Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i Need fixlist.txt for farbar recovery scan tool


  • This topic is locked This topic is locked
5 replies to this topic

#1 Mahmoudkamal

Mahmoudkamal

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 10 September 2017 - 04:28 AM

i got this msg when i tried to boot my computer , even tried save mode and i got the same msg "STOP: C0000135 The program can't start because %hs is missing. Try resintalling the program" i also tried to use the repair tool and it couldn't fix the problem after 2 days of searching i found this forum well i followed the all the steps in this form ( https://www.bleepingcomputer.com/forums/t/444580/stop-c0000135-the-program-cant-start-because-hs-is-missing-try-resintalling-the-program/ ) but everyone have different fixlist.txt so can someone please look at my FRST.txt and help me ... if i failed in this i will just give up and try to install my windows from a flash drive .
and thanks   

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2017
Ran by SYSTEM on MININT-656U90L (10-09-2017 00:57:36)
Running from H:\
Platform: Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [VirtualCloneDrive] => "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Lightshot] => C:\Program Files\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-08-02] (Avira Operations GmbH & Co. KG)
Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk [2017-09-07]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2017-05-11]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Explorer.lnk [2015-06-15]
ShortcutTarget: Windows Explorer.lnk ->  (No File)
Startup: C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\مراقبة تنبيهات الحبر - HP Deskjet 1050 J410 series.lnk [2016-01-11]
ShortcutTarget: مراقبة تنبيهات الحبر - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 DialComService; C:\Program Files\DIAL GmbH\DIAL Communication Framework\DialComService.exe [1934608 2013-12-17] (DIAL GmbH)
S2 hasplms; C:\Windows\system32\hasplms.exe [4609928 2013-08-01] (SafeNet Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S2 24c54e38; "C:\Windows\system32\rundll32.exe" "c:\Program Files\DeltaFix\DeltaFix.dll",serv <==== ATTENTION
S2 AMD External Events Utility; %SystemRoot%\system32\atiesrxx.exe [X]
S2 Etaps LMService; C:\Program Files\Operation Technology Inc\ETAP License Manager 700\Etapslmt.exe [X]
S2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe /DisableUI [X]
S3 FirebirdServerMAGIXInstance; "C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe" [X]
S3 FlexNet Licensing Service; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [X]
S2 HPSIService; C:\Windows\system32\HPSIsvc.exe [X]
S3 IEEtwCollectorService; %SystemRoot%\system32\IEEtwCollector.exe /V [X]
S2 LkCitadelServer; C:\Windows\system32\lkcitdl.exe [X]
S2 lkClassAds; C:\Windows\system32\lkads.exe [X]
S2 lkTimeSync; C:\Windows\system32\lktsrv.exe [X]
S3 Microsoft SharePoint Workspace Audit Service; "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice [X]
S2 NIDomainService; "C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe" [X]
S4 NILM License Manager; "C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe" [X]
S2 niSvcLoc; C:\Windows\system32\nisvcloc.exe -s [X]
S3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [X]
S2 PCAppStoreSvc_{PCAppStore_4.4.0.5812}; C:\Program Files\Baidu Security\PC App Store\4.4.0.5812\PCAppStoreSvc.exe [X]
S2 PCFasterSvc_{PCFaster_4.0.0.0}; C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe [X]
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [X]
S2 RichVideo; "C:\Program Files\CyberLink\Shared files\RichVideo.exe" [X]
S2 s7oiehsx; C:\program files\common files\Siemens\S7IEPG\s7oiehsx.exe [X]
S2 S7TraceServiceX; C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe [X]
S2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [X]
S2 Soda PDF 2012 Helper Service; "C:\Program Files\Soda PDF 2012\HelperService.exe" [X]
S2 Soda PDF 2012 Service; "C:\Program Files\Soda PDF 2012\ConversionService.exe" [X]
S2 TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [X]
S2 YahooAUService; "C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [376200 2013-08-01] (SafeNet Inc.)
S2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [608648 2013-08-01] (SafeNet Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-10 00:57 - 2017-09-10 00:57 - 000000000 ____D C:\FRST
2017-09-09 15:59 - 2017-09-09 15:59 - 000013824 ___SH C:\Thumbs.db
2017-09-09 11:36 - 2017-09-09 16:01 - 000000000 ____D C:\C.drive
2017-09-06 07:01 - 2017-09-06 07:01 - 000000000 ____H C:\Users\USER\AppData\Local\BIT4558.tmp
2017-09-06 07:01 - 2017-09-06 07:01 - 000000000 _____ C:\Users\USER\AppData\Local\{41873C0F-471D-4379-A579-1C5882CE6C4F}
2017-09-04 06:37 - 2017-09-04 06:37 - 096657931 _____ C:\Users\USER\Downloads\Unconfirmed 711522.crdownload
2017-09-04 04:32 - 2017-09-04 05:04 - 043153070 _____ C:\Users\USER\Downloads\Developmental Genetics by Moody.pdf
2017-09-04 03:30 - 2017-09-04 03:30 - 007152334 _____ C:\Users\USER\Downloads\مناخ أفريقيا يتغير .pdf.crdownload
2017-09-03 14:51 - 2017-09-03 15:25 - 016289539 _____ C:\Users\USER\Downloads\Biofeedback.pdf
2017-09-03 09:57 - 2017-09-03 11:27 - 129700733 _____ C:\Users\USER\Downloads\The Cell by Cooper 4E.pdf
2017-09-03 09:57 - 2017-09-03 11:06 - 065734355 _____ C:\Users\USER\Downloads\Molecular Biology by Craig.pdf
2017-09-03 08:44 - 2017-09-03 09:02 - 010940424 _____ C:\Users\USER\Downloads\[L_Alberghina,NetLibrary,_Inc.]_Protein_engineerin(BookFi).pdf
2017-09-03 03:44 - 2017-09-03 03:46 - 004980240 _____ ( ) C:\Users\USER\Downloads\ascsetup.exe
2017-09-03 02:07 - 2017-09-03 02:42 - 007493970 _____ C:\Users\USER\Downloads\26Health Care Budgeting and Financial Management, 2nd Edition.pdf
2017-09-03 01:52 - 2017-09-03 01:54 - 002604077 _____ C:\Users\USER\Downloads\نظرات في علم الوراثة.pdf
2017-09-02 09:37 - 2017-09-02 11:56 - 223394864 _____ C:\Users\USER\Downloads\IBM SPSS Statistics v23 x86    مع تحيات د. سلام الهلالي.rar
2017-09-01 15:47 - 2017-09-01 16:13 - 032306580 _____ C:\Users\USER\Downloads\التحليل الاحصائي للبيانات 2014 ببرنامج SPSS.pdf
2017-08-31 09:48 - 2017-08-31 09:52 - 000433452 _____ C:\Users\USER\Documents\معايدة.pptx
2017-08-31 04:55 - 2017-08-31 04:57 - 000209383 _____ C:\Users\USER\Downloads\Which_physiological_adaptation_allows_camels_to_to.pdf
2017-08-30 07:06 - 2017-08-30 07:56 - 016960166 _____ C:\Users\USER\Downloads\1607__1584__1575__1582__1604__1602__1575__1604__1604__1607_-__1575__1604__1581__1588__1585__1575__1578.pdf
2017-08-30 03:27 - 2017-08-30 04:15 - 015257679 _____ C:\Users\USER\Downloads\1607__1584__1575__1582__1604__1602__1575__1604__1604__1607_-__1575__1604__1581__1588__1585__1575__1578.pdf.crdownload
2017-08-29 16:23 - 2017-08-29 16:23 - 000000317 _____ C:\Users\USER\Downloads\citation-248444528.ris
2017-08-29 16:17 - 2017-08-29 16:20 - 002698886 _____ C:\Users\USER\Downloads\fulltext-thyroids-v2-id1013.pdf
2017-08-29 16:11 - 2017-08-29 16:12 - 000673297 _____ C:\Users\USER\Downloads\f_3648-NMI-Thyroid-Hormones-and-Cortisol-Concentrations-in-Offspring-are-Influenc.pdf_4922.pdf
2017-08-29 10:53 - 2017-08-29 10:54 - 000096990 _____ C:\Users\USER\Downloads\Formal-Invitation-Acceptance-Letter-Template.zip
2017-08-29 10:50 - 2017-08-29 10:53 - 000111923 _____ C:\Users\USER\Downloads\Formal-Meeting-Invitation-Letter-Template (1).zip
2017-08-29 10:50 - 2017-08-29 10:51 - 000255046 _____ C:\Users\USER\Downloads\Formal-Committee-Invitation-Letter-Template.zip
2017-08-29 10:50 - 2017-08-29 10:50 - 000111923 _____ C:\Users\USER\Downloads\Formal-Meeting-Invitation-Letter-Template.zip
2017-08-29 10:50 - 2017-08-29 10:50 - 000022751 _____ C:\Users\USER\Downloads\Formal-Conference-Invitation-Letter-Template2.zip
2017-08-29 10:46 - 2017-08-29 10:50 - 000377547 _____ C:\Users\USER\Downloads\English GUIDELINE FOR TEACHING AND WRITING ESSAYS AND TRANSACTIONAL TEXTS doc 4 doc 11082010.pdf
2017-08-29 09:04 - 2017-08-29 09:04 - 000001011 _____ C:\Users\USER\Downloads\Untitled
2017-08-29 07:00 - 2017-08-29 07:08 - 009857006 _____ C:\Users\USER\Downloads\الجينة الانانية.pdf
2017-08-29 02:41 - 2017-08-29 02:41 - 000344049 _____ C:\Users\USER\Downloads\download (2).htm
2017-08-28 16:45 - 2017-08-28 16:46 - 000687546 _____ C:\Users\USER\Downloads\Medicine Record Book 2010.pdf
2017-08-28 16:13 - 2017-08-28 16:18 - 000486063 _____ ( ) C:\Users\USER\Downloads\atlas-of-rabbit-anatomy-pdf-free (1).exe
2017-08-28 09:50 - 2017-08-28 09:50 - 000000000 ____D C:\Users\USER\Documents\Avatar
2017-08-28 09:40 - 2017-08-29 05:17 - 000000000 ____D C:\Users\USER\Documents\Youcam
2017-08-28 09:40 - 2017-08-28 09:40 - 000000000 ____D C:\Users\USER\AppData\Local\CyberLink
2017-08-28 09:40 - 2017-08-28 09:40 - 000000000 ____D C:\ProgramData\CyberLink
2017-08-28 09:39 - 2017-08-28 09:39 - 000000000 ____D C:\Users\USER\AppData\Roaming\CyberLink
2017-08-28 09:37 - 2017-08-28 09:37 - 000000000 ____D C:\BigFishCache
2017-08-28 08:40 - 2017-08-28 08:54 - 005287792 _____ C:\Users\USER\Downloads\Textbook of Rabbit Medicine (3).pdf
2017-08-28 08:40 - 2017-08-28 08:44 - 001496618 _____ C:\Users\USER\Downloads\Veterinary_Laboratory_Medicine (2).pdf
2017-08-28 08:06 - 2009-11-18 09:33 - 000271768 _____ (OGPlanet) C:\Windows\System32\OGPIEPlugin.ocx
2017-08-28 08:06 - 2009-11-18 09:33 - 000079256 _____ (OGPlanet) C:\Windows\System32\npOGPPlugin.dll
2017-08-28 07:57 - 2017-09-07 10:25 - 000000000 ____D C:\Program Files\OGPlanet
2017-08-28 07:46 - 2017-08-28 08:14 - 000000000 ____D C:\Program Files\Kuma Games BETA
2017-08-28 06:13 - 2017-08-28 06:26 - 000826712 _____ C:\Users\USER\Downloads\bluebook - PDF.pdf
2017-08-27 07:55 - 2017-08-27 08:05 - 000072261 _____ C:\Users\USER\Downloads\039 J Camel Pra Res 2015 C.d. HSP.pdf.crdownload
2017-08-26 12:53 - 2017-08-26 12:53 - 000243555 _____ C:\Users\USER\Downloads\Korhonen_H_Pihlanto_A_Bioactive_peptides_productio.pdf
2017-08-26 09:02 - 2017-08-26 09:02 - 000440243 _____ C:\Users\USER\Downloads\59680-108706-1-PB (6).pdf
2017-08-26 07:39 - 2017-08-26 07:45 - 000440243 _____ C:\Users\USER\Downloads\59680-108706-1-PB (5).pdf
2017-08-26 05:57 - 2017-08-26 06:17 - 000846553 _____ C:\Users\USER\Downloads\livestock_husbandry_guide_03_06_2016_final_for_print.pdf
2017-08-25 15:47 - 2017-08-25 15:48 - 000159462 _____ C:\Users\USER\Downloads\FOOD_4(1)61-63o.pdf
2017-08-25 15:36 - 2017-08-25 15:36 - 000431633 _____ C:\Users\USER\Downloads\Seifu Buys & Donkin 2005 Lactoperoxidase Review Article .pdf
2017-08-25 12:37 - 2017-08-25 12:37 - 000093011 _____ C:\Users\USER\Downloads\animals-01-00083 (1).pdf
2017-08-25 11:18 - 2017-08-25 11:22 - 003007120 _____ C:\Users\USER\Downloads\Meat Science An Introductory Text.rar
2017-08-25 01:45 - 2017-08-25 01:45 - 000084899 _____ C:\Users\USER\Downloads\comparing-groups-statistical-differences-how-choose-right-statistical-test.htm
2017-08-25 01:45 - 2017-08-25 01:45 - 000084899 _____ C:\Users\USER\Downloads\comparing-groups-statistical-differences-how-choose-right-statistical-test (1).htm
2017-08-25 01:40 - 2017-08-25 01:47 - 010333577 _____ C:\Users\USER\Downloads\Statistical Methods%0D%0Aand Reasoning for the%0AClinical Sciences.pdf
2017-08-25 00:45 - 2017-08-25 00:46 - 001183022 _____ C:\Users\USER\Downloads\commonlyusedstatisticsinmedicalresearchpartistudent-130129073423-phpapp01.pptx
2017-08-25 00:22 - 2017-08-25 00:23 - 000266538 _____ C:\Users\USER\Downloads\sparesience.pdf
2017-08-24 14:55 - 2017-08-24 14:55 - 000001094 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-08-24 14:25 - 2017-08-24 14:39 - 015156370 _____ C:\Users\USER\Downloads\[Frances_Fischbach,_Marshall_B._Dunning]_A_Manual_(BookSee.org).pdf
2017-08-24 14:01 - 2017-08-24 14:02 - 001496618 _____ C:\Users\USER\Downloads\Veterinary_Laboratory_Medicine (1).pdf
2017-08-23 05:03 - 2017-08-23 05:29 - 013083605 _____ C:\Users\USER\Downloads\diversity-03-00660.pdf
2017-08-23 03:34 - 2017-08-23 03:52 - 003760935 _____ C:\Users\USER\Downloads\husbandy ca.zip
2017-08-19 05:06 - 2017-08-19 05:06 - 000000000 ____D C:\Users\USER\AppData\LocalLow\The Glitch Factory
2017-08-18 11:24 - 2017-08-18 11:56 - 005351384 _____ C:\Users\USER\Downloads\Al-kemma.pdf
2017-08-17 07:57 - 2017-08-17 09:02 - 002672094 _____ C:\Users\USER\Downloads\1stInternational_Congress_on_Food_Technology (1).pdf
2017-08-17 07:55 - 2017-08-17 08:06 - 000245760 _____ C:\Users\USER\Downloads\healthymuslim-com-raw-milk-book.pdf
2017-08-16 04:22 - 2017-08-16 04:24 - 000719100 _____ C:\Users\USER\Downloads\testing.pdf
2017-08-16 02:17 - 2017-08-16 03:04 - 005287792 _____ C:\Users\USER\Downloads\Textbook of Rabbit Medicine (2).pdf
2017-08-15 06:40 - 2017-08-15 06:42 - 000269145 _____ C:\Users\USER\Downloads\SAALAS-2017-Call-for-abstracts_28-June-2017.pdf
2017-08-13 10:03 - 2017-08-13 10:03 - 000064850 _____ C:\Users\USER\Downloads\تراكمي يوليو 2016.xlsx
2017-08-12 20:36 - 2017-08-12 20:37 - 000243417 _____ C:\Users\USER\Downloads\tCQEW6 (4).pdf
2017-08-12 19:55 - 2017-08-12 19:56 - 000714452 _____ C:\Users\USER\Downloads\5318-16897-1-PB.pdf
2017-08-12 19:51 - 2017-08-12 19:52 - 000440243 _____ C:\Users\USER\Downloads\59680-108706-1-PB (8).pdf
2017-08-12 11:02 - 2017-08-12 21:02 - 000010938 _____ C:\Users\USER\Downloads\الامهات-بعد-التعديل.xlsx
2017-08-12 03:23 - 2017-08-12 03:25 - 001244374 _____ C:\Users\USER\Desktop\New Bitmap Image.bmp
2017-08-11 09:22 - 2017-07-29 06:50 - 000074752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.sys
2017-08-11 09:22 - 2017-07-21 06:26 - 000518144 _____ C:\Windows\System32\msjetoledb40.dll
2017-08-11 09:22 - 2017-07-21 06:26 - 000409600 _____ (Microsoft Corporation) C:\Windows\System32\msexch40.dll
2017-08-11 09:22 - 2017-07-21 06:26 - 000290816 _____ (Microsoft Corporation) C:\Windows\System32\msjtes40.dll
2017-08-11 09:22 - 2017-07-21 06:26 - 000282624 _____ (Microsoft Corporation) C:\Windows\System32\mstext40.dll
2017-08-11 09:22 - 2017-07-14 07:10 - 001549824 _____ (Microsoft Corporation) C:\Windows\System32\tquery.dll
2017-08-11 09:22 - 2017-07-14 07:10 - 001400320 _____ (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2017-08-11 09:22 - 2017-07-14 07:10 - 001363968 _____ (Microsoft Corporation) C:\Windows\System32\Query.dll
2017-08-11 09:22 - 2017-07-14 07:10 - 000666624 _____ (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2017-08-11 09:22 - 2017-07-14 07:10 - 000382976 _____ (Microsoft Corporation) C:\Windows\System32\wer.dll
2017-08-11 09:22 - 2017-07-14 07:10 - 000337408 _____ (Microsoft Corporation) C:\Windows\System32\mssph.dll
2017-08-11 09:22 - 2017-07-14 07:10 - 000197120 _____ (Microsoft Corporation) C:\Windows\System32\mssphtb.dll
2017-08-11 09:22 - 2017-07-14 07:10 - 000104448 _____ (Microsoft Corporation) C:\Windows\System32\mssitlb.dll
2017-08-11 09:22 - 2017-07-14 07:10 - 000059392 _____ (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2017-08-11 09:22 - 2017-07-14 07:10 - 000034816 _____ (Microsoft Corporation) C:\Windows\System32\mssprxy.dll
2017-08-11 09:22 - 2017-07-14 07:00 - 000427520 _____ (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2017-08-11 09:22 - 2017-07-14 07:00 - 000164352 _____ (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2017-08-11 09:22 - 2017-07-14 06:59 - 000086528 _____ (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2017-08-11 09:22 - 2017-07-14 06:59 - 000009728 _____ (Microsoft Corporation) C:\Windows\System32\msshooks.dll
2017-08-11 09:22 - 2017-07-14 06:50 - 000054272 _____ (Microsoft Corporation) C:\Windows\System32\wermgr.exe
2017-08-11 09:22 - 2017-07-14 06:50 - 000028672 _____ (Microsoft Corporation) C:\Windows\System32\werdiagcontroller.dll
2017-08-11 09:22 - 2017-07-08 07:19 - 000250600 _____ (Microsoft Corporation) C:\Windows\System32\clfs.sys
2017-08-11 09:22 - 2017-07-08 06:51 - 002402816 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2017-08-11 09:22 - 2017-07-07 07:15 - 004001000 _____ (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2017-08-11 09:22 - 2017-07-07 07:15 - 003945192 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2017-08-11 09:22 - 2017-07-07 07:15 - 000296680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\volmgrx.sys
2017-08-11 09:22 - 2017-07-07 07:15 - 000137960 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2017-08-11 09:22 - 2017-07-07 07:15 - 000067304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2017-08-11 09:22 - 2017-07-07 07:13 - 001310528 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2017-08-11 09:22 - 2017-07-07 07:11 - 000655360 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2017-08-11 09:22 - 2017-07-07 07:11 - 000400896 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2017-08-11 09:22 - 2017-07-07 07:11 - 000261120 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2017-08-11 09:22 - 2017-07-07 07:11 - 000254464 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2017-08-11 09:22 - 2017-07-07 07:11 - 000223232 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2017-08-11 09:22 - 2017-07-07 07:11 - 000172032 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2017-08-11 09:22 - 2017-07-07 07:11 - 000141312 _____ (Microsoft Corporation) C:\Windows\System32\rpchttp.dll
2017-08-11 09:22 - 2017-07-07 07:11 - 000109568 _____ (Microsoft Corporation) C:\Windows\System32\t2embed.dll
2017-08-11 09:22 - 2017-07-07 07:11 - 000099840 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2017-08-11 09:22 - 2017-07-07 07:11 - 000065536 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2017-08-11 09:22 - 2017-07-07 07:11 - 000050176 _____ (Microsoft Corporation) C:\Windows\System32\setbcdlocale.dll
2017-08-11 09:22 - 2017-07-07 07:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2017-08-11 09:22 - 2017-07-07 07:11 - 000022016 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2017-08-11 09:22 - 2017-07-07 07:10 - 001062912 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2017-08-11 09:22 - 2017-07-07 07:10 - 000690688 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2017-08-11 09:22 - 2017-07-07 07:10 - 000644096 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2017-08-11 09:22 - 2017-07-07 07:10 - 000554496 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2017-08-11 09:22 - 2017-07-07 07:10 - 000146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2017-08-11 09:22 - 2017-07-07 07:10 - 000082432 _____ (Microsoft Corporation) C:\Windows\System32\bcrypt.dll
2017-08-11 09:22 - 2017-07-07 07:10 - 000060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
2017-08-11 09:22 - 2017-07-07 07:10 - 000050688 _____ (Microsoft Corporation) C:\Windows\System32\appidapi.dll
2017-08-11 09:22 - 2017-07-07 07:10 - 000017408 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2017-08-11 09:22 - 2017-07-07 07:10 - 000006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2017-08-11 09:22 - 2017-07-07 06:52 - 000097792 _____ (Microsoft Corporation) C:\Windows\System32\appidpolicyconverter.exe
2017-08-11 09:22 - 2017-07-07 06:52 - 000050688 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
2017-08-11 09:22 - 2017-07-07 06:52 - 000029696 _____ (Microsoft Corporation) C:\Windows\System32\appidsvc.dll
2017-08-11 09:22 - 2017-07-07 06:52 - 000016896 _____ (Microsoft Corporation) C:\Windows\System32\appidcertstorecheck.exe
2017-08-11 09:22 - 2017-07-07 06:51 - 000050176 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
2017-08-11 09:22 - 2017-07-07 06:50 - 000262656 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2017-08-11 09:22 - 2017-07-07 06:48 - 000226304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2017-08-11 09:22 - 2017-07-07 06:48 - 000124416 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2017-08-11 09:22 - 2017-07-07 06:48 - 000098304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2017-08-11 09:22 - 2017-07-07 06:47 - 000069632 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2017-08-11 09:22 - 2017-07-07 06:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\System32\cryptbase.dll
2017-08-11 09:22 - 2017-07-07 06:47 - 000022016 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2017-08-11 09:22 - 2017-07-07 06:47 - 000015872 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2017-08-11 09:22 - 2017-07-01 05:05 - 001311744 _____ (Microsoft Corporation) C:\Windows\System32\msjet40.dll
2017-08-11 09:22 - 2017-07-01 05:05 - 000866816 _____ (Microsoft Corporation) C:\Windows\System32\mswdat10.dll
2017-08-11 09:22 - 2017-07-01 05:05 - 000641536 _____ (Microsoft Corporation) C:\Windows\System32\mswstr10.dll
2017-08-11 09:22 - 2017-07-01 05:05 - 000616448 _____ (Microsoft Corporation) C:\Windows\System32\msrepl40.dll
2017-08-11 09:22 - 2017-07-01 05:05 - 000475648 _____ (Microsoft Corporation) C:\Windows\System32\msxbde40.dll
2017-08-11 09:22 - 2017-07-01 05:05 - 000375808 _____ (Microsoft Corporation) C:\Windows\System32\mspbde40.dll
2017-08-11 09:22 - 2017-07-01 05:05 - 000343552 _____ (Microsoft Corporation) C:\Windows\System32\msrd3x40.dll
2017-08-11 09:22 - 2017-07-01 05:05 - 000339968 _____ (Microsoft Corporation) C:\Windows\System32\msexcl40.dll
2017-08-11 09:22 - 2017-07-01 05:05 - 000310272 _____ (Microsoft Corporation) C:\Windows\System32\msrd2x40.dll
2017-08-11 09:22 - 2017-07-01 05:05 - 000240640 _____ (Microsoft Corporation) C:\Windows\System32\msltus40.dll
2017-08-11 09:22 - 2017-07-01 05:05 - 000144896 _____ (Microsoft Corporation) C:\Windows\System32\msjint40.dll
2017-08-11 09:22 - 2017-07-01 05:05 - 000083968 _____ (Microsoft Corporation) C:\Windows\System32\msjter40.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-09 17:25 - 2017-05-10 04:44 - 002730376 _____ C:\Windows\ntbtlog.txt
2017-09-07 21:47 - 1989-04-13 06:54 - 000000000 ____D C:\مجلد جديد
2017-09-07 11:01 - 2017-03-26 23:32 - 000000000 _____ C:\hsrv.txt
2017-09-07 10:24 - 2014-12-29 07:48 - 000000000 ____D C:\Users\USER\AppData\Local\ElevatedDiagnostics
2017-09-07 09:48 - 2016-02-12 14:59 - 000000000 ____D C:\Program Files\Steam
2017-09-05 23:48 - 2010-11-20 13:01 - 000786014 _____ C:\Windows\System32\PerfStringBackup.INI
2017-09-05 23:48 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\inf
2017-09-04 18:42 - 2009-07-13 20:34 - 000021280 _____ C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-04 18:42 - 2009-07-13 20:34 - 000021280 _____ C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-04 07:56 - 2015-04-11 01:35 - 000000000 ____D C:\Users\USER\AppData\Roaming\uTorrent
2017-08-31 04:04 - 2009-07-13 18:37 - 000000000 ____D C:\Windows\System32\NDF
2017-08-28 15:14 - 2017-03-26 05:02 - 000002133 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-08-24 14:55 - 2015-04-27 23:46 - 000000000 ____D C:\ProgramData\Package Cache
2017-08-24 13:46 - 2017-02-16 13:38 - 000000000 ____D C:\Users\USER\AppData\LocalLow\Mozilla
2017-08-19 05:44 - 2016-01-30 02:08 - 000000000 ____D C:\Users\USER\Desktop\Regos mob things
2017-08-12 02:29 - 2009-07-13 20:33 - 000431784 _____ C:\Windows\System32\FNTCACHE.DAT
2017-08-12 02:11 - 2015-01-04 13:21 - 000000000 ____D C:\Windows\System32\MRT
2017-08-12 02:02 - 2015-01-04 13:21 - 137505280 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2017-08-11 09:09 - 2014-12-28 03:15 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2017-08-11 09:09 - 2014-12-28 03:15 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2017-08-11 09:09 - 2014-12-28 03:15 - 000000000 ____D C:\Windows\System32\Macromed
 
Some files in TEMP:
====================
2015-04-28 03:01 - 2016-03-23 02:00 - 000000000 ____D () C:\Users\USER\AppData\Local\Temp\avgnt.exe
2017-08-28 08:06 - 2017-08-28 08:06 - 000139672 _____ (Eclipse Foundation) C:\Users\USER\AppData\Local\Temp\swt-win32-3349.dll
2017-08-28 14:17 - 2013-11-11 07:52 - 000116712 _____ () C:\Users\USER\AppData\Local\Temp\Uninstall.exe
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2017-05-12 11:38] - [2017-04-17 07:12] - 000377344 _____ (Microsoft Corporation) 18E8C40C3C2AB0D315331677823555C0
 
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 16%
Total physical RAM: 2997.86 MB
Available physical RAM: 2518.09 MB
Total Virtual: 2994.07 MB
Available Virtual: 2535.25 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:201.17 GB) (Free:87.32 GB) NTFS
Drive e: () (Fixed) (Total:196.22 GB) (Free:52.82 GB) NTFS
Drive h: (DR KAMAL) (Removable) (Total:14.4 GB) (Free:14.4 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:68.36 GB) (Free:22.22 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 38A39E6A)
Partition 1: (Active) - (Size=68.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=397.4 GB) - (Type=OF Extended)
 
========================================================
Disk: 2 (Size: 14.4 GB) (Disk ID: 5CB64001)
Partition 1: (Active) - (Size=14.4 GB) - (Type=0C)
 
LastRegBack: 2017-08-31 05:19
 
==================== End of FRST.txt ============================


Edited by hamluis, 10 September 2017 - 05:00 AM.
Merged posts - Hamluis.


BC AdBot (Login to Remove)

 


#2 Mahmoudkamal

Mahmoudkamal
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 10 September 2017 - 12:57 PM

i am sorry but i tried everything to try to boot my pc but sadly i failed ... and trying to learn the Tutorial for Farbar Recovery Scan Tool by myself it's so hard and gonna take days i am not a programmer i am just a normal student ... so please if you don't mind can you read the Scan result of Farbar Recovery Scan Tool of my pc 
thanks



#3 polskamachina

polskamachina

  • Malware Response Team
  • 4,071 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:06 AM

Posted 11 September 2017 - 11:34 AM

Hi Mahmoudkamal,
 
My name is polskamachina and I would like to :welcome: you to the Malware Removal Forum. I will be helping you with your malware issues.

What follows below are some ground rules for this forum.
 
I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-7 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine. Running any additional tools may detect false positives, interfere with our tools, cause unforeseen damage, or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Please give me some time to review your situation and I will get back to you with further instructions.
 
Let me know if you have any questions.
 
polskamachina



#4 Mahmoudkamal

Mahmoudkamal
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 12 September 2017 - 03:44 AM

Hi polskamachina thanks for your reply and i am really happy for your respondbut ... i copied windows 7 ultimate iso from my friend's DVD and created a bootable USB i couldn't wait any longer sadly because of my study 
thanks for caring again and thx for your time bro my pc worked again and everything is fine right now 
i will try to be more careful and scan everything before downloading it on my pc 
i really like how people here helping each others :) 
keep your great work up  :thumbup2:



#5 polskamachina

polskamachina

  • Malware Response Team
  • 4,071 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:06 AM

Posted 12 September 2017 - 11:00 AM

Hi Mahmoudkamal,
 
Thank you for the compliment and also letting me know that the issue has been resolved. :thumbup2:

 

polskamachina



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,005 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:06 AM

Posted 12 September 2017 - 12:22 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users