Wednesday, May 23, 2012

STOP: c0000135 the program can't start because %hs is missing. Try reinstalling the program - Blue Screen error.

This BSOD error occurs due to corrupted registry files and it is caused by some hijackers, viruses, malwares etc. More recently my PC crashes frequently and restarts every time. Then I decide to boot my PC with the function "Disable Automatic Restart on system failure" during start up and it stops at this blue screen of death.


After spending several time in fixing this issue with offline registry editors, again PC crashes with another BSOD error soon after fixing the previous one. It was a fatal system error report and now it was really a bad time for me.


STOP: c000021a {Fatal System Error} - This was the error faced by me. Very soon, (by luck) I've have found another solution which saves my whole work and no longer the bad time continues. I think this was the entire solution for both the BSOD errors mentioned above.

Solution: (for Vista/7 Users)
[Last Updated on July 8, 2012]

By luck, if you found to have RegBack folder in C:\Windows\System32\Config\ then this was perfect fix. Simply copy all those files which is inside this folder and paste it outside the folder and replace all with same name. Hurray, you have won!
  • Also check if there was any *.LOG1, *.LOG2 files in config folder and don't forgot to delete these since they are the virus programs which infects the registry files and make us unable to logon by crashing.
  • These virus LOG files can be easily identified since it does not have any file type. In actual, all log files have file type as text document. To verify you can see their file properties.

If you are clueless on how to access this folder without encountering this BSOD error, I suggest some methods here.

Method1
Launching Recovery Console by pressing F8 key before Start-up screen appears to bring up eight functions menu > select Repair your computer option > Select your language for keyboard layout > Type the password for user account > Select command prompt from System Recovery options.




Method2
Using windows setup dvd (or) recovery disc. Boot the PC from dvd drive > press any key to boot from cd (if it asks) > select your language > click Repair your computer below the Install button.


click "Use Recovery tools that can help fix problems starting windows" radio button and select the operating system and click Next > and then select command prompt from System Recovery options.


Method3
If you have installed two OS on same PC, then it is easy to access this folder by logging into the other operating system whether it is XP/Vista/7/RedHat linux/Ubuntu/Fedora.

Method3
Using other third-party bootable dvd's like Ophcrack LiveCDUbuntu LiveCDHiren's BootCD.

Method4
Connecting your internal hard disk to another PC or laptop via IDE/SATA to USB adapter. For more to know read my post on How to use internal Hard disk as an external USB device.

Using Command prompt
1. Type cd<space>C:\Windows\System32\Config and hit Enter key.
2. Now type dir and hit Enter key.


3. Type the following commands as follows and press Enter key after each.
  • cd RegBack 
  • copy *.* c:\Windows\System32\config 

4. If it ask for overwrite any existing files (y/n) > type Y and press Enter.
5. If all files were successfully copied message is displayed, type exit to leave the command prompt and restart Windows.

Finally, if you couldn't find RegBack folder; thinking that I was wasting your time.
GO AHEAD! - FORMAT YOUR PC! - INSTALL NEW OS!

But this is not the end for XP users. Read this Microsoft article on How to recover from a corrupted registry that prevents Windows XP from starting.

Overall, the above choice is my best advice rather than editing registry files directly.

Note: If you are still interested in editing those registry files, read my post on STOP: c0000135 error - Solved using Registry Editor.

29 comments:

  1. During this proces I found out that my C drive is actually the D drive. Could this be possible that the virus changed my driveletter because I'm not sure if this was the case before... Thanks for any feedback.

    ReplyDelete
  2. @lon Yes, there are possibilities. For this, You have to edit the System file from "C:\Windows\System32\Config" using Registry Editor. So that you can access back to your original boot drive.(i.e) from D to C drive. If you have installed two OS on different drives, the case may become quit a complex one.

    ReplyDelete
  3. No, I haven't installed 2 OS.

    So I need to read the other article about reg editing? Isn't there a way around via cmd?

    ReplyDelete
  4. Yes, of course there is a way. You can use DISKPART tool in WIndows using cmd line to change the drive letter.

    If you are able to boot into windows (i.e) non-Real OS drive > Then, open the command prompt with administrator rights.

    Type the following cmds and press Enter key after each.

    DISKPART
    LIST VOLUME
    SELECT VOLUME 1

    Here i assume Volume 1 is the current C drive (non-Real OS drive)

    ASSIGN LETTER=Z

    Give some any unused drive letter in the above cmd and so that it frees up for C letter.

    SELECT VOLUME 2

    here i assume volume 2 is the current D drive (Real OS drive).

    ASSIGN LETTER=C

    The above cmd will change volume2 D drive to C drive.

    SELECT VOLUME 1
    ASSIGN LETTER=D

    The above cmds will change volume1 Z drive to D drive.

    EXIT (to leave disk part)

    EXIT (to leave cmd prompt)

    ReplyDelete
  5. I'm not logged in on my account... what a fuss with mobile devices...

    Anyway, Looks legit.

    ReplyDelete
  6. I see C is system reserved and D is unlabeled. I'll move C to B. D to C and E to D. E is just a downloadpartition which I thought was initially D (before I got hit by the virus)

    How big do you think, is the chance to success?

    ReplyDelete
  7. Initially System Reserved Volume which is about 100MB does not need to have any drive letter and also it is not necessary to have. So you can remove the drive letter C which is currently assigned for it by using the Remove cmd in diskpart tool.

    SELECT VOLUME # (select your system reserved volume no.)

    REMOVE LETTER=C

    The above cmd will currently remove the letter C and makes that volume as offline. Now you can assign this C drive letter to your desired volume by selecting it. If any volume is unlabelled you can directly assign a letter for it by selecting it.

    Drive letter A and B are reserved for floppy drives and so that you can't use it for now. If it looks more tedious job or still confusing just remove all the drives and thus making your whole disk to offline.

    REMOVE ALL DISMOUNT

    The above cmd will remove all drive letters and make all volumes dismount. Now you can select each volume and assign a drive letter for each which makes your disk online again and active.

    This was a straight forward step.

    ReplyDelete
    Replies
    1. Everytime when I'm in CMD then I start with X:\Sources>

      Anyway, "remove all dismount" did not work for me. I tried this 3 times with "remove letter" but everytime after the reboot the drives went back to how they were:

      List of drives:

      Volume 0
      Letter: F
      Label:
      Type: DVD-ROM

      Volume 1
      Letter: C
      Label: System Rese
      Type: Partition

      Volume 2
      Letter: D
      Label:
      Type: Partition

      Volume 3
      Letter: E
      Label: HDD
      Type: Partition

      Volume 4
      Letter: G
      Label: Lexar USB
      Type: Removable

      I also went info config and removed all *.log* and copy pasted all files from regback to config, which where 5 files.

      I got me a 80gb hard disk to install an OS on it. Do you think the other OS could be saved?

      Delete
    2. Which method are you using for accessing cmd prompt (like 3rd party bootable CDs)?

      What error it displays while using the cmd REMOVE LETTER=C in Diskpart tool?

      Also before restarting your PC, You have to disable all your startup items and non-microsoft services in System Congfiguration Utility (Start>Run>msconfig.exe). In System Congfiguration Utility, Select Services tab > click Hide all microsoft Services check box and then click Disable all button. Also Select Startup Items tab > Click Disable all button. Then Click Apply and OK. [This is to ensure that no virus programs runs @ Startup]

      Also Try to reboot your PC in Safe Mode by pressing F8 key during startup.

      Delete
    3. Plz note that while entering the LIST VOLUME cmd in DISKPART tool it provides INFO like System or Boot in the last column for only a specific volume. From this you can identify that which contains the BOOT/SYSTEM INFO is your Real-OS Volume/drive.

      Delete
    4. From Your info, I think either Volume 2 or Volume 3 must be your Real-OS drive Which contains the BOOT INFO. REGBACK folder files are useful only if you encounter any BSOD errors during start-up (i.e) Logon screen disappears and also it is not the perfect fix for the case like drive letters disappears or suddenly changes.

      If Disk Management fails,
      If Command prompt fails,
      Then the perfect fix for your problem is only by renaming the Mounted devices using Registry Editor.

      If you are still having a little hope on saving your OS, then I can help you editing the registry keys for the perfect fix.

      Delete
  8. Well, first of all: Yes, I'm interested in fixing this issue.

    I have the exact same boot error as mentioned in the title. This came after I was trying to remove a "Ukash" virus (not the easy one). I haven't gotten the fatal error yet.

    I will answer in another post.

    ReplyDelete
  9. I access cmd via the repair function on the recovery ISO file which I'm using on a bootable USB which I got from 'Digital River Distribution Centre' that can be found here:

    http://www.heidoc.net/joomla/technology-science/microsoft/14-windows-7-direct-download-links

    When I use the "remove letter=c" comand then I don't get any error. Before I exit I recheck the values (cmd "list volume") and it actually looks like everything goes fine. After the reboot I find out that all the drives have been back to how they were (as if there were no changes applied).

    However, when using cmd REMOVE ALL DISMOUNT then it says "There is no volume selected. Please select a volume and try again".

    The "info" tab in 'List volume' shows nothing. It's empty.

    I don't know how to access msconfig via cmd? So I'm not quite sure how to handle that. Thanks for your feedback.

    ReplyDelete
    Replies
    1. Fine! I think You have more patience in fixing this issue. More recently i received a PC (Dell Inspiron) for repair, stating that it does not boot into windows. At-last I've found that its issue was exactly the same that you are facing it right now. And also it has three more issues including the virus infection. I've spent nearly 20+ hrs in fixing the bad sectors, replacing CMOS cell and the virus infection. I've also used the above methods which I've mentioned in the comment section but all results in vain. Finally I deleted all partitions after a long backup and installed new OS.

      But this is not the same for all PC's, there may be an exception.

      In Considering your issue, better connect your Hard Disk as an external USB device to another PC/laptop and scan completely with an updated antivirus. After all the antivirus deletes the active viruses/infected files, then connect your HD as an internal SATA/IDE device.

      For accessing msconfig utility navigate to "C:\Windows\System32\" through cmd prompt and type msconfig.exe and hit Enter key.

      For accessing registry Editor navigate to "C:\Windows\System32\" through cmd prompt and type regedit.exe and hit Enter key.

      For more help in removing UKASH virus manually follow this link > http://www.wikihow.com/Remove-Bundespolizei-Ukash-Virus-Manually

      Reply with your results here after following all the steps.
      ******Best of Luck.

      Delete
    2. Avast free edition would be fine?

      Accessing msconfig and regedit via D (such as in my case) wouldn't be a problem? Or should I first try to have success in changing the diskletters...

      Thanks for the information.

      Delete
    3. Spoke to soon! Give me some time to actually try these stuff out. Ignore the previous post.

      Delete
    4. Yes, Avast free edition is very effective.

      Delete
    5. After the scan has been finished > try to delete all temporary files/folders from the path "C:\Windows\Temp" and "C:\Users\\AppData\Local\Temp" since they are the key to regenerate @ background.

      Only by deleting/locking the UKASH virus completely from Hard disk makes you to change the drive letters successful. But the thing is that entire OS is affected/whole system files may be infected even the desktop, startup, logon screens and secure locations like System32 folder contents, registry keys etc. Since the virus program coding is like that.

      So by deleting it in both external and internal ways are necessary. Also don't forget to disable startup items and services in msconfig using your Recovery USB device ( from Digital River Distribution Centre) while accessing internally.

      Take your maximum time. Since the issue is like that.

      Delete
  10. Ok, it has been a while. I hope you're still in it to try fix this issue? I just started to scan the both partitions (full scan with latest update Avast). I'll get back to it!

    I was working on another hard disk and left this one untouched. I'm interested to fix this issue though. Even just for educational purpose and additional references. Greetings! Please leave any feedback, lol.

    ReplyDelete
  11. @lon, sorry for the late reply Since I was very busy in my studies during the past three months I can't schedule my time for blogging. Anyhow we will discuss this in detail....Later!!!

    ReplyDelete
  12. @Jai, count me in if you're willing to spend more time on this problem? Personally I would really like to know how to fix this issue. I have left the hard disk as-is, since I have now installed it as a second hard disk it didn't bother me at al (all my documents are available). Thanks in advance.

    ReplyDelete
  13. i try method 1, but it didn't work. after i type copy *.* x:\windows\system32\config then i press enter, it didn't work.the command said 'cannot located files 0 item copied'

    ReplyDelete
  14. @anonymous
    The above message shows there is no registry files in your Regback folder for copying (i.e)Empty folder

    ReplyDelete
  15. IF I use method 1 and it didn't work would it still possible to fix the problem using windows start up DVD ?
    Please reply
    Thank you

    ReplyDelete
  16. I can't copy they reg files to the folder outside it says im using them currently, help!

    ReplyDelete
  17. may be you can try using 3rd party CD's like ubuntu liveCD. It is worth a try to access your documents without any damage.

    ReplyDelete
  18. Are you accessing through command prompt??..
    If YES..
    then try copy those files with administrative privileges.

    ReplyDelete
  19. hi i want to wish you the best because of I repair my computer I'm from mexico and I have 13 years and you to save me from my fathers, I enter in your website I repeat again thank you very much.
    My English is not good xD

    ReplyDelete

Feel free to comment...

Livefyre