Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

0xC0000005 renders computer unusable, isdel.exe missing, inconsistencies


  • This topic is locked This topic is locked
3 replies to this topic

#1 the2bachic

the2bachic

  • Members
  • 153 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Georgia, USA
  • Local time:03:32 PM

Posted 05 March 2017 - 12:16 AM

Windows 7 Home Premium SP1 on a Fujitsu Lifebook NH751 that has given me problems from nearly day 1. The keyboard stopped working correctly pretty quickly, and I can no longer use it because it now registers as a stuck key even when nothing is pressed. I have to press escape to make it stop. Thus, I can no longer run check disk because it aborts immediately. That is the one thing I have not done while dealing with this problem... The last time I was able to run one (quite some time ago), it did show an error but I cannot find where I noted the information. That said, I do not think that it is a factor in this problem because of the long span of time between that error being caught and having any symptoms of any problem. I have included a list of what I have done over the past week. It may be out of order a bit, but it should be comprehensive.

 

The problem may have begun several weeks ago when Firefox began crashing repeatedly when more than 10 tabs were open in a window. All Avast, MBAM, and SAS scans were clean (except the normal tracking cookie stuff). I run AdBlocker Plus and NoScript, so that helps keep out some of the junk, and I had not allowed anything new so I didn't question the clean scans.

 

About a week ago, booting resulted in a constant barrage of application error 0xC0000005, and the application being unable to start. In short, the computer was rendered useless. Nothing would run.

 

I can boot in safe mode with networking, which is how I have done most of the repair attempts. Some programs will work at times, but then not work the next boot in safe mode. It's random enough that I can't figure it out.

 

A few times in this process, the computer would boot normally. Then with no changes whatsoever when I would shut down and reboot the next day the barrage of 0xC0000005 would begin again as if nothing had been repaired.

 

At times, the computer will fail to boot. Just freezes on the blank screen before the splash, or freezes on the first screen (Fujitsu). F-keys for booting, BIOS, and safe mode do nothing.

 

Also randomly, I will try to boot normally and after I choose the user, the screen goes black, but the arrow still moves for the mouse. It never progresses beyond this. Waited a few hours several times. Each time, I'm able to control + alt + delete to get to the task manager and restart in safe mode.

 

Sometimes a clean boot will run, sometimes the barrage of 0xC0000005 begins.

 

 

What I have done, some with the help of various websites:

  • Unplugged the USB keyboard and mouse. No change.
  • Ran SAS multiple times. Nothing but tracking cookies.
  • Ran MBAM multiple times. Nothing but tracking cookies.
  • Ran rkill, then SAS and MBAM again. Again, nothing.
  • Avast will not run, so I cannot scan with it anymore. I uninstalled and reinstalled, still will not run.
  • Updated all drivers in the Device Manager.
  • Used the Registry Editor to change LoadAppInit_DLLs and changed the value to 0 (it was 1). No change, and it later reset itself to 1 at some point in the process.
  • Still in Registry Editor, checked REG_SZ (was correctly set to 0) and _______ (can't remember, but it was correct as well)
  • Ran Windows Memory Diagnostic. No issues found.
  • Uninstalled the drivers for the Nvidia GeForce video card that has given me trouble in the past. After I did that, normal boot and everything worked, so I thought that was the answer. Installed the oldest version of the drivers I could find and restarted. 0xC0000005 was back. Uninstalled the old drivers. 0xC0000005 was back.
  • Immediately following the Nvidia drivers second uninstall and failure to resolve the problem, I used a restore point. (Side note: all previous restore points were gone, and this one just appeared even when I didn't specifically create one. Not sure what happened there.) It booted and ran just fine once. No changes made, but on the next boot 0xC0000005 was back.
  • Used an elevated command prompt to run sfc /scannow. The first run through, there were a lot of repairs made. Unfortunately, that log was gone as soon as I ran sfc /scannow again (my apologies for not remembering that it would overwrite). Each subsequent run, the only errors are these:
    • 2017-03-03 18:29:11, Info CSI    0000035c [SR] Repairing 1 components
    • 2017-03-03 18:29:11, Info CSI    0000035d [SR] Beginning Verify and Repair transaction
    • 2017-03-03 18:29:11, Info CSI    0000035e [SR] Cannot repair member file [l:20{10}]"_isdel.exe" of Microsoft-Windows-InstallShield-WOW64-Main, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
    • 2017-03-03 18:29:11, Info CSI    0000035f [SR] Cannot repair member file [l:20{10}]"_isdel.exe" of Microsoft-Windows-InstallShield-WOW64-Main, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
    • 2017-03-03 18:29:11, Info CSI    00000360 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
    • 2017-03-03 18:29:11, Info CSI    00000361 [SR] Could not reproject corrupted file [ml:76{38},l:74{37}]"\??\C:\windows\SysWOW64\InstallShield"\[l:20{10}]"_isdel.exe"; source file in store is also corrupted
  • Checked Boot Configuration Data. The Windows boot loader path was correct.
  • Set msconfig to a clean boot (all disabled except Microsoft applications). It actually booted normally and worked.
  • During the clean boot, downloaded and ran Microsoft Safety Scanner.  Came back clean. Next boot, 0xC0000005 was back.
  • Somewhere in the middle of all of this, it booted normally a few times and I thought it was fixed, so I downloaded a bunch of updates that I had ignored for a couple of months. Still booted normally during the restarts for the updates. Got some work done. Then again, randomly, 0xC0000005 reappeared when I tried to boot normally.
  • Downloaded and used the System Update Readiness Tool.
    • Checking Component Store
    • (f)    CSI Payload File Missing    0x00000000    _isdel.exe    wow64_microsoft-windows-i..llshield-wow64-main_31bf3856ad364e35_6.1.7600.16385_none_ca61f601a4548b8e
    • (f)    CSI C Mark Deployment Missing    0x00000000    c!avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_0b20a8ff883c3a4a    x86_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_1d37a43bbfe1dc9c
    • (f)    CSI C Mark Deployment Missing    0x00000000    c!avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_c373722873c01144    amd64_avast.vc110.crt_2036b14a11e83e4a_11.0.60610.1_none_d58a6d64ab65b396
    • (f)    CSI C Mark Deployment Missing    0x00000000    c!avast.vc140.mfc_fcc99ee6193ebbca_14.0.24210.0_49391d6d8244622b    x86_avast.vc140.mfc_fcc99ee6193ebbca_14.0.24210.0_none_a338d8ea2df29efb
    • (f)    CSI C Mark Deployment Missing    0x00000000    c!policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.24210.0_ef17e13d91c55d96    amd64_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.24210.0_none_499a1b14d5902dfc
    • (f)    CSI C Mark Deployment Missing    0x00000000    c!policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.24210.0_36c51814a641869c    x86_policy.14.0.avast.vc140.crt_fcc99ee6193ebbca_14.0.24210.0_none_914751ebea0c5702
    • (f)    CSI C Mark Deployment Missing    0x00000000    c!avast.vc140.crt_fcc99ee6193ebbca_14.0.24210.0_020285fe6d6e0580    amd64_avast.vc140.crt_fcc99ee6193ebbca_14.0.24210.0_none_56aba0211ca246c2
    • (f)    CSI C Mark Deployment Missing    0x00000000    c!policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.24210.0_364e78aca69bba41    x86_policy.14.0.avast.vc140.mfc_fcc99ee6193ebbca_14.0.24210.0_none_962753dde6e08635
    • (f)    CSI C Mark Deployment Missing    0x00000000    c!avast.vc140.crt_fcc99ee6193ebbca_14.0.24210.0_49afbcd581ea2e86    x86_avast.vc140.crt_fcc99ee6193ebbca_14.0.24210.0_none_9e58d6f8311e6fc8
    • Summary:
      Seconds executed: 175
       Found 9 errors
        CSI C Mark Deployment Missing Total count: 8
        CSI Payload File Missing Total count: 1
  • Used the DISM.
    • Ran Dism /Online /Cleanup-Image /CheckHealth
    • Ran DISM /Online /Cleanup-image /Scanhealth Got an error message. ~Deployment Image Servicing and Management tool Version: 6 . 1 . 7601 . 18489   Error:  87 The restorehealth option in not recognized in this context.~ I did not see anything in the log about  this, but maybe I was missing it.
    • Ran Dism /Online /Cleanup-Image /RestoreHealth
    • If I recall correctly, I also ran Dism.exe /Online /Cleanup-image /StartComponentCleanup.
    • The only problem (potential problem? Not sure.) was:
      • DISM   DISM Provider Store: PID=3060 Failed to get and initialize the PE Provider.  Continuing by assuming that it is not a WinPE image. - CDISMProviderStore::Final_OnConnect

 

I could fill up at least 50 pages with scan logs, so I'll hold those and give you what you specifically ask for. At this point, I have no clue whether or not it's infected. Nothing is adding up. I have seen some info that 0xC0000005 is related to an infection. I have also seen where there is a virus that used the name SysWOW64 basically to spoof, but at the same time InstallShield is a real thing. That said, I can't see how _isdel.exe missing would cause all of this since I wasn't using InstallShield to install or update or anything when this started...

 

I'm at the point that if it isn't infected, then the only thing I know to do is an update install (so I don't have to reinstall all the programs; all files are already on my home cloud). That said, I have a valid product key but I can't download the ISO files from Microsoft because they no longer support preinstalled versions. So I'll have to find another way to do that...


Edited by the2bachic, 05 March 2017 - 12:18 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:32 PM

Posted 06 March 2017 - 02:00 PM

Please repost this for a deeper look, start a step 6.

Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 the2bachic

the2bachic
  • Topic Starter

  • Members
  • 153 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Georgia, USA
  • Local time:03:32 PM

Posted 08 March 2017 - 07:57 PM

Thanks boopme. Repost here: https://www.bleepingcomputer.com/forums/t/641634/0xc0000005-renders-computer-unusable-isdelexe-missing-inconsistencies-repost/



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:32 PM

Posted 09 March 2017 - 01:30 PM

Excellent!

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.
From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.
Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.
The current wait time is 1 - 3 days and ALL logs are answered.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users