Please Help! OS doesn't boot and blue screens! Windows disc can't find OS!

Hello, I recently had a serious virus issue and I was able to eliminate it. Unfortunately, in the process I seem to have deleted some important system files and now when I boot my computer I get the following blue screen error:

"STOP: c0000135 The program can't start because %hs is missing..."

Here is a website that talks about the exact problem I am having and a possible solution to the problem:

http://mikemstech.blogspot.com/2012/01/troubleshooting-0xc0000135.html

In addition to this blue screen error, when I boot from the Windows Disc to repair the installation the disc doesn't find an OS on my hard drive. I really don't want to reformat and reinstall, I have 75% of a Terabyte drive filled with programs, videos, music, pictures, and documents that I have nowhere to put (no external drive or anything)!

I already sought out help for the spyware/virus issue and it was fixed but my computer still cannot boot. Here is a link to the thread where I got help and it ends with "reformat and reinstall."

http://www.computerhope.com/forum/index.php/topic,127115.0.html

Please help me! I need to get my pc running again for work and access to my important files. Thank you for your time.

 

Do you have AVG antivirus installed on this computer?

 

No, I have Superantispyware, and adaware.

 

This may be malware related. From your post over at computerhope it looks like you ran into the consrv.dll virus.

Download Puppy Linux and burn the iso with Imgburn or your burning software if it can burn images. Then boot Puppy. In the lower left there should be an icon of your hard drive. Click it and a window will open. Navigate you the Windows\System32 folder. Then create a copy of winsrv.dll. You should have this file in Windows\System32. Right click the winsrv.dll and select copy. Give it a name like winsrv.bak. Then rename the file to consrv.dll

Exit Puppy and see if you can boot to windows. If so, head over to the Malware Removal forum here and follow the instructions in the sticky post.

Here is a reference on using Puppy.
http://help.artaro.eu/index.php/win...windows-7/recover-files-from-hard-disk-7.html

 

Took me awhile, I couldn't find the file with puppy linux so I used a bootable bitdefender usb to copy and rename. It didn't work though. :cry
Should I still take this to the virus section of the forums?

 

They cannot do anything unless the computer can boot. I will be signing off until tomorrow but Download PCregedit. Burn the iso file and see if it boots for you. When it starts it should open up the config folder where all of your registry hives are located. Scroll down to System ,click on it and go to the following keys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\SubSystems

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\SubSystems

It is a long key. It should look like this.

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

Is this what your key value is? It should show winsrv and not consrv

I think when you cleaned the computer of the virus, you deleted more than just consrv.dll

For your reference:
http://triplescomputers.com/blog/?p=72

Edit: as a side note, Puppy should have opened the drive and the Windows folder should have been in the opened window. I just tried it. It should have shown as /mnt/sda1 in the title bar if you have one hard drive.

 

Hey,

Sorry for the late response, but I work two jobs and I the past week has been VERY busy! Anyway, I downloaded and burned the regedit ISO and attempted to boot it. Unfortunately, it didn't boot for me and ends up in a DOS-like interface with this message:

/bin/ash: can't access tty; job control turned off
/newroot #

I typed in "help" for a list of commands, but nothing looked like it would help me to navigate to a registry entry. I would appreciate any further help you can give!

PS- is there anyway I can connect to my PC's registry from my laptop? It's running XP.

 

That error message basically means something like: "incompatible hardware or BIOS setting"

What make/model of computer is it?

 

My MoBo is an Asus M3N72-D and I have an AMD Phenom quad core processor.

 

The computer with the error is XP?

 

Oh sorry, no. It has Windows 7 64bit installed.

 

What problems were you having loading Puppy? If that does not work, you could try another program line PartedMagic and change the name as referenced in my second post.

 

Sorry, I must have been unclear in my post. I did manage to change the name of the file, but it still doesn't boot! I used a bitdefender bootable cd, changed the name, rebooted normally, and received the same blue screen. The Windows cd still doesn't recognize anything.

I could load puppy, but there were so many files in the System 32 folder that scrolling through them caused puppy to freeze! Even after it started again I could never get past the "S"s. I tried a file search but it took too long (thirty minutes and nothing found!).

Before I used bitdefender I tried booting Xubuntu, but for some reason that wouldn't work.

I wonder if maybe the viruscan programs deleted those registry entries entirely? Then, it wouldn't matter which DLL I had (consrv/winsrv) because there's no registry entry to direct the OS?

Thank you all for your help, if I had the money I would just buy an external drive, backup, and reinstall, but as it is I am broke!

 

You can try to copy the registry hives from the regback subfolder. This is in the Config folder of Windows/System32. I would go to the config folder and then rename the hives. Then copy the ones in regback to the config folder. See if you can boot then. Hopefully these are before the problem.

 

Hi guys, one quick thought before you get too involved with the registry. You never got your Windows CD to recognize the OS. If you could do that then maybe System Restore would be an option. (No sure what that would mean in terms of virus removal?--tgell you are more versed in that so you could advise if system restore is not a good option anymore.).

I would try booting from Windows CD, select repair, let it scan for OS--it won't find one. Click NEXT button (You have a choice of Drivers and Next--I don't think you ever hit the next button before.). You get the list of 5 options, select Startup Repair. When done, reboot from CD again and see if it finds the OS this time. If it does and offers automatic repair, look at the details to see what it thinks is the problem and write it down and then let it fix it.

Even if it still doesn't boot you might be able to try System Restore next time if it now recognizes the OS.

 

Thanks for jumping in sach2. I just wanted to get that registry key fixed but he can't boot with PCregedit. Maybe you can help here because I am out of ideas. I know you are good with these types of problems.

 

It has just been bugging me that he never got the OS recognized from the Windows disc.

I'm not familiar with the conserv.dll virus or any virus, I'm just thinking System Restore might get him booting and then he can start malware removal again but with some guided help.

 

Thank you both for helping me! I will try the system restore option from the Windows disc first, since that seems to be the one that I am least likely to mess up.

Then if that doesn't work I will copy the regback folders. I am hopeful that the regback will work, I only had the consrv virus for a few weeks, so maybe they are still good! I will report back with the results of both as soon as I am done!

 

OK, so I tried startup repair and it still doesn't boot and the disc still doesn't detect an OS.

So now I am attempting to copy the regback files and I have a couple questions.

1) In my Config folder I see the regular registry hives (SAM, SECURITY, SOFTWARE, SYSTEM, DEFAULT) but I also see copies of these hives that are labeled like this:

SAM {016888c1-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer000000000000002.regtrans-ms

What are these files?

2) There are also a bunch of log files in my config folder. What should I do with these?

I was thinking about creating a new folder in my Config folder called Original Files, or something like that, and just putting everything in there and then copying the regback. Tell me what you think!

 

Okay, so I got impatient and tried my idea. I made a new folder and placed all of the files in my config folder inside and transferred over all the files from Regback.

I tried three different methods for rebooting. First, I booted with the "consrv" file still in place from the previous experience = same error.
Second, I deleted "consrv" and restored the previously renamed "winsrv" and booted = same error.
Finally, I booted from the Windows CD again and there is still no OS deteced!

I'm beginning to think it may be hopeless! Maybe I can borrow a friend's/neighbor's external hard drive for a few days and back up all my data/work using the PartedMagic disc and then just reinstall. I am still open for any ideas though!

 

Since you already tried, I guess you have that answer.

Let me ask, if you try system restore from the list of five options do you get an error?

I have one more thought about changing the active partition and letting the CD try to search out installations completely anew that would only take a minute or two to test if System Restore doesn't work as it is. What happens if you try System Restore?

 

I tried system restore before, but it didn't work. This isn't surprising to me though, because as part of my virus removal instructions I had to disable system restore points because viruses can infect them. I was supposed to re-enable it once I cleaned my PC of the virus, but that never happened because I got this error!

 

I have an idea

http://img827.imageshack.us/img827/1263/frst.gif For 32-bit (x86) systems download Farbar Recovery Scan Tool and save it to a flash drive.
For 64-bit (x64) systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
• Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please attach this log to your next reply. (How to attach)

 

Hey Thisisu,

Should I restore my old registry before attempting your fix? Or just leave the regback files? Thanks for the help.

 

Hi,

Just leave the registry as it currently is.

 

Okay, I did the scan and I have attached the log to this post!

Strangely enough, when I ran the 64bit file it said it was incompatible, but I could run the 32bit one. I know that I have the 64bit installation of Windows 7 on my hard drive, but either way it ran.

 

Yes you do appear to have 64bit OS.

Try the fix with FRST64.exe first. If it does not work, you may want to try FRST.exe (32 bit version).

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Attached is fixlist.txt

• Save fixlist.txt to your flash drive.
• You should now have both fixlist.txt and FRST64.exe on your flash drive.

Now re-enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
Please attach this to your next message. (How to attach)

Now attempt to boot normally.

Now continue with this procedure: How to Remove TrojanOS/Alureon.A

 

There is a syntax error in the above attachment.

If you have not already run the fix yet. Try the below NEW attached fixlist.txt

 

not sure if this is ok to use but you can download the windows 7 recovery disks from this website. If it is not ok to use i understand that you need to remove the link.
http://www.bootfromcd.com/data-recovery/windows-7-recovery-disk/

when looking at the links provided they seem to be backward. the 32 bit says it downloads the 64 bit iso
and the 64 bit link downloads the 32 bit version

 

Ok, I ran the most recent fixlist. I again had to use the regular FRST since it wouldn't even load the 64bit one. Attached is the fixlog.

 

You still cannot boot correct? I see the following your log:

Code:

=========  bootrec /fixboot =========

ÿþE l e m e n t   n o t   f o u n d . 
 
 
========= End of CMD: =========

I'd like you to renter System Recovery Options.

On the System Recovery Options menu you will get the following options:

• Select Startup Repair

Let me know if Startup Repair detects any errors and is able to correct them. A reboot will be required in order to test if the errors were fixed.

 

Also looks like your Windows Partition (931GB) is not set as active / boot. Startup Repair may be able to fix this on its own.

If you need additional help please provide an updated FRST log.

 

Not to be ungrateful, but did the fix change anything? I only ask because I have run startup repair something like 8 times at this point and everytime I do it doesn't show any errors and nothing is fixed.

Considering what you said about the partition, is there anyway to make sure that my windows disc is looking at the right partition when I boot with it? Thank you.

 

Yes, there are a few ways to do this but I will show you one way:

Boot back into System Recovery Options -> Command Prompt

At the Command Prompt window, type in the following commands in the order shown and let me know the output of the commands that have a red asterisk ( * ) next to them.

1. diskpart
2. select disk 1
3. select partition 2
4. detail partition *

Do not leave Diskpart or Command Prompt yet.

 

There was an error when I typed your instructions in the command prompt, I think I did it wrong, so I restarted and I forgot what I was doing (I was eating dinner at the same time ) and I ran startup repair instead. It restarted after the repair, it recommended to run it again, so I did, and then it booted!!!!!!!

:cry :-D

I probably still have viruses, what should I do next?

 

Yes this is evident from your FRST log.

Here is where you go from here: READ & RUN ME FIRST Malware Removal Guide

 

All right I will do everything in the read and run me thread. If afterwards I still have viruses do I make a new thread in the virus help section of the forums?

Also, thank you so much everyone for all your help! You have saved me from hundreds of dollars of wasted money and irreparable loss of important files/information!

 

Yes.

You're welcome.