New
#1
Greetings all. Well, I haven't had to bug you guys in quite a while, but I find myself back begging at the door. The situation is a bit complex, but tantalizingly close.
The system has primarily run w7 for years, but still can dual boot the older Vista. I'm on the Vista right now. There are four physical drives. From vista, I can access the w7 c: drive as N:.
Problems began last night with power hit and failure of backup supply.
On boot, system wanted to check the disk, but complained it couldn't due to "recently installed programs." -- then proceeded to boot to w7 seemingly normally. I decided to do a system restore to prior to the program I had installed earlier in the evening, but restore complained that I needed to check the disk first. Trapped!
I went ahead and uninstalled the program that had been recently installed.
For the first time in ages, I booted to vista -- vista noticed the disk check issue on the win7 partition (I should note, both win7 and vista share the *physical* C: drive) and proceeded to successfully check it. There were about 5 orphan files and 5 index errors corrected.
I rebooted and came back into win7 successfully. However, I felt unsure about the state of that previously installed program, and decided to do a restore to just prior to its installation. Restore seemingly OK. System reboots.
At this point, win7 startup began failing. Apparently that restore was not the best idea I ever had.
Boot sequence proceeds normally through "busy bar" animation to the point when the GUI would launch. At that point I see a message at the top of the screen too fast to read and the hardware reboots again.
I cannot get into GUI or command prompt safe mode. Lots of drivers load, there's a long pause, then reboot. System Repair comes up clean on everything until it says "unspecified system changes may be preventing boot". When I try to restore to an even earlier restore point from within Repair it all proceeds and then says fail at the end. I turned on the boot logging but am unsure where that file is now. As noted I CAN access the w7 C: drive from Vista. In fact I just did another chkdsk on it and it comes back clean.
My assumption is that probably a single file or some such was blasted. I very much want to try bring this system back without a full load -- I know I could copy off /Users and other data like that but there are many programs with complex configurations I do not want to lose if at all possible.
I'm hoping to attack this as systematically as possible, but I need to throw myself at your mercy for a suggested line of attack.
Thanks!
Additional info. I now have the boot log -- it is quite lengthy.
I have also managed to catch the error that appears just before the reboot (that is, busy bar runs, screen goes dark for a few seconds, this error flashes, then system reboots):
It appears to be (I had to catch this on video and dig down to the frame):
STOP: c000021a (Fatal System Error)
The initial session process or system process te ... [cut off]
Thanks!
More info. The error message above appears to be described at:
How to troubleshoot a "STOP 0xC000021A" error
This is very illuminating, and describes how various "remote control" programs may
replace the default winlogin DLL. And in fact, the program I had installed just before this entire sequence began was indeed a remote access program I was testing.
So right now I'm trying to figure out how to get at the registry value for that system from over on Vista. I found instructions for using regedit on a different disk, and navigated (I think) over to the proper drive's \windows\system32\config\SYSTEM. At that point it requests a key name (apparently for reference) -- I just used FIX1. But navigating down into (what I believe is) that registry I do not find the key described in the KB article listed above.
So right now my focus is in finding out how to get at the appropriate registry value on that drive (the C: drive for Win7, N: from Vista) and see if I can set the winlogin back to the default as described.
Any clues appreciated! Thanks.
Last edited by Brink; 11 Sep 2012 at 14:20. Reason: merged