Windows 7 wont boot

Hi Experts,

I have a Windows 7 Home 64bit machine that wont boot in normal or safe mode....

I have pulled the drive out & backed up the data, run all tests on memory and harddrive (all ok) while I had it out I ran chkdsk /r /f  no issues found. I'm currently downloading a windows 7 disk so I can either attempt to repair from that or am  best of with a W & R? or is there something that may assist in repairing.

Windows repair from boot up does not fix it although I did come across a message about a driver missing?

The user was hacked by some one who called and he let them on his PC one thing I noticed is that windows 7 is installed on the D drive

cheers.
AndrewPartnerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

☠ MASQ ☠Commented:
As you have all the data recovered W&R is the definative solution where there's been unauthorized access to the machine.  Although it's highly unlikely in this kind of drive-by scam scenario you cannot be 100% certain that something else has been left that might emerge later.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Adam Andersoninfrastructure consultantCommented:
Check your hard drive is ok to boot sector.
Boot off windows dvd and there is a command to run
And fix your mast boot record.

Run command prompt and use the dvd drive letter

type the following commands:

bootrec /FixMbr bootrec /FixBoot bootrec /ScanOs bootrec /RebuildBcd.
0
RojoshoRTCC-III Level-2 SupportCommented:
Hey,

Honestly, with so many unknown and wanting the abilty to sleep at night, I would erase the HDD and install a fresh new OS - That is going to be the ONLY way you and your "client" will know that the PC is 100% safe.
> You could use Belrac (Use CNET to get it) to get the full report of the installed sw packages and Product Keys.
> Thought, this would be a GREAT time to upgrade the HDD to an SSD - Just a suggestion.

Rojosho
0
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

R@f@r P@NC3RVirtualization SpecialistCommented:
Hello,

If your operating system does not start in normal mode and safe mode, it is most likely that the operating system is corrupt or is missing some startup file.

Similarly try to repair the operating system to see if you get good results.

Otherwise, start a new installation of the operating system.

regards..
0
NerdsOfTechTechnology ScientistCommented:
First thing, just to rule out an incorrect boot drive reference, check your BIOS to make sure the boot drive is the correct one. I would go as far as removing any spare drive that the system thinks is C: besides the drive, you're booting from.

If everything checks out and doesn't boot:

I would echo Rojosho's alternative recommendations: replace the drive. I would if I were you, for two reasons:

1. it's a very small cost for the piece of mind that you won't be running from a drive that might coincidentally be malfunctioning (despite the test results).

2. you can cleanly install Windows 7; it might be a good time to upgrade them to Windows 10 since Microsoft ended mainstream support for Windows 7 on January 13, 2015 (extended support won't end until January 14, 2020).

Next, I would change the boot drive of the new drive/install to C:, make sure BIOS uses the new drive as boot, load the old drive in with an external cradle and re-letter it if needed, run virus scans on the old drive files, safely pull the keys from the old drive's registry hive (using a keyfinder, like magicial jellybean: [https://www.magicaljellybean.com/keyfinder/]), migrate the files to the new drive/OS setup, install the apps, etc.
0
David Johnson, CD, MVPOwnerCommented:
what a lot of these 'repair' places do is run 'syskey' on the system which password protects the SAM database. Their 'fix' is to after receiving your money is to enter the sam database password and then run syskey again and remove the password.
0
AndrewPartnerAuthor Commented:
thanks for all the comments guys working on this today I will have a quick go at the other options mentioned but thinking that I will wack in another drive but sticking with Win7 for now...

I will upgrade him closer to end of support (if the pc can take it) or convince him to purchase a new one as it is getting on in age, but budget is the key here...

@ David can you elaborate why I would need syskey in this instance please... I might be missing something here?
1
R@f@r P@NC3RVirtualization SpecialistCommented:
Hello,

Syskey is a utility that encrypts the hash of the information password in a SAM database, using the Microsoft Windows system, using a 128-bit encryption with an RC4 encryption key that, by default, is stored in the registry. Windows

I remain attentive to your comments.

regards...
0
AndrewPartnerAuthor Commented:
Hi Jeimy,

Thanks for the info but like I said I'm not quite not sure how it can help me in this particular situation as I don't have an issue with passwords?

But maybe Im missing something here?
0
R@f@r P@NC3RVirtualization SpecialistCommented:
Hello,

I recommend you first perform the mentioned actions to see the results.

regards...
0
NerdsOfTechTechnology ScientistCommented:
I think they were mentioning syskey in the case that the attack was syskey based (common with phone scams).

Usually, this involves a lockout prompt like this:

typical syskey lockout screen
If this is what you are running into, or want to try this procedure just in case the attacker malformed the entry, follow these steps below, otherwise, you could skip this and replace the drive and reinstall the OS.

1.     Boot from a Windows 7 install cd.

2.     When the Install Windows page appears, click Repair your computer to access system recovery options.

3.     Run System Restore to last point before syskey password blocked access. (This will fail, but must be done). Click run system restore again (this will take you back to the options list)

4.     Open Command Prompt from the options list.

5.     Open Regedit (Type regedit into the command prompt). Regedit will open.

6.     Navigate to: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa, and change 'SecureBoot' value to 0.

7.     HKEY_LOCAL_MACHINE \SAM\SAM\Domains\Account Change F value to 0000

8.     Reboot and Login
0
AndrewPartnerAuthor Commented:
Thanks anyway NerdsOfTech that wasnt the issue...

Quickest way was to swap the drive out and reinstall Win 7, thanks for all the tips and advice.
1
NerdsOfTechTechnology ScientistCommented:
Glad to be of assistance.
0
AndrewPartnerAuthor Commented:
Thanks for your assistance guys!!
1
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
R

From novice to tech pro — start learning today.