[Brandon Maki]

Safe Mode doesn't boot either. It performs the same process.

Attached File(s)

•  MBRbackup.zip (512bytes)
  Number of downloads: 16

[myrti]

Hi,

ok, the MBR is looking good. Let's try this then. When you boot, press F8 to get into the boot menu, press F8 again to get into the advanced boot menu. There select "enable boot logging" and try to boot your PC normally. Then once it aborts, boot xpud and locate ntblog.txt in /mnt/sda2/windows and attach it to your next reply.

regards myrti

[Brandon Maki]

I didn't hit F8 in time and when Startup Repair ran this time, it said that it fixed errors and has to restart to complete. The Root cause that was found was different than previous times. It says: Boot critical file d:\windows\system32\drivers\pctbtfix64.sys is corrupt. Repair action: File repair Result: Failed. Error code= 0x2. Repair action: System Restore Result Completed Successfully. Should I still continue with what you said in the last post? Or see if it boots up on its own now?

[myrti]

Hi,

please go ahead and try to boot the PC. If this was the problem, so much the better. If it wasn't we can still go ahead and try the boot logging.

What likely happened is that hitman pro found an infected driver and simply deleted the driver instead of fixing the driver, so now we're missing a part of the system that is necessary to boot and we need to identify that.
Since Startup Repair just fixed a driver there's a chance that that'll get us back up and running.

regards myrti

[Brandon Maki]

Here is the MBR Dump

Attached File(s)

•  ntbtlog.txt (41.63K)
  Number of downloads: 17

[myrti]

Hi,

does that mean your PC wasn't booting after the fix startup repair did?

regards myrti

[Brandon Maki]

No it still continues to run startup repair when I try to boot.

[myrti]

Hi,

please run a chkdsk on your disk:

• Boot your computer into the Repair Your Computer screen (tap F8)
  
• Click Next at the System Recovery Options screen
  
• If the computer is password protected type in the password. If it is not password protected just press Enter
  
• Select Command Prompt
  
• Type c: and Enter
  
• Type chkdsk /r and Enter
  
• If you receive a message about unmounting the volume check Yes
  
• If the program doesn't start automatically repeat the chkdsk /r command
  
• Note: This process may take awhile to complete. Please be patient.
  
• Please let me know what happens

regards myrti

[Brandon Maki]

CHKDSK ran with no problem. Windows has checked the file system and found no problems.
The final message says Failed to transfer logged messages to the event log with status 50.

[myrti]

Hi,

could you please repeat the chkdsk for d:?

• Boot your computer into the Repair Your Computer screen (tap F8)
  
• Click Next at the System Recovery Options screen
  
• If the computer is password protected type in the password. If it is not password protected just press Enter
  
• Select Command Prompt
  
• Type d: and Enter
  
• Type chkdsk /f and Enter
  
• If you receive a message about unmounting the volume check Yes
  
• If the program doesn't start automatically repeat the chkdsk /r command
  
• Note: This process may take awhile to complete. Please be patient.
  
• Please let me know what happens

[Brandon Maki]

These were the results that stood out. CHKDSK repaired Usn Journal file record segment. CHKDSK discovered free space marked as allocated in the volume bitmap. Windows has made corrections to the file system. Failed to transfer logged messages to the event log with status 0.

[myrti]

Hi,

ok. please try to boot again now.

regards myrti

[Brandon Maki]

Same results as before

[myrti]

Hi,

can you then try to enable boot logging again and boot and give me the resulting log.

regards myrti

[myrti]

Hi,

disregard the above, please run a chkdsk /r on D: first, before rerunnning the boot logging.

regards myrti