Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD Vista 64bit C0000135, consrv not found


  • This topic is locked This topic is locked
18 replies to this topic

#1 Ahiggins

Ahiggins

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, USA
  • Local time:10:35 PM

Posted 07 November 2011 - 06:32 PM

Recently my computer started to restart on it's own every two hours. About the third or fourth time upon start up, I received a BSOD message as follows:

STOP: c0000135 {Unable To Locate Component}
This application has failed to start because consrv was not found. Re-installing the application may fix this problem.

I've found a couple issues similar to mine on the internet and this site, but the solutions seem to be very specific by machine, so I thought I would ask if anyone knew what I could do to resolve this problem. I am not able to start the computer in Safe Mode either, so I can only access the drive via Vista Install Disk, and a second hard drive that also has Vista 64 running on it. I'd really appreciate a suggestion or solution to work towards resolving the issue. Thanks in advance!

BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:35 PM

Posted 08 November 2011 - 01:11 AM

:welcome:

I believe the system is infected with zero Access.

Lets try to scan the computer. You will need a USB (Flash) pendrive.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Ahiggins

Ahiggins
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, USA
  • Local time:10:35 PM

Posted 08 November 2011 - 06:45 PM

The results are too long for me to be able post I will attach the file in this post.
Attached File  FRST.txt   221.74KB   23 downloads

#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:35 PM

Posted 08 November 2011 - 08:40 PM

Is this a new installation?

Please download SystemLook save it to your Desktop.

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :regfind
    consrv*

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 Ahiggins

Ahiggins
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, USA
  • Local time:10:35 PM

Posted 09 November 2011 - 03:45 PM

The infected system is not a new installation. I cannot access the infected system's desktop, so should I do this next step the same way I did the FRST scan, via the command prompt in system restore with a flash drive?

#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:35 PM

Posted 09 November 2011 - 06:10 PM

You used to. How far into the boot process goes? Lets check the Master Boot Record.

Download MBRFix from here.

Save and extract its contents to the working computer's desktop. There are three files in the MBRFix folder. From these, only copy the MBRFix64.exe to the USB drive.

Also download the enclosed file and save it in the USB drive.

Insert the USB drive into the ailing computer.

Now please enter System Recovery Options and run FRST64 as you did before, except that this time around, press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt). It will also create a file labeled MBRDUMP.txt. Copy and Paste the contents of the Fixlog.txt in your next reply, but attach the MBRDUMP.txt as it is a hex file.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 Ahiggins

Ahiggins
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, USA
  • Local time:10:35 PM

Posted 09 November 2011 - 07:31 PM

The boot process gets as far as the Windows loading bar before the log in screen appears.

I downloaded MBRFix and copied only MBRFix64.exe to the flash drive, as well as the fixlist.txt. I ran FRST64 and clicked Fix and it came up with the Fixlog.txt that looked like this:


Fix result of Farbars's Recovery Tool (FRST written by farbar Version 2.2.7)
Ran by SYSTEM at 2011-11-09 07:19:11 R:3
Running from G:\

==============================================

C:\MbrFix64 /drive 0 savembr G:\MBRDUMP.txt not found.

==== End of Fixlog ====


I didn't see a file labeled MBRDUMP.txt on the flash drive.
Have I done something wrong in this process?

#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:35 PM

Posted 09 November 2011 - 07:42 PM

Seems I missed part of the command. Download the enclosed file:

Save it in the USB drive overwriting the existing one.

Insert the USB drive into the ailing computer.

Now please enter System Recovery Options and run FRST64 as you did before, except that this time around, press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt). It will also create a file labeled MBRDUMP.txt. Copy and Paste the contents of the Fixlog.txt in your next reply, but attach the MBRDUMP.txt as it is a hex file.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 Ahiggins

Ahiggins
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, USA
  • Local time:10:35 PM

Posted 09 November 2011 - 08:13 PM

The results from the fix log are as follows:


Fix result of Farbars's Recovery Tool (FRST written by farbar Version 2.2.7)
Ran by SYSTEM at 2011-11-09 08:07:21 R:4
Running from G:\

==============================================


========= G:\MbrFix64 /drive 0 savembr G:\MBRDUMP.txt =========


========= End of CMD: =========


==== End of Fixlog ====

Here is the MBRDUMP.txt file. Attached File  MBRDUMP.txt   512bytes   8 downloads

#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:35 PM

Posted 09 November 2011 - 08:32 PM

Lets check the file Explorer.exe:

Boot to System Recovery Options and run FRST as you did before.

Type the following in the edit box after "Search:".

explorer.exe

It then should look like:

Search: explorer.exe

Click Search button and post the log (Search.txt) that will be produced in the USB drive in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 Ahiggins

Ahiggins
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, USA
  • Local time:10:35 PM

Posted 09 November 2011 - 08:49 PM

Here are the search results:

Farbars Recovery Scan Tool 2.0.3
Ran by SYSTEM at 2011-11-09 08:42:13
Running from G:\

================== Search: explorer.exe ===================

C:\Windows\explorer.exe
[2011-11-05 16:38] - [2009-04-10 23:10] - 3079168 ____A (Microsoft Corporation) 6B08E54A451B3F95E4109DBA7E594270

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2011-11-05 16:37] - [2009-04-10 22:27] - 2926592 ____A (Microsoft Corporation) D07D4C3038F3578FFCE1C0237F2A1253

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2011-11-05 10:51] - [2008-10-29 19:59] - 2927616 ____A (Microsoft Corporation) 50BA5850147410CDE89C523AD3BC606E

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2011-11-05 10:51] - [2008-10-28 22:29] - 2927104 ____A (Microsoft Corporation) 4F554999D7D5F05DAAEBBA7B5BA1089D

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
[2008-01-20 18:49] - [2008-01-20 18:49] - 2927104 ____A (Microsoft Corporation) FFA764631CB70A30065C12EF8E174F9F

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2011-11-05 10:51] - [2008-10-27 18:15] - 2923520 ____A (Microsoft Corporation) E7156B0B74762D9DE0E66BDCDE06E5FB

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2011-11-05 10:51] - [2008-10-28 22:20] - 2923520 ____A (Microsoft Corporation) 37440D09DEAE0B672A04DCCF7ABF06BE

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2011-11-05 16:38] - [2009-04-10 23:10] - 3079168 ____A (Microsoft Corporation) 6B08E54A451B3F95E4109DBA7E594270

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2011-11-05 10:51] - [2008-10-29 21:30] - 3081216 ____A (Microsoft Corporation) E404A65EF890140410E9F3D405841C95

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2011-11-05 10:51] - [2008-10-28 22:49] - 3080704 ____A (Microsoft Corporation) BBD8E74F23D7605CB0CDB57A1B25D826

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008-01-20 18:48] - [2008-01-20 18:48] - 3080704 ____A (Microsoft Corporation) F6D765FB6B457542D954682F50C26E4F

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2011-11-05 10:51] - [2008-10-27 18:30] - 3086848 ____A (Microsoft Corporation) 72B9990E45C25AA3C75C4FB50A9D6CE0

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2011-11-05 10:51] - [2008-10-28 22:15] - 3087360 ____A (Microsoft Corporation) 50514057C28A74BAC2BD04B7B990D615

C:\Windows\SysWOW64\explorer.exe
[2011-11-05 16:37] - [2009-04-10 22:27] - 2926592 ____A (Microsoft Corporation) D07D4C3038F3578FFCE1C0237F2A1253

====== End Of Search ======

#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:35 PM

Posted 09 November 2011 - 09:05 PM

Everything looks legit.

Run FRST once again. Remove all checkmarks present, but put one on "List drivers MD5". Click on the Scan button and wait. After it has completed, attach the FRST.txt report in a reply.

If too large, upload the file here:

http://www.bleepingcomputer.com/submit-malware.php?channel=132

I will review the report and will post tomorrow.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 Ahiggins

Ahiggins
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, USA
  • Local time:10:35 PM

Posted 09 November 2011 - 09:08 PM

Alright thanks, I will do that. I look forward to hearing from you tomorrow.

#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:35 PM

Posted 10 November 2011 - 12:13 AM

I can only access the drive via Vista Install Disk, and a second hard drive that also has Vista 64 running on it.


I don't know if I am seeing a working or an ailing computer's drive in that log. I see no issues in these logs, but see the files I have requested and you downloaded.

Do you still have two hard drives present in this computer? Do you have a secondary computer you can use to communicate with me?

In order to obtain a report from an ailing drive, only this drive must be present in the computer. Anything else will give us a false reading.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 Ahiggins

Ahiggins
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York, USA
  • Local time:10:35 PM

Posted 10 November 2011 - 07:36 AM

Okay I've removed the second hard drive, leaving just the ailing one. I did the FRST64 scan, and these are the results: Attached File  FRST.txt   60.17KB   16 downloads




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users