XP computer won't boot, even to safe mode.

My friend's XP Presario SR2030NX had a bunch of malware. He said there were no popups, it just slowed, then stopped booting. On an attempted boot, after showing the Compaq boot /setup options, then the windows screen, it shows "Windows Message: The system is not fully installed. Please run setup again."

Clicking "OK" causes a reboot. If booting into safe mode, this same message appears after the screen with "Safe Mode" showing in all 4 corners appears.

Some more details are here
http://forums.majorgeeks.com/showthread.php?p=1630480

I put the drive in an external enclosure and scanned it from my own XP computer. MBAM and several other AV programs found lots of malware in the boot partition, (nothing in recovery partition), then cleaned it. After that, RootRepeal reported MBR rootkits for both the boot & recovery partitions.

I tried nondestructive recovery using Compaq recovery disks -no issues until the last item. It asked which country, which time zone,etc. It then did a monitor check -which is unfortunate since my spare monitor is from ~win 98 if not earlier. Apparently -I'm guessing here- it didn't like not getting expected feedback from the monitor? It gave an error message "Cannot create file c:\hp\bin\SetRes.log", then hung for an hour. I plugged in a flat panel and rebooted... It went back to "The system is not fully installed. Please run setup again."

So out of ignorance it seems like the malware screwed up SOMEthing pertaining to some hard disk function required when booting (but apparently not required when functioning as an external drive), like the MBR. What else might be screwed up this way? But my impression is that people expect different error messages than this to be given when there are MBR, partition table, etc problems. WHAT issues other than sysprep and interrupting an actual install (neither of which apply to the cause of my friend's problems) would give rise to this message, "The system is not fully installed. Please run setup again."?

I tried TestDisk. I don't understand it well enough. It gave a result as far as I got (there is a regular partition and a recovery partition)

Warning: Incorrect number of heads/cylinder 240 (NTFS) != 255 (HD)
1 * HPFS-NTFS 0 1 1 18337 224 63 294598017 [PRESARIO]
Warning: Incorrect number of heads/cylinder 240 (FAT) != 255 (HD)
2 P FAT32 LBA 18337 225 1 19456 239 63 17977680 [PRESARIO_RP]

So given this, what's going on, what needs to be done?
Thanks!

 

Hi,

With the HD in another computer see what the boot.ini looks and post it here.

Also what folders are listed in the main root folder of the HD. So if it shows as drive E: in the working computer which folders are listed when you first click E: in My Computer?

The "System is not installed" message started before you did the non destructive recovery--are you sure your friend didn't attempt a recovery before you looked at the machine?

 

Thanks for looking into it, sach2

I think boot.ini looks OK:
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

I'm curious what you're looking for in the folders. They are:

bd_logs (from bitdefender scan)
cmdcons
CMPNENTS
Config.Msi
Documents and Settings
hp
Kaspersky Rescue Disk 10.0
PFiles
Program Files
Python22
RECYCLER
sysprep -hmmm, is this a clue? but it's dated 8/7/2006
System Volume Information
system.sav
WINDOWS

In the sysprep folder the only file dated after 2006 is WINBOM.LOG dated 6/5/2011
It contains:
Factory is using the following WinBOM.ini file: D:\WINBOM.INI
ERROR: Factory state "Preparing for automatic logon" failed.
Factory is using the following WinBOM.ini file: D:\WINBOM.INI
ERROR: Factory state "Preparing for automatic logon" failed.
Factory is using the following WinBOM.ini file: D:\WINBOM.INI
ERROR: Factory state "Preparing for automatic logon" failed.
Factory is using the following WinBOM.ini file: C:\sysprep\WINBOM.INI
ERROR: Factory state "Preparing for automatic logon" failed.
Factory is using the following WinBOM.ini file: C:\sysprep\WINBOM.INI
ERROR: Factory state "Preparing for automatic logon" failed.
Factory is using the following WinBOM.ini file: C:\sysprep\WINBOM.INI
ERROR: Factory state "Preparing for automatic logon" failed.
Factory is using the following WinBOM.ini file: C:\sysprep\WINBOM.INI
ERROR: Factory state "Preparing for automatic logon" failed.
Factory is using the following WinBOM.ini file: C:\sysprep\WINBOM.INI
ERROR: Factory state "Preparing for automatic logon" failed.
Factory is using the following WinBOM.ini file: C:\sysprep\WINBOM.INI
ERROR: Factory state "Preparing for automatic logon" failed.
Factory is using the following WinBOM.ini file: C:\sysprep\WINBOM.INI
ERROR: Factory state "Preparing for automatic logon" failed.
Factory is using the following WinBOM.ini file: C:\sysprep\WINBOM.INI
ERROR: Factory state "Preparing for automatic logon" failed.
ERROR: Could not locate WinBOM.ini on any removable drives or the system drive.

There's no winbom.ini in C:\sysprep, or even in this partition. I don't know what winbom.ini does or what it should contain, BUT in C:\sysprep is WINBOM.000 dated 8/7/2006. Should I copy it & name it WINBOM.ini? The D:\WINBOM.INI (in the recovery partition) looks quite different. See attachments


Re "are you sure your friend didn't attempt a recovery before you looked at the machine?"
Good question; I'll have to ask. But I doubt it. (He doesn't have enough experience to even consider it, I think.)

Thanks

 

Hi,

I' not sure where to go from here.

The testdisk looks normal and the asterisk denotes that C: is the active partition. So you are booting to C: and the boot.ini has you starting in the WINDOWS partition. That is all good. The "Setup not complete" error is probably coming because of a registry entry that is set during the installation process and removed after installation is completed.

That the sysprep folder is on C: (or the root folder of the problem drive) also indicates that some type of setup/installation was underway since this folder is usually removed after installation.

From my quick google searces last night the "Windows Message: The system is not fully installed. Please run setup again." seems to be exclusive to HP but I will have to take a better look later. What are your recovery options using the HP/Compaq CDs? (I don't see why an old CRT monitor would cause any problems).

 

Sorry to waste your time, sach2; my friend did not give me complete information, and you called it.

He DID attempt nondestructive system recovery. He said it went through to the point where it declared itself finished. It then proceeded with setting up the computer, setting the time zone, computer name, etc. but then froze. I asked him if he saw the "cannot create file c:\hp\bin\SetRes.log" error message; he said no (I'm guessing he just didn't remember it, but I could be wrong). After this, when rebooting, the "Windows Message: The system is not fully installed. Please run setup again" is displayed.

I just tried nondestructive recovery once again, telling it not to turn on automatic updates, and to skip the LAN setup since it is offline. I used a more recent flat screen monitor, HP vs17e. As before, it went through the process, declared itself finished, then started the Windows setup, setting time zone, etc. It DID display the "cannot create file c:\hp\bin\SetRes.log" error message. I clicked OK, and the screen showed the windows logo, an hourglass, and said something like "Please wait." At first the HD access light came on very intermittently. In the last hour I never noticed the HD access light on (might have missed it). So I waited a total of ~90 minutes then turned the computer off. Now as before, when rebooting, the "system is not fully installed. Please run setup again" is displayed.

I don't know if the c:\hp\bin\SetRes.log error message is just a minor coincidence or an indicator of a real problem.

The Recovery Console is not listed in the OS choice screen. It was set up by Combofix last time I dealt with malware on this machine, but I guess the attempted recoveries did away with it (also set XP back to SP2).

Using the Compaq recovery disks, there are these options (not all on the same page):
Hardware test (no problems detected)
System Restore (failed, gave same "Please run setup again" msg)
System Recovery -standard
System Recovery -destructive.


I didn't mention in this thread that after tapping f8 one option is "last good configuration," but that also failed.

 

This is probably irrelevant, just for my own curiosity. TestDisk reported
Warning: Incorrect number of heads/cylinder 240 (NTFS) != 255 (HD)
I used its Geometry function to set heads to 240, which made TestDisk happy. This doesn't actually change anything on the drive, right? And reporting 255 vs 240 for this particular drive has no effect on drive function, right? It's only a value used by TestDisk if you're writing a new partition table?
OK, back to the regularly scheduled program. How can I get Setup to finish -if that's what's needed here?

 

The testdisk errors only change the way testdisk looks at the drive--nothing permanent. I don't know why but testdisk seems to think about 1/3 of all drives have a bad head count. I do as you did and just change the geometry to make it happy.

Again, I really have never run into the problem myself so I'm unsure of the next step. Usually, after setting time etc. it would ask to set a user name. But since it was a non-destructive repair that might not be applicable. So it could have been going to the next step after creating a user name which would be to bring you to the welcome screen with your username. Not sure why it wouldn't complete.

I only see a rather complicated possible way to edit the registry and am not sure if that will help.

Maybe you could try this first step to see if you can get to a command prompt.

 

Sorry, thinking about it the above won't work for XP. They must be Vista commands.

I'll try to find something specific about XP and the "run setup again" error. This is what have been reading and am considering doing the registry edit to change the SetupinProgress key value to 0, in order to see if the setup is actually complete and could boot Windows. The same fix seems to appear in many threads but I haven't seen an answer as to what to expect after the edit.

I've got to run an errand but I will look for something on HP's site to see if someone running XP has had a similar problem and found a fix. I don't think that recovery should take more than 90 minutes even though my link says it can take hours. I believe it only takes hours with a huge number of user files and a very full HD.

 

I've been reading and I think I would do the recovery one more time, but before doing the recovery try the following quoted text. Basically, creating a blank setres.log file to see if that single file not being able to be created is halting everything. It may be a waste of another hour but it won't do any harm. Perhaps there is a permission issue on the existing file. Try rebooting without the recovery disc after creating the blank file and before performing the additional recovery.

 

Sach2, you were reading exactly the right thing. IT WORKED!! Setup made it to the end, I rebooted, and it went right into XP.

I'll finish setting it up tomorrow, hopefully avoiding any more major issues.

THANKS!


...now back to dealing with the rootkits etc; fun!

 

Good work! I'm glad you got it sorted.

I'll just give credit and a link to the original thread with the post by commenter cc1 to help spread a working answer around.

Good Luck cleaning up the malware.

Depending on how much space is being used on the HD you might be able to create an image of the cleaned up XP using Macrium Reflect or ToDo backup. Might not be practical if he has 100gb of personal files but a 20gb XP installation would only be about 10gb as an image. You could make a small partition to hold the image separate from the OS.

 

Sach:

I have a Pavillion a815n desktop with XP Home Edition. Picked up one of the fake scanning malwares, restore to an earlier date was not working, so I ran a non-destructive recovery from the partition. It ran all the way through the speaker sound test and time zone fill in, then at the last windows screen it stopped just before where the icons would appear and the error message appeared: "can not find file hp/bin/setres.log." When I clicked OK box on error message, went to new screen that had error message: "The system is not fully installed. Please run setup again." Went through the above several times. Can not get to safe mode. Tried to run set up recovery discs, but system will not boot off the first recovery disc. I want to save data on drive. I do have an XP installation dick from another computer which is a laptop. Can I use that laptop disc to open the recovery console on the desktop, then do a chk dsk? Will that help. How can I get the computer to do a new non-destructive recovery? Thanks so much for any help. I saw your suggestion to rename the setres file, and rewrite that file. How do you do that? Computer will not boot up now.Thanks so much.

 

Hello,
Since you cannot boot the computer, you will have to add the log file offline using either a WinPE disk like UBCD4 Windows or Puppy Linux. You can download Puppy Linux and burn the iso with Imgburn or other burning software that can burn an iso image.

Once you have burned the Puppy CD, boot from it. You may have to change the boot order in BIOS. Your hard drive will be in the lower left of the screen. Click it once and it will automatically mount. You should now see the contents of your C: drive. Now click on the HP directory. Then the BIN directory. If you see the setres.log file, right click and select rename. Rename it to something else i.e. setres2.log. Now create another file called setres.log. Right click in the Bin directory, select New File and type setres.log in the box. This will create a 0 byte file in the C:\HP\Bin directory.

Now remove the Puppy CD and reboot. If you still cannot get to Windows, do another non-destructive restore. If you still cannot get into Windows, you can use Puppy to copy your files to either a flash drive or external drive and then do a full factory restore.

Another note. This file is created from setres.exe and involves the setting of a resolution for your monitor. Do you use a LCD monitor or a CRT monitor?

 

Tgell:

Thank you so much for your reply. I have an LCD monitor. I tried connecting a CRT monitor and there was no chaneg to the condition. I even tried a nondestructive recovery with the CRT monitor. I will try changing the setres file as you suggest and let you know.

 

Your welcome and thanks for the feedback. There are always good people here at Majorgeeks that are willing to help if you should have another problem.

 

I would like to add that it was actually sach2 that came up with the solution to using a blank file. sach2, where are you? :cry

 

Try out this Hiren Boot CD, it may help you out a bit. There are tools that allow you to access your computer from some kind of virtual copy of XP on the disk. Within that part you will find a BUNCH of tools! O_O ... If you are a computer savage ( I hate saying "Tech Savvy" sounds corny) you will figure it out... it has helped me a bunch of times.

I have not tried the new version though

http://www.hirensbootcd.org/download/