From a Windows 10 booting problem to a whole OS problem

Topic

New Reply

Hello there,

My problem I think started following the latest Windows 10 update in April when I remember. After the first download, the laptop suddenly crashes and gave me the infamous blue screen with the option to reset or other options.

I chose other options and I restored my Windows to earlier automatic restore point. It worked fine and I downloaded the update and actually I forgot the whole thing.

The laptop , which is Dell XPS 15 9530 worked fine till 26 June Saturday.

On Saturday I noticed I may have malware after seeing strange ads and sites appearing suddenly unexpectedly on my google chrome
I downloaded adwcleaner and I ran it. It showed that I got at least 7 or 8 malware files after the first scan.
I chose to terminate those files which I can not remember their names unfortunately. Then the application asked me to reboot to complete cleaning the laptop from those malware files.

Suddenly , Windows 10 refused to boot giving me again the blue screen with the reset and other options. I could not restore my OS for reason beyond me. I did not “do not ” reset the system even while keeping the files because all what I thought “still thinking about” the app and the programs on it.

I had to use command prompt in order to see what is wrong seeking help and tips online. I tried to fix boot and rebuild the bcd but in vain.

I did not have a Windows 10 recovery USB then but I got it one later.

I was able to find command prompt working though only to find that the c:\ became x:\windows/system32

Through registry I found out the the booting drive was now x , the c driver was still there with all the directories as it is.

After spending two days reading different guides here and there on iPhone I managed to restore back c:/ using cmd commands and then I got the famous BSOD
The special reset and others options blue page disappeared. Only the F8 options were there.

I noticed that there was no response on the Dell boot page when I chose Safe Mode options “aka loading” but there was some loading reaction when I chose the “No drive signature” option but nevertheless it led to nothing.

On Wednesday , someone in Ten Forum was helpful enough and told me about a way to fix and restore the registry in Windows 10.

Using the Win 10 USB , I go to the command prompt and change the X to C then head to the C :/Windows/System32/config/ then type “dir” then make a new backup folder using “MD command” like “MD Backup” then copy all the files to that folder “copy  *.*  Backup” .

Then I changed the directory to regback and copied  all the files in it Copy  *.*  ..

I was sure to see that all the files in the process were sizable appearing with numbers and no with zero.

I rebooted and it worked

The trick made and for the time  since Saturday , the laptop booted successfully and as I signed in , I found Adwcleaner txt about those malwares. I made a new manual restore point on that date.

I remember that I ran the tests I could have then and they all showed that there was nothing wrong with the system or the hardware.

fc /scannow result : Windows Resource protection did not find any integrity violations.

dism /online /cleanup-image /restorehealth : The Restoration operation completed successfully.
The Operation completed successfully.

The only thing that I haven’t done “which I regret” was running the Windows defender offline.

On Thursday , I found the Dell assistant notifying me with a new important update for certain Intel chipset. I downloaded the update and rebooted. It worked fine. I was planning to have the Windows defender offline scan on Friday. ”

Friday morning , I opened the laptop and everything was fine. I was notified that I have to update or download Dell Assist app, so I did it and I shut down the laptop to open it later.

Later ,we were back to the Blue screen once again with reset or fix or restore….etc. I used the registry method but this time its magic failed. The restore point did not work either.

I checked the c:\Windows\system32\config\logfiles\srt\srttrail.txt twice after so many attempts to boot on Friday. I have “a recent driver installation or upgrade may be preventing the system from starting”
Repair action : System restore
result : cancelled

Repair action: System files integrity check and repair
result : failed . Error code : 0x49.

On Saturday , I decided to use recovery apps. I bought Easy Recovery Essential. https://neosmart.net/EasyRE/ as I read good reviews about it.

I used it and I pushed the  Automatic repair button but it done nothing and actually things went from bad to worse to worst.

Officially I got the blue screen of death with no place to go as required file is missing

File:\Windows\system32\winload.efi

error code : 0x000000e

The recovery tools did not help. Only command prompt showed things went bad indeed.

The C:/ directory did not have any of the directories or the folders under it. The size of drive c increased as if the windows was wiped out entirely with all the folders. I freaked out honestly. I wrote angry emails to  Neosmart .

I downloaded another recovery app “Lazesoft recovery suite” http://www.lazesoft.com/lazesoft-recovery-suite.html as it had very good reviews as well free

Lazesoft recovery usb did not recover anything but its file explorer showed what happened .

All the folders and directories under C:/ moved under some partition that suddenly appeared E:/

E:/ was even the same size of C:/before all that s**t that hit the fan “excuse my French happens”

At least I knew that my folders, documents have not been wiped all. Srttrail shows that the last successful logon was 29 June correctly.

On Monday , Neosmart replied on my angry emails telling me to try their restore points made by their recovery app and I found two restore points. I chose one but nothing was restored. Same blue screen.

I noticed that the directories of the C:/ now were under F:/ and not E:/ . I do not know if it had to do with the USB drives used in the laptop.

I do not know what to do next for real. I avoided the reset as well the clean installation of Windows because I do not want to lose all my documents and files. Unfortunately I forget to have a backup recently and I know that Will cost me a lot.

Sorry for the lengthy post but seriously I need help.

Edit html to text for copied parts – may have made unintended changes to content
Edit to remove more HTML
Edit for content

Reply | Quote

Replies

Well, i am no expert, but if your priority is to recover documents and files maybe an Ubuntu live usb will do the trick and maybe that will allow to try the clean installation of Windows without loosing much. I hope that helps.

Reply | Quote

@ Zeinobia

On Saturday I noticed I may have malware after seeing strange ads and sites appearing suddenly unexpectedly on my google chrome.
I downloaded adwcleaner and I ran it. It showed that I got at least 7 or 8 malware files after the first scan.

.
How come Windows Defender did not catch the malware/virus.?

Usually, once a computer OS has been penetrated by malware/virus and showing various symptoms, its innards would have already been corrupted. By that stage, it’s already too late to do anything to fix things and the only way to recover is to do a reinstall, ie no point going into CMD line to try to fix things.
… This is similar to being hit by ransomware and the computer user already seeing the dreaded red/orange-colored page on the screen demanding for a ransom in bitcoins to decrypt the files.

Normally, a good AV program’s Real-time Protection feature will first alert/warn the user about a dangerous website. If the user continues with the website or there had been no alert/warning, the AV will detect and stop the malware/virus from doing anything to the OS and notify the user. If the user does not take the appropriate action to quarantine or delete the detected malware/virus, then kaboom.!

Reply | Quote

anonymous wrote:

Normally, a good AV program’s Real-time Protection feature will first alert/warn the user about a dangerous website.

You don’t say which good AV program you are using. Windows Defender is not sufficient. And even good AV programs don’t catch everything all the time. It sounds like your problem started from the Internet via Chrome. There are “drive-by” infections, and clicking on a link on a website or in e-mail can infect.  Sometimes malware replaces system files with bogus ones and makes the system unusable. Beside updates, you don’t say if you recently installed any new programs.

It is hard to know what advice to give, not having seen what was happening or what the name of the files were that were removed by adwcleaner.

Reply | Quote

The very first thing I would do in your case is rescue my data. You can always reinstall the OS and the programs, but your data is irreplaceable.
Boot from your rescue USB. Find which option offers you an Explorer GUI and copy EVERYTHING under your User ID off onto an external HDD or USB. Use Copy/Paste, NOT Cut/Paste. You could alternately use a bootable Windows disk (PE).

Considering what has been done so far on the HDD, I would highly recommend a clean install. Then reinstall your programs, then copy your data back.

Reply | Quote

@Zeinobia yeah I would agree with what @PKCano says that getting your data back is really important. Sounds like your no stranger to the CMD prompt so you can boot from a USB with plenty of room, depending on how much data you have and back it up either using the XCOPY at the X:\ prompt (does that still work havent used that in ages, and we are talking years?) Either make a folder first or MKDIR, a little neat trick and a lot easier than typing CMD’s is type notepad at the X:\ prompt select all “files” and navigate accordingly, its almost like Windoze explorer. Not fast though if you have a lot of data. Hope this works out for ya 🙂

Reply | Quote

So it does still work, that was a walk down memory lane lol 😉

Reply | Quote

Yeah, for me too, many times.

And even if you can get it to work after all that, I would still recommend a clean install. No telling what’s been corrupted in the process and if there is still some malware lurking.

Reply | Quote

PKCano wrote:

It is hard to know what advice to give, not having seen what was happening or what the name of the files were that were removed by adwcleaner.

That’s the $64,000 question.  A lot of the adware cleaner type programs list things like ad tracking cookies as “adware issues,” and if that’s all it removed, there may not actually be any malware in this mix, but instead some other kind of issue, like a disk problem.  What you are describing could be malware for sure, but it might also be something else.

Regardless of what the problem is, as PKCano wrote, secure your data first. Whatever is going on could cause it to become unreadable, and since we don’t know what the problem is yet, we don’t know how likely that is.  Play it safe and get that data secured first, and we can worry about returning the computer to a fully functioning state next.

If you have a “rescue” USB drive or DVD-ROM from a backup program like Macrium Reflect, you could boot from that and use it to image the computer’s drive to an external HDD or network share.  I’d suggest not booting on the drive if it can be avoided, even if it sorta works between bluescreens, until your data is all safely copied.  When I begin to work on something like this, that’s the first thing I do… get an image (backup) of the drive(s) before I start changing things, so if things get worse, you can at least go back to the way it was when you backed it up.

The thing about your Windows files being moved to another partition is not likely.  What you’re seeing is more likely a different drive letter being assigned to the existing partition, which is especially likely any time you’re booting from a USB device or a disc.  That in and of itself isn’t a big concern… just get that data secured first.

If there’s any way to get ahold of that report of what the Adwcleaner logged, please do and report it here.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon
XPG Xenia 15, i7-9750H/16GB & GTX1660ti, KDE Neon
Acer Swift Go 14, i5-1335U/16GB, KDE Neon (and Win 11 for maintenance)

Reply | Quote