This topic is lockedForgot to mention, When I looked in the folder with the original DVD for this machine, I also found a DVD I created on 4/13/15 called System Repair for this PC.
Computer Won't Boot - Malware Related [Solved]
Started by
Tom1178
, Nov 26 2016 10:22 AM
PC wont boot - MBAMSwissArmy
#32
Posted 02 December 2016 - 09:40 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Try /FixMbr
Forgot to mention, When I looked in the folder with the original DVD for this machine, I also found a DVD I created on 4/13/15 called System Repair for this PC.
Thank you for that information. 
#33
Posted 03 December 2016 - 06:13 AM
Tom1178
- Topic Starter
-
- Member
-
- 28 posts
Member
Gave it a try - here are results:
"The operation completed successfully."
#34
Posted 03 December 2016 - 11:45 AM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Have you tried to re-start your machine since and if so did it boot up or was there an error code?
Also please run a FRST scan and post the results.
#35
Posted 03 December 2016 - 12:29 PM
Tom1178
- Topic Starter
-
- Member
-
- 28 posts
Member
Pc wouldn't start.
FRST.txt follows:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2016
Ran by SYSTEM on MININT-CB0ULS0 (03-12-2016 13:20:40)
Running from F:\
Platform: Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet004
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2303256 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [CmPCIaudio] => RunDll32 CMICNFG3.cpl,CMICtrlWnd
HKLM\...\Run: [ACPW09EN] => C:\Program Files\ACD Systems\ACDSee Pro\9.0\acdIDInTouch2.exe [1731016 2016-07-14] (ACD Systems)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2014-03-24] (Logitech, Inc.)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-14] (HP Inc.)
S4 lxdp_device; C:\Windows\system32\lxdpcoms.exe [589824 2007-11-19] ( )
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [420920 2016-10-25] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [420920 2016-10-25] (NVIDIA Corporation)
S2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [931896 2016-10-25] (NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S2 WsAppService; C:\Program Files\Wondershare\WAF\2.3.0.5\WsAppService.exe [415232 2016-08-09] (Wondershare)
S3 WsDrvInst; C:\Program Files\Wondershare\Dr.Fone for Android (CPC)\DriverInstall.exe [115856 2016-09-21] (Wondershare)
S2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47504 2016-08-25] (IVT Corporation.)
S3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1872192 2009-11-30] (C-Media Inc)
S3 DCamUSBEMPIA; C:\Windows\System32\DRIVERS\emDevice.sys [185472 2013-04-16] (eMPIA Technology Corp.)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [108032 2016-10-25] (Samsung Electronics Co., Ltd.)
S3 DualCoreCenter; C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys [36152 2010-02-08] (MICRO-STAR INT'L CO., LTD.)
S3 emAudio; C:\Windows\System32\drivers\emAudio.sys [26112 2013-07-04] (eMPIA Technology Corp.)
S3 FiltUSBEMPIA; C:\Windows\System32\DRIVERS\emFilter.sys [5632 2013-04-16] (eMPIA Technology Corp.)
S1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2016-08-25] (REALiX™)
S3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42264 2014-03-18] (Logitech, Inc.)
S3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10136 2014-03-18] (Logitech, Inc.)
S2 mi2c; C:\Windows\system32\drivers\mi2c.sys [18224 2016-01-28] (Nicomsoft Ltd.)
S3 NVR0Dev; C:\Windows\nvoclock.sys [6912 2006-10-13] (NVidia Corp.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27704 2016-10-25] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [42040 2016-10-25] (NVIDIA Corporation)
S3 RushTopDevice2; C:\Program Files\MSI\DualCoreCenter\RushTop.sys [55296 2009-03-18] (Your Corporation)
S3 ScanUSBEMPIA; C:\Windows\System32\DRIVERS\emScan.sys [6144 2013-04-16] (eMPIA Technology Corp.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [147072 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 aswHwid; \SystemRoot\system32\drivers\aswHwid.sys [X]
S1 aswKbd; \SystemRoot\system32\drivers\aswKbd.sys [X]
S2 aswMonFlt; \SystemRoot\system32\drivers\aswMonFlt.sys [X]
S1 aswRdr; \SystemRoot\system32\drivers\aswRdr2.sys [X]
S0 aswRvrt; no ImagePath
S1 aswSnx; \SystemRoot\system32\drivers\aswSnx.sys [X]
S1 aswSP; \SystemRoot\system32\drivers\aswSP.sys [X]
S2 aswStm; \SystemRoot\system32\drivers\aswStm.sys [X]
S0 aswVmm; no ImagePath
S0 MBAMSwissArmy; system32\drivers\MBAMSwissArmy.sys [X]
S3 MSICDSetup; \??\E:\CDriver.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-26 07:43 - 2016-12-03 13:20 - 00000000 ____D C:\FRST
2016-11-18 07:18 - 2016-11-18 08:44 - 00000000 ____D C:\Users\TK\AppData\LocalLow\Mozilla
2016-11-18 06:16 - 2016-11-18 06:16 - 00003288 ____N C:\bootsqm.dat
2016-11-09 12:11 - 2016-11-09 12:11 - 00074635 _____ C:\Users\TK\Documents\H6LLWJ.pdf
2016-11-08 09:56 - 2016-11-08 09:56 - 04629193 _____ C:\Users\TK\Downloads\TomTom-ONEv5-XLv2-en-GB.pdf
2016-11-07 11:13 - 2016-10-25 12:21 - 00095800 _____ (NVIDIA Corporation) C:\Windows\System32\nvaudcap32v.dll
2016-11-07 11:13 - 2016-10-25 12:21 - 00042040 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad32v.sys
2016-11-07 07:12 - 2016-11-07 07:12 - 00011895 _____ C:\Users\TK\Documents\Flash GN.xlsx
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-30 03:58 - 2016-08-21 04:10 - 00775920 _____ C:\Windows\ntbtlog.txt
2016-11-27 17:07 - 2015-04-06 16:04 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-27 16:58 - 2016-09-24 04:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-11-27 16:58 - 2015-04-06 20:59 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-11-18 06:23 - 2009-07-13 20:34 - 00028720 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-18 06:23 - 2009-07-13 20:34 - 00028720 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-18 05:50 - 2015-04-06 10:31 - 00000000 ____D C:\users\TK
2016-11-16 16:14 - 2010-11-20 13:01 - 00006206 _____ C:\Windows\System32\PerfStringBackup.INI
2016-11-09 12:13 - 2015-04-22 08:09 - 00223744 ___SH C:\Users\TK\Documents\Thumbs.db
2016-11-08 08:22 - 2016-01-28 11:15 - 00182784 ___SH C:\Users\TK\Downloads\Thumbs.db
2016-11-08 07:36 - 2015-04-14 05:16 - 00000000 ____D C:\Users\TK\AppData\Roaming\NVIDIA
2016-11-07 12:29 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\inf
2016-11-07 11:14 - 2016-10-08 00:38 - 00001374 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-11-07 11:14 - 2015-04-06 16:02 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-11-07 11:13 - 2015-04-06 16:01 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-11-06 10:43 - 2015-05-05 07:23 - 00001259 _____ C:\Users\TK\Desktop\BillPay.txt
2016-11-05 07:12 - 2015-04-13 04:37 - 00000000 ____D C:\Users\TK\AppData\Local\Microsoft Help
==================== Known DLLs (Whitelisted) =========================
[2016-09-22 08:43] - [2015-11-10 10:36] - 0811520 ____A () C:\Windows\System32\user32.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2016-09-22 08:43] - [2015-11-10 10:36] - 0811520 ____A () 2587CB3072AC5D41985B75833C765D2A
C:\Windows\System32\User32.dll => no Company Name <===== ATTENTION
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Association (Whitelisted) =============
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 12%
Total physical RAM: 4095.37 MB
Available physical RAM: 3598.94 MB
Total Virtual: 4093.65 MB
Available Virtual: 3596.33 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:456.77 GB) (Free:384.25 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DISK 1 PART 2) (Fixed) (Total:8.99 GB) (Free:5.61 GB) NTFS
Drive f: (TRAVELDRIVE) (Removable) (Total:3.73 GB) (Free:1.36 GB) FAT32
Drive g: (TOSHIBA EXT) (Fixed) (Total:298.01 GB) (Free:158.97 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: ED50ED50)
Partition 1: (Active) - (Size=456.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9 GB) - (Type=05)
========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 28032449)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)
========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: C27C4F8F)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=0C)
LastRegBack: 2016-11-05 08:53
==================== End of FRST.txt ============================
#36
Posted 03 December 2016 - 12:43 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Hello Tom1178,
I am consulting on this. Might be a little while because we work in different time zones but I will get back to you as soon as I can.
#37
Posted 03 December 2016 - 12:52 PM
Tom1178
- Topic Starter
-
- Member
-
- 28 posts
Member
emeraldnzl,
Understood. I appreciate the effort.
Thanks,
Tom
#38
Posted 03 December 2016 - 04:50 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Hello again Tom1178,
I am sorry for the delay and mucking you about like this.
As I mentioned in my last post it might be sometime before we have some more input into this problem but if you are up for it we can do some preparatory work.
It's the User32.dll that we replaced earlier that is causing my question. Something is wrong with the file and with the replacement we undertook. We will need to revisit that and I have asked an expert for an opinion. Meantime if you have the time and are happy to do so we could run another search and see what we can find.
SOoo...
Please run FRST again as you did before and we will carry out another file search.
- When FRST opens type the following into the search box:
User32.dll - Now press the Search files button
- When the search is complete, search.txt will be written to your USB
- Please copy and paste both logs in your reply.(FRST.txt and Search.txt)
Note: Please copy and paste the log into the thread rather than attach as you have done in the past.
#39
Posted 03 December 2016 - 08:06 PM
Tom1178
- Topic Starter
-
- Member
-
- 28 posts
Member
emeraldnzl,
No need to apologize, I appreciate what you're doing for me.
FRST.txt & Search.txt follow:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2016
Ran by SYSTEM on MININT-CB0ULS0 (03-12-2016 13:20:40)
Running from F:\
Platform: Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet004
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2303256 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [CmPCIaudio] => RunDll32 CMICNFG3.cpl,CMICtrlWnd
HKLM\...\Run: [ACPW09EN] => C:\Program Files\ACD Systems\ACDSee Pro\9.0\acdIDInTouch2.exe [1731016 2016-07-14] (ACD Systems)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2014-03-24] (Logitech, Inc.)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-14] (HP Inc.)
S4 lxdp_device; C:\Windows\system32\lxdpcoms.exe [589824 2007-11-19] ( )
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [420920 2016-10-25] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [420920 2016-10-25] (NVIDIA Corporation)
S2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [931896 2016-10-25] (NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S2 WsAppService; C:\Program Files\Wondershare\WAF\2.3.0.5\WsAppService.exe [415232 2016-08-09] (Wondershare)
S3 WsDrvInst; C:\Program Files\Wondershare\Dr.Fone for Android (CPC)\DriverInstall.exe [115856 2016-09-21] (Wondershare)
S2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47504 2016-08-25] (IVT Corporation.)
S3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1872192 2009-11-30] (C-Media Inc)
S3 DCamUSBEMPIA; C:\Windows\System32\DRIVERS\emDevice.sys [185472 2013-04-16] (eMPIA Technology Corp.)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [108032 2016-10-25] (Samsung Electronics Co., Ltd.)
S3 DualCoreCenter; C:\Program Files\MSI\DualCoreCenter\NTGLM7X.sys [36152 2010-02-08] (MICRO-STAR INT'L CO., LTD.)
S3 emAudio; C:\Windows\System32\drivers\emAudio.sys [26112 2013-07-04] (eMPIA Technology Corp.)
S3 FiltUSBEMPIA; C:\Windows\System32\DRIVERS\emFilter.sys [5632 2013-04-16] (eMPIA Technology Corp.)
S1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2016-08-25] (REALiX™)
S3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42264 2014-03-18] (Logitech, Inc.)
S3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10136 2014-03-18] (Logitech, Inc.)
S2 mi2c; C:\Windows\system32\drivers\mi2c.sys [18224 2016-01-28] (Nicomsoft Ltd.)
S3 NVR0Dev; C:\Windows\nvoclock.sys [6912 2006-10-13] (NVidia Corp.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27704 2016-10-25] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [42040 2016-10-25] (NVIDIA Corporation)
S3 RushTopDevice2; C:\Program Files\MSI\DualCoreCenter\RushTop.sys [55296 2009-03-18] (Your Corporation)
S3 ScanUSBEMPIA; C:\Windows\System32\DRIVERS\emScan.sys [6144 2013-04-16] (eMPIA Technology Corp.)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [147072 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 aswHwid; \SystemRoot\system32\drivers\aswHwid.sys [X]
S1 aswKbd; \SystemRoot\system32\drivers\aswKbd.sys [X]
S2 aswMonFlt; \SystemRoot\system32\drivers\aswMonFlt.sys [X]
S1 aswRdr; \SystemRoot\system32\drivers\aswRdr2.sys [X]
S0 aswRvrt; no ImagePath
S1 aswSnx; \SystemRoot\system32\drivers\aswSnx.sys [X]
S1 aswSP; \SystemRoot\system32\drivers\aswSP.sys [X]
S2 aswStm; \SystemRoot\system32\drivers\aswStm.sys [X]
S0 aswVmm; no ImagePath
S0 MBAMSwissArmy; system32\drivers\MBAMSwissArmy.sys [X]
S3 MSICDSetup; \??\E:\CDriver.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-26 07:43 - 2016-12-03 13:20 - 00000000 ____D C:\FRST
2016-11-18 07:18 - 2016-11-18 08:44 - 00000000 ____D C:\Users\TK\AppData\LocalLow\Mozilla
2016-11-18 06:16 - 2016-11-18 06:16 - 00003288 ____N C:\bootsqm.dat
2016-11-09 12:11 - 2016-11-09 12:11 - 00074635 _____ C:\Users\TK\Documents\H6LLWJ.pdf
2016-11-08 09:56 - 2016-11-08 09:56 - 04629193 _____ C:\Users\TK\Downloads\TomTom-ONEv5-XLv2-en-GB.pdf
2016-11-07 11:13 - 2016-10-25 12:21 - 00095800 _____ (NVIDIA Corporation) C:\Windows\System32\nvaudcap32v.dll
2016-11-07 11:13 - 2016-10-25 12:21 - 00042040 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad32v.sys
2016-11-07 07:12 - 2016-11-07 07:12 - 00011895 _____ C:\Users\TK\Documents\Flash GN.xlsx
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-11-30 03:58 - 2016-08-21 04:10 - 00775920 _____ C:\Windows\ntbtlog.txt
2016-11-27 17:07 - 2015-04-06 16:04 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-27 16:58 - 2016-09-24 04:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-11-27 16:58 - 2015-04-06 20:59 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-11-18 06:23 - 2009-07-13 20:34 - 00028720 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-18 06:23 - 2009-07-13 20:34 - 00028720 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-18 05:50 - 2015-04-06 10:31 - 00000000 ____D C:\users\TK
2016-11-16 16:14 - 2010-11-20 13:01 - 00006206 _____ C:\Windows\System32\PerfStringBackup.INI
2016-11-09 12:13 - 2015-04-22 08:09 - 00223744 ___SH C:\Users\TK\Documents\Thumbs.db
2016-11-08 08:22 - 2016-01-28 11:15 - 00182784 ___SH C:\Users\TK\Downloads\Thumbs.db
2016-11-08 07:36 - 2015-04-14 05:16 - 00000000 ____D C:\Users\TK\AppData\Roaming\NVIDIA
2016-11-07 12:29 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\inf
2016-11-07 11:14 - 2016-10-08 00:38 - 00001374 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-11-07 11:14 - 2015-04-06 16:02 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-11-07 11:13 - 2015-04-06 16:01 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-11-06 10:43 - 2015-05-05 07:23 - 00001259 _____ C:\Users\TK\Desktop\BillPay.txt
2016-11-05 07:12 - 2015-04-13 04:37 - 00000000 ____D C:\Users\TK\AppData\Local\Microsoft Help
==================== Known DLLs (Whitelisted) =========================
[2016-09-22 08:43] - [2015-11-10 10:36] - 0811520 ____A () C:\Windows\System32\user32.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2016-09-22 08:43] - [2015-11-10 10:36] - 0811520 ____A () 2587CB3072AC5D41985B75833C765D2A
C:\Windows\System32\User32.dll => no Company Name <===== ATTENTION
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Association (Whitelisted) =============
==================== Restore Points =========================
==================== Memory info ===========================
Percentage of memory in use: 12%
Total physical RAM: 4095.37 MB
Available physical RAM: 3598.94 MB
Total Virtual: 4093.65 MB
Available Virtual: 3596.33 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:456.77 GB) (Free:384.25 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DISK 1 PART 2) (Fixed) (Total:8.99 GB) (Free:5.61 GB) NTFS
Drive f: (TRAVELDRIVE) (Removable) (Total:3.73 GB) (Free:1.36 GB) FAT32
Drive g: (TOSHIBA EXT) (Fixed) (Total:298.01 GB) (Free:158.97 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: ED50ED50)
Partition 1: (Active) - (Size=456.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9 GB) - (Type=05)
========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 28032449)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)
========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: C27C4F8F)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=0C)
LastRegBack: 2016-11-05 08:53
==================== End of FRST.txt ============================
Farbar Recovery Scan Tool (x86) Version: 23-11-2016
Ran by SYSTEM (03-12-2016 20:52:20)
Running from F:\
Boot Mode: Recovery
================== Search Files: "User32.dll" =============
C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23528_none_cfc274bde4c0ef6f\user32.dll
[2016-09-22 08:43][2016-08-15 18:48] 0811520 ____A (Microsoft Corporation) CC157E3445C86456494ED940E1250247
C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23265_none_cf942e7de4e41bb9\user32.dll
[2015-12-09 12:40][2015-11-10 10:36] 0811520 ____A (Microsoft Corporation) E175DD0A22EC01BA2E2EFCF0B14B8426
C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.19061_none_cf068ea4cbca196c\user32.dll
[2015-12-09 12:40][2015-11-10 10:39] 0811520 ____A (Microsoft Corporation) 4C5A23AE4F5157F579C89736EA5D42CE
C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[2010-11-20 13:29][2010-11-20 13:29] 0811520 ____A (Microsoft Corporation) F1DD3ACAEE5E6B4BBC69BC6DF75CEF66
C:\Windows\System32\User32.dll
[2016-09-22 08:43][2015-11-10 10:36] 0811520 ____A () 2587CB3072AC5D41985B75833C765D2A
X:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
[2010-11-20 01:06][2010-11-20 04:21] 0811520 ____A (Microsoft Corporation) F1DD3ACAEE5E6B4BBC69BC6DF75CEF66
X:\Windows\System32\user32.dll
[2010-11-20 01:06][2010-11-20 04:21] 0811520 ____A (Microsoft Corporation) F1DD3ACAEE5E6B4BBC69BC6DF75CEF66
====== End of Search ======
Thanks again,
Tom
#40
Posted 03 December 2016 - 08:35 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Thank you for that Tom.
I have been talking to my expert friend who managed to have a quick look at your logs. He confirms that there is a problem with the User32.dll file but he also sees other corruption. It is late Saturday night where he is so he won't be able to have a proper look until tomorrow.
I want to make sure I understand the problem properly before our next actions so I won't get back to you again until he comes back tomorrow.
Catch you then.
#41
Posted 03 December 2016 - 09:03 PM
Tom1178
- Topic Starter
-
- Member
-
- 28 posts
Member
emeraldnzl,
That's fine.
In the interim, how about giving sfc another try?
Tom
That's fine.
In the interim, how about giving sfc another try?
Tom
#42
Posted 03 December 2016 - 09:07 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
I can't see any harm in that although at this point I am not sure it will work. I might be wrong though lol.
#43
Posted 03 December 2016 - 09:11 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Here are some instructions if feel they will be helpful:
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
- Select Command Prompt
- In the command window type in notepad and press Enter.
- The notepad opens. Under File menu select Open.
- Select "Computer" and find your hard drive letter and close the notepad.
- In the command window type C: and press Enter
- Note: Replace letter C with the drive letter of your hard drive.
- Type in sfc /scannow /offbootdir=d:\ /offwindir=d:\windows and press Enter (notice the gaps... they should be there.)
- Note: Depending on how your computer is setup, the Command Prompt, when used from outside of Windows, doesn't always assign drive letters in the same way that you see them from inside Windows. In other words, Windows might be at C:\Windows when you're using it, but D:\Windows from the Command Prompt in System Recovery Options.
In most installations of Windows 8 and Windows 7, C: usually becomes D: and in Windows Vista, C: is usually still C:. To check for sure, look for the drive with the Users folder on it - that will be the drive Windows is installed on, unless you have multiple installations of Windows on multiple drives. - When prompted, type in Y and press Enter.
- When complete, close the Command Prompt window, and click on the Restart button to restart your computer.
Please let me know whether there is any change with starting up your computer.
#44
Posted 04 December 2016 - 09:52 AM
Tom1178
- Topic Starter
-
- Member
-
- 28 posts
Member
Just as an FYI, and to be sure you have all relevant information, the computer is set up 'the old fashioned way'. By that I mean that I formatted and did the Win 7 install on a bare drive. The C partition is the boot and windows partition. The D partition was created for the express purpose of housing the swap file. The reason is that, again, 'in the old days', it was a Microsoft recommendation that the swap file not be on the same partition as the OS. I don't know if that's still a recommendation, but that's the way I set it up. Just to re-confirm this to myself, I did a dir/p from the C:\ prompt. The Users, Windows, Program Files are there.
Given the foregoing, is the previous sfc command line still valid/useful?
Thanks,
Tom
#45
Posted 04 December 2016 - 12:31 PM
emeraldnzl
-
- GeekU Moderator
-
- 20,051 posts
GeekU Instructor
Let's leave that for now and concentrate on replacing the User32.dll.
We are going to try with a different copy this time. My friend is of the opinion that even though I was at the point of discounting it, that you likely have a failing hard drive (sometimes you can get false positives from a hard disk check). He is pointing at the difficulty with Chkdsk where it was unable to fix the errors because of lack of disk space. That is an indication that we can't ignore but let's see if a successful replacement of the User32.dll helps at all.
Now
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt
replace: C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.19061_none_cf068ea4cbca196c\user32.dll C:\Windows\System32\User32.dll
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Now please enter System Recovery Options as you did before.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
After that see if you boot up.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
