service Pack 2
Disk: 2 Cylinders: 25841 Heads: 240 Sectors: 63 MB: 190779
--PCyl N ID -----Rel -----Num ---MB --Start CHS- ---End CHS-- BS CHS
0 - 0B 63 12746096 6223 0 1 1 842 239 62 B OK
No jump 0 1 1
842+- 01 1 20739 10 843 0 1 844 89 12 B OK
0 - 0C 42487200 1058400 516 2810 0 1 2879 239 63 B OK
0 - 07 12746160377954640184548 843 0 1 25839 239 63 BU OK
------FAT CHS -Size Cl --Root -Good -Rep. Maybe --Bad YY-MM-DD DataMB
0 1 33 12424 4 2 12424 0 0 0 04-10-21 5497
2810 0 33 1032 4 2 1032 0 0 0 03-02-06 188
Partitions according to partition tables on second harddisk:
--PCyl N ID -----Rel -----Num ---MB --Start CHS- ---End CHS-- BS CHS
0 1 0B 63 12746097 6223 0 1 1 842 239 63 NB OK
0 2*07 12746160377954640184548 843 0 1 25839*239 63 NB OK
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# # # # #
# # ran this command # #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# # # # #
>findpart 2 843 2 * 00 843 0 1 844 89 12 842 25841 240 63 42
Editpart, version 4.2. Copyright Svend Olaf Mikkelsen, 2005.
Disk 2 Cylinder 843
Entry 2:
--PCyl N ID -----Rel -----Num ---MB --Start CHS- ---End CHS-- BS CHS
843 2 00 0 0 0 0 0 0 0 0 0 NB
OK
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# # # # #
# # reran findpart after reboot # #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# # # # #
>findpart 2
Findpart, version 4.67 - for Windows 95/98/ME/NT/2000/XP.
Copyright Svend Olaf Mikkelsen, 1999-2005.
OS: Windows 5.1.2600 Service Pack 2
Disk: 2 Cylinders: 25841 Heads: 240 Sectors: 63 MB: 190779
--PCyl N ID -----Rel -----Num ---MB --Start CHS- ---End CHS-- BS CHS
0 - 0B 63 12746096 6223 0 1 1 842 239 62 B OK
No jump 0 1 1
842+- 01 1 20739 10 843 0 1 844 89 12 B OK
0 - 0C 42487200 1058400 516 2810 0 1 2879 239 63 B OK
0 - 07 12746160377954640184548 843 0 1 25839 239 63 BU OK
------FAT CHS -Size Cl --Root -Good -Rep. Maybe --Bad YY-MM-DD DataMB
0 1 33 12424 4 2 12424 0 0 0 04-10-21 5497
2810 0 33 1032 4 2 1032 0 0 0 03-02-06 188
Partitions according to partition tables on second harddisk:
--PCyl N ID -----Rel -----Num ---MB --Start CHS- ---End CHS-- BS CHS
0 1 0B 63 12746097 6223 0 1 1 842 239 63 NB OK
0 2*07 12746160377954640184548 843 0 1 25839*239 63 NB OK
>
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# # # # #
# # ran this command # #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# # # # #
> findpart 2 0 3 - 00 2810 0 1 2879 239 63 0 25841 240 63 42
Editpart, version 4.2. Copyright Svend Olaf Mikkelsen, 2005.
Disk 2 Cylinder 0
Entry 3:
--PCyl N ID -----Rel -----Num ---MB --Start CHS- ---End CHS-- BS CHS
0 3 00 0 0 0 0 0 0 0 0 0 NB
OK
>
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# # # # #
# # reran findpart after reboot # #
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# # # # #
C:\DataRecovery\findntfs_fntfs165>findpart 2
Findpart, version 4.67 - for Windows 95/98/ME/NT/2000/XP.
Copyright Svend Olaf Mikkelsen, 1999-2005.
OS: Windows 5.1.2600 Service Pack 2
Disk: 2 Cylinders: 25841 Heads: 240 Sectors: 63 MB: 190779
--PCyl N ID -----Rel -----Num ---MB --Start CHS- ---End CHS-- BS CHS
0 - 0B 63 12746096 6223 0 1 1 842 239 62 B OK
No jump 0 1 1
842+- 01 1 20739 10 843 0 1 844 89 12 B OK
0 - 0C 42487200 1058400 516 2810 0 1 2879 239 63 B OK
0 - 07 12746160377954640184548 843 0 1 25839 239 63 BU OK
------FAT CHS -Size Cl --Root -Good -Rep. Maybe --Bad YY-MM-DD DataMB
0 1 33 12424 4 2 12424 0 0 0 04-10-21 5497
2810 0 33 1032 4 2 1032 0 0 0 03-02-06 188
Partitions according to partition tables on second harddisk:
--PCyl N ID -----Rel -----Num ---MB --Start CHS- ---End CHS-- BS CHS
0 1 0B 63 12746097 6223 0 1 1 842 239 63 NB OK
0 2*07 12746160377954640184548 843 0 1 25839*239 63 NB OK
What should I do now? Please help!
Facebook
Twitter
Instagram