Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

STOP: C0000135 The program can't start because %hs is missing


  • This topic is locked This topic is locked
17 replies to this topic

#1 Gert100

Gert100

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 08 May 2014 - 04:05 PM

Hello,

 

looking for a solution for the blue screen with the text STOP: C0000135 The program can't start because %hs is missing. Try reinstalling" I found this great site with several topics on the matter. As in all of these topics it is mentioned that the solution is specific for the topic itself, could you help me? 

 

Please find the FRST64 report below, as you can see I recently installed a different virusscanner and malware remover, afterwards all of these caused notifications from the comodo firewall and then it went wrong I'm afraid

 

Thanks in advance!!

 

BR
Gert

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-05-2014 02
Ran by SYSTEM on MININT-2FAJM52 on 08-05-2014 22:36:26
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-11] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-16] (Synaptics Incorporated)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2114376 2008-03-17] (CANON INC.)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [9577680 2012-11-07] (COMODO)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [MobileBroadband] => C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe [398848 2010-12-31] (Vodafone)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-05] (Apple Inc.)
HKLM-x32\...\Run: [Cobian Backup 11 interface] => C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2012-12-05] (Luis Cobian, CobianSoft)
HKLM-x32\...\Run: [BackupNowEZtray] => C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe [580632 2011-09-23] (NTI Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-02-27] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-05] (Apple Inc.)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\Gert\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-03-21] (TomTom)
HKU\Gert\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
AppInit_DLLs: C:\Windows\system32\guard64.dll => C:\Windows\system32\guard64.dll [390392 2012-11-07] (COMODO)
AppInit_DLLs-x32: C:\Windows\SysWOW64\guard32.dll => C:\Windows\SysWOW64\guard32.dll [301264 2012-11-07] (COMODO)
Startup: C:\Users\Gert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3 .lnk
ShortcutTarget: OpenOffice.org 3.3 .lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) =================

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-04-01] (Advanced Micro Devices, Inc.)
S2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2012-12-05] (CobianSoft, Luis Cobian)
S2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70352 2014-02-27] (Comodo Security Solutions, Inc.)
S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2828408 2012-11-07] (COMODO)
S2 CobianBackup11; C:\Program Files (x86)\Cobian Backup 11\cbService.exe [1131008 2012-12-05] (Luis Cobian, CobianSoft)
S2 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2013-05-08] (Fork Ltd.)
S2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-02-27] (Comodo Security Solutions, Inc.)
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2012-01-04] ()
S2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [45592 2011-09-23] (NTI Corporation)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2012-05-16] ()
S2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [X]

==================== Drivers (Whitelisted) ====================

S0 aswKbd; No ImagePath
S0 aswRvrt; No ImagePath
S1 aswTdi; No ImagePath
S0 aswVmm; No ImagePath
S1 CFRMD; C:\Windows\SysWOW64\DRIVERS\CFRMD.sys [37976 2012-09-02] (Windows ® Win 7 DDK provider)
S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [584056 2012-11-07] (COMODO)
S1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [38144 2012-11-07] (COMODO)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [196096 2010-12-30] (Huawei Technologies Co., Ltd.)
S1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [94288 2012-11-07] (COMODO)
S2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [X]
S1 aswRdr; \??\C:\Windows\system32\drivers\aswRdr2.sys [X]
S1 aswSnx; \??\C:\Windows\system32\drivers\aswSnx.sys [X]
S1 aswSP; \??\C:\Windows\system32\drivers\aswSP.sys [X]
S3 aswStm; \??\C:\Windows\system32\drivers\aswStm.sys [X]
S3 iScsiPrt; \SystemRoot\system32\drivers\msiscsi.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-08 22:36 - 2014-05-08 22:36 - 00000000 ____D () C:\FRST
2014-04-16 03:13 - 2014-04-16 03:14 - 00000000 ____D () C:\Users\Gert\AppData\Local\{0E0A566B-059E-4706-BF82-AC882F34D61A}
2014-04-15 10:02 - 2014-04-15 10:02 - 00000000 ____D () C:\Users\Gert\AppData\Roaming\LavasoftStatistics
2014-04-15 10:02 - 2014-04-15 10:02 - 00000000 ____D () C:\Users\Gert\AppData\Roaming\Lavasoft
2014-04-15 09:26 - 2014-04-15 09:27 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-04-15 09:26 - 2014-04-15 09:26 - 00000000 ____D () C:\Program Files\Lavasoft
2014-04-15 09:25 - 2014-04-15 09:25 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-04-15 09:24 - 2014-04-15 09:24 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-04-15 04:35 - 2014-04-15 04:35 - 01727624 _____ () C:\Users\Gert\Downloads\Adaware_Installer.exe
2014-04-15 02:23 - 2014-04-15 04:14 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-15 02:23 - 2014-04-15 02:29 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-15 02:23 - 2014-04-15 02:23 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-15 02:23 - 2014-04-15 02:23 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-15 02:23 - 2013-09-20 00:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
2014-04-15 02:20 - 2014-04-15 02:20 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Gert\Downloads\spybot-2.2.exe
2014-04-14 09:50 - 2014-04-14 09:50 - 00000000 ____D () C:\Users\Gert\AppData\Roaming\Panda Security
2014-04-14 09:46 - 2014-04-14 09:46 - 00000000 ____D () C:\ProgramData\Panda Security
2014-04-14 09:30 - 2014-04-14 09:30 - 00007846 _____ () C:\Windows\SysWOW64\BroomData.bit
2014-04-14 09:30 - 2013-04-08 05:30 - 00022752 _____ () C:\Windows\System32\PCloudBroom64.exe
2014-04-14 06:50 - 2014-04-14 06:52 - 00846288 _____ () C:\Users\Gert\Downloads\PandaCloudAntivirus.exe
2014-04-14 01:48 - 2014-04-14 09:46 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-04-14 01:48 - 2014-04-14 01:48 - 00001282 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2014-04-14 01:48 - 2013-04-28 23:17 - 00058808 _____ (Panda Security, S.L.) C:\Windows\System32\Drivers\PSKMAD.sys
2014-04-14 01:47 - 2014-04-14 01:47 - 28413552 _____ (Panda Security ) C:\Users\Gert\Downloads\PandaCloudCleaner(1).exe
2014-04-14 01:45 - 2014-04-14 01:45 - 28413552 _____ (Panda Security ) C:\Users\Gert\Downloads\PandaCloudCleaner.exe
2014-04-14 01:11 - 2014-04-14 01:11 - 00519488 _____ (AVAST Software) C:\Users\Gert\Downloads\avastclear.exe
2014-04-13 03:41 - 2014-04-13 03:41 - 01070840 _____ (Solid State Networks) C:\Users\Gert\Downloads\install_flashplayer13x32au_mssd_aaa_aih.exe
2014-04-12 09:14 - 2014-03-30 17:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-04-12 09:14 - 2014-03-30 17:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-04-12 09:14 - 2014-03-30 16:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-12 09:14 - 2014-03-30 15:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-12 09:14 - 2014-02-03 18:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2014-04-12 09:14 - 2014-02-03 18:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2014-04-12 09:14 - 2014-02-03 18:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\iologmsg.dll
2014-04-12 09:14 - 2014-02-03 18:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-12 09:14 - 2014-01-23 18:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

==================== One Month Modified Files and Folders =======

2014-05-08 22:36 - 2014-05-08 22:36 - 00000000 ____D () C:\FRST
2014-04-22 13:37 - 2010-11-20 19:47 - 00536142 _____ () C:\Windows\PFRO.log
2014-04-21 10:16 - 2014-03-20 11:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-21 10:16 - 2012-03-05 11:37 - 00000000 ____D () C:\Users\Gert\AppData\Local\Google
2014-04-21 10:16 - 2012-02-19 04:05 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-21 10:16 - 2012-01-04 10:48 - 00000000 ____D () C:\users\Gert
2014-04-21 10:16 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-04-20 14:04 - 2012-06-23 02:53 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-20 14:03 - 2012-04-04 07:16 - 00000940 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-20 13:15 - 2012-06-23 02:53 - 00001048 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-20 13:14 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-20 13:14 - 2009-07-13 20:51 - 00119477 _____ () C:\Windows\setupact.log
2014-04-18 09:40 - 2011-10-26 17:57 - 01206606 _____ () C:\Windows\WindowsUpdate.log
2014-04-18 07:15 - 2013-07-02 09:09 - 00000029 _____ () C:\Windows\SysWOW64\TempWmicBatchFile.bat
2014-04-17 03:41 - 2012-01-04 13:13 - 00000000 ____D () C:\Users\Gert\Documents\My PSP Files
2014-04-17 03:19 - 2012-05-16 23:32 - 00000000 ____D () C:\Users\Gert\AppData\Local\CrashDumps
2014-04-17 02:58 - 2013-10-13 11:20 - 00000000 ____D () C:\Users\Gert\AppData\Roaming\Dropbox
2014-04-17 01:05 - 2013-10-13 11:22 - 00000000 ___RD () C:\Users\Gert\Dropbox
2014-04-16 03:14 - 2014-04-16 03:13 - 00000000 ____D () C:\Users\Gert\AppData\Local\{0E0A566B-059E-4706-BF82-AC882F34D61A}
2014-04-15 10:02 - 2014-04-15 10:02 - 00000000 ____D () C:\Users\Gert\AppData\Roaming\LavasoftStatistics
2014-04-15 10:02 - 2014-04-15 10:02 - 00000000 ____D () C:\Users\Gert\AppData\Roaming\Lavasoft
2014-04-15 09:27 - 2014-04-15 09:26 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-04-15 09:26 - 2014-04-15 09:26 - 00000000 ____D () C:\Program Files\Lavasoft
2014-04-15 09:25 - 2014-04-15 09:25 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-04-15 09:24 - 2014-04-15 09:24 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-04-15 04:35 - 2014-04-15 04:35 - 01727624 _____ () C:\Users\Gert\Downloads\Adaware_Installer.exe
2014-04-15 04:14 - 2014-04-15 02:23 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-15 02:29 - 2014-04-15 02:23 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-15 02:23 - 2014-04-15 02:23 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-04-15 02:23 - 2014-04-15 02:23 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-15 02:20 - 2014-04-15 02:20 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Gert\Downloads\spybot-2.2.exe
2014-04-15 02:03 - 2012-01-07 03:47 - 00000000 ____D () C:\Users\Gert\Documents\Gert
2014-04-14 10:36 - 2009-07-13 20:45 - 00032064 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-14 10:36 - 2009-07-13 20:45 - 00032064 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-14 10:27 - 2009-07-13 20:45 - 00356472 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-04-14 09:50 - 2014-04-14 09:50 - 00000000 ____D () C:\Users\Gert\AppData\Roaming\Panda Security
2014-04-14 09:50 - 2012-01-04 10:54 - 00072112 _____ () C:\Users\Gert\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-14 09:46 - 2014-04-14 09:46 - 00000000 ____D () C:\ProgramData\Panda Security
2014-04-14 09:46 - 2014-04-14 01:48 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-04-14 09:30 - 2014-04-14 09:30 - 00007846 _____ () C:\Windows\SysWOW64\BroomData.bit
2014-04-14 06:52 - 2014-04-14 06:50 - 00846288 _____ () C:\Users\Gert\Downloads\PandaCloudAntivirus.exe
2014-04-14 01:48 - 2014-04-14 01:48 - 00001282 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2014-04-14 01:47 - 2014-04-14 01:47 - 28413552 _____ (Panda Security ) C:\Users\Gert\Downloads\PandaCloudCleaner(1).exe
2014-04-14 01:47 - 2011-09-02 12:29 - 00761284 _____ () C:\Windows\System32\perfh013.dat
2014-04-14 01:47 - 2011-09-02 12:29 - 00159006 _____ () C:\Windows\System32\perfc013.dat
2014-04-14 01:47 - 2009-07-13 21:13 - 01701620 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-04-14 01:45 - 2014-04-14 01:45 - 28413552 _____ (Panda Security ) C:\Users\Gert\Downloads\PandaCloudCleaner.exe
2014-04-14 01:25 - 2013-12-07 02:22 - 00000000 ____D () C:\Users\Gert\AppData\Roaming\AVAST Software
2014-04-14 01:15 - 2012-03-05 11:37 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-04-14 01:11 - 2014-04-14 01:11 - 00519488 _____ (AVAST Software) C:\Users\Gert\Downloads\avastclear.exe
2014-04-13 10:10 - 2013-11-03 03:09 - 00000000 ____D () C:\Users\Gert\AppData\Roaming\Virus Scan
2014-04-13 03:41 - 2014-04-13 03:41 - 01070840 _____ (Solid State Networks) C:\Users\Gert\Downloads\install_flashplayer13x32au_mssd_aaa_aih.exe
2014-04-12 14:14 - 2013-08-14 14:14 - 00000000 ____D () C:\Windows\System32\MRT
2014-04-12 14:12 - 2012-03-31 06:10 - 90655440 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

Some content of TEMP:
====================
C:\Users\Gert\AppData\Local\Temp\Tsu-15A8.dll

==================== Known DLLs (Whitelisted) ================

C:\Windows\System32\kernel32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\kernel32.dll IS MISSING <==== ATTENTION!

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 7658.9 MB
Available physical RAM: 6740.7 MB
Total Pagefile: 7657.05 MB
Available Pagefile: 6735.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:678.52 GB) (Free:178.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (RECOVERY) (Fixed) (Total:19.82 GB) (Free:2.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive h: () (Removable) (Total:1.84 GB) (Free:0.73 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 4E544D76)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=679 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

LastRegBack: 2014-04-21 10:16

==================== End Of Log ============================


Edited by hamluis, 08 May 2014 - 04:37 PM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,550 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:08 PM

Posted 13 May 2014 - 04:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/533708 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:08 PM

Posted 15 May 2014 - 08:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

This very important System file is missing.

C:\Windows\System32\kernel32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\kernel32.dll IS MISSING <==== ATTENTION!



Restore your System to a date prior to the start of your problem.

Follow the instructions one this page.

http://www.technospot.net/blogs/how-to-do-a-system-restore-in-windows-vista-and-windows-7/

Restart the computer when done.

Post a fresh FRST log for my review.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:08 PM

Posted 21 May 2014 - 07:54 AM

Are you still with me?

#5 Gert100

Gert100
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 21 May 2014 - 10:40 AM

Hello nasdaq,

 

I'm sorry I overlooked your former post.

 

I tried system recovery (F8->System recovery->pasword->system restore) but unfortunately I get the message that there are no restore points at the "systemstation" (this is a translation from the dutch text)

 

Thank you for your response
Gert



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:08 PM

Posted 21 May 2014 - 12:14 PM

Did you create a startup disk when you first got the computer?

Do you have the Windows CD installation disk.

#7 Gert100

Gert100
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 21 May 2014 - 12:20 PM

Dear Nasdaq,

 

No I'm sorry I did not (no startup disk, no installation disk)

 

BR
Gert



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:08 PM

Posted 22 May 2014 - 07:42 AM

You need to reinstall the operating system.

You can purchase a Windows 7 operating system and reinstall it or get it to a dealer that will do it for you.

Sorry.

#9 Gert100

Gert100
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 22 May 2014 - 08:37 AM

OK nasdaq, I have 2 more questions, thank you in advance

 

- it is not possible to only copy/paste the file that is missing?

 

- if I reinstall the operating system, will this affect data that is still on the harddrive?

 

BR
Gert



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:08 PM

Posted 23 May 2014 - 07:03 AM

it is not possible to only copy/paste the file that is missing?


Yes provided you have access to a Windows 7 Home Premium (X64) OS Language: English(US) computer.

If you can only start the system is safe mode not sure if you will be able to copy the file to these folders in bold from a flash or CD .

C:\Windows\System32\kernel32.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\kernel32.dll IS MISSING <==== ATTENTION!


===

If you have access to the System recovery
http://www.technospot.net/blogs/how-to-do-a-system-restore-in-windows-vista-and-windows-7/

Can you try the Start-up repair?

This will safeguard your personal files and 3rd party programs.

#11 Gert100

Gert100
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 23 May 2014 - 07:48 AM

Hi nasdaq,

 

I will try copying the files using the DOS prompt (if i remember the function correctly, it has been 15 years or so ;-) ).

 

I have acces to a computer with Windows 7, however is it possible that the file System32\kernel32.dll is smaller in size then the file SysWOW64\kernel32.dll? So this means these are not identical files?

 

thank you

 

BR

Gert


Edited by Gert100, 23 May 2014 - 07:49 AM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:08 PM

Posted 23 May 2014 - 08:28 AM

I have acces to a computer with Windows 7, however is it possible that the file System32\kernel32.dll is smaller in size then the file SysWOW64\kernel32.dll? So this means these are not identical files?

Yes do not change anything.

The copy command is as follow.

Lets suppose your flash or CD is on d: (change it if not so.)

Copy d:\Kernel32.dll c:\windows\System32\kernel32.dll

or for the 64 bit file.
Copy d:\Kernel32.dll c:\windows\SysWOW64\kernel32.dll

Make sure the PATH is correct for both files is the size is not the same.

#13 Gert100

Gert100
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 23 May 2014 - 04:41 PM

Hi nasdaq,

 

I copied both files from a USB drive to the 2 drives on my laptop that had these folders. I could not copy the System32/Kernel32.dll to the same file in the booth drive error message that it was open). After a restart I arrive at the login screen of windows (normal setup and setup in safe mode) but the keyboard and mouspad is not functioning. A USB mouse is working but a USB keyboard does not.

 

So a step further but not ok yet ;-), the laptop is also rather slow (e.g. when I click it reacts only rather slow), I tried the keyboard on screen but it did not start...

 

Do you have an idea how to proceed?

 

Thank you

 

BR
Gert



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,264 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:08 PM

Posted 24 May 2014 - 07:11 AM



Run the SFC.EXE as suggested here.
How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
http://support.microsoft.com/kb/929833
===

Next continue.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://windows.microsoft.com/en-gb/windows7/create-a-restore-point
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

Download this program to your desktop.
Tweaking.com - Windows Repair
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/


Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options only.

Reset Registry Permissions
Reset Registry Permissions
Reset File Permissions
Register System Files
Repair WMI
Repair Windows Firewall
Repair Internet Explorer
Repair MDAC & MS Jet
Repair Hosts File
Remove Policies Set By Infections
Repair Icons
Repair Winsock & DNS Cache
Remove Temp Files
Repair Proxy Settings
Unhide Non System Files
Repair Windows Updates
Repair CD/DVD Missing/Not Working
  • Checkmark Restart System When Finished option
  • click the Start button
  • System should restart after repair


#15 Gert100

Gert100
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 03 June 2014 - 01:52 PM

Hello nasdaq,

 

sorry it took some time, but I tried several times the sfc /scannow function. Unfortunately after the message (translation from Dutch): "the systemcheck is being initiated. This process can take several minutes" I get the message "a recovery operation is being performed on the system that can only be completed if the computer is restarted. Start Windows again and excecute sfc again."

 

I tried maybe 10 times to reboot and start sfc /scannow again, but I got the same message over and over.

 

I also tried to start windows in safe mode, but then it remains very slow and the keyboard and mousepad do not work (usb mouse works). I'm not able to launch a keyboard on the screen (after clicking on the icon, nothing happens).

 

Could I ask if you have any ideas to solve this?

 

thank you

 

BR
Gert






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users