Gateway laptop: 21A BSOD & unable to N&P

[glricht]

(sorry for the long post)

Got a Gateway MX6920 laptop in today running XP MCE on a SATA HD. From what the customer says, it's had a number of viruses/spyware problems for the last 3 weeks or so. Been getting gradually worse until now it BSODs with a 21A, code 0005, in both safe & normal mode. The Windows logo shows, but at about the point where the user would login, the BSOD occurs (which is consistent with the 0005).

Here's what I've done to try to address the 21A:
1. Booted using "Last known config", no change.
2. Using UCBD4WIN, did a system restore back to 1/27 and 1/31 (there were only 8 restore points, 7 on 1/27 and 1 on 1/31). No change
3. Tried running TDSSKiller, but it won't run under UCBD4WIN
4. Slaved the HD to my bench PC and ran CHKDSK /R, but no errors found. Put HD back into laptop and still get the 21A
5. Tried a repair install using the MCE CDs I have, but the repair install fails saying it can't find a hard drive.

I'm guessing that the OS has been corrupted, either by the malware or by the user's attempt to fix it, to the point of causing the 21A. Since I can't boot the PC, I can't run SFC /SCANNOW.

Anybody have any suggestions to resolve the 21A?

Backup Strategy:
Thinking I might not be able to fix the 21A, I replaced the customer's SATA HD with one of my own and attempted a N&P using both my MCE and XP Pro CDs, but both installs failed with "No hard drive found".

Thinking that the HD is probably configured as AHCI, and not having the custom drivers, I went into BIOS to turn off AHCI, but the BIOS (PhoenixBIOS) has no provision to display how the HD is configured, nor am I allowed to change it!

Unless I can resolve the BSOD 21A, I may have to do a N&P, but because of the AHCI, I will probably need the Gateway recovery CD. Since the customer doesn't have the recovery CD, I would normally just order one. But the customer is leaving town in 3 days and wants to take the laptop with him so there's no time to order one!

I may be between a rock and a hard place to get his PC up and running in the time frame he needs.

 

[dk99]

you could boot into ubcd and enable network then download superantispyware potable to the c drive and then run it. the portable version runs when in a live cd environment. also try repairing the master boot record. if that is unsuccessful try slaving it to test pc and running avast boot time scan from there.

 

[red12049]

(sorry for the long post)

Got a Gateway MX6920 laptop in today running XP MCE on a SATA HD. From what the customer says, it's had a number of viruses/spyware problems for the last 3 weeks or so. Been getting gradually worse until now it BSODs with a 21A, code 0005, in both safe & normal mode. The Windows logo shows, but at about the point where the user would login, the BSOD occurs (which is consistent with the 0005).

Here's what I've done to try to address the 21A:
1. Booted using "Last known config", no change.
2. Using UCBD4WIN, did a system restore back to 1/27 and 1/31 (there were only 8 restore points, 7 on 1/27 and 1 on 1/31). No change
3. Tried running TDSSKiller, but it won't run under UCBD4WIN
4. Slaved the HD to my bench PC and ran CHKDSK /R, but no errors found. Put HD back into laptop and still get the 21A
5. Tried a repair install using the MCE CDs I have, but the repair install fails saying it can't find a hard drive.

I'm guessing that the OS has been corrupted, either by the malware or by the user's attempt to fix it, to the point of causing the 21A. Since I can't boot the PC, I can't run SFC /SCANNOW.

Anybody have any suggestions to resolve the 21A?

Backup Strategy:
Thinking I might not be able to fix the 21A, I replaced the customer's SATA HD with one of my own and attempted a N&P using both my MCE and XP Pro CDs, but both installs failed with "No hard drive found".

Thinking that the HD is probably configured as AHCI, and not having the custom drivers, I went into BIOS to turn off AHCI, but the BIOS (PhoenixBIOS) has no provision to display how the HD is configured, nor am I allowed to change it!

Unless I can resolve the BSOD 21A, I may have to do a N&P, but because of the AHCI, I will probably need the Gateway recovery CD. Since the customer doesn't have the recovery CD, I would normally just order one. But the customer is leaving town in 3 days and wants to take the laptop with him so there's no time to order one!

I may be between a rock and a hard place to get his PC up and running in the time frame he needs.

Many of those Gateways require special SATA drivers. You can get them from Gateway's site, and use a USB floppy to install them early in the Windows installation process.

As for the rootkit, a "fixmbr", or "bootrec /fixmbr" (depending on OS) should clear it up, but it will also destroy the recovery partition functionality.

Rick

 

[B Trevathan]

From what the customer says, it's had a number of viruses/spyware problems for the last 3 weeks or so. Been getting gradually worse until now it BSODs with a 21A, code 0005, in both safe & normal mode. The Windows logo shows, but at about the point where the user would login, the BSOD occurs

Have you scanned the drive with a av live CD like Avira Rescue System or Dr.Web Live CD?

Can you load the Recovery Console from either of your Windows CD's?

When you had the hard drive slaved did you load its registry to check for malware entries, if you are getting stop error 0xC000021A you may want to slave the drive and load the drives registry hives and check the Winlogon: make sure Userinit and Shell is set right.

When you had the hard drive slaved did you scan the drive for malware using your antimalware?

Have you tried loading a backup copy of the drives registry or loading the copy of the registry that was created during the initial setup of Windows?

 

[vdub12]

Why not just slipstream the sata drivers and do the repair install?

 

[glricht]

Sorry for the delay in responding, it's been a madhouse around here - not that I'm complaining about the work!

I was finally able to N&P the machine and it goes back to the customer tomorrow, but the road to get there was full of potholes.

I really didn't want to N&P, just fix the 21A BSOD. So in addition to the items mentioned in my first post, I also ran every boot CD I had (e.g. UCBD4WIN, Hiren's, Dr.Web, Avira, etc). Some found many problems and fixed them, others struck out completely. But no matter what, the 21A always reoccurred. I had already spent a LOT of time on this and finally decided it was N&P time.

Which is where I ran into the 2nd situation.

Booted into the recovery partition, but it required the Gateway Recovery CD, which the customer didn't have. Talked to a Gateway rep to order a replacement, but they would NOT let me order one because the PC was more than 3 years old! (I've had companies unable to provide a replacement because they were out of stock, but never had a company say they wouldn't send a replacement because the PC was too old!)

Which is where I ran into the 3rd situation.

Decided to just install MCE using the 2 MCE CDs I have. But this laptop required specialized drivers (which I didn't have) loaded at OS install via F6 and a floppy disk. After an hour on the Gateway support site I still couldn't find the drivers. Did an online chat with a Gateway rep and they pointed me to a hidden section of the site. Why would they hide them?

Finally got all the pieces together and was able to do the N&P, but whew, what a lot of work!

p.s. I also ran into another oddity that I didn't know about. The drivers on the floppy loaded just fine using F6 at install, but I was having a problem with physical read errors on MCE disk 2. So I decided to just install XP Pro using the Dell OEM CDs that I use for all my OEM XP installs. But the Dell install wouldn't correctly integrate the F6 drivers, no matter what I tried - the install would fail with various errors about 5 minutes into the install. Tried my Dell CD with Home SP3, Pro SP3, Home SP2 and Pro SP2 and they all failed at various points in the install. Found another copy of MCE CD 2 and it used the drivers and did the install with no problem. Go figure!

 

[Elemdee]

Gary, where did you get your copy of MCE disk 2...was it from Technet? I'm running into a similar situation with a Gateway laptop. I ordered the restore DVD's which arrived today...ran them...and...it installed Vista home premium !!!... The sticker on the laptop IS MCE and the laptop came to me with MCE installed. I did try installing MCE first myself with the 2 disks I have from Technet but disk 1 did not prompt me to install disk 2. I've used them before without an issue so maybe I just need to try again. That whole Vista thing threw me for a loop though. That's when I knew it was time to quit for the day. =P

 

[glricht]

Gary, where did you get your copy of MCE disk 2...was it from Technet? I'm running into a similar situation with a Gateway laptop. I ordered the restore DVD's which arrived today...ran them...and...it installed Vista home premium !!!... The sticker on the laptop IS MCE and the laptop came to me with MCE installed. I did try installing MCE first myself with the 2 disks I have from Technet but disk 1 did not prompt me to install disk 2. I've used them before without an issue so maybe I just need to try again. That whole Vista thing threw me for a loop though. That's when I knew it was time to quit for the day. =P

I got the 2 CD MCE set from another tech a few months ago. He copied the CDs from a customer machine quite a few years back. During the install, it prompts for CD 2, and then later prompts for CD 1 again. CD 1 has 602MB on it and CD 2 has 264MB on it. Must have been the right CDs in my case because the customer's coa code was accepted and successfully activated.

I also have two other MCE installs in my kit bag, but haven't had a need to try them yet. The first is a single MCE DVD from 2007 labeled "Dell MCE SP2 JD208" which has 2700MB, and the second is a single DVD labeled "MCE Version 2005 with UpdateRollup2" which is 2800MB. Didn't try those in my situation (maybe I should have).

My guess is that the 2 CD set is for the original 2002 MCE. Maybe subsequent releases put it all on 1 DVD?