Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

STOP: C0000135 The program can't start because %hs is missing.


  • This topic is locked This topic is locked
17 replies to this topic

#1 premiumstaples

premiumstaples

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 11 May 2018 - 09:22 AM

OS: Windows 7 SP1 (x86)

 

Hey everyone, my computer was blue screening a few weeks ago after running Windows updates. I have popped in the Windows installation disk in attempt to repair startup and it has not worked. I have also tried to unsuccessfully run a chkdsk and scannow and it has not helped either. Immediately after running scannow, I now get a blue screen that says: "STOP: C0000135 The program can't start because %hs is missing."

 
The following is the FRST log:
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10.05.2018
Ran by SYSTEM on MININT-M7U60RP (11-05-2018 18:31:29)
Running from f:\
Platform: Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-03-27] (Synaptics, Inc.)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [337432 2013-07-21] (Power Software Ltd)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [210208 2008-11-17] (Acresso Corporation)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [StatusAlerts] => C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe [329992 2015-06-17] (HP Development Company, L.P.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [262656 2017-09-13] (Microsoft Corporation)
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AGSService; C:\Program Files\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
S2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [3097464 2013-10-27] (WIBU-SYSTEMS AG)
S2 hasplms; C:\Windows\system32\hasplms.exe [2869760 2009-04-21] (Aladdin Knowledge Systems Ltd.)
S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-24] (HP)
S2 Modaservice; C:\Program Files\Lectra\Modaservice\modaserv.exe [193944 2012-10-11] ()
S2 Sentinel RMS License Manager; C:\Program Files\Common Files\Gerber Technology\gt license manager\lmserver\winnt\lservnt.exe [847360 2009-08-20] (SafeNet, Inc.)
S2 SentinelKeysServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [374304 2011-09-21] (SafeNet, Inc.)
S2 SentinelProtectionServer; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1259040 2011-09-22] (SafeNet, Inc)
S2 SentinelSecurityRuntime; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [292384 2011-09-21] (SafeNet, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2015-11-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 aksfridge; C:\Windows\System32\DRIVERS\aksfridge.sys [459600 2017-02-10] (SafeNet, Inc.)
S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [274736 2017-02-10] (SafeNet, Inc.)
S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [78136 2017-02-10] (SafeNet, Inc.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [323896 2017-02-10] (SafeNet, Inc.)
S2 hardlock; C:\Windows\system32\drivers\hardlock.sys [635736 2017-02-10] (SafeNet, Inc.)
S2 Haspnt; C:\Windows\system32\drivers\Haspnt.sys [47616 2016-05-29] (Aladdin Knowledge Systems)
S2 keymulti; C:\Windows\System32\DRIVERS\keymulti.sys [209928 2011-03-31] (Chingachguk & Denger2k (Elite & SP edition))
S1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [113336 2013-07-21] (Power Software Ltd)
S3 SNTNLUSB; C:\Windows\System32\DRIVERS\SNTNLUSB.SYS [41936 2012-12-11] (SafeNet, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-11 18:31 - 2018-05-11 18:31 - 000000000 ____D C:\FRST
2018-04-15 13:02 - 2018-04-15 13:02 - 000000000 ____D C:\Users\pc\Desktop\gemini x8 (1)
2018-04-15 13:01 - 2018-04-14 13:13 - 157451031 _____ C:\Users\pc\Desktop\gemini x8 (1).rar
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-10 09:32 - 2016-04-22 02:25 - 000000000 ___SD C:\Windows\System32\CompatTel
2018-05-10 09:32 - 2016-04-22 02:25 - 000000000 ____D C:\Windows\System32\appraiser
2018-05-10 09:32 - 2016-04-21 09:48 - 000000000 ____D C:\users\pc
2018-05-10 09:32 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\inf
2018-05-10 09:31 - 2017-11-18 15:52 - 000000000 ____D C:\Program Files\Common Files\Java
2018-05-10 09:31 - 2016-10-13 17:21 - 000000000 ___RD C:\Users\pc\Desktop\TUTORIALES
2018-05-10 09:31 - 2016-04-22 06:32 - 000000000 ____D C:\ProgramData\OptiTex
2018-05-10 09:31 - 2016-04-21 14:15 - 000000000 ____D C:\Program Files\Java
2018-05-10 09:31 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\servicing
2018-05-10 09:31 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\registration
2018-05-10 09:31 - 2009-07-13 18:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-05-10 09:29 - 2016-04-21 14:15 - 000000000 ____D C:\ProgramData\Oracle
2018-04-15 18:33 - 2017-11-18 11:41 - 000000000 ____D C:\Users\pc\AppData\Roaming\Gemini
2018-04-15 13:22 - 2017-11-18 11:45 - 000013030 _____ C:\Users\pc\AppData\Roaming\PDOXUSRS.NET
2018-04-15 13:18 - 2017-11-18 11:45 - 000013030 _____ C:\PDOXUSRS.NET
2018-04-15 13:14 - 2017-09-06 18:26 - 000000000 ___RD C:\Users\pc\Desktop\ELECTRA ALBERTO
2018-04-15 12:53 - 2016-04-21 14:15 - 000000000 ____D C:\Users\pc\AppData\Local\Adobe
2018-04-15 12:46 - 2016-05-18 17:46 - 000000000 ____D C:\Users\pc\Downloads\logos
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points  =========================
 
Restore point date: 2017-11-18 13:23
Restore point date: 2017-11-18 13:44
Restore point date: 2017-11-18 14:06
Restore point date: 2017-11-28 16:08
Restore point date: 2018-01-11 13:21
Restore point date: 2018-01-11 13:52
Restore point date: 2018-01-30 15:38
Restore point date: 2018-02-05 18:12
Restore point date: 2018-02-25 15:22
Restore point date: 2018-02-25 17:01
Restore point date: 2018-03-04 11:01
Restore point date: 2018-03-10 11:08
Restore point date: 2018-04-15 12:54
Restore point date: 2018-04-15 13:23
Restore point date: 2018-05-10 09:31
 
==================== Memory info =========================== 
 
Percentage of memory in use: 21%
Total physical RAM: 2038.05 MB
Available physical RAM: 1593.68 MB
Total Virtual: 2038.05 MB
Available Virtual: 1595.03 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.42 GB) (Free:371.13 GB) NTFS
Drive e: (GRMCPRFRER_EN_DVD) (CDROM) (Total:2.33 GB) (Free:0 GB) UDF
Drive f: (USB) (Removable) (Total:57.84 GB) (Free:57.75 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS ==>[system with boot components (obtained from drive)]
 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 9FA79FA7)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 57.8 GB) (Disk ID: 04CA8F83)
Partition 1: (Active) - (Size=57.8 GB) - (Type=07 NTFS)
 
LastRegBack: 2017-04-26 16:14
 
==================== End of FRST.txt ============================

 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:45 PM

Posted 11 May 2018 - 02:01 PM

Greetings premiumstaples and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

After booting to the Installation Disk rather than selecting Startup Repair select System Restore and select a Restore Point prior to the onset of you problems.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 premiumstaples

premiumstaples
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 11 May 2018 - 02:08 PM

Hi Gary.

 

I have tried doing a system restore to a point before the issue started occurring and it has not helped. I have tried several restore points as well.



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:45 PM

Posted 11 May 2018 - 02:09 PM

OK, since you hadn't mentioned it I thought I would try.

Have you tried booting into Safe Mode?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 premiumstaples

premiumstaples
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 11 May 2018 - 02:12 PM

Apologies for leaving out important information. The computer does not boot to safe mode. Just a blue screen with the error code: "

STOP: C0000135 The program can't start because %hs is missing."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:45 PM

Posted 11 May 2018 - 02:16 PM

Can you tell me how you ran scannow?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 premiumstaples

premiumstaples
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 11 May 2018 - 02:30 PM

I initially ran sfc /scannow but because the system always performs a startup repair automatically, it would always say there was a pending system repair or something along those lines. 

So I inserted the install cd and ran sfc /scannow /offbootdir=c:\ /offwindir=c:\windows. 



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:45 PM

Posted 11 May 2018 - 02:32 PM

Great, thanks.

Boot your computer and instead of selecting Repair Your Computer select Last Known Good Configuration (advanced).


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 premiumstaples

premiumstaples
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 11 May 2018 - 06:32 PM

I don't have that option. After the computer blue screens, the computer restarts to a black screen that gives me two options:

1. Launch startup repair (recommended)
2. Start Windows Normally

 

Choosing option 1 automatically runs startup repair and says it has failed. 



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:45 PM

Posted 11 May 2018 - 07:35 PM

OK thank you.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • Using your USB containing FRST press the Windows Key + R on your keyboard at the same time. Type notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the USB device as fixlist.txt
LastRegBack: 2017-04-26 16:14
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options as you previously did then select Command Prompt.
  • Launch FRST again and press the Fix button
  • The tool will create a Fixlog.txt document on your USB device. Copy and paste that information in your reply.
  • Attempt to boot your computer in Normal or Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Can you boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 premiumstaples

premiumstaples
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 11 May 2018 - 08:27 PM

Thanks for your help Gary.

 

I have done as instructed and tried booting normally but the same error code persisted. I then tried booting into safe mode and nothing occurred. The following is copy and pasted from fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 10.05.2018
Ran by SYSTEM (12-05-2018 06:21:45) Run:1
Running from f:\
Boot Mode: Recovery
 
==============================================
 
fixlist content:
*****************
LastRegBack: 2017-04-26 16:14
*****************
 
DEFAULT => copied successfully to System32\config\HiveBackup
DEFAULT => restored successfully from registry back up
SAM => copied successfully to System32\config\HiveBackup
SAM => restored successfully from registry back up
SECURITY => copied successfully to System32\config\HiveBackup
SECURITY => restored successfully from registry back up
SOFTWARE => copied successfully to System32\config\HiveBackup
SOFTWARE => restored successfully from registry back up
SYSTEM => copied successfully to System32\config\HiveBackup
SYSTEM => restored successfully from registry back up
 
==== End of Fixlog 06:21:51 ====


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:45 PM

Posted 11 May 2018 - 09:38 PM

OK thank you.

Can you confirm you only received the Blue Screen after you ran sfc /scannow? Is there any additional information listed?

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • Using your USB containing FRST press the Windows Key + R on your keyboard at the same time. Type notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the USB device as fixlist.txt
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe
  • Please download ListParts.exe (for 32 bit systems) and save it to your USB device
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options as you previously did then select Command Prompt.
  • Launch FRST again and press the Fix button
  • The tool will create a Fixlog.txt document on your USB device. Copy and paste that information in your reply.
  • Launch ListParts from your USB drive
  • When the tool opens click Yes to disclaimer
  • Place a checkmark in List BCD
  • Press Scan button
  • A ListParts.txt document will be saved on the flash drive. Please copy and paste it to your reply
  • Place a checkmark in List BCD
  • Press Scan button
  • A ListParts.txt document will be saved on the flash drive. Please copy and paste it to your reply
  • Attempt to boot your computer in Normal or Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Blue Screen error
  • Fixlog
  • ListParts report
  • Can you boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 premiumstaples

premiumstaples
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 11 May 2018 - 10:56 PM

1. I have only started receiving that specific blue screen error after running scannow. Before that it was a different error code which I unfortunately wasn't able to write down (I believe it was something about failed initialization - I could be wrong).

 

2. Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 10.05.2018
Ran by SYSTEM (12-05-2018 08:48:52) Run:2
Running from f:\
Boot Mode: Recovery
 
==============================================
 
fixlist content:
*****************
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe
*****************
 
"HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore" => not found
 
==== End of Fixlog 08:48:52 ====
 
 
 
 
3. ListParts report:
 

 

ListParts by Farbar Version: 31-07-2014
Ran by SYSTEM (administrator) on 12-05-2018 at 08:50:54
Windows 7 (X86)
Running From: f:\
Language: English (United States)
************************************************************
 
========================= Memory info ====================== 
 
Percentage of memory in use: 17%
Total physical RAM: 2038.05 MB
Available physical RAM: 1678.07 MB
Total Pagefile: 2038.05 MB
Available Pagefile: 1675.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 1987.5 MB
 
======================= Partitions =========================
 
1 Drive c: () (Fixed) (Total:465.42 GB) (Free:371.07 GB) NTFS
2 Drive e: (GRMCPRFRER_EN_DVD) (CDROM) (Total:2.33 GB) (Free:0 GB) UDF
3 Drive f: (USB) (Removable) (Total:57.84 GB) (Free:57.75 GB) NTFS
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          465 GB      0 B         
  Disk 1    Online           57 GB      0 B         
 
Partitions of Disk 0:
===============
 
Disk ID: 9FA79FA7
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            350 MB  1024 KB
  Partition 2    Primary            465 GB   351 MB
 
======================================================================================================
 
Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     Y   System Rese  NTFS   Partition    350 MB  Healthy            
 
======================================================================================================
 
Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C                NTFS   Partition    465 GB  Healthy            
 
======================================================================================================
 
Partitions of Disk 1:
===============
 
Disk ID: 04CA8F83
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary             57 GB  1024 KB
 
======================================================================================================
 
Disk: 1
Partition 1
Type  : 07
Hidden: No
Active: Yes
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     F   USB          NTFS   Removable     57 GB  Healthy            
 
======================================================================================================
============================== MBR Partition Table ==================
 
==============================
Partitions of Disk 0:
===============
Disk ID: 9FA79FA7
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465 GB) - (Type=07 NTFS)
 
==============================
Partitions of Disk 1:
===============
Disk ID: 04CA8F83
Partition 1: (Active) - (Size=58 GB) - (Type=07 NTFS)
 
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=Y:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {default}
resumeobject            {6ddf91f3-0809-11e6-8e71-dd1dd06e8049}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {6ddf91f5-0809-11e6-8e71-dd1dd06e8049}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {6ddf91f3-0809-11e6-8e71-dd1dd06e8049}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {6ddf91f5-0809-11e6-8e71-dd1dd06e8049}
device                  ramdisk=[C:]\Recovery\6ddf91f5-0809-11e6-8e71-dd1dd06e8049\Winre.wim,{6ddf91f6-0809-11e6-8e71-dd1dd06e8049}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\6ddf91f5-0809-11e6-8e71-dd1dd06e8049\Winre.wim,{6ddf91f6-0809-11e6-8e71-dd1dd06e8049}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {6ddf91f3-0809-11e6-8e71-dd1dd06e8049}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {6ddf91f6-0809-11e6-8e71-dd1dd06e8049}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\6ddf91f5-0809-11e6-8e71-dd1dd06e8049\boot.sdi
 
 
****** End Of Log ****** 
 
 
 
4. After following all instructions, the computer still does not boot and I am unable to enter safe mode. Pressing the F8 key yields nothing.


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,680 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:45 PM

Posted 12 May 2018 - 03:25 PM

Greetings.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • Using your USB containing FRST press the Windows Key + R on your keyboard at the same time. Type notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the USB device as fixlist.txt
cmd: bcdedit /set {default} safeboot minimal
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options as you previously did then select Command Prompt.
  • Launch FRST again and press the Fix button
  • The tool will create a Fixlog.txt document on your USB device. Copy and paste that information in your reply.
  • Reboot your computer and allow it to automatically try to boot into Safe Mode
  • If your computer boots run a FRST scan and copy/paste the contents of the 2 reports in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Computer boot?
  • Reports, if applicable

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 premiumstaples

premiumstaples
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:45 PM

Posted 12 May 2018 - 05:59 PM

Did as instructed, here's the fixlog:

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 10.05.2018
Ran by SYSTEM (13-05-2018 03:54:31) Run:3
Running from f:\
Boot Mode: Recovery
 
==============================================
 
fixlist content:
*****************
cmd: bcdedit /set {default} safeboot minimal
*****************
 
 
========= bcdedit /set {default} safeboot minimal =========
 
The operation completed successfully.
 
========= End of CMD: =========
 
 
==== End of Fixlog 03:54:31 ====
 
 

After the computer restarted, it tried booting into safemode - minimal services (loaded lots of windows files), then after a few seconds the screen went dark and the blue screen popped up with the same error code. Tried it several times and the results were the same. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users