Hello I have a same problem but on virtual windows 7. It cannot boot, and there is no way to fix it with windows repair.
This is a FRST.txt which i got. Can any one make me fixlist from this?
Thanks in advance.
This is a FRST.txt which i got. Can any one make me fixlist from this?
Thanks in advance.
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017 01
Ran by SYSTEM on MININT-S6VRG12 (24-02-2017 11:49:12)
Running from C:\
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
[b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b]
Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/URL]
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-05-31] (Microsoft Corporation)
S2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-19] (Malwarebytes)
S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [191064 2012-02-10] (Microsoft Corporation)
S2 NMSAccess; C:\Windows\SysWOW64\NMSAccessU.exe [71096 2009-01-11] ()
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-10] (Microsoft Corporation)
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 WISSync; C:\WISApp\WISSvc.exe [7168 2015-05-13] ()
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)
S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [X]
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [X]
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [X]
S4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [X]
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X]
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X]
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X]
S2 NoIPDUCService4; C:\ha\remote\remote\ducservice.exe [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-19] ()
S1 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176584 2017-02-13] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [110536 2017-02-19] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-02-19] (Malwarebytes)
S0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-19] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-02-23] (Malwarebytes)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-10] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-24 11:44 - 2017-02-24 11:44 - 00000856 _____ C:\Fixlog.txt
2017-02-24 09:30 - 2017-02-24 11:49 - 00000000 ____D C:\FRST
2017-02-24 09:30 - 2017-02-24 11:49 - 00000000 _____ C:\FRST.txt
2017-02-24 00:00 - 2017-02-23 23:59 - 02423296 _____ (Farbar) C:\FRST64.exe
2017-02-23 05:19 - 2017-02-23 05:19 - 00000020 ___SH C:\Users\backup.WIS-PC\ntuser.ini
2017-02-23 05:19 - 2017-02-23 05:19 - 00000000 _SHDL C:\Users\backup.WIS-PC\My Documents
2017-02-23 05:19 - 2017-02-23 05:19 - 00000000 _SHDL C:\Users\backup.WIS-PC\Documents\My Videos
2017-02-23 05:19 - 2017-02-23 05:19 - 00000000 _SHDL C:\Users\backup.WIS-PC\Documents\My Pictures
2017-02-23 05:19 - 2017-02-23 05:19 - 00000000 _SHDL C:\Users\backup.WIS-PC\Documents\My Music
2017-02-23 05:19 - 2017-02-23 05:19 - 00000000 ____D C:\Users\backup.WIS-PC\AppData\Roaming\Adobe
2017-02-23 05:19 - 2017-02-23 05:19 - 00000000 ____D C:\Users\backup.WIS-PC\AppData\Local\VirtualStore
2017-02-23 05:19 - 2017-02-23 05:19 - 00000000 ____D C:\users\backup.WIS-PC
2017-02-23 05:19 - 2010-11-20 23:16 - 00000000 ____D C:\Users\backup.WIS-PC\AppData\Roaming\Media Center Programs
2017-02-23 05:13 - 2016-08-24 01:34 - 00036864 _____ C:\Users\WIS\AppData\Roaming\AdobeART.exe
2017-02-23 04:35 - 2017-02-23 04:35 - 00000000 ____D C:\Users\Administrator.WIS-PC\AppData\Local\2BrightSparks
2017-02-23 00:31 - 2017-02-23 00:47 - 00000000 ____D C:\ne diraj
2017-02-20 10:03 - 2017-02-20 10:03 - 00000000 ____D C:\Users\WIS\AppData\Local\Vitalwerks
2017-02-13 00:27 - 2017-02-13 00:27 - 00176584 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMChameleon.sys
2017-02-13 00:26 - 2017-02-23 05:05 - 00081696 _____ (Malwarebytes) C:\Windows\System32\Drivers\mwac.sys
2017-02-13 00:26 - 2017-02-19 23:04 - 00110536 _____ (Malwarebytes) C:\Windows\System32\Drivers\farflt.sys
2017-02-13 00:26 - 2017-02-19 23:04 - 00043968 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2017-02-13 00:10 - 2017-02-19 23:04 - 00251848 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2017-02-13 00:10 - 2017-02-13 00:10 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-13 00:10 - 2017-02-13 00:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-13 00:10 - 2017-02-13 00:10 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-13 00:10 - 2017-01-19 22:47 - 00077416 _____ C:\Windows\System32\Drivers\mbae64.sys
2017-02-13 00:08 - 2017-02-13 00:07 - 55566792 _____ (Malwarebytes ) C:\Users\Administrator.WIS-PC\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-13 00:03 - 2017-02-13 00:03 - 00245568 _____ C:\Users\Administrator.WIS-PC\Downloads\Firefox Setup Stub 51.0.1.exe
2017-02-09 23:48 - 2017-02-09 23:48 - 00000880 _____ C:\Users\WIS\Desktop\_Sava_OC - Shortcut.lnk
2017-02-09 23:48 - 2017-02-09 23:48 - 00000000 ____D C:\ProgramData\Oracle
2017-02-09 23:47 - 2017-02-09 23:47 - 00000000 ____D C:\Users\WIS\Desktop\sava_ffws
2017-02-09 07:26 - 2017-02-09 07:26 - 00000000 ____D C:\ProgramData\Vitalwerks
2017-02-09 07:22 - 2017-02-09 07:22 - 00058016 _____ C:\Users\backup\AppData\Local\GDIPFONTCACHEV1.DAT
2017-02-09 07:22 - 2017-02-09 07:22 - 00000000 ____D C:\Users\backup\AppData\Local\Vitalwerks
2017-02-09 07:14 - 2017-02-09 07:14 - 00000000 ____D C:\Users\backup\AppData\Local\TeamViewer
2017-02-09 07:12 - 2017-02-09 07:12 - 00000020 ___SH C:\Users\backup\ntuser.ini
2017-02-09 07:12 - 2017-02-09 07:12 - 00000000 _SHDL C:\Users\backup\My Documents
2017-02-09 07:12 - 2017-02-09 07:12 - 00000000 _SHDL C:\Users\backup\Documents\My Videos
2017-02-09 07:12 - 2017-02-09 07:12 - 00000000 _SHDL C:\Users\backup\Documents\My Pictures
2017-02-09 07:12 - 2017-02-09 07:12 - 00000000 _SHDL C:\Users\backup\Documents\My Music
2017-02-09 07:12 - 2017-02-09 07:12 - 00000000 ____H C:\Users\backup\Documents\Default.rdp
2017-02-09 07:12 - 2017-02-09 07:12 - 00000000 ____D C:\Users\backup\AppData\Roaming\Adobe
2017-02-09 07:12 - 2017-02-09 07:12 - 00000000 ____D C:\Users\backup\AppData\Local\VirtualStore
2017-02-09 07:12 - 2017-02-09 07:12 - 00000000 ____D C:\users\backup
2017-02-09 07:12 - 2010-11-20 23:16 - 00000000 ____D C:\Users\backup\AppData\Roaming\Media Center Programs
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-24 11:44 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2017-02-23 12:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\inetsrv
2017-02-23 05:26 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2017-02-23 05:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2017-02-23 05:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2017-02-23 05:21 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2017-02-23 05:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Registration
2017-02-23 05:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PLA
2017-02-23 05:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2017-02-23 05:19 - 2009-07-13 20:45 - 00022208 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-23 05:19 - 2009-07-13 20:45 - 00022208 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-22 07:50 - 2015-08-11 23:42 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-02-19 23:07 - 2009-07-13 21:13 - 00991984 _____ C:\Windows\System32\PerfStringBackup.INI
2017-02-19 23:01 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-12 23:12 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
==================== Known DLLs (Whitelisted) =========================
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2016-10-12 00:29] - [2016-08-29 07:04] - 3229696 ____A (Microsoft Corporation) 38AE1B3C38FAEF56FE4907922F0385BA
C:\Windows\SysWOW64\explorer.exe
[2016-10-12 00:29] - [2016-08-29 06:55] - 2972672 ____A (Microsoft Corporation) 6DDCA324434FFA506CF7DC4E51DB7935
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2016-12-13 14:13] - [2016-11-10 08:32] - 1009152 ____A (Microsoft Corporation) 34BA256FBF83457F9D5E51A56DB54542
C:\Windows\SysWOW64\User32.dll
[2016-12-13 14:13] - [2016-11-10 08:19] - 0833024 ____A (Microsoft Corporation) 3CB074875AC88A7C1010A2A7F9881A8C
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Association (Whitelisted) =============
==================== Restore Points =========================
Restore point date: 2017-01-16 03:02
Restore point date: 2017-01-17 12:54
Restore point date: 2017-01-24 04:47
Restore point date: 2017-01-24 17:03
Restore point date: 2017-01-27 10:55
Restore point date: 2017-01-28 21:03
Restore point date: 2017-01-29 19:03
Restore point date: 2017-02-02 21:03
Restore point date: 2017-02-07 10:12
Restore point date: 2017-02-14 14:39
Restore point date: 2017-02-14 15:01
Restore point date: 2017-02-21 05:40
Restore point date: 2017-02-24 07:41
==================== BCD ================================
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=Y:
path \bootmgr
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {default}
resumeobject {aa5aad3a-7f03-11e4-835d-c58457326f39}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30
Windows Boot Loader
-------------------
identifier {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {current}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {aa5aad3a-7f03-11e4-835d-c58457326f39}
nx OptIn
Windows Boot Loader
-------------------
identifier {current}
device ramdisk=[C:]\Recovery\aa5aad3c-7f03-11e4-835d-c58457326f39\Winre.wim,{aa5aad3d-7f03-11e4-835d-c58457326f39}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\aa5aad3c-7f03-11e4-835d-c58457326f39\Winre.wim,{aa5aad3d-7f03-11e4-835d-c58457326f39}
systemroot \windows
nx OptIn
winpe Yes
Resume from Hibernate
---------------------
identifier {aa5aad3a-7f03-11e4-835d-c58457326f39}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {memdiag}
device partition=Y:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes
EMS Settings
------------
identifier {emssettings}
bootems Yes
Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM Defects
-----------
identifier {badmemory}
Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}
Device options
--------------
identifier {aa5aad3d-7f03-11e4-835d-c58457326f39}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\aa5aad3c-7f03-11e4-835d-c58457326f39\boot.sdi
==================== Memory info ===========================
Percentage of memory in use: 10%
Total physical RAM: 8191.55 MB
Available physical RAM: 7340.29 MB
Total Virtual: 8189.75 MB
Available Virtual: 7318.38 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:159.9 GB) (Free:97.48 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.02 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 160 GB) (Disk ID: E3C085C4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=159.9 GB) - (Type=07 NTFS)
LastRegBack: 2017-02-21 15:09
==================== End of FRST.txt ============================
Last edited by a moderator: