I have struggled on this for 2 days. I had a Dell Precision T1600 W7 desktop that got infected with the Rootkit.Boot.Harbinger.a virus. User does not want to format and reinstall apps.
I booted from a Kaspersky Rescue CD and ran a scan which reported the virus and flagged the file C:\windows\system32\rpcss.dll as part of the problem. I continued the default options thru the Kaspersky cleanup and rebooted. The Windows splash screen comes up and the pc hangs on the black screen with the Cursor in the middle of the screen. The mouse does move the cursor.
I have the W7 Install dvd available.
Here is what I have done to correct the issue:
1. Boot from W7 install cd.
2.Open Command Prompt x:\ sources net start trusted installer
3. sfc /scannow /offbootdir=d:\ /offwindir=d:\windows . This runs for a while and then comes back with error
"Windows Resource Protection could not perform the requested operation". still no W7 boot up.
4. Boot from W7 CD. No System Image Recovery files found.
5. Boot from W7 CD. Run StartUp Repair tool. It says that it does not find any problems.
6. Boot from W7 CD. Run System Restore tool. There are several older images. None that are prior to Rootkit infection. I believe that Kaspersky deleted all the rpcss.dll it found and corrupted all the Restore Images.
7. bootrec /FixMBR and FixBOOt ran. still no W7 boot up.
Booted from Kaspersky Rescue CD and added explorer.exe to HKLM\Software\Microsoft\Windows\CurrentVersion\run\ and also copied to Startup folder. Saw where if explorer.exe got loaded, pc would finish boot?
I can't get W7 up so, I can't do an Upgrade install.
What would you try?