Windows 7 Home Premium SP1 on a Fujitsu Lifebook NH751 that has given me problems from nearly day 1. The keyboard stopped working correctly pretty quickly, and I can no longer use it because it now registers as a stuck key even when nothing is pressed. I have to press escape to make it stop. Thus, I can no longer run check disk because it aborts immediately. That is the one thing I have not done while dealing with this problem... The last time I was able to run one (quite some time ago), it did show an error but I cannot find where I noted the information. That said, I do not think that it is a factor in this problem because of the long span of time between that error being caught and having any symptoms of any problem. I have included a list of what I have done over the past week. It may be out of order a bit, but it should be comprehensive.
The problem may have begun several weeks ago when Firefox began crashing repeatedly when more than 10 tabs were open in a window. All Avast, MBAM, and SAS scans were clean (except the normal tracking cookie stuff). I run AdBlocker Plus and NoScript, so that helps keep out some of the junk, and I had not allowed anything new so I didn't question the clean scans.
About a week ago, booting resulted in a constant barrage of application error 0xC0000005, and the application being unable to start. In short, the computer was rendered useless. Nothing would run.
I can boot in safe mode with networking, which is how I have done most of the repair attempts. Some programs will work at times, but then not work the next boot in safe mode. It's random enough that I can't figure it out.
A few times in this process, the computer would boot normally. Then with no changes whatsoever when I would shut down and reboot the next day the barrage of 0xC0000005 would begin again as if nothing had been repaired.
At times, the computer will fail to boot. Just freezes on the blank screen before the splash, or freezes on the first screen (Fujitsu). F-keys for booting, BIOS, and safe mode do nothing.
Also randomly, I will try to boot normally and after I choose the user, the screen goes black, but the arrow still moves for the mouse. It never progresses beyond this. Waited a few hours several times. Each time, I'm able to control + alt + delete to get to the task manager and restart in safe mode.
Sometimes a clean boot will run, sometimes the barrage of 0xC0000005 begins.
What I have done, some with the help of various websites:
- Unplugged the USB keyboard and mouse. No change.
- Ran SAS multiple times. Nothing but tracking cookies.
- Ran MBAM multiple times. Nothing but tracking cookies.
- Ran rkill, then SAS and MBAM again. Again, nothing.
- Avast will not run, so I cannot scan with it anymore. I uninstalled and reinstalled, still will not run.
- Updated all drivers in the Device Manager.
- Used the Registry Editor to change LoadAppInit_DLLs and changed the value to 0 (it was 1). No change, and it later reset itself to 1 at some point in the process.
- Still in Registry Editor, checked REG_SZ (was correctly set to 0) and _______ (can't remember, but it was correct as well)
- Ran Windows Memory Diagnostic. No issues found.
- Uninstalled the drivers for the Nvidia GeForce video card that has given me trouble in the past. After I did that, normal boot and everything worked, so I thought that was the answer. Installed the oldest version of the drivers I could find and restarted. 0xC0000005 was back. Uninstalled the old drivers. 0xC0000005 was back.
- Immediately following the Nvidia drivers second uninstall and failure to resolve the problem, I used a restore point. (Side note: all previous restore points were gone, and this one just appeared even when I didn't specifically create one. Not sure what happened there.) It booted and ran just fine once. No changes made, but on the next boot 0xC0000005 was back.
- Used an elevated command prompt to run sfc /scannow. The first run through, there were a lot of repairs made. Unfortunately, that log was gone as soon as I ran sfc /scannow again (my apologies for not remembering that it would overwrite). Each subsequent run, the only errors are these:
- 2017-03-03 18:29:11, Info CSI 0000035c [SR] Repairing 1 components
- 2017-03-03 18:29:11, Info CSI 0000035d [SR] Beginning Verify and Repair transaction
- 2017-03-03 18:29:11, Info CSI 0000035e [SR] Cannot repair member file [l:20{10}]"_isdel.exe" of Microsoft-Windows-InstallShield-WOW64-Main, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
- 2017-03-03 18:29:11, Info CSI 0000035f [SR] Cannot repair member file [l:20{10}]"_isdel.exe" of Microsoft-Windows-InstallShield-WOW64-Main, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
- 2017-03-03 18:29:11, Info CSI 00000360 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
- 2017-03-03 18:29:11, Info CSI 00000361 [SR] Could not reproject corrupted file [ml:76{38},l:74{37}]"\??\C:\windows\SysWOW64\InstallShield"\[l:20{10}]"_isdel.exe"; source file in store is also corrupted
- Checked Boot Configuration Data. The Windows boot loader path was correct.
- Set msconfig to a clean boot (all disabled except Microsoft applications). It actually booted normally and worked.
- During the clean boot, downloaded and ran Microsoft Safety Scanner. Came back clean. Next boot, 0xC0000005 was back.
- Somewhere in the middle of all of this, it booted normally a few times and I thought it was fixed, so I downloaded a bunch of updates that I had ignored for a couple of months. Still booted normally during the restarts for the updates. Got some work done. Then again, randomly, 0xC0000005 reappeared when I tried to boot normally.
- Downloaded and used the System Update Readiness Tool.
- Checking Component Store
- (f) CSI Payload File Missing 0x00000000 _isdel.exe wow64_microsoft-windows-i..llshield-wow64-main_31bf3856ad364e35_6.1.7600.16385_none_ca61f601a4548b8e
- (f) CSI C Mark Deployment Missing 0x00000000 c!avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_0b20a8ff883c3a4a x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c
- (f) CSI C Mark Deployment Missing 0x00000000 c!avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_c373722873c01144 amd64_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_d58a6d64ab65b396
- (f) CSI C Mark Deployment Missing 0x00000000 c!avast.vc140.mfc_fcc99ee6193ebbca_14.0.24210.0_49391d6d8244622b x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.24210.0_none_a338d8ea2df29efb
- (f) CSI C Mark Deployment Missing 0x00000000 c!policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.24210.0_ef17e13d91c55d96 amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.24210.0_none_499a1b14d5902dfc
- (f) CSI C Mark Deployment Missing 0x00000000 c!policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.24210.0_36c51814a641869c x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.24210.0_none_914751ebea0c5702
- (f) CSI C Mark Deployment Missing 0x00000000 c!avast.vc140.crt_fcc99ee6193ebbca_14.0.24210.0_020285fe6d6e0580 amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.24210.0_none_56aba0211ca246c2
- (f) CSI C Mark Deployment Missing 0x00000000 c!policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.24210.0_364e78aca69bba41 x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.24210.0_none_962753dde6e08635
- (f) CSI C Mark Deployment Missing 0x00000000 c!avast.vc140.crt_fcc99ee6193ebbca_14.0.24210.0_49afbcd581ea2e86 x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.24210.0_none_9e58d6f8311e6fc8
- Summary:
Seconds executed: 175
Found 9 errors
CSI C Mark Deployment Missing Total count: 8
CSI Payload File Missing Total count: 1
- Used the DISM.
- Ran Dism /Online /Cleanup-Image /CheckHealth
- Ran DISM /Online /Cleanup-image /Scanhealth Got an error message. ~Deployment Image Servicing and Management tool Version: 6 . 1 . 7601 . 18489 Error: 87 The restorehealth option in not recognized in this context.~ I did not see anything in the log about this, but maybe I was missing it.
- Ran Dism /Online /Cleanup-Image /RestoreHealth
- If I recall correctly, I also ran Dism.exe /Online /Cleanup-image /StartComponentCleanup.
- The only problem (potential problem? Not sure.) was:
- DISM DISM Provider Store: PID=3060 Failed to get and initialize the PE Provider. Continuing by assuming that it is not a WinPE image. - CDISMProviderStore::Final_OnConnect
I could fill up at least 50 pages with scan logs, so I'll hold those and give you what you specifically ask for. At this point, I have no clue whether or not it's infected. Nothing is adding up. I have seen some info that 0xC0000005 is related to an infection. I have also seen where there is a virus that used the name SysWOW64 basically to spoof, but at the same time InstallShield is a real thing. That said, I can't see how _isdel.exe missing would cause all of this since I wasn't using InstallShield to install or update or anything when this started...
I'm at the point that if it isn't infected, then the only thing I know to do is an update install (so I don't have to reinstall all the programs; all files are already on my home cloud). That said, I have a valid product key but I can't download the ISO files from Microsoft because they no longer support preinstalled versions. So I'll have to find another way to do that...
Edited by the2bachic, 05 March 2017 - 12:18 AM.