Jump to content

Cannot Open or Run Programs


Recommended Posts

Hello, I own a laptop running Windows 7. I'm having a serious problem with it's functioning, which I assume is caused by some kind of malware. The issue started with my laptop running several times slower than it's usual speed, accompanied by the inability to run and open files and other things (e.g I can't play music, videos, open internet browsers or .exe files like Photoshop) The only measures I've taken to solve this problem are typical: restarting the laptop & looking for a solution online. Also, I've burned Adwcleaner onto a disc from a non-infected computer and attempted to run it on the infected laptop to no avail (It would give me a pop up message asking permission to run as Admin, which I allowed, then nothing.) I did both tries of attempting to run from the disc itself, and copying the disc to Desktop to run from there. I regard my computerknowledge to be very limited, but I'd be so grateful for any help, time & effort put into getting my laptop working correctly again!

Link to post
Share on other sites

Hello and welcome to Malwarebytes,

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

QUOTE
If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...



Next,

Please download Farbar Recovery Scan Tool from here:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.

If you are using Windows 8 or 10 consult How to use the Windows 8 or 10 System Recovery Environment Command Prompt Here: http://www.howtogeek.com/126016/three-ways-to-access-the-windows-8-boot-options-menu/ to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

Plug the flashdrive into the infected PC.

Enter System Recovery Options I give two methods, use whichever is convenient for you.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you may get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

 
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 or e:\frst depending on your version. Press Enter Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Thank you,

Kevin

Link to post
Share on other sites

before i start this i just have a couple questions: will doing the e:\frst from the system recovery get rid of data on my laptop? i have things like family videos that i want to keep, can/should i burn them to a disc to save or will the current infection on my laptop be transferred to the disc?

Link to post
Share on other sites

FRST intial scan is purely dianostic, it will produce a log and nothing will be removed.. If necessary I will produce a fixlist from the scan results, when that is used any listed entries will be removed....

Please be aware the drive letter e is an example to be replaced with the actual drive letter used on your system, that is in the instructions...

Regarding backups, yes it is always beneficial to make backups of important data, videos, pictures etc.. It is always advisable to do that routinely, It is bad planning to wait for issues before making such backups.....

Thank you,

Kevin...

Link to post
Share on other sites

so im having a little trouble doing this. the laptop wont recognize the usb storage device when i plug it in. i burned the frst64 onto a disc and im trying to use that. i tried running the frst64 from the disc on my laptop, but nothing happens, i dont know if thats because its the wrong version or the virus. is using the disc for FRST suitable or do i need to buy a usb flash drive?

Link to post
Share on other sites

FRST needs to be run from a USB stick (flashdrive) when used in the Recovery Environment. The issue you describe would suggest USB devices maybe turned OFF in regedit...

To access the Registry Editor in recovery environment do the following:

Plug the flashdrive into the infected PC with FRST or FRST64 and "fixlist.txt"

Enter System Recovery Options I give two methods, use whichever is convenient for you.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you may get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

 
  • Select Command Prompt
  • In the command window type in regedit and press Enter.
  • The registry editor opens.
  • Expand the following key Hkey_Local_Machine\System\ControlSet001\Services\USBStor
  • Double click direct on USBStor
  • Look to the right pane you will see the entry "start" its value should be 3 if USB is enabled.
  • If the value is different "Right" click on "start" and select "modify"
  • In the new box change value to 3, select ok and close out regedit


You should now be back to Command Prompt.... Continue please:
 
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64 or e:\frst depending on your version. Press Enter Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Thank you,

Kevin...

 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by SYSTEM on MININT-P1TCJ04 (18-04-2016 03:14:47)
Running from e:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-02-13] (IDT, Inc.)
HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe [2022976 2011-06-27] ()
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4365984 2012-03-12] (Dell Inc.)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2190704 2011-11-03] ()
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [7520768 2012-03-16] (Dell Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [626552 2012-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WTClient] => C:\Windows\SysWOW64\WTClient.exe [41280 2012-05-30] (Tablet Driver)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2874440 2016-02-23] ()
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NeroLauncher] => C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe [67496 2012-08-21] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe /boot
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3873704 2016-02-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [957440 2011-11-03] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Guest\...\Run: [SearchProtect] => C:\Users\Guest\AppData\Roaming\SearchProtect\bin\cltmng.exe
HKU\Maxelene\...\Run: [AdobeBridge] => [X]
HKU\Maxelene\...\Run: [UpdateMyDrivers] => C:\Program Files (x86)\SmartTweak\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss
HKU\Maxelene\...\Run: [Unified Remote v2] => C:\Program Files (x86)\Unified Remote\RemoteServer.exe
HKU\Maxelene\...\Run: [SpeedUpMyComputer] => C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss
HKU\Maxelene\...\Run: [Google Update] => C:\Users\Maxelene\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\Maxelene\...\Run: [f.lux] => C:\Users\Maxelene\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\Maxelene\...\Run: [Dropbox Update] => C:\Users\Maxelene\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-22] (Dropbox, Inc.)
HKU\Maxelene\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Lsa: [Notification Packages] scecli c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Maxelene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-21]
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\Maxelene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Free!DTA マスコット 真琴.lnk [2014-02-05]
ShortcutTarget: Free!DTA マスコット 真琴.lnk -> C:\windows\system32\config\systemprofile\Desktop\Shimeji\FREE!DTA_MASCOT\MascotMakoto.exe (No File)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [604144 2016-02-01] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3881184 2016-02-01] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [561104 2016-02-01] (AVG Technologies CZ, s.r.o.)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [289256 2015-12-02] (McAfee, Inc.)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
S2 vToolbarUpdater40.2.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.6\ToolbarUpdater.exe [1949768 2016-02-23] (AVG Secure Search)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6292992 2012-03-16] (Dell Inc.)
S2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1205832 2016-02-01] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2016-01-05] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-08] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [260528 2016-01-22] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
S0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-01] (Broadcom Corporation.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
S2 TMAgent; no ImagePath
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-18 03:14 - 2016-04-18 03:14 - 00000000 ____D C:\FRST
2016-04-14 10:42 - 2016-04-14 10:42 - 00003608 ____N C:\bootsqm.dat
2016-04-14 10:39 - 2016-04-14 10:39 - 00000000 __SHD C:\found.002
2016-04-12 01:36 - 2016-04-12 01:36 - 00000000 __SHD C:\found.001
2016-04-10 02:02 - 2016-04-10 02:03 - 00281320 _____ C:\Windows\Minidump\041016-139152-01.dmp
2016-04-10 02:00 - 2016-04-10 02:00 - 558707890 _____ C:\Windows\MEMORY.DMP
2016-04-10 01:44 - 2016-04-10 01:44 - 00001071 _____ C:\Users\Maxelene\Desktop\USB PRODUCT - Shortcut.lnk
2016-03-30 21:59 - 2016-03-30 00:04 - 03102208 _____ C:\Users\Maxelene\Desktop\adwcleaner_5.107.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-12 21:04 - 2009-07-13 20:45 - 00028352 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-12 21:04 - 2009-07-13 20:45 - 00028352 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-12 21:03 - 2013-07-11 11:47 - 00000422 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2016-04-12 20:57 - 2009-07-13 21:13 - 00800820 _____ C:\Windows\System32\PerfStringBackup.INI
2016-04-12 20:57 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-04-12 20:41 - 2013-08-16 05:27 - 00000132 _____ C:\Users\Maxelene\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-04-12 20:38 - 2014-04-19 18:11 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-12 20:26 - 2013-07-26 23:31 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3647941059-1831999955-2962114209-1001UA.job
2016-04-12 20:12 - 2015-06-22 20:31 - 00000930 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3647941059-1831999955-2962114209-1001UA.job
2016-04-12 20:08 - 2013-07-14 13:11 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-12 19:31 - 2013-07-26 23:31 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3647941059-1831999955-2962114209-1001Core.job
2016-04-12 06:33 - 2013-07-11 12:26 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-12 01:41 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-11 22:12 - 2015-06-22 20:31 - 00000878 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3647941059-1831999955-2962114209-1001Core.job
2016-04-11 21:42 - 2013-07-11 11:47 - 00003460 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2016-04-10 21:21 - 2013-07-15 11:00 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2016-04-10 02:02 - 2013-09-01 12:13 - 00000000 ____D C:\Windows\Minidump
2016-04-10 00:20 - 2009-07-13 21:08 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-04-10 00:03 - 2013-07-11 11:47 - 00000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2016-04-01 18:53 - 2015-02-22 22:12 - 00000000 ___RD C:\Users\Maxelene\Desktop\ok
2016-04-01 18:15 - 2013-07-11 11:47 - 00004280 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2016-03-30 23:08 - 2013-07-11 11:44 - 00000000 ____D C:\users\Maxelene

Some files in TEMP:
====================
C:\Users\Maxelene\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjxytzc.dll
C:\Users\Maxelene\AppData\Local\Temp\NGM.exe
C:\Users\Maxelene\AppData\Local\Temp\NGMDll.dll
C:\Users\Maxelene\AppData\Local\Temp\NGMResource.dll
C:\Users\Maxelene\AppData\Local\Temp\NGMSetup.exe
C:\Users\Maxelene\AppData\Local\Temp\unicows.dll
C:\Users\Maxelene\AppData\Local\Temp\{080DC6C7-BE3C-4AD1-8F77-A56CBABF5E5E}-DropboxClient_3.8.6.exe


==================== Known DLLs (Whitelisted) =========================

C:\Windows\SysWOW64\kernel32.dll IS MISSING <==== ATTENTION

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2016-02-09 17:57] - [2016-01-21 21:19] - 3231232 ____A (Microsoft Corporation) 9D77CC4A36FEEA644D002CFB9B2D42C0

C:\Windows\SysWOW64\explorer.exe
[2016-02-09 17:57] - [2016-01-21 21:12] - 2973184 ____A (Microsoft Corporation) 2A156D5EBF221EF2A6AE7CE452324DAC

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2015-12-08 20:37] - [2015-11-10 10:55] - 1008640 ____A (Microsoft Corporation) 06BF84D26A05D400F6B3FB3D3DE0B03A

C:\Windows\SysWOW64\User32.dll
[2015-12-08 20:37] - [2015-11-10 10:37] - 0833024 ____A (Microsoft Corporation) 0A78439765E31510D75C9E2284F3A722

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE Association (Whitelisted) =============


==================== Restore Points =========================


==================== Memory info =========================== 

Percentage of memory in use: 12%
Total physical RAM: 5996.52 MB
Available physical RAM: 5271.41 MB
Total Virtual: 5994.72 MB
Available Virtual: 5262.52 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.91 GB) (Free:237.07 GB) NTFS
Drive d: (one) (CDROM) (Total:0.56 GB) (Free:0 GB) UDF
Drive e: () (Removable) (Total:0.95 GB) (Free:0.88 GB) FAT
Drive f: (RECOVERY) (Fixed) (Total:13.81 GB) (Free:2.18 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: F32B9D00)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451.9 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.


LastRegBack: 2016-04-12 05:34

==================== End of FRST.txt ============================

Link to post
Share on other sites

A crucial .dll file is shown as missing from your system, we need to do a search to see if a backup file is available. Do the following and post the produced log...

Boot to System Recovery Options and run FRST as you did to get the log.

Type the following in the edit box after "Search:".

kernel32.dll

Click Search button and post the log (Search.txt) it makes to your reply.

Thank you,

Kevin.

 

search.PNG

Link to post
Share on other sites

Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by SYSTEM (2016-04-19 22:51:51)
Running from e:\
Boot Mode: Recovery

================== Search Files: "kernel32.dll" =============

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23338_none_fcb05fdbba764dbf\kernel32.dll
[2016-02-09 17:57][2016-01-21 22:06] 1114112 ____A (Microsoft Corporation) 0395FCC1F6DE5155ACB84F6BBF771B45

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23334_none_fcac5eb3ba79e863\kernel32.dll
[2016-02-09 17:58][2016-01-16 16:17] 1114112 ____A (Microsoft Corporation) 591DDCCA27EFC5A931084B6D4B4542B6

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23313_none_fcc0fe41ba6a972a\kernel32.dll
[2016-01-12 19:55][2015-12-30 10:55] 1114112 ____A (Microsoft Corporation) D6BAC40F57558E09045E52F0BD995524

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23250_none_fc92bbcdba8dbdc2\kernel32.dll
[2015-11-10 19:33][2015-10-19 16:45] 1114112 ____A (Microsoft Corporation) 6D2B6BCAE365F879F958BCAB2B0EBC9D

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23223_none_fcb62c6fba72b5f4\kernel32.dll
[2015-10-13 15:31][2015-09-28 12:15] 1114112 ____A (Microsoft Corporation) A0CFCED64576C13EC04AD7B39940BE93

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23153_none_fc95bac5ba8b0ca0\kernel32.dll
[2015-09-08 18:01][2015-08-04 09:51] 1114112 ____A (Microsoft Corporation) F7C976A71C09A6B4141CC5C8097DE81C

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23142_none_fc9f8a67ba83d758\kernel32.dll
[2015-09-08 18:02][2015-07-22 15:56] 1114112 ____A (Microsoft Corporation) 6F5C056D1AEB8713E403259B5FB38EE8

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23136_none_fcae5b7bba7820c3\kernel32.dll
[2015-08-11 11:36][2015-07-15 09:48] 1114112 ____A (Microsoft Corporation) 50159C0AEE9029D43B7E27022B6C0B37

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23126_none_fcb92b67ba7004d2\kernel32.dll
[2015-08-11 11:35][2015-07-14 18:58] 1114112 ____A (Microsoft Corporation) CA1A5EE549FE248BC127C1A5CAB72B70

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23072_none_fc7f18bdba9c2e04\kernel32.dll
[2015-06-09 14:06][2015-05-25 10:05] 1114112 ____A (Microsoft Corporation) 5EA4D6D52DB2679B8F9DE67A7F8BC41A

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23049_none_fca68a87ba7d8b92\kernel32.dll
[2015-06-09 14:06][2015-05-08 21:39] 1114112 ____A (Microsoft Corporation) FE8AA1F56E845C0A36C12D2F83243C4C

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23040_none_fc9d87edba85a783\kernel32.dll
[2015-05-12 10:21][2015-04-27 10:54] 1114112 ____A (Microsoft Corporation) B4E11856DF2535DF158D32DA7B780FDF

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23002_none_fccac831ba636a6d\kernel32.dll
[2015-04-14 14:01][2015-03-16 20:44] 1114112 ____A (Microsoft Corporation) 9FBA00AA15C45A2F1D26776193E543C1

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22653_none_fc95db0bba8ae4c2\kernel32.dll
[2014-05-13 21:58][2014-04-11 18:05] 1114112 ____A (Microsoft Corporation) C8C41EBEE097FEB29FB816854D3AD1E7

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22616_none_fcc41b99ba67c103\kernel32.dll
[2014-04-12 12:47][2014-03-04 02:38] 1114112 ____A (Microsoft Corporation) 866696FBE24914047462E34812169954

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22436_none_fcae77f5ba77fe97\kernel32.dll
[2013-10-10 22:31][2013-08-28 17:57] 1114112 ____A (Microsoft Corporation) EE751CBD5D0C332FDF3DF7187B612416

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22411_none_fcbf165bba6c4802\kernel32.dll
[2013-09-11 03:50][2013-08-01 21:55] 1114112 ____A (Microsoft Corporation) 61579F821AB5FF7FA2966D64D1070BA8

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22177_none_fc8432ddba97903d\kernel32.dll
[2013-07-14 13:28][2012-11-29 20:57] 1114112 ____A (Microsoft Corporation) 9CC2571E3646B9A24296AD7ADCC71682

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.19131_none_fc1fbf24a15eff6d\kernel32.dll
[2016-02-09 17:58][2016-01-16 10:37] 1114112 ____A (Microsoft Corporation) 426462DFDE05F334131C67D24C6A2DF4

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.19110_none_fc345eb2a14fae34\kernel32.dll
[2016-01-12 19:55][2015-12-30 10:41] 1114112 ____A (Microsoft Corporation) E149FE1FD23748986551F4E1F5752090

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.19045_none_fc18ee7aa1638393\kernel32.dll
[2015-11-10 19:33][2015-10-19 16:44] 1114112 ____A (Microsoft Corporation) 4166C05FA57548E6518D7EE20896C0A5

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.19018_none_fc3c5f1ca1487bc5\kernel32.dll
[2015-10-13 15:32][2015-09-28 18:57] 1114112 ____A (Microsoft Corporation) 9E83A4F6E776F7A3E5F7FB90180FBC0B

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18939_none_fc27e76ca15799bc\kernel32.dll
[2015-09-08 18:02][2015-07-22 09:52] 1114112 ____A (Microsoft Corporation) 1E679BB6671C67B2097A5E53D884D4D0

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18933_none_fc21e5b0a15d01b2\kernel32.dll
[2015-08-11 11:36][2015-07-15 09:53] 1114112 ____A (Microsoft Corporation) A38E10B4143A19F32D64517B6A1FCB98

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18923_none_fc2cb59ca154e5c1\kernel32.dll
[2015-08-11 11:35][2015-07-14 18:54] 1114112 ____A (Microsoft Corporation) C3856345C4FB053140237236D1146242

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18869_none_fc0775c2a16ff068\kernel32.dll
[2015-06-09 14:06][2015-05-25 09:59] 1114112 ____A (Microsoft Corporation) F81920ADB15012CF4E9FF8238C85686A

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18847_none_fc1b1506a16185d8\kernel32.dll
[2015-06-09 14:06][2015-05-08 19:12] 1114112 ____A (Microsoft Corporation) 84433E17027542D333861AB5615DCA2D

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18839_none_fc27e586a1579c95\kernel32.dll
[2015-05-12 10:21][2015-04-27 11:03] 1114112 ____A (Microsoft Corporation) 1569F20BB9DB9FDC87A6D3C8A3726ABF

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18798_none_fbe603cea1892dbd\kernel32.dll
[2015-04-14 14:01][2015-03-16 20:56] 1114112 ____A (Microsoft Corporation) 99DE8BADC0E85C9AB4A8301A3723FFEA

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18409_none_fc484db2a13f5426\kernel32.dll
[2014-04-12 12:47][2014-03-04 01:16] 1114112 ____A (Microsoft Corporation) 76161B9D78A275F8F28DD67436013110

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18229_none_fc32aa0ea14f91ba\kernel32.dll
[2013-09-11 03:50][2013-08-01 17:50] 1114112 ____A (Microsoft Corporation) 365A5034093AD9E04F433046C4CDF6AB

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18015_none_fc397506a14b161f\kernel32.dll
[2013-07-14 13:28][2012-11-29 20:53] 1114112 ____A (Microsoft Corporation) AC0B6F41882FC6ED186962D770EBF1D2

C:\WINDOWS\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_fc389502a14bd4ea\kernel32.dll
[2010-11-20 19:24][2010-11-20 19:24] 0837632 ____A (Microsoft Corporation) E80758CF485DB142FCA1EE03A34EAD05

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23338_none_f25bb58986158bc4\kernel32.dll
[2016-02-09 17:57][2016-01-21 22:28] 1164288 ____A (Microsoft Corporation) 57194C298622069B98BC40FD80A2BEFF

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23334_none_f257b46186192668\kernel32.dll
[2016-02-09 17:58][2016-01-16 16:30] 1163264 ____A (Microsoft Corporation) 09421707EE6879FBAF337184C3279117

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23313_none_f26c53ef8609d52f\kernel32.dll
[2016-01-12 19:55][2015-12-30 11:09] 1163264 ____A (Microsoft Corporation) FF40A21D0127E86406C4E62924BE85CA

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23250_none_f23e117b862cfbc7\kernel32.dll
[2015-11-10 19:33][2015-10-19 17:11] 1166336 ____A (Microsoft Corporation) C86A77F9C93B7E04E4044B1D12E4E085

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23226_none_f26482fb860f3ffe\kernel32.dll
[2015-10-13 15:31][2015-10-01 10:06] 1166336 ____A (Microsoft Corporation) 2E52D789C4B17017556ED45D771DA5EB

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23223_none_f261821d8611f3f9\kernel32.dll
[2015-10-13 15:32][2015-09-28 10:16] 1166336 ____A (Microsoft Corporation) FA37233F148A06C9995854B890DEACBD

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23153_none_f2411073862a4aa5\kernel32.dll
[2015-09-08 18:01][2015-08-04 10:12] 1164288 ____A (Microsoft Corporation) E58CB7F258EDD938CEC4CFE44ABEC764

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23142_none_f24ae0158623155d\kernel32.dll
[2015-09-08 18:02][2015-07-22 14:03] 1164288 ____A (Microsoft Corporation) 313D319AB74D0218F44CC66BE393E38A

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23136_none_f259b12986175ec8\kernel32.dll
[2015-08-11 11:36][2015-07-15 10:09] 1164288 ____A (Microsoft Corporation) A3A71E4BEE2BA121C969B39AD1EB30FC

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23126_none_f2648115860f42d7\kernel32.dll
[2015-08-11 11:35][2015-07-14 19:20] 1164288 ____A (Microsoft Corporation) 093861BB2A36B95CE824683714737CAD

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23072_none_f22a6e6b863b6c09\kernel32.dll
[2015-06-09 14:06][2015-05-25 10:22] 1163776 ____A (Microsoft Corporation) 3A2E4CB43CC4AE0195F686146ADCAD3D

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23049_none_f251e035861cc997\kernel32.dll
[2015-06-09 14:06][2015-05-08 22:05] 1163776 ____A (Microsoft Corporation) B4E1D3B522A9FD13581A1880A13E68E7

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23040_none_f248dd9b8624e588\kernel32.dll
[2015-05-12 10:21][2015-04-27 11:17] 1163776 ____A (Microsoft Corporation) 2A782D0DD0C53C8B0A0A2318EBBCEC5D

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23002_none_f2761ddf8602a872\kernel32.dll
[2015-04-14 14:01][2015-03-16 21:11] 1164800 ____A (Microsoft Corporation) 36F241A637A424A75C98926189115502

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22653_none_f24130b9862a22c7\kernel32.dll
[2014-05-13 21:58][2014-04-11 18:32] 1164800 ____A (Microsoft Corporation) 77BBBF70BCE286CD19E1E68F248363FA

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22616_none_f26f71478606ff08\kernel32.dll
[2014-04-12 12:47][2014-03-04 03:08] 1164800 ____A (Microsoft Corporation) 52E77DC8E31C89FBB1E968699C8121C5

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22436_none_f259cda386173c9c\kernel32.dll
[2013-10-10 22:31][2013-08-28 18:19] 1162240 ____A (Microsoft Corporation) 786D234A90FCAC72633AE6FC52653A49

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22411_none_f26a6c09860b8607\kernel32.dll
[2013-09-11 03:50][2013-08-01 22:22] 1162240 ____A (Microsoft Corporation) C525D51A79B01342344F02E38866CF60

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22177_none_f22f888b8636ce42\kernel32.dll
[2013-07-14 13:28][2012-11-29 21:52] 1163264 ____A (Microsoft Corporation) B3BEA6420D482356E53B7C728E05C637

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.19135_none_f1cf15fa6cfaa2ce\kernel32.dll
[2016-02-09 17:57][2016-01-21 22:15] 1163264 ____A (Microsoft Corporation) 0547E50F916294862FDAF11A4D701547

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.19131_none_f1cb14d26cfe3d72\kernel32.dll
[2016-02-09 17:58][2016-01-16 10:58] 1163264 ____A (Microsoft Corporation) 8EC342039B7C4B5E596147EC1F4B9051

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.19110_none_f1dfb4606ceeec39\kernel32.dll
[2016-01-12 19:55][2015-12-30 10:57] 1163264 ____A (Microsoft Corporation) FE0C67D8D5D54F37B3A92E129A15C03A

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.19045_none_f1c444286d02c198\kernel32.dll
[2015-11-10 19:33][2015-10-19 17:05] 1164800 ____A (Microsoft Corporation) 386BF677B78B66AABBA92C0FCA0579A6

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.19018_none_f1e7b4ca6ce7b9ca\kernel32.dll
[2015-10-13 15:32][2015-09-28 19:10] 1164800 ____A (Microsoft Corporation) 11C18D613F66CB5CE829B821599ED339

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18939_none_f1d33d1a6cf6d7c1\kernel32.dll
[2015-09-08 18:02][2015-07-22 16:02] 1163264 ____A (Microsoft Corporation) 9C261AB78DE420AA52FC08D69FD5745D

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18933_none_f1cd3b5e6cfc3fb7\kernel32.dll
[2015-08-11 11:36][2015-07-15 10:10] 1163264 ____A (Microsoft Corporation) 72585BDAF2EC5237EBD71D540657D6A2

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18923_none_f1d80b4a6cf423c6\kernel32.dll
[2015-08-11 11:35][2015-07-14 19:19] 1163264 ____A (Microsoft Corporation) 9D0A88DF1CCB89596DDB876093CD16A4

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18869_none_f1b2cb706d0f2e6d\kernel32.dll
[2015-06-09 14:06][2015-05-25 10:19] 1162752 ____A (Microsoft Corporation) 6FDF03A3B110C5264F52F979335AE301

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18847_none_f1c66ab46d00c3dd\kernel32.dll
[2015-06-09 14:06][2015-05-08 19:26] 1162752 ____A (Microsoft Corporation) 6AA0DD89D7A90033FC3111CC83187C1D

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18839_none_f1d33b346cf6da9a\kernel32.dll
[2015-05-12 10:21][2015-04-27 11:23] 1162752 ____A (Microsoft Corporation) 1C9F2F4A2C603739BD8CC8C64310AFD7

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18798_none_f191597c6d286bc2\kernel32.dll
[2015-04-14 14:01][2015-03-16 21:16] 1163264 ____A (Microsoft Corporation) E75074EFBE3C24FBC95C7C1985E08FDE

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18409_none_f1f3a3606cde922b\kernel32.dll
[2014-04-12 12:47][2014-03-04 01:44] 1163264 ____A (Microsoft Corporation) D2A513EE880D71BDE7F0257F38B9D019

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18229_none_f1ddffbc6ceecfbf\kernel32.dll
[2013-09-11 03:50][2013-08-01 18:13] 1161216 ____A (Microsoft Corporation) D8973E71F1B35CD3F3DEA7C12D49D0F0

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18015_none_f1e4cab46cea5424\kernel32.dll
[2013-07-14 13:28][2012-11-29 21:41] 1161216 ____A (Microsoft Corporation) 65C113214F7B05820F6D8A65B1485196

C:\WINDOWS\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_f1e3eab06ceb12ef\kernel32.dll
[2010-11-20 19:24][2010-11-20 19:24] 1161216 ____A (Microsoft Corporation) 7A6326D96D53048FDEC542DF23D875A0

C:\WINDOWS\System32\kernel32.dll
[2016-02-09 17:57][2016-01-21 22:15] 1163264 ____A (Microsoft Corporation) 0547E50F916294862FDAF11A4D701547

X:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_f1e3eab06ceb12ef\kernel32.dll
[2010-11-20 01:33][2010-11-20 05:26] 1161216 ____A (Microsoft Corporation) 7A6326D96D53048FDEC542DF23D875A0

X:\Windows\System32\kernel32.dll
[2010-11-20 01:33][2010-11-20 05:26] 1161216 ____A (Microsoft Corporation) 7A6326D96D53048FDEC542DF23D875A0

====== End of Search ======

Link to post
Share on other sites

Save the attached file fixlist.txt to your flash drive, same place as FRST.
Now please enter System Recovery Options as you did to get the log.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot your system, does it start up ok. If your system has booted ok run FRST with your system booted in normal mode:

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt)  Please attach those logs to your reply.

Thanks,

Kevin...

Link to post
Share on other sites

Fixlog.txt  here is the fix log..

system did not start up okay.it will not start up in normal mode. gives me an option screen of "start in normal mode" (doesnt work) and "startup repair". i tried startup repair but it gave me a message that reads: "Startup Repair cannot repair this computer automatically". i took pictures of the screen because it had information about "problem details" and "Problem Signatures" 

Link to post
Share on other sites

Those images you post are indicative of a possible failing hard drive, also the following two entries from FRST logs also suggest the same

2016-04-14 10:39 - 2016-04-14 10:39 - 00000000 __SHD C:\found.002
2016-04-12 01:36 - 2016-04-12 01:36 - 00000000 __SHD C:\found.001

Probably a good idea to create a Linux CD or similar to recover any important data from the HD incase it fails...

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

im sorry i took a pretty long break (studying for finals). i looked up how to make a linux cd but its rather confusing and im not sure if i will even be able to use it to recover data since my laptop is in its current state. can you elborate on how i should go about making this "linux cd" or the windows equivalent, please?

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.