Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows 10 not starting - Error = file: \WINDOWS\System32


  • Please log in to reply

#1
CraftyDoctor

CraftyDoctor

    New Member

  • Member
  • Pip
  • 6 posts

Hi,

I am having problems starting my windows 10 machine. Your PC/Device needs to be repaired.

  • It will not start in normal mode.
  • It will not start in safe mode.
  • It blue screens with the file name : file: \WINDOWS\System32\Drivers\RapportKE64.sys
  • Error code: 0xc000000d

I have looked on the forums and have found a similar fault with the user advised to run FarBar recovery tool which i have done, however i am not sure how to translate the information the program presents.

 

If anyone can help, please see attached notepad doc from the results of the Farbar scan 

 

Regards,

 

Grant 


Edited by CraftyDoctor, 20 September 2016 - 01:49 AM.

  • 1

Advertisements


#2
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,491 posts
Hi CraftyDoctor (Grant),

Welcome to GeeksToGo! :)

Looks like the Farbar scan text file did not attach properly. Could you try to attach it again for me please? The following instructions might help a bit.

How to attach a file:
  • Below the Reply to this topic box, click on More Reply Options button.
  • Scroll down and click on Browse button.
  • In the File Upload window that pops up, navigate through your computer to where the file is located that you want to attach
  • Click on the file then click the Open button at the bottom right. (You should see the name of the file to the right of the Browse... button.)
  • Next, click the Attach This File button found under that.
  • Click the Add Reply button once you have completed your post and are ready to submit.

  • 0

#3
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,491 posts
Please note: I am moving your topic to the Virus, Spyware and Malware Removal forum. :)
  • 0

#4
CraftyDoctor

CraftyDoctor

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Hi,

Thanks for the reply - Not sure why it hasn't attached properly, i will try again.

Attached Files

  • Attached File  FRST.txt   63.27KB   26 downloads

  • 0

#5
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,491 posts
Hi Grant,

My apologies for the delay. I was forced to work late today. :(

It appears that Rapport by Trusteer is not playing well with Windows 10 systems. I don't see any malware running on your system that could cause this. I do see that you have McAfee installed and by default McAfee should disable Windows Defender. Looks like both might be running on automatic,

Let's uninstall Rapport by Trusteer to see if we can get your computer to boot into normal mode. If it does boot into normal mode, please check to see if Windows Defender is disabled. If it is not, please disable it. Running 2 AV's in real time can cause blue screens as well.

Also, I see you have Hitman pro installed. Hitman Pro can become aggressive under the right circumstances and delete legit files leaving the computer un-bootable. Thought that I would mention that then you can decide if you want to keep it or get rid of it.

Not sure these are the same instructions you followed to get the FRST report, either way, please do the following:

Fix with FRST

Plug in the flash drive into the working computer:

Open notepad (Start orb > type notepad into Start Search > chose notepad from list.
Please copy the entire contents of the quote box below and paste into notepad.

CloseProcesses:
CreateRestorePoint:
HKLM\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI] <==== ATTENTION
S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2383344 2016-07-11] (IBM Corp.)
S1 RapportCerberus_1609042; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609042.sys [1157960 2016-07-28] (IBM Corp.)
S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544360 2016-07-11] (IBM Corp.)
S0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215560 2016-07-11] ()
S3 RapportIaso; c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys [347624 2016-07-28] (IBM Corp.)
S0 RapportKE64; C:\Windows\System32\Drivers\HKLM\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI] <==== ATTENTION
S1 RapportCerberus_1609042; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609042.sys [1157960 2016-07-28] (IBM Corp.)
S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544360 2016-07-11] (IBM Corp.)
S0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215560 2016-07-11] ()
S3 RapportIaso; c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys [347624 2016-07-28] (IBM Corp.)
S0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [470056 2016-07-11] ()
S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [525992 2016-07-11] (IBM Corp.)
2016-09-15 09:29 - 2016-09-15 09:29 - 00483824 _____ (IBM Corp.) C:\Users\User\Downloads\RapportSetup(5).exe [470056 2016-07-11] ()
S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [525992 2016-07-11] (IBM Corp.)
2016-09-15 09:29 - 2016-09-15 09:29 - 00483824 _____ (IBM Corp.) C:\Users\User\Downloads\RapportSetup(5).exe
C:\Program Files (x86)\Trusteer
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
reboot:


Click on File > Save as.., name it fixlist.txt and save it to the flash drive.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Next:

Plug the flashdrive into the problem computer.

To enter System Recovery Options:
  • Restart the computer and press or continuously tap the F8 key. This should open the Choose an option screen.
  • Click on Troubleshoot.
  • On the Troubleshoot screen, click on Advanced options.
  • On the Advanced Options screen click Command Prompt.
You might need to choose a user account. Please do so and enter the password if necessary, otherwise leave the password field blank and click to continue. A black Command window will open.

Next:
  • In the command prompt box type in notepad and press the Enter key.
  • The notepad opens. Under File in the menu select Open...
  • Select Computer and under the Devices with removable storage section, find your flash drive letter then close the notepad.
  • In the command prompt box type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Fix button.
  • It will make a log fixlog.txt in the flash drive.
Please copy and paste this log in your next reply.
  • 0

#6
CraftyDoctor

CraftyDoctor

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Hi DonnaB,

No problem in the late reply (I am just glad of the help thank you) i have attached the fix log as requested.

 

So i ran the script you sent and the machine first tried to fix itself with a windows / Acer splash screen saying "windows did not start correctly and is attempting a automatic repair" (its a ACER) - then i restarted again and it booted up.

I have not yet logged in properly to the account as i have to rush out but will post again once i have checked if all is well in the account.

 

Thanks again for your help it is truly appreciated.

 

Regards,

 

Grant

Attached Files


Edited by CraftyDoctor, 21 September 2016 - 02:13 AM.

  • 0

#7
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,491 posts
Good morning Grant,

I see we have success! Excellent! Let's get a couple logs to review from normal mode. This time, go ahead and paste them directly into the reply box instead of attaching them. It makes them easier to research. :)

Please download Farbar Recovery Scan Tool and save it to your desktop. <<< Very Important!
  • Right click on the FRST.exe and choose Run as administrator.
  • When the tool opens click Yes to disclaimer.
  • Under Optional Scan make sure there is a checkmark in the box for Addition.txt to ensure it creates that 2nd log.
  • Press Scan button.
In your next reply, please paste the following logs:

FRST.txt
Addition.txt


Thank you,
Donna :)
  • 0

#8
CraftyDoctor

CraftyDoctor

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Hi Donna,

It was a friends machine and returned it before i had seen your message sorry.

The machine was working fully and i appreciate your time in helping repair it, sorry i cannot supply the logs from the normal mode.

 

Regards,

Grant


  • 0

#9
CraftyDoctor

CraftyDoctor

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

I just thought there was a file saved (to the USB) after running the script you supplied, I have shown that below.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-09-2016

Ran by SYSTEM (21-09-2016 08:22:39) Run:1
Running from g:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI] <==== ATTENTION
S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2383344 2016-07-11] (IBM Corp.)
S1 RapportCerberus_1609042; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609042.sys [1157960 2016-07-28] (IBM Corp.)
S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544360 2016-07-11] (IBM Corp.)
S0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215560 2016-07-11] ()
S3 RapportIaso; c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys [347624 2016-07-28] (IBM Corp.)
S0 RapportKE64; C:\Windows\System32\Drivers\HKLM\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI] <==== ATTENTION
S1 RapportCerberus_1609042; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609042.sys [1157960 2016-07-28] (IBM Corp.)
S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544360 2016-07-11] (IBM Corp.)
S0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215560 2016-07-11] ()
S3 RapportIaso; c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys [347624 2016-07-28] (IBM Corp.)
S0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [470056 2016-07-11] ()
S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [525992 2016-07-11] (IBM Corp.)
2016-09-15 09:29 - 2016-09-15 09:29 - 00483824 _____ (IBM Corp.) C:\Users\User\Downloads\RapportSetup(5).exe [470056 2016-07-11] ()
S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [525992 2016-07-11] (IBM Corp.)
2016-09-15 09:29 - 2016-09-15 09:29 - 00483824 _____ (IBM Corp.) C:\Users\User\Downloads\RapportSetup(5).exe
C:\Program Files (x86)\Trusteer
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
reboot:
*****************
 
CloseProcesses: => Error: This directive works only outside recovery mode.
Error: Restore point can only be created in normal mode.
HKLM\Software\Classes\CLSID\{7986d495-ce42-4926-8afc-26dfa299cadb}\InprocServer32\\Default => value restored successfully
RapportMgmtService => service removed successfully
RapportCerberus_1609042 => service removed successfully
RapportEI64 => service removed successfully
RapportHades64 => service removed successfully
RapportIaso => service removed successfully
HKLM\Software\Classes\CLSID\{7986d495-ce42-4926-8afc-26dfa299cadb}\InprocServer32\\Default => value restored successfully
RapportCerberus_1609042 => service not found.
RapportEI64 => service not found.
RapportHades64 => service not found.
RapportIaso => service not found.
RapportKE64 => service removed successfully
RapportPG64 => service removed successfully
"C:\Users\User\Downloads\RapportSetup(5).exe [470056 2016-07-11] ()" => not found.
RapportPG64 => service not found.
C:\Users\User\Downloads\RapportSetup(5).exe => moved successfully
C:\Program Files (x86)\Trusteer => moved successfully
 
========= bitsadmin /reset /allusers =========
 
'bitsadmin' is not recognized as an internal or external command,
operable program or batch file.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
The system cannot find the file specified.
 
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Could not flush the DNS Resolver Cache: Function failed during execution.
 
 
========= End of CMD: =========
 
RemoveProxy: => Error: The entry should be fixed outside recovery mode.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
reboot: => Error: This directive works only outside recovery mode.
 
==== End of Fixlog 08:22:42 ====

  • 0

#10
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,491 posts
Hi Grant,

That is the report from the fix I had you run that removed Rapport. No need to apologize.

I should have included instructions to Run FRST in normal mode and have you post the 2 logs. When FRST is ran in the recovery environment, it filters out many areas of system that are not displayed when ran in normal boot mode. I just wanted to make sure we covered all the bases to prevent this from happening again.

You are more than welcome to have you friend register as a member to pick up where we left off.

I'll leave this topic open for a couple days in case your friends decides to do so.

It was a pleasure helping you.

Donna :)
  • 0

#11
CraftyDoctor

CraftyDoctor

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Hi Donna, 

He is not very IT literate, but i will try to get him to do as requested (but not very hopeful).

 

Faith in humanity restored x


  • 0

#12
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,491 posts
Hi Grant,

Where would we be without friends like you. Let your friend know that he has nothing to fear. Once upon a time, even the IT literate had to be taught. There is no shame in learning and I would be more than happy to provide instructions he can follow. He may surprise himself.

Have a nice day!

Donna :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP