Need fixlist.txt for Farbar Recovery Scan Tool, blue screen error c000021a

sai kiran reddy

New Member
Thread author
Nov 10, 2015
5
Im struggling to solve this error, it would be great help if you could post a valid fixlist.txt. very Desperate because i have not backed up my data
 

sai kiran reddy

New Member
Thread author
Nov 10, 2015
5
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-11-2015
Ran by SYSTEM on MININT-TL9SR02 (10-11-2015 19:01:49)
Running from h:\
Platform: Windows 7 Ultimate (X86) Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery
Default: ControlSet001
[b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b]

Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool[/URL]

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\boom\...\Run: [Google Update] => C:\Users\boom\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
Startup: C:\Users\boom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2014-02-11]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [206224 2015-09-22] (APN LLC.)
S2 Change Modem Device Service; C:\Windows\System32\ChgService.exe [135168 2012-03-31] ()
S2 UDisk Monitor; C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe [512000 2013-07-10] ()
S2 vToolbarUpdater18.9.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.9.0\ToolbarUpdater.exe [1862032 2015-10-07] (AVG Secure Search)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
S2 WInterEn Monitor; c:\program files\winteren\12f654282edf0fc17762f8307198e3eb.exe [1828352 2015-11-01] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772B; C:\Windows\System32\DRIVERS\ax88772b.sys [81408 2010-12-30] (ASIX Electronics Corp.)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [105984 2012-03-31] (QUALCOMM Incorporated)
S3 Generalusbserialser20679; C:\Windows\System32\DRIVERS\CT_U_USBSER.sys [108544 2013-07-08] (Incorporated)
S5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-10 19:01 - 2015-11-10 19:01 - 00000000 ____D C:\FRST
2015-11-07 09:37 - 2015-11-07 09:37 - 00000000 ____D C:\config
2015-11-07 09:07 - 2015-11-07 09:07 - 00000000 ____D C:\AVG SafeGuard toolbar
2015-11-07 09:01 - 2015-11-07 09:01 - 00000000 ____D C:\Users\TEMP.boom-PC.000\AppData\LocalLow\Sun
2015-11-07 08:56 - 2015-11-07 09:58 - 00002235 _____ C:\Users\TEMP.boom-PC.000\Desktop\Google Chrome.lnk
2015-11-07 08:54 - 2015-11-07 08:56 - 00000000 ____D C:\Users\TEMP.boom-PC.000\AppData\Local\Google
2015-11-07 08:54 - 2015-11-07 08:54 - 00000000 ____D C:\Users\TEMP.boom-PC.000\AppData\LocalLow\AVG SafeGuard toolbar
2015-11-07 08:54 - 2015-11-07 08:54 - 00000000 ____D C:\Users\TEMP.boom-PC.000\AppData\Local\AVG SafeGuard toolbar
2015-11-07 08:54 - 2015-11-07 08:54 - 00000000 ____D C:\users\TEMP.boom-PC.000
2015-10-31 22:57 - 2015-10-31 22:57 - 00117190 _____ C:\Users\boom\Desktop\PMRDFs Poonch.pptx
2015-10-31 19:00 - 2015-10-31 22:56 - 00117190 _____ C:\Users\boom\Downloads\PMRDFs Bandipora.pptx
2015-10-11 11:15 - 2015-10-11 11:15 - 00050090 _____ C:\Users\boom\Downloads\power_english-725622.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-07 10:13 - 2013-12-21 03:03 - 01661477 _____ C:\Windows\WindowsUpdate.log
2015-11-07 09:58 - 2015-03-14 09:25 - 00002235 _____ C:\Users\TEMP.boom-PC\Desktop\Google Chrome.lnk
2015-11-07 09:57 - 2015-02-27 09:54 - 00002235 _____ C:\Users\boom.boom-PC\Desktop\Google Chrome.lnk
2015-11-07 09:52 - 2009-07-13 20:34 - 00010016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-07 09:52 - 2009-07-13 20:34 - 00010016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-07 09:47 - 2014-04-15 01:47 - 00069028 _____ C:\Windows\setupact.log
2015-11-07 09:07 - 2014-03-20 09:58 - 00000000 ____D C:\Windows\System32\cache
2015-11-05 10:27 - 2015-08-20 12:50 - 00000000 ____D C:\Program Files\Opera
2015-11-02 06:04 - 2014-04-15 01:47 - 00002044 _____ C:\Windows\PFRO.log
2015-11-01 05:40 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF

Some files in TEMP:
====================
C:\Users\boom\AppData\Local\Temp\GUR6D04.exe
C:\Users\boom\AppData\Local\Temp\InstallRes.exe
C:\Users\boom\AppData\Local\Temp\Modem_installation.exe
C:\Users\TEMP\AppData\Local\Temp\{4F431DEF-10ED-4451-9A8E-104DAE928443}-GoogleUpdateSetup.exe


==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE Association (Whitelisted) =============



HKLM\...\.exe:  =>  <===== ATTENTION
HKLM\...\exefile\DefaultIcon:  <===== ATTENTION
HKLM\...\exefile\open\command:  <===== ATTENTION

==================== Restore Points  =========================

Restore point date: 2015-10-31 10:32

==================== Memory info =========================== 

Percentage of memory in use: 14%
Total physical RAM: 3068.96 MB
Available physical RAM: 2617.23 MB
Total Virtual: 3067.23 MB
Available Virtual: 2630.24 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:38.96 GB) (Free:5.91 GB) NTFS
Drive e: () (Fixed) (Total:97.66 GB) (Free:39.13 GB) NTFS
Drive f: () (Fixed) (Total:161.37 GB) (Free:22.91 GB) NTFS
Drive h: (HP v220w) (Removable) (Total:14.98 GB) (Free:13.67 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: D8B90DDA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=39 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=161.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)


LastRegBack: 2015-10-31 10:27

==================== End of FRST.txt ============================
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hello,


Download attached fixlist.txt and save it to your USB flashdrive as fixlist.txt

>> Boot into Recovery Environment


Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your USB flashdrive.


>> Exit out of Recovery Environment and post me the log please.



Try to boot Windows normally...
 

Attachments

  • fixlist.txt
    703 bytes · Views: 7

sai kiran reddy

New Member
Thread author
Nov 10, 2015
5
Thank you, here is the fixlog.txt content. still not able to boot and error repeats. also find below frst scan after applying fix.
Code:
Fix result of Farbar Recovery Scan Tool (x86) Version:07-11-2015
Ran by SYSTEM (2015-11-12 14:01:32) Run:1
Running from H:\
Boot Mode: Recovery

==============================================

fixlist content:
*****************
createrestorepoint:
closeprocesses:
emptytemp:
S2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [206224 2015-09-22] (APN LLC.)
C:\Program Files\AskPartnerNetwork
S2 WInterEn Monitor; c:\program files\winteren\12f654282edf0fc17762f8307198e3eb.exe [1828352 2015-11-01] ()
c:\program files\winteren
C:\Users\boom\AppData\Local\Temp\GUR6D04.exe
C:\Users\boom\AppData\Local\Temp\InstallRes.exe
C:\Users\boom\AppData\Local\Temp\Modem_installation.exe
C:\Users\TEMP\AppData\Local\Temp\{4F431DEF-10ED-4451-9A8E-104DAE928443}-GoogleUpdateSetup.exe
HKLM\...\.exe:  =>  <===== ATTENTION
HKLM\...\exefile\DefaultIcon:  <===== ATTENTION
HKLM\...\exefile\open\command:  <===== ATTENTION

*****************

Error: Restore point can only be created in normal mode.
closeprocesses: => Error: This directive works only outside recovery mode.
emptytemp: => Error: This directive works only outside recovery mode.
APNMCP => service removed successfully.
C:\Program Files\AskPartnerNetwork => moved successfully
WInterEn Monitor => service removed successfully.
c:\program files\winteren => moved successfully
C:\Users\boom\AppData\Local\Temp\GUR6D04.exe => moved successfully
C:\Users\boom\AppData\Local\Temp\InstallRes.exe => moved successfully
C:\Users\boom\AppData\Local\Temp\Modem_installation.exe => moved successfully
C:\Users\TEMP\AppData\Local\Temp\{4F431DEF-10ED-4451-9A8E-104DAE928443}-GoogleUpdateSetup.exe => moved successfully
HKLM\Software\Classes\.exe\\Default => value restored successfully
HKLM\Software\Classes\exefile\DefaultIcon\\Default => value restored successfully
HKLM\Software\Classes\exefile\shell\open\command\\Default => value restored successfully

==== End of Fixlog 14:01:33 ==


FRST scan after applying fix
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-11-2015
Ran by SYSTEM on MININT-8ET3HSI (12-11-2015 14:09:31)
Running from H:\
Platform: Windows 7 Ultimate (X86) Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery
Default: ControlSet001
[b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b]

Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool[/URL]

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\boom\...\Run: [Google Update] => C:\Users\boom\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
Startup: C:\Users\boom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2014-02-11]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Change Modem Device Service; C:\Windows\System32\ChgService.exe [135168 2012-03-31] ()
S2 UDisk Monitor; C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe [512000 2013-07-10] ()
S2 vToolbarUpdater18.9.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.9.0\ToolbarUpdater.exe [1862032 2015-10-07] (AVG Secure Search)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772B; C:\Windows\System32\DRIVERS\ax88772b.sys [81408 2010-12-30] (ASIX Electronics Corp.)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [105984 2012-03-31] (QUALCOMM Incorporated)
S3 Generalusbserialser20679; C:\Windows\System32\DRIVERS\CT_U_USBSER.sys [108544 2013-07-08] (Incorporated)
S5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-10 19:01 - 2015-11-12 14:09 - 00000000 ____D C:\FRST
2015-11-07 09:37 - 2015-11-07 09:37 - 00000000 ____D C:\config
2015-11-07 09:07 - 2015-11-07 09:07 - 00000000 ____D C:\AVG SafeGuard toolbar
2015-11-07 09:01 - 2015-11-07 09:01 - 00000000 ____D C:\Users\TEMP.boom-PC.000\AppData\LocalLow\Sun
2015-11-07 08:56 - 2015-11-07 09:58 - 00002235 _____ C:\Users\TEMP.boom-PC.000\Desktop\Google Chrome.lnk
2015-11-07 08:54 - 2015-11-07 08:56 - 00000000 ____D C:\Users\TEMP.boom-PC.000\AppData\Local\Google
2015-11-07 08:54 - 2015-11-07 08:54 - 00000000 ____D C:\Users\TEMP.boom-PC.000\AppData\LocalLow\AVG SafeGuard toolbar
2015-11-07 08:54 - 2015-11-07 08:54 - 00000000 ____D C:\Users\TEMP.boom-PC.000\AppData\Local\AVG SafeGuard toolbar
2015-11-07 08:54 - 2015-11-07 08:54 - 00000000 ____D C:\users\TEMP.boom-PC.000
2015-10-31 22:57 - 2015-10-31 22:57 - 00117190 _____ C:\Users\boom\Desktop\PMRDFs Poonch.pptx
2015-10-31 19:00 - 2015-10-31 22:56 - 00117190 _____ C:\Users\boom\Downloads\PMRDFs Bandipora.pptx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-07 10:13 - 2013-12-21 03:03 - 01661477 _____ C:\Windows\WindowsUpdate.log
2015-11-07 09:58 - 2015-03-14 09:25 - 00002235 _____ C:\Users\TEMP.boom-PC\Desktop\Google Chrome.lnk
2015-11-07 09:57 - 2015-02-27 09:54 - 00002235 _____ C:\Users\boom.boom-PC\Desktop\Google Chrome.lnk
2015-11-07 09:52 - 2009-07-13 20:34 - 00010016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-07 09:52 - 2009-07-13 20:34 - 00010016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-07 09:47 - 2014-04-15 01:47 - 00069028 _____ C:\Windows\setupact.log
2015-11-07 09:07 - 2014-03-20 09:58 - 00000000 ____D C:\Windows\System32\cache
2015-11-05 10:27 - 2015-08-20 12:50 - 00000000 ____D C:\Program Files\Opera
2015-11-02 06:04 - 2014-04-15 01:47 - 00002044 _____ C:\Windows\PFRO.log
2015-11-01 05:40 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE Association (Whitelisted) =============


==================== Restore Points  =========================

Restore point date: 2015-10-31 10:32

==================== Memory info =========================== 

Percentage of memory in use: 15%
Total physical RAM: 3068.96 MB
Available physical RAM: 2606.29 MB
Total Virtual: 3067.23 MB
Available Virtual: 2612.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:38.96 GB) (Free:5.91 GB) NTFS
Drive e: () (Fixed) (Total:97.66 GB) (Free:39.13 GB) NTFS
Drive f: () (Fixed) (Total:161.37 GB) (Free:22.91 GB) NTFS
Drive h: (HP v220w) (Removable) (Total:14.98 GB) (Free:13.69 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: D8B90DDA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=39 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=161.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)


LastRegBack: 2015-10-31 10:27

==================== End of FRST.txt ============================
 
Last edited by a moderator:

sai kiran reddy

New Member
Thread author
Nov 10, 2015
5
Thank you for your reply again. executed the chkdsk C: /R command.
The following is the result.(saved it in notepad and copied in clean PC). however I m not able to boot into normal mode, the blue screen error persists.
X:\windows\system32>notepad

X:\windows\system32>chkdsk C: /R
The type of the file system is NTFS.
Volume label is System Reserved.

CHKDSK is verifying files (stage 1 of 5)...
256 file records processed.
File verification completed.
0 large file records processed.
0 bad file records processed.
0 EA records processed.
0 reparse records processed.
CHKDSK is verifying indexes (stage 2 of 5)...
332 index entries processed.
Index verification completed.
0 unindexed files scanned.
0 unindexed files recovered.
CHKDSK is verifying security descriptors (stage 3 of 5)...
256 file SDs/SIDs processed.
Security descriptor verification completed.
39 data files processed.
CHKDSK is verifying Usn Journal...
560216 USN bytes processed.
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
240 files processed.
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
19120 free clusters processed.
Free space verification is complete.
Windows has checked the file system and found no problems.

102399 KB total disk space.
22400 KB in 54 files.
28 KB in 40 indexes.
0 KB in bad sectors.
3491 KB in use by the system.
2048 KB occupied by the log file.
76480 KB available on disk.

4096 bytes in each allocation unit.
25599 total allocation units on disk.
19120 allocation units available on disk.
Failed to transfer logged messages to the event log with status 50.

X:\windows\system32>
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top