[RKinner]

Attached is srv.txt.

 

 

Download, save as "srv.reg" or if you can't rename while downloading you will need to rename it after you save it.  The command line for renaming is:

rename srv.txt srv.reg

but it will only work if the prompt shows the same path as where the file was downloaded. 

if the prompt does not show the correct folder then you need to change to the correct drive and folder.

 

Say the prompt says:  C:\Windows\System32\> but the file is on the E: drive then you type:

E:

and hit Enter and the prompt should change to E: >

 

If the drive is correct but the folder is wrong say in \junk\ on the E: drive then you type:

 

cd \junk

 

and the prompt should change to E:\Junk

 

Once you get srv.reg and are in the correct folder then type:

reg import srv.reg

Again if the prompt does not show the correct folder then you need to change to the correct drive and folder.

 

Now try the

 

sc query srv

 

command.  Any change?

 

 

 

 

 

[Advertisements]

Assuming I did everything correctly, it doesn't look like there's any difference

 

 

Microsoft Windows [Version 6.1.7601]

 

 

X:\Sources>d:

 

D:\>xcopy e:\srv.reg d:\windows\system32

E:\srv.reg

1 File(s) copied

 

D:\>cd \windows\system32

 

 

D:\Windows\System32>reg import srv.reg

The operation completed successfully.

 

D:\Windows\System32>sc query srv

[SC] EnumQueryServicesStatus:OpenService FAILED 1060:

 

The specified service does not exist as an installed service.

 

 

D:\Windows\System32>cd ..

 

D:\Windows>sc query srv

'sc' is not recognized as an internal or external command,

operable program or batch file.

 

 

After restarting, I don't see srv in the ntbtlog either

 

 

[stallada]

Assuming I did everything correctly, it doesn't look like there's any difference

 

 

Microsoft Windows [Version 6.1.7601]

 

 

X:\Sources>d:

 

D:\>xcopy e:\srv.reg d:\windows\system32

E:\srv.reg

1 File(s) copied

 

D:\>cd \windows\system32

 

 

D:\Windows\System32>reg import srv.reg

The operation completed successfully.

 

D:\Windows\System32>sc query srv

[SC] EnumQueryServicesStatus:OpenService FAILED 1060:

 

The specified service does not exist as an installed service.

 

 

D:\Windows\System32>cd ..

 

D:\Windows>sc query srv

'sc' is not recognized as an internal or external command,

operable program or batch file.

 

 

After restarting, I don't see srv in the ntbtlog either

 

 

[RKinner]

Try:

 

sc create srv

 

What does that say?

[stallada]

 

D:\Windows\System32>sc create srv

DESCRIPTION:

        Creates a service entry in the registry and Service Database.

USAGE:

        sc <server> create [service name] [binPath= ] <option1> <option2>...

 

OPTIONS:

NOTE: The option name includes the equal sign.

      A space is required between the equal sign and the value.

 type= <own|share|interact|kernel|filesys|rec>

       (default = own)

 start= <boot|system|auto|demand|disabled|delayed-auto>

       (default = demand)

 error= <normal|severe|critical|ignore>

       (default = normal)

 binPath= <BinaryPathName>

 group= <LoadOrderGroup>

 tag= <yes|no>

 depend= <Dependencies(separated by / (forward slash))>

 obj= <AccountName|ObjectName>

       (default = LocalSystem)

 DisplayName= <display name>

 password= <password>

 

D:\Windows\System32>sc query srv

[SC] EnumQueryServicesStatus:OpenService FAILED 1060:

 

The specified service does not exist as an installed service.

 

 

[RKinner]

OK.  Obviously I don't know how to use the sc create command.  Let's see if any of the srv is in the registry.

 

Download the attached fixlist.txt to the same location as FRST



Run FRST and press Fix
A fix log will be generated please post that
 

[stallada]

Attached is the Fixlog.  A couple things:

 

• As per your recommendation, I deleted ntbtlog.  I've attached a couple of the later ones.  They were generated about 40s apart, but are different - I'm assuming one of them was from a normal boot attempt, and the other a safe mode boot attempt?
• I noticed the drive that cmd was in when I launched FRST seemed to affect things.  If I was in my PC's directory (D:), the run would "complete" immediately and the FixLog would have no real output (tried this using a couple fixlists).  If I'm in my rescue directory (X:), it seemed to work properly.  In both cases, FRST and the fixfile were in the unpartitioned space on the bootstick (E:), and I ran it with "E:\FRST64.exe", so intuitively I'm not seeing why there would be a difference.  
• When I was looking into this, I noticed launching FRST seems to modify the drive letters: before running FRST, my PC drive is D:, with C: being the reserved space.  After FRST gets launched, it seems that the drive partition is now C:, with the reserved space being D:

 

Not sure if these are meaningful or not, but figured I'd mention them in case they were.

 

BTW, thank you so much for your continued patience and help!

Attached Files

•  ntbtlog_a.txt   91.07KB   671 downloads
•  ntbtlog_b.txt   7.88KB   661 downloads
•  Fixlog.txt   3.52KB   710 downloads

Edited by stallada, 02 January 2018 - 04:07 AM.

[RKinner]

Fixlist shows that the file that srv uses is where we expect it to be and the size is exactly the same as on my Win 7 but the entries we need are not in the registry even tho the reg command appeared to work OK.  Perhaps it is because of the x vs e business.  Let's try to get FRST to fix it for us.

 

Download the attached fixlist.txt to the same location as FRST



Run FRST and press Fix
A fix log will be generated please post that


I have to take my wife to a doctor's appointment so won't be back on line for a while.

 

 

 

[stallada]

No worries - I won't be able to give it a shot until this evening anyway.  Hope all goes well with the Dr!

[stallada]

Here's the Fixlog

Attached Files

•  Fixlog.txt   101.55KB   670 downloads

[RKinner]

That didn't work.  Can you open regedit from the command prompt?

 

If so can you look at:

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\srv

 

If you don't see srv as a sub key under Services can you right click on Services and select New then Key and type in srv and OK?  I want to see if we are able to create new keys.

[stallada]

I opened up the registry editor, and there was no key for srv (none for srv2, either).  I was able to manually add a key, but it disappeared after a restart.  Same result when I tried importing the srv.reg file you sent earlier.  

 

A quick google seems to indicate that running regedit from the recovery system only loads a temporary registry.  To see the true system registry, I selected HKEY_LOCAL_MACHINE, and File->Load Hive.  Navigated to the PC's directory (D:\Windows\system32\config) and loaded in the SYSTEM file.  Here, under under ControlSet002 instead of CurrentControlSet, srv and srv2 are both found within system.  Values seem to match as well, but both are missing the Enum subdir (don't know if that's pertinent).

 

https://imgur.com/a/UsTWl

[RKinner]

Good work!

ControlSet002 is the registry entries for the last known good boot and it appears to be healthy.  There is an option in the Safe Mode menu to boot to Last Known Good Configuration.  Have you tried it?

 

https://www.lifewire...uration-2626308

 

Alternatively

In the real registry there is a key:

 

HKEY_LOCAL_MACHINE\SYSTEM\Select

 

It has values Current and Default which are probably set to (1).  If you double click on each and change to 2 then OK and Save it back to where you got the hive (not sure exactly how you do that)  it should use ControlSet002 instead of ControlSet001 when it boots the next time.

[stallada]

I gave Last Known a shot this morning, and it only gave me the same result: black screen and non-interactive cursor.  Afterwards, as a check, I navigated to \SYSTEM\Select, and Current and Default were indeed set to (2).  Strangely enough though, trying to boot from Last Known made "ControlSet003" appear in the SYSTEM hive, in addition to 001 and 002.

[RKinner]

Did it make a new ntbtlog.txt file?

[stallada]

No, ran it a few times and booting with Last Known doesn't seem to generate any entries.