Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win7 BSOD on boot: STOP: C0000135 The program can't start because %hs is miss..


  • This topic is locked This topic is locked
11 replies to this topic

#1 veesh

veesh

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 26 February 2017 - 09:31 AM

Hi all, first time poster here.  I recently ran into some trouble with a family member's laptop.  It runs Win 7.  It BSODs on boot-up, giving the following error message for a fraction of a second before restarting again:

 

STOP: C0000135 The program can't start because %hs is missing from your computer. Try reinstalling the program to fix this problem.

 

I've read other posts here on bleepingcomputer, as well as on other sites, that report similar problems (like this one from 2012).  Looks like the consistent suggestion across all those posts has been to run the FRST tool.  I've done that, and pasted the log file below (and attached it to this post).  FYI, the FRST tool did not automatically create a "Addition.txt" log file as described in the Preparation Guide.  Any help would be greatly appreciated!  I am a relatively experienced computer user, so I won't need much hand-holding. :thumbup2:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-02-2017
Ran by SYSTEM on MININT-N8CRL94 (26-02-2017 08:09:23)
Running from F:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [378968 2012-01-04] (Alcor Micro Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2847016 2011-11-10] (Synaptics Incorporated)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [883840 2012-03-29] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-25] ()
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [408872 2011-11-10] (Synaptics)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-06-06] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6200368 2012-06-06] (Lenovo(beijing) Limited)
HKLM\...\Run: [SymantecPaui] => C:\Program Files\Symantec.cloud\PlatformAgent\PAUI.exe [6734664 2016-09-21] (Symantec Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [Intelligent Touchpad] => C:\Program Files\Lenovo\Intelligent Touchpad\TouchZone.exe [291272 2011-12-08] ()
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [CAPOSD] => C:\Program Files (x86)\Lenovo\Lenovo CAPOSD\CAPOSD.exe [1876992 2012-02-16] (LENOVO)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [526648 2016-09-04] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231736 2016-09-04] (Citrix Systems, Inc.)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2016-10-11] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-04-15] ()
S2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-02-05] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [164184 2012-04-15] (Intel Corporation)
S2 LenovoSmartConnectService; C:\Program Files (x86)\Lenovo\Lenovo Smart Update\LenovoSmartConnectService.exe [66608 2012-02-20] (Lenovo)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
S3 NIS; C:\Program Files\Symantec.cloud\EndpointProtectionAgent\Engine\22.8.0.50\NIS.exe [153632 2016-09-23] (Symantec Corporation)
S2 NSDSvc; C:\Windows\System32\NSDSvc.exe [120160 2011-12-23] (Lenovo)
S2 SsPaAdm; C:\Program Files\Symantec.cloud\PlatformAgent\ccSvcHst.exe [199464 2016-06-30] (Symantec Corporation)
S3 ssPaSetMgr; C:\Program Files\Symantec.cloud\PlatformAgent32\ccSvcHst.exe [153632 2016-06-30] (Symantec Corporation)
S3 ssSpnAv; C:\Program Files\Symantec.cloud\AntiVirus\AVAgent.exe [458056 2016-10-25] (Symantec Corporation)
S3 SWGVCSvc; C:\Program Files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe [336576 2015-10-16] (Dell SonicWALL, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 BHDrvx64; C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\22.8.0.50\Definitions\BASHDefs\20170118.001\BHDrvx64.sys [1874136 2016-11-07] (Symantec Corporation)
S1 ccSet_Cloud; C:\Windows\SysWOW64\Drivers\Symantec.cloud\ccSetx64.sys [174328 2016-06-30] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1608000.032\ccSetx64.sys [174328 2016-09-23] (Symantec Corporation)
S1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [327976 2015-10-14] (Citrix Systems, Inc.)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-10-04] (Symantec Corporation)
S3 hswpan; C:\Windows\System32\DRIVERS\hswpan.sys [109056 2012-01-27] (Ozmo Inc)
S1 IDSVia64; C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\22.8.0.50\Definitions\IPSDefs\20170120.001\IDSvia64.sys [1038024 2017-01-12] (Symantec Corporation)
S3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-02-06] (Intel Corporation)
S3 LAD; C:\Windows\System32\DRIVERS\LAD.sys [8192 2012-01-12] (TODO: <Company name>)
S0 NSD; C:\Windows\System32\drivers\nsd.sys [24160 2011-12-23] (Lenovo Corporation")
S1 Nsdfltr; C:\Windows\System32\drivers\Nsdfltr.sys [59488 2011-12-21] (Lenovo Corporation)
S3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8217704 2012-02-06] (Realtek Semiconductor Corp.)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1608000.032\SRTSP64.SYS [784624 2016-09-23] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1608000.032\SRTSPX64.SYS [49400 2016-09-23] (Symantec Corporation)
S2 SWIPsec; C:\Windows\system32\Drivers\SWIPsec.sys [110024 2015-10-16] (Dell SonicWALL, Inc.)
S0 SymEFASI; C:\Windows\System32\drivers\NISx64\1608000.032\SYMEFASI64.SYS [1628888 2016-09-23] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-11-13] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1608000.032\Ironx64.SYS [289520 2016-09-23] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1608000.032\SYMNETS.SYS [567512 2016-09-23] (Symantec Corporation)
S3 BcmSqlStartupSvc; no ImagePath
S2 CLKMSVC10_3A60B698; no ImagePath
S2 CLKMSVC10_C3B3B687; no ImagePath
S2 DriverService; no ImagePath
S2 iATAgentService; no ImagePath
S2 idealife Update Service; no ImagePath
S3 IGRS; no ImagePath
S2 IviRegMgr; no ImagePath
S3 NAVENG; \??\C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\22.8.0.50\Definitions\SDSDefs\20161113.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Symantec.cloud\EndpointProtectionAgent\NortonData\22.8.0.50\Definitions\SDSDefs\20161113.001\EX64.SYS [X]
S3 nvUpdatusService; no ImagePath
S2 Oasis2Service; no ImagePath
S2 PCCarerService; no ImagePath
S2 ReadyComm.DirectRouter; no ImagePath
S2 RichVideo; no ImagePath
S2 RtLedService; no ImagePath
S2 SeaPort; no ImagePath
S2 SoftwareService; no ImagePath
S3 SQLWriter; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-26 08:09 - 2017-02-26 08:09 - 00000000 ____D C:\FRST
2017-02-22 08:22 - 2017-02-22 08:22 - 00003280 ____N C:\bootsqm.dat
2017-02-19 16:32 - 2017-02-19 16:33 - 00000000 ____D C:\ProgramData\CyberLink

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-25 22:55 - 2016-09-27 18:45 - 00000000 ____D C:\Users\PNarayen\AppData\Roaming\ICAClient
2017-02-25 22:55 - 2016-07-21 12:28 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2017-02-25 22:55 - 2015-07-31 05:52 - 00000000 ____D C:\Windows\Minidump
2017-02-25 22:55 - 2015-04-03 08:07 - 00000000 ____D C:\ProgramData\Norton
2017-02-25 22:55 - 2015-04-03 08:00 - 00000000 ____D C:\Windows\SysWOW64\Drivers\Symantec.cloud
2017-02-25 22:55 - 2015-04-03 07:59 - 00000000 ____D C:\ProgramData\Symantec.cloud
2017-02-25 22:55 - 2015-04-03 07:45 - 00000000 ____D C:\users\PNarayen
2017-02-25 22:55 - 2012-06-06 20:10 - 00000000 ___HD C:\Windows\System32\WLANProfiles
2017-02-25 22:55 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2017-02-25 22:54 - 2015-05-24 09:34 - 00000000 ____D C:\Users\PNarayen\AppData\Roaming\SoftGrid Client
2017-02-25 22:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2017-02-25 22:53 - 2016-07-20 07:43 - 00000000 ____D C:\OP
2017-02-25 22:53 - 2015-05-26 07:41 - 00000000 __RHD C:\MSOCache
2017-02-22 10:19 - 2011-10-10 00:19 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-02-16 14:40 - 2015-04-03 08:05 - 00000000 ____D C:\Users\PNarayen\AppData\Roaming\HpUpdate
2017-01-27 20:09 - 2016-01-03 14:24 - 00000000 ____D C:\Users\PNarayen\Documents\Poornima's Thoughts

Some files in TEMP:
====================
2015-11-04 09:05 - 2015-11-04 09:05 - 0032768 _____ () C:\Users\PNarayen\AppData\Local\Temp\fyr_cbom.dll
2016-08-19 19:07 - 2016-08-19 19:07 - 0000000 _____ () C:\Users\PNarayen\AppData\Local\Temp\h8kzgu57.dll
2016-02-22 16:05 - 2016-02-22 16:05 - 0009216 _____ () C:\Users\PNarayen\AppData\Local\Temp\hbgraiss.dll
2016-12-30 16:05 - 2016-12-30 16:05 - 0032768 _____ () C:\Users\PNarayen\AppData\Local\Temp\surq7zcy.dll

==================== Known DLLs (Whitelisted) =========================

C:\Windows\SysWOW64\advapi32.dll IS MISSING <==== ATTENTION

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2016-10-11 14:10] - [2016-08-29 07:04] - 3229696 ____A (Microsoft Corporation) 38AE1B3C38FAEF56FE4907922F0385BA

C:\Windows\SysWOW64\explorer.exe
[2016-10-11 14:10] - [2016-08-29 06:55] - 2972672 ____A (Microsoft Corporation) 6DDCA324434FFA506CF7DC4E51DB7935

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2016-12-13 12:07] - [2016-11-10 08:32] - 1009152 ____A (Microsoft Corporation) 34BA256FBF83457F9D5E51A56DB54542

C:\Windows\SysWOW64\User32.dll
[2016-12-13 12:07] - [2016-11-10 08:19] - 0833024 ____A (Microsoft Corporation) 3CB074875AC88A7C1010A2A7F9881A8C

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION

==================== Association (Whitelisted) =============


==================== Restore Points =========================

Restore point date: 2017-02-05 09:11
Restore point date: 2017-02-13 11:41
Restore point date: 2017-02-21 14:29
Restore point date: 2017-02-21 15:05

==================== Memory info ===========================

Percentage of memory in use: 21%
Total physical RAM: 3957.36 MB
Available physical RAM: 3096.69 MB
Total Virtual: 3955.56 MB
Available Virtual: 3091.06 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:420.56 GB) (Free:351.69 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (LENOVO) (Fixed) (Total:25.47 GB) (Free:25.38 GB) NTFS
Drive f: (Transcend) (Removable) (Total:3.74 GB) (Free:3.72 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 8 GB) (Disk ID: C00CFF65)
Partition 1: (Not Active) - (Size=8 GB) - (Type=84)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C00CFF61)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=420.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=19.3 GB) - (Type=12)

========================================================
Disk: 2 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT.

LastRegBack: 2017-02-13 11:34

==================== End of FRST.txt ============================

Attached Files

  • Attached File  FRST.txt   14.06KB   2 downloads

Edited by veesh, 26 February 2017 - 09:34 AM.


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:25 AM

Posted 26 February 2017 - 10:45 AM

Hello veesh and Welcome to the BleepingComputer. :welcome:

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If you haven't answered within 5 days, I am assuming that you don't need help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all malware. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator the computer. How is open as administrator the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here

Thanks
 

 

.Addition.txt is created by default from the first run of FRST, can you check inside this folder: C:\FRST\Logs I need to see that log before we progress. If no Addition log inside the Logs folder run FRST scan one more time, ensure "Addition" is checked in the optional scan box..

Sincerely
:hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 veesh

veesh
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 26 February 2017 - 07:36 PM

Hi olgun52, thanks for your quick response.  I am unable to get the FRST tool to generate an "Addition.txt" log file.  I've run FRST64.exe several times and I've looked in both the flash drive and the local C: drive on the subject laptop.  I do not see the "Addition.txt" in either place.  FYI, I am using the 64-bit version of FRST.  I downloaded the latest version of FRST from here: https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/.  There is no checkbox for "Addition" in the FRST interface.  See the screenshot attached.

Attached Files



#4 veesh

veesh
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 26 February 2017 - 08:28 PM

Hi olgun52, just to follow up, when I run FRST, I don't see any checkbox for "Addition.txt."  In the preparation guide for FRST, it shows a screenshot with that checkbox (see image below) however when I run FRST I do not see any such thing.

 

frst-scanning.jpg



#5 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:25 AM

Posted 27 February 2017 - 06:44 AM

Hi again,

 

Soryy.The software does not issue an additional log in the recovery environment. The fault is mine.

=========

Have you one your boot disk / a windows recovery disk Or do you have an image that you can restore ?

=========

C:\Windows\registration
Do you recognize this folder. A clean folder?

==========================================================================

  • Type the following in the Search Field
winsrv.dll
  • Click Search File(s) button
  • A Search.txt document will be saved to your USB device
  • Copy and paste the contents of that document your reply

===================================================

 

Farbar's Recovery Scan Tool - Run Fix

--------------------

  • From a clean computer press the windows key  + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format then check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
HKLM-x32\...\Run: [] => [X]
S3 BcmSqlStartupSvc; no ImagePath
S2 CLKMSVC10_3A60B698; no ImagePath
S2 CLKMSVC10_C3B3B687; no ImagePath
S2 DriverService; no ImagePath
S2 iATAgentService; no ImagePath
S2 idealife Update Service; no ImagePath
S3 IGRS; no ImagePath
S2 IviRegMgr; no ImagePath
S3 nvUpdatusService; no ImagePath
S2 Oasis2Service; no ImagePath
S2 PCCarerService; no ImagePath
S2 ReadyComm.DirectRouter; no ImagePath
S2 RichVideo; no ImagePath
S2 RtLedService; no ImagePath
S2 SeaPort; no ImagePath
S2 SoftwareService; no ImagePath
S3 SQLWriter; no ImagePath
C:\Users\PNarayen\AppData\Local\Temp\fyr_cbom.dll
C:\Users\PNarayen\AppData\Local\Temp\h8kzgu57.dll
C:\Users\PNarayen\AppData\Local\Temp\hbgraiss.dll
C:\Users\PNarayen\AppData\Local\Temp\surq7zcy.dll
cmd: bootrec.exe /fixmbr
cmd: bootrec.exe /fixboot
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up), select Repair Your Computer, then select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a Fixlog.txt document on your USB device. Copy and paste that information in your reply.
  • Please attempt to boot your computer into Normal Mode or, if not, Safe Mode

===================================================

How is now PC ? Can you boot into Normal or Safe Mode? ?
 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 veesh

veesh
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 28 February 2017 - 09:11 AM

Hi olgun52, thanks for your guidance.  I ran the fixlist.txt that you provided.  I am still unable to boot into Windows in either safe or normal mode.  Pasted below are the contents of Fixlog.txt, after running your fixlist.  I will follow up with answers to your other questions later today.  In the meantime, can you provide any other advice based on the Fixlog.txt?

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-02-2017
Ran by SYSTEM (28-02-2017 08:03:42) Run:1
Running from F:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
S3 BcmSqlStartupSvc; no ImagePath
S2 CLKMSVC10_3A60B698; no ImagePath
S2 CLKMSVC10_C3B3B687; no ImagePath
S2 DriverService; no ImagePath
S2 iATAgentService; no ImagePath
S2 idealife Update Service; no ImagePath
S3 IGRS; no ImagePath
S2 IviRegMgr; no ImagePath
S3 nvUpdatusService; no ImagePath
S2 Oasis2Service; no ImagePath
S2 PCCarerService; no ImagePath
S2 ReadyComm.DirectRouter; no ImagePath
S2 RichVideo; no ImagePath
S2 RtLedService; no ImagePath
S2 SeaPort; no ImagePath
S2 SoftwareService; no ImagePath
S3 SQLWriter; no ImagePath
C:\Users\PNarayen\AppData\Local\Temp\fyr_cbom.dll
C:\Users\PNarayen\AppData\Local\Temp\h8kzgu57.dll
C:\Users\PNarayen\AppData\Local\Temp\hbgraiss.dll
C:\Users\PNarayen\AppData\Local\Temp\surq7zcy.dll
cmd: bootrec.exe /fixmbr
cmd: bootrec.exe /fixboot
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\System\ControlSet001\Services\BcmSqlStartupSvc => key removed successfully
BcmSqlStartupSvc => service removed successfully
HKLM\System\ControlSet001\Services\CLKMSVC10_3A60B698 => key removed successfully
CLKMSVC10_3A60B698 => service removed successfully
HKLM\System\ControlSet001\Services\CLKMSVC10_C3B3B687 => key removed successfully
CLKMSVC10_C3B3B687 => service removed successfully
HKLM\System\ControlSet001\Services\DriverService => key removed successfully
DriverService => service removed successfully
HKLM\System\ControlSet001\Services\iATAgentService => key removed successfully
iATAgentService => service removed successfully
HKLM\System\ControlSet001\Services\idealife Update Service => key removed successfully
idealife Update Service => service removed successfully
HKLM\System\ControlSet001\Services\IGRS => key removed successfully
IGRS => service removed successfully
HKLM\System\ControlSet001\Services\IviRegMgr => key removed successfully
IviRegMgr => service removed successfully
HKLM\System\ControlSet001\Services\nvUpdatusService => key removed successfully
nvUpdatusService => service removed successfully
HKLM\System\ControlSet001\Services\Oasis2Service => key removed successfully
Oasis2Service => service removed successfully
HKLM\System\ControlSet001\Services\PCCarerService => key removed successfully
PCCarerService => service removed successfully
HKLM\System\ControlSet001\Services\ReadyComm.DirectRouter => key removed successfully
ReadyComm.DirectRouter => service removed successfully
HKLM\System\ControlSet001\Services\RichVideo => key removed successfully
RichVideo => service removed successfully
HKLM\System\ControlSet001\Services\RtLedService => key removed successfully
RtLedService => service removed successfully
HKLM\System\ControlSet001\Services\SeaPort => key removed successfully
SeaPort => service removed successfully
HKLM\System\ControlSet001\Services\SoftwareService => key removed successfully
SoftwareService => service removed successfully
HKLM\System\ControlSet001\Services\SQLWriter => key removed successfully
SQLWriter => service removed successfully
C:\Users\PNarayen\AppData\Local\Temp\fyr_cbom.dll => moved successfully
C:\Users\PNarayen\AppData\Local\Temp\h8kzgu57.dll => moved successfully
C:\Users\PNarayen\AppData\Local\Temp\hbgraiss.dll => moved successfully
C:\Users\PNarayen\AppData\Local\Temp\surq7zcy.dll => moved successfully

========= bootrec.exe /fixmbr =========

The operation completed successfully.

========= End of CMD: =========


========= bootrec.exe /fixboot =========

The operation completed successfully.

========= End of CMD: =========


==== End of Fixlog 08:03:43 ====

 

Attached Files



#7 veesh

veesh
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 28 February 2017 - 09:20 AM

Hi olgun52, here are the results of running a search for winsrv.dll using the FRST tool.

 

 

Farbar Recovery Scan Tool (x64) Version: 26-02-2017
Ran by SYSTEM (28-02-2017 08:13:29)
Running from F:\
Boot Mode: Recovery

================== Search Files: "winsrv.dll" =============

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23569_none_14fcfb3ccc36a039\winsrv.dll
[2016-11-09 08:11][2016-10-07 07:32] 0215552 ____A (Microsoft Corporation) A5794B1E3ACEF48E716F0A89C83C1AEA

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23543_none_150c9958cc2bd04d\winsrv.dll
[2016-10-11 14:14][2016-09-09 10:20] 0215552 ____A (Microsoft Corporation) 20EBCFD94E5F9C801354062991E7257B

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23539_none_151d6b00cc1e4c66\winsrv.dll
[2016-09-14 12:57][2016-09-02 07:31] 0215552 ____A (Microsoft Corporation) B96D67F1BF78F1005B9D77EA7889F2B8

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23418_none_153208a8cc0efe06\winsrv.dll
[2016-05-11 08:16][2016-04-08 22:58] 0215552 ____A (Microsoft Corporation) E0E4D286839FC27F56A85B4710E16B6B

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23392_none_14d585a6cc55485d\winsrv.dll
[2016-04-13 08:19][2016-03-17 14:58] 0215552 ____A (Microsoft Corporation) 841BF993597DCD498247684B5D3AE845

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23391_none_14d4855ccc562f06\winsrv.dll
[2016-04-13 08:20][2016-03-16 10:53] 0215552 ____A (Microsoft Corporation) C3A12C3277B625E5D6B8CC3586D7A16B

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23349_none_15129748cc266e09\winsrv.dll
[2016-03-08 21:14][2016-02-10 10:56] 0215552 ____A (Microsoft Corporation) ACCB745C5952B041B548DDD879902369

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23338_none_151c66eacc1f38c1\winsrv.dll
[2016-02-09 10:39][2016-01-21 22:28] 0215552 ____A (Microsoft Corporation) 2EAE95F2308236806D0BA94A8059F072

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23334_none_151865c2cc22d365\winsrv.dll
[2016-02-09 10:39][2016-01-16 16:32] 0215552 ____A (Microsoft Corporation) 21D831EA876E381114DACFD0A002C71A

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23313_none_152d0550cc13822c\winsrv.dll
[2016-01-12 18:09][2015-12-30 11:14] 0215552 ____A (Microsoft Corporation) 1B191119CA1CAABEC3D22C606577C941

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23250_none_14fec2dccc36a8c4\winsrv.dll
[2015-11-10 20:59][2015-10-19 17:12] 0215552 ____A (Microsoft Corporation) 5670C0D6F1D4D280A04D94CA482F6EE1

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23226_none_1525345ccc18ecfb\winsrv.dll
[2015-10-14 07:17][2015-10-01 10:07] 0215552 ____A (Microsoft Corporation) C3C3221BC5FF27C3747E354112671221

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23223_none_1522337ecc1ba0f6\winsrv.dll
[2015-10-14 07:18][2015-09-28 10:16] 0215552 ____A (Microsoft Corporation) FE2BB7D5CF4460551FF5A0079AAFA7FC

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23153_none_1501c1d4cc33f7a2\winsrv.dll
[2015-09-09 07:17][2015-08-04 10:12] 0215552 ____A (Microsoft Corporation) BEF290D165BE120135C21438C40E2F99

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23142_none_150b9176cc2cc25a\winsrv.dll
[2015-09-09 07:18][2015-07-22 14:04] 0215552 ____A (Microsoft Corporation) 93B05A374E8B264FE41553BAEA2DAC07

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23136_none_151a628acc210bc5\winsrv.dll
[2015-08-12 07:28][2015-07-15 10:09] 0215552 ____A (Microsoft Corporation) 9EF75B9438147AAD6A6899F76FB8B4E3

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23126_none_15253276cc18efd4\winsrv.dll
[2015-08-12 07:27][2015-07-14 19:20] 0215552 ____A (Microsoft Corporation) 3E19966F2F720A4DF6C1F2F0D483DC81

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23072_none_14eb1fcccc451906\winsrv.dll
[2015-06-09 11:59][2015-05-25 10:22] 0215552 ____A (Microsoft Corporation) 7B3C10D38F84D2D534E1565A8B17018C

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23049_none_15129196cc267694\winsrv.dll
[2015-06-09 11:59][2015-05-08 22:06] 0215552 ____A (Microsoft Corporation) BAF5556F265959AA29F6D06A7C1C816D

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23040_none_15098efccc2e9285\winsrv.dll
[2015-05-13 07:23][2015-04-27 11:17] 0215552 ____A (Microsoft Corporation) 4A7726EC105064BB6614A402F25D3913

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23002_none_1536cf40cc0c556f\winsrv.dll
[2015-04-15 07:14][2015-03-16 21:12] 0215552 ____A (Microsoft Corporation) C05095F6593579EA61C5E99FD264D602

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22653_none_1501e21acc33cfc4\winsrv.dll
[2015-04-04 05:49][2014-04-11 18:32] 0215552 ____A (Microsoft Corporation) BDADDE9AD8DD2BF67426C23A8874D776

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22616_none_153022a8cc10ac05\winsrv.dll
[2015-04-04 05:39][2014-03-04 03:08] 0215552 ____A (Microsoft Corporation) 9A1BEE89214174AC2862344670C42B5A

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22436_none_151a7f04cc20e999\winsrv.dll
[2015-04-04 05:46][2013-08-28 18:21] 0215040 ____A (Microsoft Corporation) 516D82106CAFAE156C61C5AB627A6409

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22411_none_152b1d6acc153304\winsrv.dll
[2015-04-04 05:52][2013-08-01 22:23] 0215040 ____A (Microsoft Corporation) 99AACC82C6B8A8E976CA59CFD3C322EF

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22177_none_14f039eccc407b3f\winsrv.dll
[2015-04-04 05:45][2012-11-29 21:55] 0215040 ____A (Microsoft Corporation) C2B1F6196C7FE1EA1BF827312B095D06

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22125_none_152448f4cc19bcdc\winsrv.dll
[2015-04-04 05:50][2012-10-04 09:43] 0215040 ____A (Microsoft Corporation) CC44EBC3E04E76AABE19EB4A16663E4A

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.22091_none_14d49672cc561df0\winsrv.dll
[2015-04-04 16:16][2015-04-04 16:16] 0215040 ____A (Microsoft Corporation) 111AFE35DD2D423EE8E176CA7B2BBDC7

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.21756_none_1504fba6cc30ff4f\winsrv.dll
[2011-10-09 23:55][2011-10-09 23:55] 0214528 ____A (Microsoft Corporation) C13D05A015346DED3D722BE285814495

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.19160_none_146a5625b32124eb\winsrv.dll
[2016-03-08 21:14][2016-02-11 10:49] 0215040 ____A (Microsoft Corporation) DE4812AB2E6926D0FF2423F3B774585A

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.19135_none_148fc75bb3044fcb\winsrv.dll
[2016-02-09 10:39][2016-01-21 22:20] 0215040 ____A (Microsoft Corporation) 96AEEE466EA56AF34AE4AD5E55DAD164

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.19131_none_148bc633b307ea6f\winsrv.dll
[2016-02-09 10:39][2016-01-16 11:03] 0215040 ____A (Microsoft Corporation) 5D47F5EFC5D88116D71BA72B1D1BE118

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.19110_none_14a065c1b2f89936\winsrv.dll
[2016-01-12 18:09][2015-12-30 11:02] 0215040 ____A (Microsoft Corporation) CE14A4BBF890A7D4C898CF886D145EC9

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.19045_none_1484f589b30c6e95\winsrv.dll
[2015-11-10 20:59][2015-10-19 17:06] 0215040 ____A (Microsoft Corporation) FF41063E45C6238CAF48CBE6D0D6FC4B

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.19018_none_14a8662bb2f166c7\winsrv.dll
[2015-10-14 07:18][2015-09-28 19:11] 0215040 ____A (Microsoft Corporation) 4AD1C61152A0199E3D7F9A82C07AC629

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18939_none_1493ee7bb30084be\winsrv.dll
[2015-09-09 07:18][2015-07-22 16:03] 0215040 ____A (Microsoft Corporation) 8927015C999D55D9B4AC66000EE5343D

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18933_none_148decbfb305ecb4\winsrv.dll
[2015-08-12 07:28][2015-07-15 10:11] 0215040 ____A (Microsoft Corporation) E80CA72FA43BF258E72C408CEF9839BE

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18923_none_1498bcabb2fdd0c3\winsrv.dll
[2015-08-12 07:27][2015-07-14 19:20] 0215040 ____A (Microsoft Corporation) C5A10C9C75F8A51AD20ED0E2EC4C82A4

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18869_none_14737cd1b318db6a\winsrv.dll
[2015-06-09 11:59][2015-05-25 10:19] 0215040 ____A (Microsoft Corporation) 2313AF8D5A9CEB4A55400A01DD311A95

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18847_none_14871c15b30a70da\winsrv.dll
[2015-06-09 11:59][2015-05-08 19:27] 0215040 ____A (Microsoft Corporation) A171AC55EE4B4EE35C18EF0977017A72

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18839_none_1493ec95b3008797\winsrv.dll
[2015-05-13 07:23][2015-04-27 11:23] 0215040 ____A (Microsoft Corporation) D17DD01601460F5899E5C154B3FD0BFA

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18798_none_14520addb33218bf\winsrv.dll
[2015-04-15 07:14][2015-03-16 21:16] 0215040 ____A (Microsoft Corporation) EA32F4EA3AE06EDD122FBCD5A489E457

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18229_none_149eb11db2f87cbc\winsrv.dll
[2015-04-04 05:39][2013-08-01 18:14] 0215040 ____A (Microsoft Corporation) 88EDD0B34EED542745931E581AD21A32

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18043_none_14830bbdb30e2246\winsrv.dll
[2015-04-04 05:46][2013-01-03 21:46] 0215040 ____A (Microsoft Corporation) 0C27239FEA4DB8A2AAC9E502186B7264

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.18015_none_14a57c15b2f40121\winsrv.dll
[2015-04-04 05:45][2012-11-29 21:45] 0215040 ____A (Microsoft Corporation) 9E479C2B605C25DA4971ABA36250FAEF

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17965_none_146f9457b31c5994\winsrv.dll
[2015-04-04 05:50][2012-10-04 09:45] 0215040 ____A (Microsoft Corporation) 72CC564BBC70DE268784BCE91EB8A28F

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17932_none_148d033db306b9bc\winsrv.dll
[2015-04-04 16:16][2015-04-04 16:16] 0215040 ____A (Microsoft Corporation) F46BBAAC1C4980F4D0DD463F190A42D3

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17641_none_14812d55b30fc4e1\winsrv.dll
[2011-10-09 23:55][2011-10-09 23:55] 0214528 ____A (Microsoft Corporation) EB6A48CC998E1090E44E8E7F1009A640

C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17514_none_14a49c11b2f4bfec\winsrv.dll
[2010-11-20 19:24][2010-11-20 19:24] 0214016 ____A (Microsoft Corporation) E0406AEF04B088D1C49FC78D0546F689

X:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.17514_none_14a49c11b2f4bfec\winsrv.dll
[2010-11-20 01:50][2010-11-20 05:27] 0214016 ____A (Microsoft Corporation) E0406AEF04B088D1C49FC78D0546F689

X:\Windows\System32\winsrv.dll
[2010-11-20 01:50][2010-11-20 05:27] 0214016 ____A (Microsoft Corporation) E0406AEF04B088D1C49FC78D0546F689

====== End of Search ======

 

Attached Files



#8 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:25 AM

Posted 28 February 2017 - 02:20 PM

Hi again,

 

Thanks for the Logs.

 

Farbar's Recovery Scan Tool - Run Fix
--------------------

  • From a clean computer press the windows key icon + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format then check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
cmd: copy /y C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.19160_none_146a5625b32124eb\winsrv.dll C:\Windows\System32
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up), select Repair Your Computer, then select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a Fixlog.txt document on your USB device. Copy and paste that information in your reply.
  • Please attempt to boot your computer into Normal Mode or, if not, Safe Mode

===================================================

How is now PC and are there any changes ?

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 veesh

veesh
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 28 February 2017 - 07:41 PM

Hi olgun52, no luck.  Here is the fixlog.txt from the latest Fixlist you provided.  I am still unable to boot into Windows, either in Normal or Safe mode.  Do you have any other advice / suggestions?

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-02-2017
Ran by SYSTEM (28-02-2017 18:35:52) Run:2
Running from F:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
cmd: copy /y C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.19160_none_146a5625b32124eb\winsrv.dll C:\Windows\System32
*****************


========= copy /y C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.19160_none_146a5625b32124eb\winsrv.dll C:\Windows\System32 =========

        1 file(s) copied.

========= End of CMD: =========


==== End of Fixlog 18:35:52 ====

 

Attached Files



#10 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:25 AM

Posted 01 March 2017 - 03:34 AM

 Do you have any other advice / suggestions?

Please do the following.

When you do these things, I believe your problem will be solved.

===================================================

Running chkdsk /r from Recovery Environment in Windows 7

--------------------

  • Boot your computer into the Recovery Environment (tap F8)
  • Select Command Prompt
  • Type c: and Enter
  • Type chkdsk /r and Enter
  • If you receive a message about unmounting the volume check Yes
  • If the program doesn't start automatically repeat the chkdsk /r command
  • Once the process is finished please write down any information provided on the screen
  • Attempt to reboot your computer into Normal Mode.
  • If you receive a Blue Screen of Death (BSOD) please provide that information in your post.

Note: This process may take awhile to complete. You may also notice the progress bar jumping back and forth. This is normal. Please be patient.

===================================================

Running sfc /scannow in Windows 7/Vista Recovery Environment

-----------------

  • Restart the computer
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears
  • Use the arrow keys to select the Repair your computer menu item
  • Select English as the keyboard language settings, and then click Next
  • For Windows 8 hit the Windows Key + I at the same time, click the Power button, then hold down the Shift Key while clicking Restart
  • Once you are in the System Recovery Options menu you will get the following options

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • Type the following (there is a space before each "/") after the Command Prompt and hit Enter (if you receive an error replace /OFFBOOTDIR=C:\ with /OFFBOOTDIR=C
    D:\
    )

SFC /SCANNOW /OFFBOOTDIR=C:\ /OFFWINDIR=[b]C:\WINDOWS

  • Allow the process to complete
  • Attempt to boot your computer into Normal Mode and check the performance

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbup2:

  • Symptom start date
  • Did chkdsk run?
  • Did sfc run?
  • Are you able to boot?

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 veesh

veesh
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 04 March 2017 - 10:41 AM

Hi olgun52, thanks for all your help.  Running chkdsk and sfc did not fix the problem.  I decided to just reformat and restore the laptop to its original factory state.  With that done, I am now able to boot into Windows.  Thanks for all your help.



#12 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:25 AM

Posted 04 March 2017 - 02:14 PM

Hi olgun52, thanks for all your help.  Running chkdsk and sfc did not fix the problem.  I decided to just reformat and restore the laptop to its original factory state.  With that done, I am now able to boot into Windows.  Thanks for all your help.

Okay.the topic is closed now.

 

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users