Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

STOP: C0000135 The program can't start because %hs is missing. Try reinstalling


  • This topic is locked This topic is locked
22 replies to this topic

#1 brimetal

brimetal

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 29 April 2017 - 04:23 PM

I'm looking for some assistance in recovering my Niece's PC.  Running Win7 Home 64bit.  

 

When booting up windows it gives a blue screen stating

"stop: c0000135 the program can't start because %hs is missing from your computer. Try reinstalling the program to fix this problem".  

I removed the drive and scanned it with Norton which removed 5 viruses.  Windows Startup Repair is unable to correct the problem.  I am unable to use System Restore as there are no restore points available.  I've downloaded the FRST.exe application and scanned the drive.  The output file is attached.  I'd appreciate any guidance you can give me.

 

Brian

 

Mod Edit:  Pasted data into post, deleted attachment - Hamluis.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-04-2017
Ran by SYSTEM on MININT-MQO8LU6 (29-04-2017 15:09:55)
Running from h:\
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [43320 2011-09-30] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-12-17] (IDT, Inc.)
HKLM\...\Run: [SystemMaintenanceUpdaterGL] => "C:\Program Files\System Maintenance GL\System Maintenance Updater.exe"
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-07] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [577408 2012-02-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
Startup: C:\Users\Victoria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2013-03-11]
ShortcutTarget: Facebook Messenger.lnk ->  (No File)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-09-28] (Advanced Micro Devices, Inc.)
S2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-27] (AO Kaspersky Lab)
S2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [254016 2014-10-07] (WildTangent)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-27] (AO Kaspersky Lab)
S2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-27] (AO Kaspersky Lab)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-12-16] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2180624 2016-12-16] (Electronic Arts)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
S0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
S1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-14] (AO Kaspersky Lab)
S2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [195296 2017-03-15] (AO Kaspersky Lab)
S1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [313112 2017-03-15] (AO Kaspersky Lab)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1035488 2017-03-15] (AO Kaspersky Lab)
S1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [57936 2016-12-08] (AO Kaspersky Lab)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52144 2016-05-18] (AO Kaspersky Lab)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-06] (Kaspersky Lab ZAO)
S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
S3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-06] (The OpenVPN Project)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75696 2016-05-17] (AO Kaspersky Lab)
S1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [135904 2017-03-15] (AO Kaspersky Lab)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [199392 2017-03-15] (AO Kaspersky Lab)
S3 VSTWinDriver6; C:\Windows\System32\drivers\VSTwindrvr6.sys [252928 2008-07-03] (Jungo)
S1 {215f3947-4d13-46f7-95aa-328779d361ce}w64; C:\Windows\System32\drivers\{215f3947-4d13-46f7-95aa-328779d361ce}w64.sys [61120 2014-04-24] (StdLib)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-15 07:51 - 2017-04-15 08:08 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2017-04-14 18:16 - 2017-04-29 15:09 - 00000000 ____D C:\FRST
2017-04-09 12:16 - 2017-04-14 17:54 - 00379126 _____ C:\Windows\ntbtlog.txt
2017-04-05 14:04 - 2017-04-05 14:04 - 00004240 ____N C:\bootsqm.dat
2017-04-05 14:01 - 2017-04-05 14:01 - 00000000 __SHD C:\found.000
2017-04-01 11:53 - 2017-04-01 11:53 - 00019849 ____H C:\Users\Victoria\Downloads\~WRL1644.tmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-29 09:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2017-04-09 12:52 - 2014-08-29 18:56 - 00000000 ____D C:\Program Files\System Maintenance GL
2017-04-05 13:49 - 2014-05-05 16:50 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-04-05 13:48 - 2014-08-29 18:56 - 00000304 _____ C:\Windows\Tasks\WSE_Astromenda.job
2017-04-05 13:48 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-05 10:58 - 2012-06-02 15:19 - 00000000 ____D C:\Users\Victoria\AppData\Roaming\Spotify
2017-04-05 10:49 - 2009-07-13 20:45 - 00032064 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-05 10:49 - 2009-07-13 20:45 - 00032064 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-05 10:37 - 2012-06-06 17:29 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-61873371-1077681132-2659690583-1001UA.job
2017-04-05 10:35 - 2012-08-07 15:27 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2017-04-05 10:35 - 2012-08-07 15:27 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2017-04-05 10:35 - 2012-05-06 12:42 - 00000000 ____D C:\Users\Victoria\AppData\LocalLow\AuthenTec
2017-04-05 10:34 - 2013-04-21 13:40 - 00000262 _____ C:\Windows\Tasks\HP Photo Creations Messager.job
2017-04-05 10:34 - 2012-06-02 15:20 - 00000000 ____D C:\Users\Victoria\AppData\Local\Spotify
2017-04-04 13:37 - 2012-06-06 17:29 - 00000918 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-61873371-1077681132-2659690583-1001Core.job
2017-04-04 08:26 - 2017-01-24 09:02 - 00000000 ____D C:\Users\Victoria\Documents\WCTC - Microbiology
2017-04-04 07:02 - 2016-05-02 16:31 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-04 07:02 - 2016-05-02 16:31 - 00002183 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2017-04-03 07:48 - 2016-05-16 10:24 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForVictoria.job

Some files in TEMP:
====================
2012-05-26 12:20 - 2012-05-26 12:20 - 0000000 _____ () C:\Users\Victoria\AppData\Local\Temp\.exe
2015-08-05 15:03 - 2015-08-05 15:03 - 4089160 _____ (Google) C:\Users\Victoria\AppData\Local\Temp\1CD2.exe
2014-03-07 13:49 - 2014-03-07 13:49 - 0008704 _____ () C:\Users\Victoria\AppData\Local\Temp\3qynn4zq.dll
2012-05-26 12:20 - 2012-05-26 12:20 - 0108424 _____ (Ask.com) C:\Users\Victoria\AppData\Local\Temp\ApnStub.exe
2013-09-16 16:30 - 2013-09-16 16:30 - 10340624 _____ () C:\Users\Victoria\AppData\Local\Temp\BackupSetup.exe
2014-02-06 20:51 - 2014-02-06 20:51 - 0000009 _____ () C:\Users\Victoria\AppData\Local\Temp\BundleSweetIMSetup.exe
2014-06-23 12:57 - 2014-06-23 12:57 - 0008704 _____ () C:\Users\Victoria\AppData\Local\Temp\b_mru1jk.dll
2014-08-29 18:56 - 2014-08-29 18:56 - 5590768 _____ () C:\Users\Victoria\AppData\Local\Temp\CloudBackup2831.exe
2014-04-27 11:25 - 2014-04-27 11:25 - 0008704 _____ () C:\Users\Victoria\AppData\Local\Temp\cw-ufmxo.dll
2015-09-18 07:41 - 2015-09-18 07:41 - 4236616 _____ (Google) C:\Users\Victoria\AppData\Local\Temp\DEDD.exe
2014-02-06 20:51 - 2014-02-06 20:51 - 0000009 _____ () C:\Users\Victoria\AppData\Local\Temp\Delta.exe
2014-02-06 20:51 - 2014-02-06 20:51 - 0000009 _____ () C:\Users\Victoria\AppData\Local\Temp\DeltaTB.exe
2014-12-22 14:39 - 2014-12-22 14:39 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD1026.exe
2014-10-18 19:20 - 2014-10-18 19:20 - 8742912 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD1100.exe
2013-11-16 10:16 - 2013-11-16 10:16 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD1322.exe
2014-10-26 13:20 - 2014-10-26 13:20 - 6428672 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD1479.exe
2014-05-06 06:38 - 2014-05-06 06:39 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD166.exe
2013-05-21 14:52 - 2013-05-21 14:52 - 35385344 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD16F9.exe
2014-01-21 14:08 - 2014-01-21 14:08 - 9302016 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD1718.exe
2013-11-05 13:21 - 2013-11-05 13:21 - 17025024 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD1ADF.exe
2014-11-06 13:20 - 2014-11-06 13:20 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD1B4C.exe
2014-10-26 15:37 - 2014-10-26 15:37 - 10496000 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD1D5F.exe
2012-10-11 04:08 - 2012-10-11 04:09 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD1DDC.exe
2014-11-10 15:35 - 2014-11-10 15:35 - 6569984 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD1F04.exe
2014-11-24 15:41 - 2014-11-24 15:42 - 8654848 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD1F23.exe
2012-08-15 18:59 - 2012-08-15 19:03 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD202C.exe
2014-11-10 14:05 - 2014-11-10 14:05 - 6547456 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD204C.exe
2013-03-17 09:11 - 2013-03-17 09:11 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD208A.exe
2014-10-29 17:09 - 2014-10-29 17:09 - 23519232 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD275D.exe
2014-12-18 14:32 - 2014-12-18 14:32 - 13654016 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD2A3A.exe
2014-10-16 15:26 - 2014-10-16 15:26 - 6047744 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD2A69.exe
2013-10-10 16:57 - 2013-10-10 16:57 - 10684416 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD2AE6.exe
2014-11-19 14:39 - 2014-11-19 14:39 - 11778048 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD3081.exe
2014-05-06 06:20 - 2014-05-06 06:21 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD34A.exe
2014-09-26 12:21 - 2014-09-26 12:22 - 12167168 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD34B.exe
2013-12-06 14:46 - 2013-12-06 14:46 - 14397440 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD3552.exe
2014-09-07 17:37 - 2014-09-07 17:37 - 11261952 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD3A22.exe
2012-12-23 05:57 - 2012-12-23 05:57 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD3D0F.exe
2013-04-05 12:04 - 2013-04-05 12:05 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD3D2E.exe
2014-05-05 17:31 - 2014-05-05 17:31 - 42418176 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD3F50.exe
2014-04-27 11:49 - 2014-04-27 11:50 - 9381888 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD4124.exe
2014-07-13 14:35 - 2014-07-13 14:35 - 11712512 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD422D.exe
2014-10-16 17:44 - 2014-10-16 17:44 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD4356.exe
2013-03-04 14:36 - 2013-03-04 14:37 - 20475904 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD4A58.exe
2014-09-25 12:26 - 2014-09-25 12:26 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD4B1.exe
2014-10-21 10:29 - 2014-10-21 10:29 - 1024000 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD4D64.exe
2014-01-28 18:05 - 2014-01-28 18:05 - 8429568 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD54A4.exe
2012-12-15 07:38 - 2012-12-15 07:39 - 15529984 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD587B.exe
2014-08-26 12:45 - 2014-08-26 12:45 - 9476096 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD59C2.exe
2013-09-16 17:06 - 2013-09-16 17:06 - 6389760 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD5ACC.exe
2014-03-07 14:43 - 2014-03-07 14:43 - 21366784 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD5B68.exe
2013-06-23 10:33 - 2013-06-23 10:34 - 9887744 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD5C23.exe
2014-01-14 16:22 - 2014-01-14 16:22 - 9730048 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD5E93.exe
2014-02-14 05:08 - 2014-02-14 05:08 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD6160.exe
2014-09-24 17:29 - 2014-09-24 17:29 - 13852672 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD63A2.exe
2014-05-03 13:27 - 2014-05-03 13:28 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD6A84.exe
2013-12-24 10:24 - 2013-12-24 10:25 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD6DDF.exe
2014-09-09 15:33 - 2014-09-09 15:33 - 6148096 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD6DFE.exe
2014-07-16 09:37 - 2014-07-16 09:37 - 13725696 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD721.exe
2014-04-30 15:36 - 2014-04-30 15:36 - 5562368 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD7500.exe
2012-08-04 14:07 - 2012-08-04 14:08 - 41230336 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD75BB.exe
2014-05-05 17:18 - 2014-05-05 17:18 - 24983552 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD782B.exe
2014-11-15 13:34 - 2014-11-15 13:34 - 8742912 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD7B85.exe
2014-09-14 10:24 - 2014-09-14 10:25 - 19959808 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD7C6F.exe
2014-11-26 20:57 - 2014-11-26 20:57 - 7147520 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD7CC.exe
2014-01-24 10:58 - 2014-01-24 10:58 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD81AD.exe
2014-05-06 17:20 - 2014-05-06 17:20 - 20643840 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD81DB.exe
2013-03-27 15:55 - 2013-03-27 15:55 - 3502080 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD8593.exe
2012-07-31 06:29 - 2012-07-31 06:30 - 16080896 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD85C2.exe
2012-08-01 07:29 - 2012-08-01 07:29 - 7022592 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD87D4.exe
2012-08-02 06:59 - 2012-08-02 06:59 - 26992640 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD88DD.exe
2013-03-16 10:13 - 2013-03-16 10:13 - 6371328 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD895A.exe
2012-08-18 03:30 - 2012-08-18 03:30 - 4356096 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD89C7.exe
2013-02-14 14:59 - 2013-02-14 15:00 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD8A92.exe
2013-11-13 18:44 - 2013-11-13 18:44 - 25223168 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD8AF0.exe
2014-09-28 15:41 - 2014-09-28 15:41 - 23179264 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD8C6.exe
2013-12-27 12:58 - 2013-12-27 12:58 - 10164224 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD8D50.exe
2013-04-01 10:37 - 2013-04-01 10:37 - 0004096 _____ () C:\Users\Victoria\AppData\Local\Temp\EAD8E98.exe
2013-03-22 14:16 - 2013-03-22 14:16 - 3766272 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD8EA7.exe
2013-01-11 17:44 - 2013-01-11 17:46 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD8F15.exe
2014-03-12 14:43 - 2014-03-12 14:43 - 13355008 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD8F24.exe
2013-03-20 15:55 - 2013-03-20 15:55 - 3770368 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD8F34.exe
2014-05-05 16:38 - 2014-05-05 16:38 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD90AA.exe
2013-07-01 15:26 - 2013-07-01 15:26 - 3821568 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD9462.exe
2013-03-18 15:48 - 2013-03-18 15:48 - 9670656 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD9848.exe
2013-03-13 14:07 - 2013-03-13 14:08 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD9913.exe
2014-05-07 15:36 - 2014-05-07 15:37 - 23414784 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD9990.exe
2012-09-03 08:38 - 2012-09-03 08:39 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD9AB8.exe
2012-10-14 07:00 - 2012-10-14 07:01 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD9BC1.exe
2012-09-12 11:16 - 2012-09-12 11:17 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD9D38.exe
2013-03-11 13:49 - 2013-03-11 13:49 - 10440704 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD9D39.exe
2013-04-21 09:52 - 2013-04-21 09:52 - 11079680 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD9D95.exe
2014-09-04 15:38 - 2014-09-04 15:39 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EAD9FE.exe
2013-09-12 16:47 - 2013-09-12 16:47 - 21041152 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADA015.exe
2013-12-26 19:00 - 2013-12-26 19:00 - 9719808 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADA1BA.exe
2013-02-07 13:49 - 2013-02-07 13:49 - 4663296 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADA4D6.exe
2013-02-13 13:19 - 2013-02-13 13:20 - 29126656 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADA572.exe
2013-11-07 13:34 - 2013-11-07 13:35 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADA573.exe
2013-02-04 15:05 - 2013-02-04 15:05 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADA6C9.exe
2013-02-19 14:44 - 2013-02-19 14:44 - 8980480 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADA775.exe
2014-02-27 13:31 - 2014-02-27 13:31 - 36384768 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADA7B3.exe
2013-02-18 10:00 - 2013-02-18 10:00 - 7010304 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADA9F4.exe
2013-03-04 18:37 - 2013-03-04 18:38 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADAA71.exe
2014-08-19 17:00 - 2014-08-19 17:00 - 8220672 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADAA72.exe
2013-02-25 13:53 - 2013-02-25 13:54 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADAB0D.exe
2013-04-27 16:11 - 2013-04-27 16:11 - 20236288 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADACF1.exe
2014-03-11 14:38 - 2014-03-11 14:39 - 3358720 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADAE77.exe
2014-11-24 18:23 - 2014-11-24 18:23 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADAE8.exe
2012-11-06 10:08 - 2012-11-06 10:09 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADAEC5.exe
2012-08-16 09:08 - 2012-08-16 09:09 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADAF22.exe
2013-06-23 16:12 - 2013-06-23 16:13 - 14598144 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADB07.exe
2013-06-03 08:39 - 2013-06-03 08:39 - 4700160 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADB1D1.exe
2012-08-12 05:28 - 2012-08-12 05:28 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADB21F.exe
2012-11-28 14:27 - 2012-11-28 14:27 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADB337.exe
2013-02-12 13:16 - 2013-02-12 13:17 - 37199872 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADB3C4.exe
2013-01-07 17:45 - 2013-01-07 17:46 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADB588.exe
2013-02-27 14:40 - 2013-02-27 14:40 - 25980928 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADB605.exe
2013-03-07 15:05 - 2013-03-07 15:05 - 4509696 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADB73D.exe
2013-02-03 19:14 - 2013-02-03 19:15 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADB856.exe
2013-02-21 13:25 - 2013-02-21 13:25 - 8038400 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADB865.exe
2013-02-03 11:51 - 2013-02-03 11:51 - 0235520 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADB911.exe
2014-02-17 10:27 - 2014-02-17 10:27 - 17209344 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADB9CC.exe
2014-04-28 16:00 - 2014-04-28 16:00 - 4876288 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADBCA9.exe
2014-05-06 16:16 - 2014-05-06 16:16 - 6709248 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADBD17.exe
2013-09-15 07:36 - 2013-09-15 07:36 - 29904896 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADBD2.exe
2013-04-18 17:36 - 2013-04-18 17:37 - 41885696 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADBF77.exe
2012-10-16 13:27 - 2012-10-16 13:29 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADC003.exe
2013-05-10 10:41 - 2013-05-10 10:42 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADC032.exe
2014-09-10 14:57 - 2014-09-10 14:57 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADC071.exe
2012-10-16 13:18 - 2012-10-16 13:19 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADC1F7.exe
2014-02-14 16:45 - 2014-02-14 16:46 - 35094528 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADC2D1.exe
2014-05-06 16:30 - 2014-05-06 16:31 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADC30.exe
2013-05-26 09:19 - 2013-05-26 09:19 - 10369024 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADC3F9.exe
2014-06-12 17:22 - 2014-06-12 17:22 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADC560.exe
2012-11-17 07:34 - 2012-11-17 07:34 - 40290304 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADC5E.exe
2013-07-01 15:18 - 2013-07-01 15:18 - 34926592 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADC689.exe
2014-06-06 11:06 - 2014-06-06 11:06 - 21882880 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADC7C1.exe
2014-10-18 13:21 - 2014-10-18 13:21 - 7372800 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADC8AB.exe
2012-09-10 11:30 - 2012-09-10 11:31 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADC8BA.exe
2012-09-22 04:40 - 2012-09-22 04:41 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADC947.exe
2013-01-07 13:19 - 2013-01-07 13:19 - 4427776 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADCA40.exe
2014-10-13 14:32 - 2014-10-13 14:32 - 3020800 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADCA9E.exe
2014-12-02 19:32 - 2014-12-02 19:32 - 15958016 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADCBC6.exe
2014-10-13 14:20 - 2014-10-13 14:20 - 2478080 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADCC33.exe
2014-09-03 14:50 - 2014-09-03 14:50 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADCD5C.exe
2012-09-27 13:52 - 2012-09-27 13:53 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADCFAE.exe
2014-05-06 07:02 - 2014-05-06 07:03 - 44632064 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADD0F4.exe
2013-05-18 12:36 - 2013-05-18 12:36 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADD1FD.exe
2013-07-15 17:27 - 2013-07-15 17:28 - 18169856 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADD3B2.exe
2014-02-09 19:15 - 2014-02-09 19:15 - 6615040 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADD603.exe
2014-10-30 17:23 - 2014-10-30 17:23 - 7763968 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADD69F.exe
2013-12-26 18:33 - 2013-12-26 18:33 - 10510336 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADD7F6.exe
2012-07-28 07:57 - 2012-07-28 07:58 - 8974336 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADD91F.exe
2013-01-21 13:50 - 2013-01-21 13:50 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADD97C.exe
2014-05-06 12:01 - 2014-05-06 12:01 - 25964544 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADD9F9.exe
2014-10-07 16:50 - 2014-10-07 16:50 - 18913280 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADDA09.exe
2014-11-12 15:16 - 2014-11-12 15:16 - 11206656 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADDC4A.exe
2014-09-16 12:58 - 2014-09-16 12:58 - 25755648 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADDCC7.exe
2014-05-17 10:45 - 2014-05-17 10:45 - 14172160 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADDD63.exe
2014-05-17 13:22 - 2014-05-17 13:22 - 28284928 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADDD64.exe
2013-08-27 16:05 - 2013-08-27 16:05 - 35528704 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADDECA.exe
2013-02-01 13:21 - 2013-02-01 13:21 - 6877184 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADDEF8.exe
2014-09-19 19:53 - 2014-09-19 19:53 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADDF27.exe
2014-11-21 13:57 - 2014-11-21 13:57 - 17065984 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADDF4.exe
2014-05-06 11:28 - 2014-05-06 11:28 - 26730496 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADE06F.exe
2013-05-07 11:46 - 2013-05-07 11:47 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADE08E.exe
2014-05-20 15:29 - 2014-05-20 15:29 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADE168.exe
2014-10-23 15:08 - 2014-10-23 15:09 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADE223.exe
2013-07-01 14:40 - 2013-07-01 14:40 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADE39A.exe
2014-11-01 10:19 - 2014-11-01 10:19 - 8744960 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADE3A9.exe
2013-03-21 16:20 - 2013-03-21 16:20 - 2611200 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADE474.exe
2014-05-06 09:02 - 2014-05-06 09:03 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADE52F.exe
2013-07-09 10:31 - 2013-07-09 10:32 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADE60A.exe
2014-09-30 14:43 - 2014-09-30 14:43 - 15454208 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADEBF3.exe
2013-05-22 14:42 - 2013-05-22 14:42 - 1814528 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADEC8F.exe
2014-11-07 20:09 - 2014-11-07 20:09 - 8024064 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADECCD.exe
2014-11-06 14:47 - 2014-11-06 14:47 - 9064448 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADED3B.exe
2014-02-18 14:27 - 2014-02-18 14:27 - 26884096 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADEE15.exe
2014-11-05 17:31 - 2014-11-05 17:31 - 10436608 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADEEE0.exe
2012-08-17 16:12 - 2012-08-17 16:13 - 11024384 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADF305.exe
2012-12-20 13:25 - 2012-12-20 13:25 - 15116288 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADF46C.exe
2014-11-13 14:20 - 2014-11-13 14:20 - 11485184 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADF4AA.exe
2014-08-21 12:27 - 2014-08-21 12:27 - 22558720 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADF4D9.exe
2014-05-06 07:19 - 2014-05-06 07:20 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADF4E8.exe
2014-07-16 08:43 - 2014-07-16 08:43 - 14589952 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADF5D2.exe
2014-08-04 19:11 - 2014-08-04 19:11 - 29106176 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADF778.exe
2012-12-12 15:51 - 2012-12-12 15:51 - 8267776 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADF7D5.exe
2014-05-06 06:08 - 2014-05-06 06:09 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADF9.exe
2014-05-06 09:24 - 2014-05-06 09:25 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADF9C8.exe
2014-05-11 14:56 - 2014-05-11 14:56 - 12855296 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADFB20.exe
2013-04-11 15:17 - 2013-04-11 15:18 - 47796216 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADFB5E.exe
2014-04-17 19:34 - 2014-04-17 19:34 - 30947328 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADFBDB.exe
2013-12-16 14:20 - 2013-12-16 14:21 - 39684096 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\EADFFA2.exe
2003-07-03 14:43 - 2003-07-03 14:43 - 0483386 ____N (Microsoft Corporation) C:\Users\Victoria\AppData\Local\Temp\EBU98B9.exe
2003-07-03 14:43 - 2003-07-03 14:43 - 0483386 ____N (Microsoft Corporation) C:\Users\Victoria\AppData\Local\Temp\EBUA2B7.exe
2003-07-03 14:43 - 2003-07-03 14:43 - 0483386 ____N (Microsoft Corporation) C:\Users\Victoria\AppData\Local\Temp\EBUD133.exe
2003-07-03 14:43 - 2003-07-03 14:43 - 0483386 ____N (Microsoft Corporation) C:\Users\Victoria\AppData\Local\Temp\EBUE870.exe
2012-07-02 09:16 - 2008-10-15 12:42 - 0050432 _____ () C:\Users\Victoria\AppData\Local\Temp\Extract.exe
2014-02-04 14:10 - 2010-05-21 15:38 - 0074808 _____ (Hewlett-Packard) C:\Users\Victoria\AppData\Local\Temp\HPHelpUpdater.exe
2015-12-02 12:40 - 2015-10-21 23:08 - 0595656 _____ (Hewlett-Packard) C:\Users\Victoria\AppData\Local\Temp\HPSFUpdater.exe
2014-02-06 20:51 - 2014-02-06 20:51 - 0000011 _____ () C:\Users\Victoria\AppData\Local\Temp\MybabylonTB.exe
2013-02-20 04:02 - 2013-02-20 04:02 - 0110936 _____ (Conduit) C:\Users\Victoria\AppData\Local\Temp\nsf6EA.exe
2013-02-20 04:02 - 2013-02-20 04:02 - 0110936 _____ (Conduit) C:\Users\Victoria\AppData\Local\Temp\nsi41C8.exe
2013-02-20 04:02 - 2013-02-20 04:02 - 0110936 _____ (Conduit) C:\Users\Victoria\AppData\Local\Temp\nsiBDDA.exe
2013-02-20 04:02 - 2013-02-20 04:02 - 0110936 _____ (Conduit) C:\Users\Victoria\AppData\Local\Temp\nso3DF1.exe
2013-02-20 04:02 - 2013-02-20 04:02 - 0110936 _____ (Conduit) C:\Users\Victoria\AppData\Local\Temp\nsqBBC.exe
2014-01-28 23:59 - 2014-01-28 23:59 - 0167812 _____ (Conduit) C:\Users\Victoria\AppData\Local\Temp\nssCC86.exe
2013-02-20 04:02 - 2013-02-20 04:02 - 0110936 _____ (Conduit) C:\Users\Victoria\AppData\Local\Temp\nsy9341.exe
2011-03-14 04:31 - 2011-03-14 04:31 - 0149352 ____R (Microsoft Corporation) C:\Users\Victoria\AppData\Local\Temp\ose00000.exe
2011-03-14 04:31 - 2011-03-14 04:31 - 0149352 ____R (Microsoft Corporation) C:\Users\Victoria\AppData\Local\Temp\ose00001.exe
2014-03-02 12:39 - 2014-05-04 15:29 - 0386201 _____ () C:\Users\Victoria\AppData\Local\Temp\Quarantine.exe
2014-02-04 14:10 - 2012-05-04 00:24 - 0031616 _____ (Hewlett-Packard Company) C:\Users\Victoria\AppData\Local\Temp\Resource.exe
2013-09-22 03:58 - 2013-09-22 03:58 - 2614848 _____ (Conduit) C:\Users\Victoria\AppData\Local\Temp\SecondStepInstaller.exe
2015-12-25 14:05 - 2015-12-25 14:05 - 46901368 _____ (Skype Technologies S.A.) C:\Users\Victoria\AppData\Local\Temp\SkypeSetup.exe
2012-04-20 00:58 - 2012-04-20 00:58 - 4019720 _____ (Hewlett-Packard Company                                     ) C:\Users\Victoria\AppData\Local\Temp\SP56221.exe
2012-12-12 03:26 - 2012-12-12 03:26 - 9933608 _____ (Hewlett-Packard                                             ) C:\Users\Victoria\AppData\Local\Temp\SP57232.exe
2012-07-01 09:50 - 2012-07-01 09:50 - 7495808 _____ (Hewlett-Packard Company                                     ) C:\Users\Victoria\AppData\Local\Temp\SP57398.exe
2012-12-17 15:31 - 2012-12-17 15:31 - 6594568 _____ (Hewlett Packard Inc                                         ) C:\Users\Victoria\AppData\Local\Temp\SP57698.exe
2012-09-19 03:26 - 2012-09-19 03:26 - 40398472 _____ (Hewlett-Packard                                             ) C:\Users\Victoria\AppData\Local\Temp\SP58131.exe
2012-11-20 16:27 - 2012-11-20 16:28 - 41580520 _____ (Hewlett-Packard                                             ) C:\Users\Victoria\AppData\Local\Temp\sp58915.exe
2013-06-26 18:45 - 2013-06-26 18:45 - 6709496 _____ (Hewlett-Packard Company                                     ) C:\Users\Victoria\AppData\Local\Temp\SP60051.exe
2014-02-04 11:47 - 2014-02-04 11:47 - 44799704 _____ (Hewlett-Packard                                             ) C:\Users\Victoria\AppData\Local\Temp\sp64126.exe
2014-01-29 08:10 - 2014-01-29 08:10 - 5960608 _____ (Conduit) C:\Users\Victoria\AppData\Local\Temp\SPSetup.exe
2013-09-11 04:05 - 2013-09-11 04:05 - 0068968 _____ (Conduit) C:\Users\Victoria\AppData\Local\Temp\SPStub.exe
2009-03-28 13:08 - 2009-03-28 13:08 - 0195056 _____ (Electronic Arts, Inc.) C:\Users\Victoria\AppData\Local\Temp\UninstallEADM.dll
2012-11-20 16:28 - 2015-09-28 07:36 - 0144912 _____ (Hewlett-Packard Company) C:\Users\Victoria\AppData\Local\Temp\UninstallHPSA.exe
2014-02-06 20:51 - 2014-02-06 20:51 - 0000009 _____ () C:\Users\Victoria\AppData\Local\Temp\WSSetup.exe
2007-02-27 15:08 - 2007-02-27 15:08 - 0456416 ____R (Macrovision Corporation) C:\Users\Victoria\AppData\Local\Temp\_isC1E.exe
2007-01-20 03:46 - 2007-01-20 03:46 - 0455600 ____R (Macrovision Corporation) C:\Users\Victoria\AppData\Local\Temp\_isD99.exe
2007-02-27 15:08 - 2007-02-27 15:08 - 0456416 ____R (Macrovision Corporation) C:\Users\Victoria\AppData\Local\Temp\_isFE2C.exe

==================== Known DLLs (Whitelisted) =========================

C:\Windows\System32\user32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\user32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\USP10.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\USP10.dll IS MISSING <==== ATTENTION

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 5609.91 MB
Available physical RAM: 4755.29 MB
Total Virtual: 5608.05 MB
Available Virtual: 4763.51 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:570.42 GB) (Free:392.24 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Recovery) (Fixed) (Total:21.58 GB) (Free:2.31 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:3.97 GB) (Free:1.09 GB) FAT32
Drive g: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.28 GB) (Free:0 GB) UDF
Drive h: (MY MUSIC) (Removable) (Total:14.48 GB) (Free:14.47 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: E871E610)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=570.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

========================================================
Disk: 1 (Size: 14.5 GB) (Disk ID: 5D5D193E)
Partition 1: (Not Active) - (Size=14.5 GB) - (Type=0C)

LastRegBack: 2017-04-04 18:09

==================== End of FRST.txt ============================


Edited by hamluis, 29 April 2017 - 05:00 PM.


BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,762 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:38 PM

Posted 29 April 2017 - 05:05 PM

Welcome :)

Open FRST as you did before.

Type the following in the edit box on FRST, after "Search:".

user32.dll;USP10.dll

It then should look like:

Search: user32.dll;USP10.dll

Click Search Files button and post the log (Search.txt) it makes on the USB drive in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 brimetal

brimetal
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 29 April 2017 - 05:27 PM

The search.txt is attached.

Attached File  Search.txt   7.13KB   4 downloads



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,762 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:38 PM

Posted 29 April 2017 - 05:49 PM

Download the attached file and save it in the same location FRST64 is saved.
  • Start FRST64 as you did before.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.

Try Normal Mode and let me know the outcome.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 brimetal

brimetal
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 29 April 2017 - 05:57 PM

Applied the fix and started in normal mode.  Still resulted in a blue screen, but now stating:

 

STOP: c0000142 {DLL Initialization Failed}

Initialization of the dynamic link library winsrv failed. The process is terminating abnormally.

 

The fixlog is attached.

 

Attached File  Fixlog.txt   46.72KB   4 downloads



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,762 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:38 PM

Posted 29 April 2017 - 06:09 PM

Open FRST as you did before.

Type the following in the edit box on FRST, after "Search:".

winsrv.dll

It then should look like:

Search: winsrv.dll

Click Search Files button and post the log (Search.txt) it makes on the USB drive in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 brimetal

brimetal
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 29 April 2017 - 06:27 PM

Ran search for winsrv.dll

 

Search.txt is attached.

Attached File  Search.txt   10.61KB   5 downloads



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,762 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:38 PM

Posted 29 April 2017 - 06:40 PM

Download the attached file Attached File and save it in the same location FRST64 is saved.

  • Start FRST64 as you did before.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Try Normal Mode and let me know the outcome.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 brimetal

brimetal
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 29 April 2017 - 06:46 PM

Applied the fix and still have blue screen.  New error:

 

STOP: C0000139 {Entry Point Not Found}

The procedure entry point SetClientDynamicTimeZoneInformation could not be located in the dynamic link library KERNEL32.dll

 

The Fixlog output....

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-04-2017
Ran by SYSTEM (29-04-2017 18:42:32) Run:2
Running from h:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
Replace: C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23250_none_14fec2dccc36a8c4\winsrv.dll C:\Windows\System32\winsrv.dll
*****************
 


#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,762 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:38 PM

Posted 29 April 2017 - 06:56 PM

The report is incomplete. Check or run the fix once again.

 

Search for KERNEL32.dll


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 brimetal

brimetal
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 29 April 2017 - 07:18 PM

Apologies, the incomplete log was simply due to me not copying the entire log output.  I did attempt the repair again and had the same error with the Kernel32.dll file.

 

Full Fixlog output:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-04-2017
Ran by SYSTEM (29-04-2017 19:02:22) Run:3
Running from h:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
Replace: C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23250_none_14fec2dccc36a8c4\winsrv.dll C:\Windows\System32\winsrv.dll
*****************
 
C:\Windows\System32\winsrv.dll => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-winsrv_31bf3856ad364e35_6.1.7601.23250_none_14fec2dccc36a8c4\winsrv.dll copied successfully to C:\Windows\System32\winsrv.dll
 
==== End of Fixlog 19:02:22 ====
 
 
The search output for KERNEL32.dll is as follows:
 
Farbar Recovery Scan Tool (x64) Version: 27-04-2017
Ran by SYSTEM (29-04-2017 19:03:28)
Running from h:\
Boot Mode: Recovery
 
================== Search Files: "KERNEL32.dll" =============
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23250_none_fc92bbcdba8dbdc2\kernel32.dll
[2015-11-16 06:50][2015-10-19 16:45] 1114112 ____A (Microsoft Corporation) 6D2B6BCAE365F879F958BCAB2B0EBC9D
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23223_none_fcb62c6fba72b5f4\kernel32.dll
[2015-10-14 08:52][2015-09-28 12:15] 1114112 ____A (Microsoft Corporation) A0CFCED64576C13EC04AD7B39940BE93
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23153_none_fc95bac5ba8b0ca0\kernel32.dll
[2015-09-09 07:27][2015-08-04 09:51] 1114112 ____A (Microsoft Corporation) F7C976A71C09A6B4141CC5C8097DE81C
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23142_none_fc9f8a67ba83d758\kernel32.dll
[2015-09-09 07:27][2015-07-22 15:56] 1114112 ____A (Microsoft Corporation) 6F5C056D1AEB8713E403259B5FB38EE8
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23136_none_fcae5b7bba7820c3\kernel32.dll
[2015-08-16 09:35][2015-07-15 09:48] 1114112 ____A (Microsoft Corporation) 50159C0AEE9029D43B7E27022B6C0B37
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23126_none_fcb92b67ba7004d2\kernel32.dll
[2015-08-16 09:33][2015-07-14 18:58] 1114112 ____A (Microsoft Corporation) CA1A5EE549FE248BC127C1A5CAB72B70
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23072_none_fc7f18bdba9c2e04\kernel32.dll
[2015-06-10 19:56][2015-05-25 10:05] 1114112 ____A (Microsoft Corporation) 5EA4D6D52DB2679B8F9DE67A7F8BC41A
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23049_none_fca68a87ba7d8b92\kernel32.dll
[2015-06-10 19:56][2015-05-08 21:39] 1114112 ____A (Microsoft Corporation) FE8AA1F56E845C0A36C12D2F83243C4C
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23040_none_fc9d87edba85a783\kernel32.dll
[2015-05-13 05:07][2015-04-27 10:54] 1114112 ____A (Microsoft Corporation) B4E11856DF2535DF158D32DA7B780FDF
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23002_none_fccac831ba636a6d\kernel32.dll
[2015-04-14 16:20][2015-03-16 20:44] 1114112 ____A (Microsoft Corporation) 9FBA00AA15C45A2F1D26776193E543C1
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22653_none_fc95db0bba8ae4c2\kernel32.dll
[2014-05-15 16:06][2014-04-11 18:05] 1114112 ____A (Microsoft Corporation) C8C41EBEE097FEB29FB816854D3AD1E7
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22616_none_fcc41b99ba67c103\kernel32.dll
[2014-04-09 16:08][2014-03-04 02:38] 1114112 ____A (Microsoft Corporation) 866696FBE24914047462E34812169954
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22436_none_fcae77f5ba77fe97\kernel32.dll
[2013-10-08 15:56][2013-08-28 17:57] 1114112 ____A (Microsoft Corporation) EE751CBD5D0C332FDF3DF7187B612416
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22411_none_fcbf165bba6c4802\kernel32.dll
[2013-09-10 15:51][2013-08-01 21:55] 1114112 ____A (Microsoft Corporation) 61579F821AB5FF7FA2966D64D1070BA8
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22379_none_fc86373dba95bd39\kernel32.dll
[2013-08-13 13:59][2013-07-07 21:05] 1114112 ____A (Microsoft Corporation) 2997A7BC59E3EEFE8E86D1B0F3A3D748
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22209_none_fcd1e4cbba5cfc7b\kernel32.dll
[2013-02-13 13:28][2013-01-03 20:52] 1114112 ____A (Microsoft Corporation) 7E55988F5CB3BA67E2732370E8D71BBB
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22177_none_fc8432ddba97903d\kernel32.dll
[2013-01-09 13:59][2012-11-29 20:57] 1114112 ____A (Microsoft Corporation) 9CC2571E3646B9A24296AD7ADCC71682
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22125_none_fcb841e5ba70d1da\kernel32.dll
[2012-12-12 16:00][2012-10-04 08:36] 1114112 ____A (Microsoft Corporation) 5FA395364EE727E4BEE6B1406C207F98
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22091_none_fc688f63baad32ee\kernel32.dll
[2012-10-10 03:56][2012-08-20 09:31] 1114112 ____A (Microsoft Corporation) 305681B4B695D4A888B941965FFC2C17
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_fc7f5397ba9be6d3\kernel32.dll
[2011-11-09 10:34][2011-11-09 10:34] 1114112 ____A (Microsoft Corporation) D3CB12854171DF61D117D7C2BF22C675
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_fcbb64efba6df328\kernel32.dll
[2011-11-09 10:27][2011-11-09 10:27] 0837632 ____A (Microsoft Corporation) CC5CBC069944E7EA70D8674478A70A37
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.19045_none_fc18ee7aa1638393\kernel32.dll
[2015-11-16 06:50][2015-10-19 16:44] 1114112 ____A (Microsoft Corporation) 4166C05FA57548E6518D7EE20896C0A5
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.19018_none_fc3c5f1ca1487bc5\kernel32.dll
[2015-10-14 08:53][2015-09-28 18:57] 1114112 ____A (Microsoft Corporation) 9E83A4F6E776F7A3E5F7FB90180FBC0B
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18939_none_fc27e76ca15799bc\kernel32.dll
[2015-09-09 07:27][2015-07-22 09:52] 1114112 ____A (Microsoft Corporation) 1E679BB6671C67B2097A5E53D884D4D0
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18933_none_fc21e5b0a15d01b2\kernel32.dll
[2015-08-16 09:35][2015-07-15 09:53] 1114112 ____A (Microsoft Corporation) A38E10B4143A19F32D64517B6A1FCB98
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18923_none_fc2cb59ca154e5c1\kernel32.dll
[2015-08-16 09:33][2015-07-14 18:54] 1114112 ____A (Microsoft Corporation) C3856345C4FB053140237236D1146242
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18869_none_fc0775c2a16ff068\kernel32.dll
[2015-06-10 19:56][2015-05-25 09:59] 1114112 ____A (Microsoft Corporation) F81920ADB15012CF4E9FF8238C85686A
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18847_none_fc1b1506a16185d8\kernel32.dll
[2015-06-10 19:56][2015-05-08 19:12] 1114112 ____A (Microsoft Corporation) 84433E17027542D333861AB5615DCA2D
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18839_none_fc27e586a1579c95\kernel32.dll
[2015-05-13 05:07][2015-04-27 11:03] 1114112 ____A (Microsoft Corporation) 1569F20BB9DB9FDC87A6D3C8A3726ABF
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18798_none_fbe603cea1892dbd\kernel32.dll
[2015-04-14 16:20][2015-03-16 20:56] 1114112 ____A (Microsoft Corporation) 99DE8BADC0E85C9AB4A8301A3723FFEA
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18409_none_fc484db2a13f5426\kernel32.dll
[2014-04-09 16:08][2014-03-04 01:16] 1114112 ____A (Microsoft Corporation) 76161B9D78A275F8F28DD67436013110
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18229_none_fc32aa0ea14f91ba\kernel32.dll
[2013-09-10 15:51][2013-08-01 17:50] 1114112 ____A (Microsoft Corporation) 365A5034093AD9E04F433046C4CDF6AB
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18015_none_fc397506a14b161f\kernel32.dll
[2013-01-09 13:59][2012-11-29 20:53] 1114112 ____A (Microsoft Corporation) AC0B6F41882FC6ED186962D770EBF1D2
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17965_none_fc038d48a1736e92\kernel32.dll
[2012-12-12 16:00][2012-10-04 08:47] 1114112 ____A (Microsoft Corporation) D4F3176082566CEFA633B4945802D4C4
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17932_none_fc20fc2ea15dceba\kernel32.dll
[2012-10-10 03:56][2012-08-20 09:37] 1114112 ____A (Microsoft Corporation) 9B98D47916EAD4F69EF51B56B0C2323C
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_fc0a565aa16ef5d0\kernel32.dll
[2011-11-09 10:34][2011-11-09 10:34] 1114112 ____A (Microsoft Corporation) 99C3F8E9CC59D95666EB8D8A8B4C2BEB
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_fc3b97c6a1491e16\kernel32.dll
[2011-11-09 10:27][2011-11-09 10:27] 0837632 ____A (Microsoft Corporation) 166116134C58DC36400DE59ACD64FB39
 
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_fc389502a14bd4ea\kernel32.dll
[2010-11-20 19:24][2010-11-20 19:24] 0837632 ____A (Microsoft Corporation) E80758CF485DB142FCA1EE03A34EAD05
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23250_none_f23e117b862cfbc7\kernel32.dll
[2015-11-16 06:50][2015-10-19 17:11] 1166336 ____A (Microsoft Corporation) C86A77F9C93B7E04E4044B1D12E4E085
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23226_none_f26482fb860f3ffe\kernel32.dll
[2015-10-14 08:52][2015-10-01 10:06] 1166336 ____A (Microsoft Corporation) 2E52D789C4B17017556ED45D771DA5EB
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23223_none_f261821d8611f3f9\kernel32.dll
[2015-10-14 08:53][2015-09-28 10:16] 1166336 ____A (Microsoft Corporation) FA37233F148A06C9995854B890DEACBD
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23153_none_f2411073862a4aa5\kernel32.dll
[2015-09-09 07:27][2015-08-04 10:12] 1164288 ____A (Microsoft Corporation) E58CB7F258EDD938CEC4CFE44ABEC764
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23142_none_f24ae0158623155d\kernel32.dll
[2015-09-09 07:28][2015-07-22 14:03] 1164288 ____A (Microsoft Corporation) 313D319AB74D0218F44CC66BE393E38A
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23136_none_f259b12986175ec8\kernel32.dll
[2015-08-16 09:35][2015-07-15 10:09] 1164288 ____A (Microsoft Corporation) A3A71E4BEE2BA121C969B39AD1EB30FC
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23126_none_f2648115860f42d7\kernel32.dll
[2015-08-16 09:33][2015-07-14 19:20] 1164288 ____A (Microsoft Corporation) 093861BB2A36B95CE824683714737CAD
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23072_none_f22a6e6b863b6c09\kernel32.dll
[2015-06-10 19:57][2015-05-25 10:22] 1163776 ____A (Microsoft Corporation) 3A2E4CB43CC4AE0195F686146ADCAD3D
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23049_none_f251e035861cc997\kernel32.dll
[2015-06-10 19:56][2015-05-08 22:05] 1163776 ____A (Microsoft Corporation) B4E1D3B522A9FD13581A1880A13E68E7
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23040_none_f248dd9b8624e588\kernel32.dll
[2015-05-13 05:07][2015-04-27 11:17] 1163776 ____A (Microsoft Corporation) 2A782D0DD0C53C8B0A0A2318EBBCEC5D
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23002_none_f2761ddf8602a872\kernel32.dll
[2015-04-14 16:20][2015-03-16 21:11] 1164800 ____A (Microsoft Corporation) 36F241A637A424A75C98926189115502
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22653_none_f24130b9862a22c7\kernel32.dll
[2014-05-15 16:06][2014-04-11 18:32] 1164800 ____A (Microsoft Corporation) 77BBBF70BCE286CD19E1E68F248363FA
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22616_none_f26f71478606ff08\kernel32.dll
[2014-04-09 16:08][2014-03-04 03:08] 1164800 ____A (Microsoft Corporation) 52E77DC8E31C89FBB1E968699C8121C5
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22436_none_f259cda386173c9c\kernel32.dll
[2013-10-08 15:56][2013-08-28 18:19] 1162240 ____A (Microsoft Corporation) 786D234A90FCAC72633AE6FC52653A49
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22411_none_f26a6c09860b8607\kernel32.dll
[2013-09-10 15:51][2013-08-01 22:22] 1162240 ____A (Microsoft Corporation) C525D51A79B01342344F02E38866CF60
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22379_none_f2318ceb8634fb3e\kernel32.dll
[2013-08-13 13:59][2013-07-07 21:14] 1162240 ____A (Microsoft Corporation) 38E54D419A2962E24D35D868E4724AE7
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22209_none_f27d3a7985fc3a80\kernel32.dll
[2013-02-13 13:28][2013-01-03 21:36] 1162240 ____A (Microsoft Corporation) B844114B247D8EF1E5E4E93A282D2E6F
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22177_none_f22f888b8636ce42\kernel32.dll
[2013-01-09 13:59][2012-11-29 21:52] 1163264 ____A (Microsoft Corporation) B3BEA6420D482356E53B7C728E05C637
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22125_none_f263979386100fdf\kernel32.dll
[2012-12-12 16:00][2012-10-04 09:37] 1162240 ____A (Microsoft Corporation) F3C594D0DA3ACFA6C7B781A490AB4282
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22091_none_f213e511864c70f3\kernel32.dll
[2012-10-10 03:56][2012-08-20 10:24] 1163264 ____A (Microsoft Corporation) 624B34180C79D67C470C155DB81FFB8E
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_f22aa945863b24d8\kernel32.dll
[2011-11-09 10:34][2011-11-09 10:34] 1163264 ____A (Microsoft Corporation) 27AC02D8EE4C02E7648C41CB880151DA
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_f266ba9d860d312d\kernel32.dll
[2011-11-09 10:27][2011-11-09 10:27] 1163264 ____A (Microsoft Corporation) 6743E8705A96FCBF71279B5AE2CCFDBC
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.19045_none_f1c444286d02c198\kernel32.dll
[2015-11-16 06:50][2015-10-19 17:05] 1164800 ____A (Microsoft Corporation) 386BF677B78B66AABBA92C0FCA0579A6
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.19018_none_f1e7b4ca6ce7b9ca\kernel32.dll
[2015-10-14 08:53][2015-09-28 19:10] 1164800 ____A (Microsoft Corporation) 11C18D613F66CB5CE829B821599ED339
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18939_none_f1d33d1a6cf6d7c1\kernel32.dll
[2015-09-09 07:28][2015-07-22 16:02] 1163264 ____A (Microsoft Corporation) 9C261AB78DE420AA52FC08D69FD5745D
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18933_none_f1cd3b5e6cfc3fb7\kernel32.dll
[2015-08-16 09:35][2015-07-15 10:10] 1163264 ____A (Microsoft Corporation) 72585BDAF2EC5237EBD71D540657D6A2
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18923_none_f1d80b4a6cf423c6\kernel32.dll
[2015-08-16 09:33][2015-07-14 19:19] 1163264 ____A (Microsoft Corporation) 9D0A88DF1CCB89596DDB876093CD16A4
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18869_none_f1b2cb706d0f2e6d\kernel32.dll
[2015-06-10 19:57][2015-05-25 10:19] 1162752 ____A (Microsoft Corporation) 6FDF03A3B110C5264F52F979335AE301
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18847_none_f1c66ab46d00c3dd\kernel32.dll
[2015-06-10 19:56][2015-05-08 19:26] 1162752 ____A (Microsoft Corporation) 6AA0DD89D7A90033FC3111CC83187C1D
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18839_none_f1d33b346cf6da9a\kernel32.dll
[2015-05-13 05:07][2015-04-27 11:23] 1162752 ____A (Microsoft Corporation) 1C9F2F4A2C603739BD8CC8C64310AFD7
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18798_none_f191597c6d286bc2\kernel32.dll
[2015-04-14 16:20][2015-03-16 21:16] 1163264 ____A (Microsoft Corporation) E75074EFBE3C24FBC95C7C1985E08FDE
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18409_none_f1f3a3606cde922b\kernel32.dll
[2014-04-09 16:08][2014-03-04 01:44] 1163264 ____A (Microsoft Corporation) D2A513EE880D71BDE7F0257F38B9D019
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18229_none_f1ddffbc6ceecfbf\kernel32.dll
[2013-09-10 15:51][2013-08-01 18:13] 1161216 ____A (Microsoft Corporation) D8973E71F1B35CD3F3DEA7C12D49D0F0
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18015_none_f1e4cab46cea5424\kernel32.dll
[2013-01-09 13:59][2012-11-29 21:41] 1161216 ____A (Microsoft Corporation) 65C113214F7B05820F6D8A65B1485196
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17965_none_f1aee2f66d12ac97\kernel32.dll
[2012-12-12 16:00][2012-10-04 09:41] 1161216 ____A (Microsoft Corporation) 1DC3504CA4C57900F1557E9A3F01D272
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17932_none_f1cc51dc6cfd0cbf\kernel32.dll
[2012-10-10 03:56][2012-08-20 10:48] 1162240 ____A (Microsoft Corporation) EAF41CFBA5281834CBC383C710AC7965
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_f1b5ac086d0e33d5\kernel32.dll
[2011-11-09 10:34][2011-11-09 10:34] 1162752 ____A (Microsoft Corporation) B9B42A302325537D7B9DC52D47F33A73
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_f1e6ed746ce85c1b\kernel32.dll
[2011-11-09 10:27][2011-11-09 10:27] 1162752 ____A (Microsoft Corporation) 0E1B2E16235AA7F89F064EE75DFC905E
 
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_f1e3eab06ceb12ef\kernel32.dll
[2010-11-20 19:24][2010-11-20 19:24] 1161216 ____A (Microsoft Corporation) 7A6326D96D53048FDEC542DF23D875A0
 
C:\Windows\SysWOW64\kernel32.dll
[2015-11-16 06:50][2015-10-19 16:44] 1114112 ____A (Microsoft Corporation) 4166C05FA57548E6518D7EE20896C0A5
 
C:\Windows\System32\kernel32.dll
[2015-11-16 06:50][2015-10-19 17:05] 1164800 ____A (Microsoft Corporation) 386BF677B78B66AABBA92C0FCA0579A6
 
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\WinSxS\amd64_microsoft-windows-kernel32_31bf3856ad364e35_10.0.10240.16384_none_9bbe56eff0f8d352\kernel32.dll
[2015-07-10 02:30][2015-07-10 02:30] 0702512 ___AL () D41D8CD98F00B204E9800998ECF8427E
 
C:\$Windows.~BT\Sources\SafeOS\SafeOS.Mount\Windows\System32\kernel32.dll
[2015-07-10 02:30][2015-07-10 02:30] 0702512 ___AL () D41D8CD98F00B204E9800998ECF8427E
 
X:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_efb2d6e86ffc8f55\kernel32.dll
[2009-07-13 15:28][2009-07-13 17:41] 1162240 ____A (Microsoft Corporation) 5B4B379AD10DEDA4EDA01B8C6961B193
 
X:\Windows\System32\kernel32.dll
[2009-07-13 15:28][2009-07-13 17:41] 1162240 ____A (Microsoft Corporation) 5B4B379AD10DEDA4EDA01B8C6961B193
 
====== End of Search ======

 



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,762 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:38 PM

Posted 29 April 2017 - 07:36 PM

Download the attached file    and save it in the same location FRST64 is saved.

  • Start FRST64 as you did before.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Try Normal Mode and let me know the outcome.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 brimetal

brimetal
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 29 April 2017 - 07:50 PM

Applied the fix, but when I started in normal mode I'm back to the winsrv.dll error

 

STOP: c0000142 {DLL Initialization Failed}

Initialization of the dynamic link library winsrv failed. The process is terminating abnormally.

 

Fixlog output:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-04-2017
Ran by SYSTEM (29-04-2017 19:46:05) Run:4
Running from h:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
Replace: C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23002_none_f2761ddf8602a872\kernel32.dll C:\Windows\System32\kernel32.dll
Replace: C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23250_none_fc92bbcdba8dbdc2\kernel32.dll C:\Windows\SysWOW64\kernel32.dll
CMD: BCDEDIT /ENUM ALL
*****************
 
C:\Windows\System32\kernel32.dll => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23002_none_f2761ddf8602a872\kernel32.dll copied successfully to C:\Windows\System32\kernel32.dll
C:\Windows\SysWOW64\kernel32.dll => moved successfully
C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23250_none_fc92bbcdba8dbdc2\kernel32.dll copied successfully to C:\Windows\SysWOW64\kernel32.dll
 
========= BCDEDIT /ENUM ALL =========
 
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=Y:
path                    \bootmgr
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
extendedinput           Yes
default                 {default}
resumeobject            {158181c0-9a00-11db-8a1d-b11d19fd3102}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30
customactions           0x1000085000001
                        0x5400000f
custom:5400000f         {6e880b52-6c85-11e1-906b-cd81c6284dbd}
 
Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {6e880b52-6c85-11e1-906b-cd81c6284dbd}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {158181c0-9a00-11db-8a1d-b11d19fd3102}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {572bcd60-ffa7-11d9-aae0-0007e994107d}
device                  ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
path                    \windows\system32\boot\winload.exe
description             Microsoft Windows PE 2.0 
osdevice                ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
systemroot              \windows
detecthal               Yes
winpe                   Yes
ems                     Yes
 
Windows Boot Loader
-------------------
identifier              {6e880b52-6c85-11e1-906b-cd81c6284dbd}
device                  ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{6e880b53-6c85-11e1-906b-cd81c6284dbd}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{6e880b53-6c85-11e1-906b-cd81c6284dbd}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {158181c0-9a00-11db-8a1d-b11d19fd3102}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {6e880b53-6c85-11e1-906b-cd81c6284dbd}
description             Ramdisk Options
ramdisksdidevice        partition=E:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
Setup Ramdisk Options
---------------------
identifier              {ramdiskoptions}
description             Ramdisk Options
ramdisksdidevice        boot
ramdisksdipath          \boot\boot.sdi
 
========= End of CMD: =========
 
 
==== End of Fixlog 19:46:06 ====


#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,762 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:11:38 PM

Posted 29 April 2017 - 08:47 PM

Boot to the Command prompt. At the prompt type the following:

 

bcdedit | find "device"

 

A few entries will be displayed. We are only interested on the Offboot partition letter and the partition where the OS is installed. From these entries the first partition will be your Offbootdir the second partition (different letter) will be your Windir. Once you have this information, type the following at prompt:

 

SFC /ScanNow /Offbootdir=y: /Offwindir=x:\windows

 

Replace the y with the Offbootdir partition letter, and the x with the Windir partition letter. Both should end with a colon.

 

If you type:

 

bcdedit | find "osdevice"

 

It will only return the Windir.

 

Also run CHKDSK X: /R

 

replace the X with the Windir Partition letter followed by a colon.

 

Let me know the outcome. I'll be checking on you in the am.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 brimetal

brimetal
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:38 PM

Posted 30 April 2017 - 03:54 PM

Unable to run SFC as it states "There is a system repair pending which requires reboot to complete. Restart Windows and run sfc again.  Restart does not correct.  

 

Ran CHKDSK, found and corrected some errors.  Tried to boot in normal even though SFC was not ran and still stuck on initialization of winsrv.dll .






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users