Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hello! I am looking for a fixlist.txt for this FRST scan


  • This topic is locked This topic is locked
2 replies to this topic

#1 Wibble18

Wibble18

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 24 January 2017 - 10:22 PM

PLEASE HELP!
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-01-2017
Ran by SYSTEM on MINWINPC (25-01-2017 20:59:13)
Running from f:\
Platform: WIN_VISTA Service Pack 1 (X86) Language: English (United States)
Boot Mode: Recovery
ATTENTION: Could not load system hive.
The operation completed successfully.
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Winlogon: [Userinit] 
HKLM\...\Winlogon: [Shell]  [x ] () <=== ATTENTION
HKLM\...\InprocServer32: [Default-wbemess]  <==== ATTENTION
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  <==== ATTENTION
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Three Months Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-25 20:45 - 2017-01-25 20:59 - 00000000 ____D C:\FRST
 
==================== Three Months Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe IS MISSING <==== ATTENTION
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION
C:\Windows\System32\rpcss.dll IS MISSING <==== ATTENTION
C:\Windows\System32\dnsapi.dll IS MISSING <==== ATTENTION
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION
C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION
 
==================== Association (Whitelisted) =============
 
 
 
HKLM\...\.exe:  =>  <===== ATTENTION
HKLM\...\exefile\DefaultIcon:  <===== ATTENTION
HKLM\...\exefile\shell\open\command:  <===== ATTENTION
 
==================== Restore Points  =========================
 
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {default}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30
resume                  No
 
Windows Boot Loader
-------------------
identifier              {572bcd55-ffa7-11d9-aae0-0007e994107d}
device                  partition=D:
path                    \Windows\System32\boot\winload.exe
description             Windows Recovery Environment
osdevice                partition=D:
systemroot              \Windows
nx                      OptIn
detecthal               Yes
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows Vista
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {572bcd55-ffa7-11d9-aae0-0007e994107d}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {b78c570d-d2ac-11dc-aca7-e608095aa759}
nx                      OptIn
 
Resume from Hibernate
---------------------
identifier              {b78c570d-d2ac-11dc-aca7-e608095aa759}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
Windows Legacy OS Loader
------------------------
identifier              {ntldr}
device                  unknown
path                    \ntldr
description             Earlier Version of Windows
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 19%
Total physical RAM: 2045.24 MB
Available physical RAM: 1640.44 MB
Total Virtual: 1821.99 MB
Available Virtual: 1638.12 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:138.9 GB) (Free:134 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.06 GB) NTFS
Drive e: (VISTA_SP1_HOMEPREMIUM) (CDROM) (Total:3.32 GB) (Free:0 GB) UDF
Drive f: () (Removable) (Total:14.45 GB) (Free:14.43 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: 20000000)
Partition 1: (Not Active) - (Size=149 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=138.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 14.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of FRST.txt ============================

Edited by Orange Blossom, 25 January 2017 - 01:02 AM.
Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:48 AM

Posted 27 January 2017 - 12:46 AM

Why are you running FRST from recovery mode?

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#3 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,784 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:48 AM

Posted 29 January 2017 - 11:21 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users