Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"STOP: C0000135 The program can't start because %hs is missing." error


  • This topic is locked This topic is locked
7 replies to this topic

#1 hiero2021

hiero2021

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 19 May 2015 - 04:23 PM

Hey there,
a friend's ultrabook is showing a blank grey screen instead of the registration screen (Win7 64bit). Sometimes, it will try to reboot after some time, but I also managed to get a blue screen with an "STOP: C0000135 The program can't start because %hs is missing. Try resintalling the program" error. Googling around, I understand that AVG Antivirus may be part of the problem, however, the last reported issues I found are from 2011 or earlier. Nevertheless, I tried renaming the AVG installation folder using a bootable stick with AVG rescue CD. It had no effect. Also, recovery points are not working for some reason.
I scanned with FRST64 and got the following output. Unfortunately, I have no knowledge of what could be causing the error, if anything. Any help would be highly appreciated.
 
Best regards,
Niklas
 
FRST.txt log:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by SYSTEM on MININT-LAQTJK3 on 19-05-2015 23:04:39
Running from E:\
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Englisch (USA)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12856936 2011-09-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel® Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-22] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [981888 2011-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [BatteryManager] => C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE [285608 2011-09-22] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-08-22] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-08-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [598448 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-09] (Toshiba Europe GmbH)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-10-19] (Toshiba Europe GmbH)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1409424 2011-06-29] (Nero AG)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TOSDCR] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3723728 2015-03-25] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [*Restore] => C:\windows\system32\rstrui.exe [296960 2015-03-16] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Admin\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-15] (TOSHIBA)
HKU\Admin\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-10-19] (Google Inc.)
HKU\Default\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-15] (TOSHIBA)
HKU\Default User\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-15] (TOSHIBA)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2014-07-19]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2014-07-19]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2014-07-19]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-25] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, s.r.o.)
S2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [184320 2011-07-06] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-09] (Toshiba Europe GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 WMCoreService; C:\Program Files (x86)\TOSHIBA\Mobile Broadband Device\WMCore\mini_WMCore.exe [655912 2011-11-04] (Ericsson AB)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [281056 2015-03-25] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-02-05] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [284128 2015-02-25] (AVG Technologies CZ, s.r.o.)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-09-04] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-09-04] (Ericsson AB)
S3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-08-22] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-08-22] (MCCI Corporation)
S3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-08-22] (MCCI Corporation)
S3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-08-22] (MCCI Corporation)
S3 t36wgps; C:\Windows\System32\DRIVERS\t36wgps64.sys [102440 2011-09-06] (Ericsson AB)
S3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [281640 2011-10-19] (Ericsson AB)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-19 19:51 - 2015-05-19 23:04 - 00000000 ____D () C:\FRST
2015-05-17 22:53 - 2015-05-17 22:53 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{D4BA726B-B868-44D6-891B-42DFACD5F9A0}
2015-05-17 03:46 - 2015-05-17 03:46 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{4059EF84-0088-4648-8E9A-F77D3A92820B}
2015-05-16 03:47 - 2015-05-16 03:47 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{63632F24-B2BC-409A-8F4D-D985655F7216}
2015-05-16 00:40 - 2015-05-16 00:40 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{9137C59E-C84F-4ABD-A056-EF8E50E8458A}
2015-05-15 10:00 - 2015-05-15 10:00 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{854BBDF9-A889-420C-A0E6-3E9ECF14B2D4}
2015-05-15 09:29 - 2015-05-15 09:29 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{2E760541-D1BB-4AB0-A48C-3DE46B983552}
2015-05-15 00:39 - 2015-05-15 00:39 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{ECF14B78-0B42-46D6-AA39-D0466D5BB7DC}
2015-05-14 07:09 - 2015-05-14 07:09 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{036FB0EB-1B04-4CB8-AAF0-A1871FEAA3A7}
2015-05-14 00:19 - 2015-05-14 00:19 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{082BBBD0-8FA2-4776-A404-1C2EF68B70B2}
2015-05-12 23:47 - 2015-05-12 23:47 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{2C9C4A38-51B9-48FF-9561-FC15EE7B4240}
2015-05-12 12:29 - 2015-05-17 10:03 - 00006836 _____ () C:\Users\Astrid\Desktop\Bib.odt
2015-05-12 07:15 - 2015-05-16 03:44 - 00044837 _____ () C:\Users\Astrid\Desktop\Manual Beschreibung.odt
2015-05-12 05:27 - 2015-05-12 05:27 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{94F6B906-DDCC-4F18-A997-66742011F2CA}
2015-05-11 11:14 - 2015-05-11 11:14 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{F57D88B8-3832-4CAC-A1DF-DB7EB380DFAD}
2015-05-10 10:17 - 2015-05-10 10:17 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{CF455103-AADA-4E14-9B43-E462E811F144}
2015-05-08 06:48 - 2015-05-08 06:49 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{8E8627AF-5146-4E24-9DCB-9F6A99E26667}
2015-05-07 06:38 - 2015-05-07 06:39 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{1A8574D0-89D2-46E5-849F-A6494D260151}
2015-05-06 09:48 - 2015-05-06 09:48 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{A8D8E44A-A050-4432-B352-AD3CE43CF225}
2015-05-05 12:38 - 2015-05-15 12:37 - 00000000 ____D () C:\Users\Astrid\Documents\WSV
2015-05-05 12:37 - 2015-05-05 12:38 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{1AB6B077-3632-45FB-86BE-68C56E2C6ABE}
2015-05-05 11:10 - 2015-05-05 11:10 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{E7321F93-B9DE-4BB0-8816-76A8FB4708CE}
2015-05-05 07:10 - 2015-05-05 07:10 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{A3EC0EED-0EFE-42A2-B602-76A4B1CF996A}
2015-05-04 13:20 - 2015-05-04 13:20 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{E77C2362-EE6B-405F-904E-F3FB307B41B5}
2015-05-04 01:03 - 2015-05-04 01:03 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{48E1460A-5719-42B4-A474-11AD594DF2A2}
2015-05-03 04:17 - 2015-05-03 04:17 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{D0CC6A20-A301-420C-AB0F-24C4AEDEFCA6}
2015-05-02 05:44 - 2015-05-02 05:44 - 03204608 _____ () C:\Users\Astrid\Downloads\Fortbildungsmaterial ELFE.ppt
2015-05-02 04:33 - 2015-05-02 04:34 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{05CB29CB-52FF-4DC8-B699-8D90DC7D80E1}
2015-05-02 03:55 - 2015-05-02 03:55 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{0E873439-D218-4874-A3EF-652DA83DDC19}
2015-05-02 03:22 - 2015-05-02 03:22 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{A0F3ADDD-7061-4270-8EA4-A2D0CC50E7EE}
2015-05-01 08:02 - 2015-05-01 08:02 - 00000395 _____ () C:\Users\Astrid\Downloads\nh2938.ris
2015-05-01 04:50 - 2015-05-01 04:51 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{784F0F77-F65A-4382-8D63-48E92032100A}
2015-04-29 23:52 - 2015-04-29 23:52 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{88F10985-322A-4D2D-979F-0B7ABF487F50}
2015-04-29 02:00 - 2015-04-29 02:00 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{EB474693-DBDF-4C86-934C-122D78B8799C}
2015-04-28 04:25 - 2015-04-28 12:50 - 00000000 ____D () C:\Users\Astrid\Desktop\AOW
2015-04-28 03:07 - 2015-04-28 03:07 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{0DF9C6C2-3EB1-45DC-997C-A0F4D0A4DD83}
2015-04-27 03:23 - 2015-04-27 03:23 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{9EC76A75-CE66-4D40-A7AF-67378D483FEE}
2015-04-27 00:24 - 2015-04-27 00:24 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{A7A89495-00A5-4F4A-97A7-C89E93E6B6B9}
2015-04-26 01:07 - 2015-04-26 01:07 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{7DFF2386-1DD3-4BE0-846D-B6E2B09E882B}
2015-04-25 11:42 - 2015-04-25 11:42 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{28B3B572-1498-4DB7-B4E4-D1865BC9DF8B}
2015-04-25 09:56 - 2015-04-25 09:56 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{BDF61FC6-A026-4A82-8FD4-F7817C549387}
2015-04-25 06:27 - 2015-04-25 06:27 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{53A19E4A-11BA-4453-B325-A934E05EBC8C}
2015-04-25 02:28 - 2015-04-25 02:28 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{6890B582-CBF9-4249-AC7C-370D59347F62}
2015-04-24 09:03 - 2015-04-24 09:03 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{9E459DDE-FBEA-4E6E-AF98-926B9132A390}
2015-04-23 06:29 - 2015-04-23 06:29 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{53781E6A-D3B9-4057-9107-47B8D5D3F32F}
2015-04-22 03:30 - 2015-04-22 03:30 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{8026700A-7A81-4057-B15C-7C417783D8FF}
2015-04-21 10:52 - 2015-04-21 10:52 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{AA5C2AE1-1B04-48EF-A2A6-357FC6FD68A9}
2015-04-20 05:54 - 2015-04-20 05:54 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{35911B27-29AF-4212-B3EC-C8FC99256459}
2015-04-19 08:04 - 2015-04-19 08:04 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{F4484FA9-08F1-4850-91C0-1569E51DA23F}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-19 19:42 - 2015-04-04 08:14 - 00000000 ___SD () C:\Windows\System32\GWX
2015-05-19 19:42 - 2014-07-23 11:10 - 00000000 ____D () C:\Users\Astrid\AppData\Roaming\vlc
2015-05-19 19:42 - 2014-07-21 12:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-19 19:42 - 2014-07-21 07:51 - 00000000 ____D () C:\users\Astrid
2015-05-19 19:42 - 2014-07-19 11:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-19 19:42 - 2014-07-19 11:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-19 19:42 - 2014-07-19 10:37 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-19 19:42 - 2014-07-19 09:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2015-05-19 19:42 - 2014-07-19 09:10 - 00000000 ____D () C:\users\Admin
2015-05-19 19:42 - 2010-11-20 23:17 - 00000000 ____D () C:\Windows\ShellNew
2015-05-19 19:42 - 2010-11-20 23:17 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-19 19:42 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\AdvancedInstallers
2015-05-19 19:42 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2015-05-19 19:42 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2015-05-19 19:42 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-05-19 19:42 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-05-19 19:41 - 2014-09-24 05:15 - 00000000 ___RD () C:\Users\Astrid\Dropbox
2015-05-19 19:41 - 2014-07-21 08:19 - 00000000 ____D () C:\Users\Astrid\AppData\Roaming\SoftGrid Client
2015-05-19 14:04 - 2014-07-19 10:40 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-05-17 12:12 - 2014-07-21 08:01 - 00000000 ____D () C:\Users\Astrid\Documents\Stories
2015-05-16 04:14 - 2015-03-31 09:59 - 00000000 ____D () C:\Users\Astrid\Desktop\Artikel
2015-05-13 06:27 - 2014-07-19 11:58 - 00000000 ____D () C:\Windows\System32\MRT
2015-04-28 03:17 - 2015-02-03 04:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-28 03:13 - 2009-07-13 20:45 - 00027568 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-28 03:13 - 2009-07-13 20:45 - 00027568 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-28 03:11 - 2014-10-24 02:45 - 00004044 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1414147543
2015-04-28 03:11 - 2011-02-11 01:56 - 00699786 _____ () C:\Windows\System32\perfh007.dat
2015-04-28 03:11 - 2011-02-11 01:56 - 00149636 _____ () C:\Windows\System32\perfc007.dat
2015-04-28 03:11 - 2009-07-13 21:13 - 01620860 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-04-28 03:09 - 2014-07-19 08:27 - 01921320 _____ () C:\Windows\WindowsUpdate.log
2015-04-28 03:06 - 2009-07-13 20:51 - 00067430 _____ () C:\Windows\setupact.log
2015-04-28 03:05 - 2011-10-19 09:00 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-28 03:05 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-27 14:05 - 2011-10-19 09:00 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-21 01:22 - 2014-09-24 05:10 - 00000000 ____D () C:\Users\Astrid\AppData\Roaming\Dropbox
 
Some content of TEMP:
====================
C:\Users\Astrid\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpafkwzz.dll
C:\Users\Astrid\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpamjwgr.dll
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2011-10-19 08:32] - [2011-02-24 22:19] - 2871808 ____A (Microsoft Corporation) 8C37ADB9B36124D1BE0DE63B4F1A47F3
 
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
Restore point made on: 2015-04-24 13:32:52
Restore point made on: 2015-04-28 03:39:32
Restore point made on: 2015-05-13 03:39:55
Restore point made on: 2015-05-13 06:21:14
 
==================== Memory info =========================== 
 
Percentage of memory in use: 15%
Total physical RAM: 3996.55 MB
Available physical RAM: 3362.61 MB
Total Pagefile: 3994.75 MB
Available Pagefile: 3348.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
 
==================== Drives ================================
 
Drive c: (TI30818400C) (Fixed) (Total:216.81 GB) (Free:152.92 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (USB_STICK) (Fixed) (Total:7.45 GB) (Free:6.76 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 238.5 GB) (Disk ID: 087737B6)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=216.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8 GB) - (Type=84)
Partition 4: (Not Active) - (Size=12.2 GB) - (Type=17)
 
========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: F3E2DA69)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0B)
 
 
LastRegBack: 2015-05-14 09:01
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:53 AM

Posted 24 May 2015 - 04:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/576726 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 hiero2021

hiero2021
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 25 May 2015 - 09:45 AM


  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.

--- again for the sake of completeness: 

a friend's ultrabook is showing a blank grey screen instead of the registration screen (Win7 64bit). Sometimes, it will try to reboot after some time, but I also managed to get a blue screen with an "STOP: C0000135 The program can't start because %hs is missing. Try resintalling the program" error. Googling around, I understand that AVG Antivirus may be part of the problem, however, the last reported issues I found are from 2011 or earlier. Nevertheless, I tried renaming the AVG installation folder using a bootable stick with AVG rescue CD. It had no effect. Also, recovery points are not working for some reason.
I scanned with FRST64 and got the following output. Unfortunately, I have no knowledge of what could be causing the error, if anything. Any help would be highly appreciated.
  • new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.

--- see new log below.

  • Please tell us if you have your original Windows CD/DVD available. 

--- the ultrabook came with preinstalled windows, so my friend does not have an original Windows CD.

 

Regards,

Niklas

 

 

Log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by SYSTEM on MININT-E5CG495 on 25-05-2015 16:39:25
Running from E:\
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Englisch (USA)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12856936 2011-09-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel® Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-22] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [981888 2011-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [BatteryManager] => C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE [285608 2011-09-22] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-08-22] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-08-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [598448 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-09] (Toshiba Europe GmbH)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-10-19] (Toshiba Europe GmbH)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1409424 2011-06-29] (Nero AG)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TOSDCR] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3723728 2015-03-25] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [*Restore] => C:\windows\system32\rstrui.exe [296960 2015-03-16] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Admin\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-15] (TOSHIBA)
HKU\Admin\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-10-19] (Google Inc.)
HKU\Default\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-15] (TOSHIBA)
HKU\Default User\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-15] (TOSHIBA)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2014-07-19]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2014-07-19]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2014-07-19]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3416016 2015-03-25] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-03-25] (AVG Technologies CZ, s.r.o.)
S2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [184320 2011-07-06] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-09] (Toshiba Europe GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 WMCoreService; C:\Program Files (x86)\TOSHIBA\Mobile Broadband Device\WMCore\mini_WMCore.exe [655912 2011-11-04] (Ericsson AB)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [281056 2015-03-25] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [341472 2015-02-03] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [133088 2015-02-05] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [284128 2015-02-25] (AVG Technologies CZ, s.r.o.)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-09-04] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-09-04] (Ericsson AB)
S3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-08-22] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-08-22] (MCCI Corporation)
S3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-08-22] (MCCI Corporation)
S3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-08-22] (MCCI Corporation)
S3 t36wgps; C:\Windows\System32\DRIVERS\t36wgps64.sys [102440 2011-09-06] (Ericsson AB)
S3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [281640 2011-10-19] (Ericsson AB)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-19 19:51 - 2015-05-25 16:39 - 00000000 ____D () C:\FRST
2015-05-17 22:53 - 2015-05-17 22:53 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{D4BA726B-B868-44D6-891B-42DFACD5F9A0}
2015-05-17 03:46 - 2015-05-17 03:46 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{4059EF84-0088-4648-8E9A-F77D3A92820B}
2015-05-16 03:47 - 2015-05-16 03:47 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{63632F24-B2BC-409A-8F4D-D985655F7216}
2015-05-16 00:40 - 2015-05-16 00:40 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{9137C59E-C84F-4ABD-A056-EF8E50E8458A}
2015-05-15 10:00 - 2015-05-15 10:00 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{854BBDF9-A889-420C-A0E6-3E9ECF14B2D4}
2015-05-15 09:29 - 2015-05-15 09:29 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{2E760541-D1BB-4AB0-A48C-3DE46B983552}
2015-05-15 00:39 - 2015-05-15 00:39 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{ECF14B78-0B42-46D6-AA39-D0466D5BB7DC}
2015-05-14 07:09 - 2015-05-14 07:09 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{036FB0EB-1B04-4CB8-AAF0-A1871FEAA3A7}
2015-05-14 00:19 - 2015-05-14 00:19 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{082BBBD0-8FA2-4776-A404-1C2EF68B70B2}
2015-05-12 23:47 - 2015-05-12 23:47 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{2C9C4A38-51B9-48FF-9561-FC15EE7B4240}
2015-05-12 12:29 - 2015-05-17 10:03 - 00006836 _____ () C:\Users\Astrid\Desktop\Bib.odt
2015-05-12 07:15 - 2015-05-16 03:44 - 00044837 _____ () C:\Users\Astrid\Desktop\Manual Beschreibung.odt
2015-05-12 05:27 - 2015-05-12 05:27 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{94F6B906-DDCC-4F18-A997-66742011F2CA}
2015-05-11 11:14 - 2015-05-11 11:14 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{F57D88B8-3832-4CAC-A1DF-DB7EB380DFAD}
2015-05-10 10:17 - 2015-05-10 10:17 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{CF455103-AADA-4E14-9B43-E462E811F144}
2015-05-08 06:48 - 2015-05-08 06:49 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{8E8627AF-5146-4E24-9DCB-9F6A99E26667}
2015-05-07 06:38 - 2015-05-07 06:39 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{1A8574D0-89D2-46E5-849F-A6494D260151}
2015-05-06 09:48 - 2015-05-06 09:48 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{A8D8E44A-A050-4432-B352-AD3CE43CF225}
2015-05-05 12:38 - 2015-05-15 12:37 - 00000000 ____D () C:\Users\Astrid\Documents\WSV
2015-05-05 12:37 - 2015-05-05 12:38 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{1AB6B077-3632-45FB-86BE-68C56E2C6ABE}
2015-05-05 11:10 - 2015-05-05 11:10 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{E7321F93-B9DE-4BB0-8816-76A8FB4708CE}
2015-05-05 07:10 - 2015-05-05 07:10 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{A3EC0EED-0EFE-42A2-B602-76A4B1CF996A}
2015-05-04 13:20 - 2015-05-04 13:20 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{E77C2362-EE6B-405F-904E-F3FB307B41B5}
2015-05-04 01:03 - 2015-05-04 01:03 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{48E1460A-5719-42B4-A474-11AD594DF2A2}
2015-05-03 04:17 - 2015-05-03 04:17 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{D0CC6A20-A301-420C-AB0F-24C4AEDEFCA6}
2015-05-02 05:44 - 2015-05-02 05:44 - 03204608 _____ () C:\Users\Astrid\Downloads\Fortbildungsmaterial ELFE.ppt
2015-05-02 04:33 - 2015-05-02 04:34 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{05CB29CB-52FF-4DC8-B699-8D90DC7D80E1}
2015-05-02 03:55 - 2015-05-02 03:55 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{0E873439-D218-4874-A3EF-652DA83DDC19}
2015-05-02 03:22 - 2015-05-02 03:22 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{A0F3ADDD-7061-4270-8EA4-A2D0CC50E7EE}
2015-05-01 08:02 - 2015-05-01 08:02 - 00000395 _____ () C:\Users\Astrid\Downloads\nh2938.ris
2015-05-01 04:50 - 2015-05-01 04:51 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{784F0F77-F65A-4382-8D63-48E92032100A}
2015-04-29 23:52 - 2015-04-29 23:52 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{88F10985-322A-4D2D-979F-0B7ABF487F50}
2015-04-29 02:00 - 2015-04-29 02:00 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{EB474693-DBDF-4C86-934C-122D78B8799C}
2015-04-28 04:25 - 2015-04-28 12:50 - 00000000 ____D () C:\Users\Astrid\Desktop\AOW
2015-04-28 03:07 - 2015-04-28 03:07 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{0DF9C6C2-3EB1-45DC-997C-A0F4D0A4DD83}
2015-04-27 03:23 - 2015-04-27 03:23 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{9EC76A75-CE66-4D40-A7AF-67378D483FEE}
2015-04-27 00:24 - 2015-04-27 00:24 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{A7A89495-00A5-4F4A-97A7-C89E93E6B6B9}
2015-04-26 01:07 - 2015-04-26 01:07 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{7DFF2386-1DD3-4BE0-846D-B6E2B09E882B}
2015-04-25 11:42 - 2015-04-25 11:42 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{28B3B572-1498-4DB7-B4E4-D1865BC9DF8B}
2015-04-25 09:56 - 2015-04-25 09:56 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{BDF61FC6-A026-4A82-8FD4-F7817C549387}
2015-04-25 06:27 - 2015-04-25 06:27 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{53A19E4A-11BA-4453-B325-A934E05EBC8C}
2015-04-25 02:28 - 2015-04-25 02:28 - 00000000 ____D () C:\Users\Astrid\AppData\Local\{6890B582-CBF9-4249-AC7C-370D59347F62}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-19 19:42 - 2015-04-04 08:14 - 00000000 ___SD () C:\Windows\System32\GWX
2015-05-19 19:42 - 2014-07-23 11:10 - 00000000 ____D () C:\Users\Astrid\AppData\Roaming\vlc
2015-05-19 19:42 - 2014-07-21 12:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-19 19:42 - 2014-07-21 07:51 - 00000000 ____D () C:\users\Astrid
2015-05-19 19:42 - 2014-07-19 11:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-19 19:42 - 2014-07-19 11:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-19 19:42 - 2014-07-19 10:37 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-19 19:42 - 2014-07-19 09:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2015-05-19 19:42 - 2014-07-19 09:10 - 00000000 ____D () C:\users\Admin
2015-05-19 19:42 - 2010-11-20 23:17 - 00000000 ____D () C:\Windows\ShellNew
2015-05-19 19:42 - 2010-11-20 23:17 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-19 19:42 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\AdvancedInstallers
2015-05-19 19:42 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2015-05-19 19:42 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2015-05-19 19:42 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-05-19 19:42 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-05-19 19:41 - 2014-09-24 05:15 - 00000000 ___RD () C:\Users\Astrid\Dropbox
2015-05-19 19:41 - 2014-07-21 08:19 - 00000000 ____D () C:\Users\Astrid\AppData\Roaming\SoftGrid Client
2015-05-19 14:04 - 2014-07-19 10:40 - 00000000 ____D () C:\Program Files (x86)\AVG
2015-05-17 12:12 - 2014-07-21 08:01 - 00000000 ____D () C:\Users\Astrid\Documents\Stories
2015-05-16 04:14 - 2015-03-31 09:59 - 00000000 ____D () C:\Users\Astrid\Desktop\Artikel
2015-05-13 06:27 - 2014-07-19 11:58 - 00000000 ____D () C:\Windows\System32\MRT
2015-04-28 03:17 - 2015-02-03 04:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-28 03:13 - 2009-07-13 20:45 - 00027568 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-28 03:13 - 2009-07-13 20:45 - 00027568 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-28 03:11 - 2014-10-24 02:45 - 00004044 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1414147543
2015-04-28 03:11 - 2011-02-11 01:56 - 00699786 _____ () C:\Windows\System32\perfh007.dat
2015-04-28 03:11 - 2011-02-11 01:56 - 00149636 _____ () C:\Windows\System32\perfc007.dat
2015-04-28 03:11 - 2009-07-13 21:13 - 01620860 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-04-28 03:09 - 2014-07-19 08:27 - 01921320 _____ () C:\Windows\WindowsUpdate.log
2015-04-28 03:06 - 2009-07-13 20:51 - 00067430 _____ () C:\Windows\setupact.log
2015-04-28 03:05 - 2011-10-19 09:00 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-28 03:05 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-27 14:05 - 2011-10-19 09:00 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
 
Some content of TEMP:
====================
C:\Users\Astrid\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpafkwzz.dll
C:\Users\Astrid\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpamjwgr.dll
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2011-10-19 08:32] - [2011-02-24 22:19] - 2871808 ____A (Microsoft Corporation) 8C37ADB9B36124D1BE0DE63B4F1A47F3
 
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
Restore point made on: 2015-04-24 13:32:52
Restore point made on: 2015-04-28 03:39:32
Restore point made on: 2015-05-13 03:39:55
Restore point made on: 2015-05-13 06:21:14
 
==================== Memory info =========================== 
 
Percentage of memory in use: 15%
Total physical RAM: 3996.55 MB
Available physical RAM: 3359.25 MB
Total Pagefile: 3994.75 MB
Available Pagefile: 3347.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
 
==================== Drives ================================
 
Drive c: (TI30818400C) (Fixed) (Total:216.81 GB) (Free:152.92 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (USB_STICK) (Fixed) (Total:7.45 GB) (Free:6.76 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 238.5 GB) (Disk ID: 087737B6)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=216.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8 GB) - (Type=84)
Partition 4: (Not Active) - (Size=12.2 GB) - (Type=17)
 
========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: F3E2DA69)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0B)
 
 
LastRegBack: 2015-05-14 09:01
 
==================== End Of Log ============================


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,576 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:53 AM

Posted 30 May 2015 - 08:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Major manufacturers will create a way to restore your system to the factory settings.
I think that it's the only way you can get that computer back in service.

Google this string restore ultrabook to factory settings select the manufacturers's instructions and apply it.

It goes whithot saying that all the programs will will have to be reinstalled as well at all the Windows updates.

Hope it helps.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,576 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:53 AM

Posted 05 June 2015 - 07:37 AM

Are you still with me?

#6 hiero2021

hiero2021
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 07 June 2015 - 03:32 AM

Hi nasdaq,

 

sorry the delay, and thanks for the answer!

I had hoped to get it to work without resetting to factory settings, but it seems it can't be helped then. I will do that as soon as I'm at home.

 

Niklas



#7 hiero2021

hiero2021
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:53 PM

Posted 19 June 2015 - 09:30 AM

Finally got my hands on the machine again. Resetted everything to factory settings, and just wanted to let you know that the ultrabook is working again.

Thanks again; thread can be closed.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,576 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:53 AM

Posted 19 June 2015 - 12:20 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users