Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer Won't Boot - Malware Related [Solved]

PC wont boot - MBAMSwissArmy

  • This topic is locked This topic is locked

#1
Tom1178

Tom1178

    Member

  • Member
  • PipPip
  • 28 posts

Hello,

I have a sick Win 7 32-bit PC and I need some help.

The symptoms are similar to many posts I have read on this forum...The computer will not start, and a corrupt MBAMSwissArmy.sys seems to be the reason. On boot, the PC defaults to System Repair and Windows cannot fix the problem. It will not go into Normal, Safe Mode, or Last Known Good. The first results I got from system repair indicated that there was a corrupt file, the aforementioned MBAMSwissArmy.sys. The most recent result was:

 

Repair Action: System Files integrity check and repair

Result: Failed. Error Code 0x490

Time taken: 463125 ms

From the Startup Repair diagnosis and repair log

Number of repair attempts: 2

 

Root cause found:

Repair Action: File Repair

Result: Failed Error Code: 0x2

Time taken=3844 ms

 

The first inkling I had that there was a problem was when I attempted to do a Malwarebytes scan which I do periodically. Malwarebytes loaded but put up a message to the effect that it couldn't do a Rootkit scan. Things went rapidly downhill after that. The next reboot failed and it's been like that ever since. Also, it seemed as though the boot process had been getting longer.

 

I have read a number of posts on the subject and, since almost all recommend using a tool called 'FRST', I followed the instructions in post # 347604. I followed the link in the post, downloaded FRST.exe, copied to a USB drive, etc. The resultant FRST.txt file is attached. I only used the 'Scan' function.

 

Any help you can provide would be greatly appreciated.

 

Thanks in advance,

Tom

 

 

Attached File  FRST.txt   11.74KB   55 downloads


  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Hello Tom1178,

Welcome to Geekstogo.
 

The computer will not start, and a corrupt MBAMSwissArmy.sys seems to be the reason.


Let's see if removing that file makes a difference.

 

 

Now

Open notepad.

Please copy the contents of the code box below.

To do this highlight the contents of the box and right click on it. Paste this into the open notepad.

Save it on the flashdrive as fixlist.txt

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
 

S0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [170200 2016-11-18] ()
C:\Windows\System32\drivers\MBAMSwissArmy.sys

This script is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable.

Please enter System Recovery Options, as you did previously.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also, try a restart and see if your machine boots up.

When you return please post

  • Fixlog.txt
  • tell me if your computer booted up okay

 

 


  • 0

#3
Tom1178

Tom1178

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Dear emeraldnzl,

 

Thank you for your quick reply.

 

Just checking to be sure I have the instructions correct...

 

Please verify the following:

 

"Please enter System Recovery Options, as you did previously.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply."

 

Thanks again,

 

Tom


  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Oh dear, I am so used to dealing with 64 bit machines. No, that should just read Run FRST. My apologies. :whistling:


  • 0

#5
Tom1178

Tom1178

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

Dear emeraldnzl,

 

After FRST fix is run and PC shuts down, should I do Normal or Safe Mode start?

 

Thanks,

Tom


  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Just try to boot up normally.

If that doesn't work then try the Safe Mode.

Tell me how it goes. :)


  • 0

#7
Tom1178

Tom1178

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

emeraldnzl,

 

Well, there's good news and bad.

 

I got to the log in screen and the PC sat at the 'Welcome' screen for quite a while, finally the screen went black with the cursor (which would move with the mouse) and that was about it. Alt/F4 had no effect, neither did Ctrl/Alt/Del.

I then tried Safe Mode. It got through loading the drivers, all of them I think. It then sat at 'Please wait...' forever.

 

Tom

 

 

Attached Files


  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

 

It then sat at 'Please wait...' forever.

 

Okay, so still not booting up, even in Safe Mode.

 

Let's see a fresh FRST scan. You will need to turn off your computer. Restart and run the scan from the flash drive as you did the first time.

 

 


  • 0

#9
Tom1178

Tom1178

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

emeraldnzl,

 

Needed some sleep...

 

OK, re-ran FRST. FRST.txt is attached.

 

Thanks,

Tom

Attached Files

  • Attached File  FRST.txt   10.83KB   47 downloads

  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Please run FRST again as you did before but this time we will carry out a file search.
 

  • When FRST opens type the following into the search box:
    User32.dll
  • Now press the Search files button
  • When the search is complete, search.txt will be written to your USB
  • Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

 

Note: Please copy and paste the log into the thread rather than attach as you have done in the past.


  • 0

Advertisements


#11
Tom1178

Tom1178

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

I have done as requested.

First there was a flurry of FRST error messages as follows:

 

FARBAR Error Msgs:

The file or directory
C:\Windows\System32\wdi\{67144949-5132-4859-8036-a737b43
825d8}\{51fbe7ff-906a-4778-9157-8580de4b78c4} is corrupt and
unreadable. Please run the Chkdsk utility

There were 3 entries like this, then, after I closed them:

The file or directory C: is corrupt and unreadable. Please run the Chkdsk utility.

Then:

The file or directory C:\Program Files\AVAST Software\Avast\defs\16112700_stream is corrupt and unreadable. Please run the Chkdsk utility.

Then:

The file or directory C:\$Mft is corrupt and unreadable. Please run the Chkdsk utility.

 

Search.txt:

 

Farbar Recovery Scan Tool (x86) Version: 23-11-2016
Ran by SYSTEM (28-11-2016 16:00:46)
Running from f:\
Boot Mode: Recovery

================== Search Files: "User32.dll" =============

C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23528_none_cfc274bde4c0ef6f\user32.dll
[2016-09-22 08:43][2016-08-15 18:48] 0811520 ____A (Microsoft Corporation) CC157E3445C86456494ED940E1250247

C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23265_none_cf942e7de4e41bb9\user32.dll
[2015-12-09 12:40][2015-11-10 10:36] 0811520 ____A (Microsoft Corporation) E175DD0A22EC01BA2E2EFCF0B14B8426

C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.19061_none_cf068ea4cbca196c\user32.dll
[2015-12-09 12:40][2015-11-10 10:39] 0811520 ____A (Microsoft Corporation) 4C5A23AE4F5157F579C89736EA5D42CE

C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[2010-11-20 13:29][2010-11-20 13:29] 0811520 ____A (Microsoft Corporation) F1DD3ACAEE5E6B4BBC69BC6DF75CEF66

C:\Windows\System32\user32.dll
[2016-09-22 08:43][2016-08-15 18:48] 0811520 ____A (Microsoft Corporation) CC157E3445C86456494ED940E1250247

X:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[2010-11-20 01:06][2010-11-20 04:21] 0811520 ____A (Microsoft Corporation) F1DD3ACAEE5E6B4BBC69BC6DF75CEF66

X:\Windows\System32\user32.dll
[2010-11-20 01:06][2010-11-20 04:21] 0811520 ____A (Microsoft Corporation) F1DD3ACAEE5E6B4BBC69BC6DF75CEF66

====== End of Search ======

 

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2016
Ran by SYSTEM on MININT-B703807 (28-11-2016 09:34:36)
Running from f:\
Platform: Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet004
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-16] (AVAST Software)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2303256 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [CmPCIaudio] => RunDll32 CMICNFG3.cpl,CMICtrlWnd
HKLM\...\Run: [ACPW09EN] => C:\Program Files\ACD Systems\ACDSee Pro\9.0\acdIDInTouch2.exe [1731016 2016-07-14] (ACD Systems)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2014-03-24] (Logitech, Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-30] (AVAST Software)
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-14] (HP Inc.)
S4 lxdp_device; C:\Windows\system32\lxdpcoms.exe [589824 2007-11-19] ( )
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [420920 2016-10-25] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [420920 2016-10-25] (NVIDIA Corporation)
S2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [931896 2016-10-25] (NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S2 WsAppService; C:\Program Files\Wondershare\WAF\2.3.0.5\WsAppService.exe [415232 2016-08-09] (Wondershare)
S3 WsDrvInst; C:\Program Files\Wondershare\Dr.Fone for Android (CPC)\DriverInstall.exe [115856 2016-09-21] (Wondershare)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-08-30] (AVAST Software)
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-08-30] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-08-30] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-08-30] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [60424 2016-08-30] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-09-13] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-09-22] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118664 2016-08-30] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224752 2016-10-13] (AVAST Software)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47504 2016-08-25] (IVT Corporation.)
S3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1872192 2009-11-30] (C-Media Inc)
S3 DCamUSBEMPIA; C:\Windows\System32\DRIVERS\emDevice.sys [185472 2013-04-16] (eMPIA Technology Corp.)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [108032 2016-10-25] (Samsung Electronics Co., Ltd.)
S3 DualCoreCenter; C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys [36152 2010-02-08] (MICRO-STAR INT'L CO., LTD.)
S3 emAudio; C:\Windows\System32\drivers\emAudio.sys [26112 2013-07-04] (eMPIA Technology Corp.)
S3 FiltUSBEMPIA; C:\Windows\System32\DRIVERS\emFilter.sys [5632 2013-04-16] (eMPIA Technology Corp.)
S1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2016-08-25] (REALiX™)
S3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42264 2014-03-18] (Logitech, Inc.)
S3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10136 2014-03-18] (Logitech, Inc.)
S2 mi2c; C:\Windows\system32\drivers\mi2c.sys [18224 2016-01-28] (Nicomsoft Ltd.)
S3 NVR0Dev; C:\Windows\nvoclock.sys [6912 2006-10-13] (NVidia Corp.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27704 2016-10-25] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [42040 2016-10-25] (NVIDIA Corporation)
S3 RushTopDevice2; C:\Program Files\MSI\DualCoreCenter\RushTop.sys [55296 2009-03-18] (Your Corporation)
S3 ScanUSBEMPIA; C:\Windows\System32\DRIVERS\emScan.sys [6144 2013-04-16] (eMPIA Technology Corp.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [147072 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 MBAMSwissArmy; system32\drivers\MBAMSwissArmy.sys [X]
S3 MSICDSetup; \??\E:\CDriver.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-26 07:43 - 2016-11-28 09:34 - 00000000 ____D C:\FRST
2016-11-18 14:19 - 2016-11-18 14:19 - 00000000 __SHD C:\found.002
2016-11-18 07:18 - 2016-11-18 08:44 - 00000000 ____D C:\Users\TK\AppData\LocalLow\Mozilla
2016-11-18 06:16 - 2016-11-18 06:16 - 00003288 ____N C:\bootsqm.dat
2016-11-17 13:08 - 2016-11-17 13:08 - 00000000 __SHD C:\found.001
2016-11-09 12:11 - 2016-11-09 12:11 - 00074635 _____ C:\Users\TK\Documents\H6LLWJ.pdf
2016-11-08 09:56 - 2016-11-08 09:56 - 04629193 _____ C:\Users\TK\Downloads\TomTom-ONEv5-XLv2-en-GB.pdf
2016-11-07 11:13 - 2016-10-25 12:21 - 00095800 _____ (NVIDIA Corporation) C:\Windows\System32\nvaudcap32v.dll
2016-11-07 11:13 - 2016-10-25 12:21 - 00042040 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad32v.sys
2016-11-07 07:12 - 2016-11-07 07:12 - 00011895 _____ C:\Users\TK\Documents\Flash GN.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-27 17:02 - 2015-04-06 16:04 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-27 16:58 - 2016-09-24 04:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-11-27 16:58 - 2015-04-06 20:59 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-11-18 06:23 - 2009-07-13 20:34 - 00028720 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-18 06:23 - 2009-07-13 20:34 - 00028720 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-18 05:50 - 2015-04-06 10:31 - 00000000 ____D C:\users\TK
2016-11-16 16:14 - 2010-11-20 13:01 - 00006206 _____ C:\Windows\System32\PerfStringBackup.INI
2016-11-09 12:13 - 2015-04-22 08:09 - 00223744 ___SH C:\Users\TK\Documents\Thumbs.db
2016-11-08 08:22 - 2016-01-28 11:15 - 00182784 ___SH C:\Users\TK\Downloads\Thumbs.db
2016-11-08 07:36 - 2015-04-14 05:16 - 00000000 ____D C:\Users\TK\AppData\Roaming\NVIDIA
2016-11-07 12:29 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\inf
2016-11-07 11:14 - 2016-10-08 00:38 - 00001374 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-11-07 11:14 - 2015-04-06 16:02 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-11-07 11:13 - 2015-04-06 16:01 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-11-06 10:43 - 2015-05-05 07:23 - 00001259 _____ C:\Users\TK\Desktop\BillPay.txt
2016-11-05 07:12 - 2015-04-13 04:37 - 00000000 ____D C:\Users\TK\AppData\Local\Microsoft Help

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2016-09-22 08:43] - [2016-08-15 18:48] - 0811520 ____A (Microsoft Corporation) CC157E3445C86456494ED940E1250247

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 4095.37 MB
Available physical RAM: 3597.69 MB
Total Virtual: 4093.65 MB
Available Virtual: 3595.04 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:456.77 GB) (Free:384.26 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DISK 1 PART 2) (Fixed) (Total:8.99 GB) (Free:5.61 GB) NTFS
Drive f: (TRAVELDRIVE) (Removable) (Total:3.73 GB) (Free:1.36 GB) FAT32
Drive g: (TOSHIBA EXT) (Fixed) (Total:298.01 GB) (Free:159.25 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: ED50ED50)
Partition 1: (Active) - (Size=456.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9 GB) - (Type=05)

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 28032449)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: C27C4F8F)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=0C)


LastRegBack: 2016-11-05 08:53

==================== End of FRST.txt ============================

 

Hope this helps.

 

Thanks,

Tom


  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Hello again Tom,

 

 

There were 3 entries like this, then, after I closed them:

The file or directory C: is corrupt and unreadable. Please run the Chkdsk utility.

Then:

The file or directory C:\Program Files\AVAST Software\Avast\defs\16112700_stream is corrupt and unreadable. Please run the Chkdsk utility.

Then:

The file or directory C:\$Mft is corrupt and unreadable. Please run the Chkdsk utility.


Yes, I could see there was some corruption. My original thought was that there was corruption in AVAST and this was causing problems with User32.dll. But because of your error with the Malwarebytes service I thought it worth seeing if that would fix the problem. There might also be problems with your hard drive which might or might not be fixed with the chkdsk utility.

Before we go on to removing as much of AVAST as we can see and running Chkdsk let's just see if replacing User32.dll is sufficient to allow you to boot up to Safe mode.

Now

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt
 

replace: C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23265_none_cf942e7de4e41bb9\user32.dll C:\Windows\System32\User32.dll


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

After that

See if you are able to boot to Safe Mode. If you are, then uninstall AVAST.

Next

Run Chkdsk.

Right click on the Start > Open Windows Explorer.

  • Find the hard drive letter (usually local disk C)  for which you want to run the Chkdsk utility.
  • Right-click on the driver letter and select Properties > Tools.
  • Under the Error-Checking section of the window, click the Check Now button. If you have User Account Controls enabled, a window will pop up asking permission to continue. Click Continue.
  • Click to have Chkdsk Automatically fix file system errors and to Scan for and attempt recovery of bad sectors.
  • Click Start.
  • Chkdsk might take a very long time to run, depending on the number of files and folders, the size of the volume, disk performance, and available system resources (such as processor and memory).

Note: Chkdsk will not run if the drive you wish to check is in use. You will be requested to schedule Chkdsk. Click Schedule Check Disk, it then will run the next time you boot your computer.
 
Shut down your computer and then turn it back on, Chkdsk will run.
 
Come back and tell me how it went.

 

So when you return

  • Post the Fixlog.txt
  • Tell me how boot up went
  • If you haven't been able to boot to Safe Mode come back and tell me.

 


  • 0

#13
Tom1178

Tom1178

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

emeraldnzl,

 

Ran the script successfully. Here's the fixlog report:

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 23-11-2016
Ran by SYSTEM (28-11-2016 21:56:55) Run:2
Running from F:\
Boot Mode: Recovery

==============================================

fixlist content:
*****************
replace: C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23265_none_cf942e7de4e41bb9\user32.dll C:\Windows\System32\User32.dll
*****************

C:\Windows\System32\User32.dll => moved successfully
C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23265_none_cf942e7de4e41bb9\user32.dll copied successfully to C:\Windows\System32\User32.dll

==== End of Fixlog 21:56:55 ====

 

I tried a Safe Mode start. After loading the drivers, it sat at Please wait... for quite a while. It then went to the Starting Windows splash screen, where it sat even longer. It's still like that now as I write this.

 

You suggest that, if I could get a Safe Mode start, I should remove Avast and run chkdsk on next re-boot. Well, I couldn't get a Safe Mode start, but I am getting to a DOS command prompt. What about running chkdsk from there? It won't solve all the problems, but it's a start.

 

Thanks again,

Tom


  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

 

but I am getting to a DOS command prompt. What about running chkdsk from there? It won't solve all the problems, but it's a start.

 

It is the next move. :thumbsup:

 

Here are the instructions.

 

On the System Recovery Options menu you will get the following options:

        Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt


  

  • Select Command Prompt
  •     In the command window type in notepad and press Enter.
  •     The notepad opens. Under File menu select Open.
  •     Select "Computer" and find your hard drive letter and close the notepad.
  •     In the command window type C: and press Enter
  •     Note: Replace letter C with the drive letter of your hard drive.
  •     Type in chkdsk /b and press Enter (notice the gap... it should be there.)
  •     When prompted, type in Y and press Enter.
  •     Allow chkdsk to perform all 5 stages. This may take some time, so please be patient.
  •     When complete, close the Command Prompt window, and click on the Restart button to restart your computer.

    Please let me know whether there is any change with starting up your computer.
 

 


  • 0

#15
Tom1178

Tom1178

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts

OK, I ran chkdsk /b and the results weren't all that positive. BTW, you were correct about the time it would take, a little less than 2 hours.

As chkdsk aborted and didn't create a log file, I decided to 'copy' the screen so you could see the results.

Please see attached file. I tried to put it inline, but it was rejected.

 

 

It seems that that, if I read this correctly, there were 2 failure points. The first is in the step of verifying security descriptors. The second was in the step of correcting errors in the volume bitmap. Am I correct in this assessment? What is the meaning of 'status 50'?

 

If this is true, how do we proceed?

 

Thanks for all the good help,

Tom

Attached Thumbnails

  • 5737 Chkdsk1.JPG

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP