Posted 26 February 2009 - 11:47 AM
Summary: Vista only boots into the WinRe environment. Automatic attempts at recovery all fail even though the log shows all the tests were completed successfully. I can't boot from the last known good configuration and no restore points show up (they did at one time but did not work; see full story). I have run the memory diagnostics and everything passes. Chkdsk/r completed successfully. I can access DOS and see all the files intact (and therefore have been able to back up the non system files to an external drive). I very much want to avoid having to reformat and reinstall all the software on the PC if possible. (I've since bought imaging software to avoid this in the future!)
Full story: My younger son was "befriended" by some kid/guy who told him to click on a link to install a Microsoft Xbox Live Points Generator. As I eventually found out, thanks to Kaspersky (after numerous other virus programs missed it), it was a backdoor trojan (win32.virut.ce aka w32/scribble-A, which was apparently installed from a file called xbl_gen.exe carrying backdoor.win32.vb.gtf) that allowed someone to remotely turn the PC into a spambot. Way before I knew all the details, but knowing something was amiss, I decided to run Malwarebytes on my own PC. Important note: I had NO reason to suspect any viruses on my own PC, which is not connected to the kids' PC (they even have separate cable modems). I was just curious what it might find.
Upon running Malwarebytes (after making sure to have the latest, 2/11, update and the latest database), I saw a few flagged files, thought nothing of it, and went about doing household chores. When I came back the computer had rebooted. I thought this strange since Malwarebytes doesn't do an auto reboot. I ran it overnight and, once again, awoke to a rebooted computer. I ran it again, left for moment, and when I came back it was trying to reboot but failed. Dead. Fried. Kaput.
Once again, I have no reason to believe a virus is involved. Or, if one is, that the two episodes are related. I relay the info just in case.
I booted into WinRe and the Vista recovery tools said it passed all the tests (nine of them) and therefore has no suggestions on what to do, even after remotely accessing Microsoft. I was able to go to advanced recovery options and view a dozen system restore points but each one failed. Gateway has a recovery drive (x:) showing in gray, but somehow I couldn't access it. I had also previously made a special "system recovery disk" but apparently that's just software like what I just described, not some emergency boot disk. It basically allows you to restore to factory settings. Forget that. Too much stuff on the computer that I can't kill.
I should add that I always booted into my own settings where I have no password. Whenever I chose "administrator", it required a password but none of the ones I tried worked. I don't recall even making a password.
I could boot into safe mode with command prompt and had full access to both my c and x (recovery) drives. All my stuff seemed intact. I could even run a chkdsk-- no errors. Heck, I could even edit the registry. But I couldn't boot.
Then I read about the console tools to fix these things. Bad move on my part. At first I tried fixmbr which said it completed successfully immediately. I rebooted. Didn't affect anything.
I got back to the DOS prompt and tried fixboot. It took some time, but said it completed successfully. Rebooted. Didn't affect anything.
I got back to the DOS prompt and tried rebuildbcd. It said no windows installation was found.
I ran scanos and it came up with no windows installation anywhere on the system as well.
At that point I was down to bcedit:
bcdedit /export C:\BCD_Backup
attrib bcd -s -h -r
ren c:\boot\bcd bcd.old
It said it found a windows installation so I rebooted and crossed my fingers. The result was that instead of saying Windows was corrupted and asking it I wanted to repair it, it went to the 'usual' boot choices (safe mode, safe mode with command prompt (which I chose), etc.) Safe mode scrolls all the files it loads. The last one I saw was crcdisk.sys before it again choked.
After that, I could not boot into anything. Nothing worked. I then tried to use the system restore disk I had made and asked to restore from a given point. All my restore points were gone, as was my ability to get back to the DOS prompt.
After trashing the house looking for my Vista disk from Gateway, I found it. This again allowed the PC to boot into recovery mode, but, again, automatic repair failed. It didn't even recognize a Vista installation. Luckily I could now access DOS again and undo the above bcedit script. I then backed up whatever files I was allowed to an external drive. Vista then showed as installed but my recovery points were all gone.
Again it passes all the various tests, but generates an event that the problem still persists:
Problem Event Name: startuprepairv2
Problem Signature 01: Auto Failover
Problem Signature 02: 6.0.6000.16318.104.22.16801.18000
Problem Signature 03: 6
Problem Signature 04: 1114129
Problem Signature 05: Corrupt registry
Problem Signature 06: 11
Problem Signature 07: 3221225804
Problem Signature 08: 3
Problem Signature 09: Rollback registry
Problem Signature 10: 0
OS Version: 6.0.6000.20.0.256.1
Locate ID: 1033
I very much want to avoid having to reformat and reinstall all the software on the PC if possible. Now what?