Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Need fixlist.txt for Farbar Recovery Scan Tool, blue screen error c000021a
Message
<blockquote data-quote="sai kiran reddy" data-source="post: 449489" data-attributes="member: 45082"><p>[code]Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-11-2015</p><p>Ran by SYSTEM on MININT-TL9SR02 (10-11-2015 19:01:49)</p><p>Running from h:\</p><p>Platform: Windows 7 Ultimate (X86) Language: English (United States)</p><p>Internet Explorer Version 8</p><p>Boot Mode: Recovery</p><p>Default: ControlSet001</p><p>[b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b]</p><p></p><p>Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool[/URL]</p><p></p><p>==================== Registry (Whitelisted) ===========================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKU\boom\...\Run: [Google Update] => C:\Users\boom\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)</p><p>Startup: C:\Users\boom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2014-02-11]</p><p>ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)</p><p></p><p>==================== Services (Whitelisted) ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [206224 2015-09-22] (APN LLC.)</p><p>S2 Change Modem Device Service; C:\Windows\System32\ChgService.exe [135168 2012-03-31] ()</p><p>S2 UDisk Monitor; C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe [512000 2013-07-10] ()</p><p>S2 vToolbarUpdater18.9.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.9.0\ToolbarUpdater.exe [1862032 2015-10-07] (AVG Secure Search)</p><p>S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)</p><p>S2 WInterEn Monitor; c:\program files\winteren\12f654282edf0fc17762f8307198e3eb.exe [1828352 2015-11-01] ()</p><p></p><p>===================== Drivers (Whitelisted) ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S3 AX88772B; C:\Windows\System32\DRIVERS\ax88772b.sys [81408 2010-12-30] (ASIX Electronics Corp.)</p><p>S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [105984 2012-03-31] (QUALCOMM Incorporated)</p><p>S3 Generalusbserialser20679; C:\Windows\System32\DRIVERS\CT_U_USBSER.sys [108544 2013-07-08] (Incorporated)</p><p>S5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p></p><p>==================== One Month Created files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2015-11-10 19:01 - 2015-11-10 19:01 - 00000000 ____D C:\FRST</p><p>2015-11-07 09:37 - 2015-11-07 09:37 - 00000000 ____D C:\config</p><p>2015-11-07 09:07 - 2015-11-07 09:07 - 00000000 ____D C:\AVG SafeGuard toolbar</p><p>2015-11-07 09:01 - 2015-11-07 09:01 - 00000000 ____D C:\Users\TEMP.boom-PC.000\AppData\LocalLow\Sun</p><p>2015-11-07 08:56 - 2015-11-07 09:58 - 00002235 _____ C:\Users\TEMP.boom-PC.000\Desktop\Google Chrome.lnk</p><p>2015-11-07 08:54 - 2015-11-07 08:56 - 00000000 ____D C:\Users\TEMP.boom-PC.000\AppData\Local\Google</p><p>2015-11-07 08:54 - 2015-11-07 08:54 - 00000000 ____D C:\Users\TEMP.boom-PC.000\AppData\LocalLow\AVG SafeGuard toolbar</p><p>2015-11-07 08:54 - 2015-11-07 08:54 - 00000000 ____D C:\Users\TEMP.boom-PC.000\AppData\Local\AVG SafeGuard toolbar</p><p>2015-11-07 08:54 - 2015-11-07 08:54 - 00000000 ____D C:\users\TEMP.boom-PC.000</p><p>2015-10-31 22:57 - 2015-10-31 22:57 - 00117190 _____ C:\Users\boom\Desktop\PMRDFs Poonch.pptx</p><p>2015-10-31 19:00 - 2015-10-31 22:56 - 00117190 _____ C:\Users\boom\Downloads\PMRDFs Bandipora.pptx</p><p>2015-10-11 11:15 - 2015-10-11 11:15 - 00050090 _____ C:\Users\boom\Downloads\power_english-725622.zip</p><p></p><p>==================== One Month Modified files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2015-11-07 10:13 - 2013-12-21 03:03 - 01661477 _____ C:\Windows\WindowsUpdate.log</p><p>2015-11-07 09:58 - 2015-03-14 09:25 - 00002235 _____ C:\Users\TEMP.boom-PC\Desktop\Google Chrome.lnk</p><p>2015-11-07 09:57 - 2015-02-27 09:54 - 00002235 _____ C:\Users\boom.boom-PC\Desktop\Google Chrome.lnk</p><p>2015-11-07 09:52 - 2009-07-13 20:34 - 00010016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2015-11-07 09:52 - 2009-07-13 20:34 - 00010016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2015-11-07 09:47 - 2014-04-15 01:47 - 00069028 _____ C:\Windows\setupact.log</p><p>2015-11-07 09:07 - 2014-03-20 09:58 - 00000000 ____D C:\Windows\System32\cache</p><p>2015-11-05 10:27 - 2015-08-20 12:50 - 00000000 ____D C:\Program Files\Opera</p><p>2015-11-02 06:04 - 2014-04-15 01:47 - 00002044 _____ C:\Windows\PFRO.log</p><p>2015-11-01 05:40 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF</p><p></p><p>Some files in TEMP:</p><p>====================</p><p>C:\Users\boom\AppData\Local\Temp\GUR6D04.exe</p><p>C:\Users\boom\AppData\Local\Temp\InstallRes.exe</p><p>C:\Users\boom\AppData\Local\Temp\Modem_installation.exe</p><p>C:\Users\TEMP\AppData\Local\Temp\{4F431DEF-10ED-4451-9A8E-104DAE928443}-GoogleUpdateSetup.exe</p><p></p><p></p><p>==================== Known DLLs (Whitelisted) =========================</p><p></p><p></p><p>==================== Bamital & volsnap =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\wininit.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\rpcss.dll => MD5 is legit</p><p>C:\Windows\System32\dnsapi.dll => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p>==================== EXE Association (Whitelisted) =============</p><p></p><p></p><p></p><p>HKLM\...\.exe: => <===== ATTENTION</p><p>HKLM\...\exefile\DefaultIcon: <===== ATTENTION</p><p>HKLM\...\exefile\open\command: <===== ATTENTION</p><p></p><p>==================== Restore Points =========================</p><p></p><p>Restore point date: 2015-10-31 10:32</p><p></p><p>==================== Memory info =========================== </p><p></p><p>Percentage of memory in use: 14%</p><p>Total physical RAM: 3068.96 MB</p><p>Available physical RAM: 2617.23 MB</p><p>Total Virtual: 3067.23 MB</p><p>Available Virtual: 2630.24 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: () (Fixed) (Total:38.96 GB) (Free:5.91 GB) NTFS</p><p>Drive e: () (Fixed) (Total:97.66 GB) (Free:39.13 GB) NTFS</p><p>Drive f: () (Fixed) (Total:161.37 GB) (Free:22.91 GB) NTFS</p><p>Drive h: (HP v220w) (Removable) (Total:14.98 GB) (Free:13.67 GB) FAT32</p><p>Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS</p><p>Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: D8B90DDA)</p><p>Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)</p><p>Partition 2: (Not Active) - (Size=39 GB) - (Type=07 NTFS)</p><p>Partition 3: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)</p><p>Partition 4: (Not Active) - (Size=161.4 GB) - (Type=07 NTFS)</p><p></p><p>========================================================</p><p>Disk: 1 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)</p><p>Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)</p><p></p><p></p><p>LastRegBack: 2015-10-31 10:27</p><p></p><p>==================== End of FRST.txt ============================[/code]</p></blockquote><p></p>
[QUOTE="sai kiran reddy, post: 449489, member: 45082"] [code]Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-11-2015 Ran by SYSTEM on MININT-TL9SR02 (10-11-2015 19:01:49) Running from h:\ Platform: Windows 7 Ultimate (X86) Language: English (United States) Internet Explorer Version 8 Boot Mode: Recovery Default: ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool[/URL] ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKU\boom\...\Run: [Google Update] => C:\Users\boom\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.) Startup: C:\Users\boom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2014-02-11] ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [206224 2015-09-22] (APN LLC.) S2 Change Modem Device Service; C:\Windows\System32\ChgService.exe [135168 2012-03-31] () S2 UDisk Monitor; C:\Program Files\MBlaze UI\bin\MonServiceUDisk.exe [512000 2013-07-10] () S2 vToolbarUpdater18.9.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.9.0\ToolbarUpdater.exe [1862032 2015-10-07] (AVG Secure Search) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation) S2 WInterEn Monitor; c:\program files\winteren\12f654282edf0fc17762f8307198e3eb.exe [1828352 2015-11-01] () ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AX88772B; C:\Windows\System32\DRIVERS\ax88772b.sys [81408 2010-12-30] (ASIX Electronics Corp.) S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [105984 2012-03-31] (QUALCOMM Incorporated) S3 Generalusbserialser20679; C:\Windows\System32\DRIVERS\CT_U_USBSER.sys [108544 2013-07-08] (Incorporated) S5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-10 19:01 - 2015-11-10 19:01 - 00000000 ____D C:\FRST 2015-11-07 09:37 - 2015-11-07 09:37 - 00000000 ____D C:\config 2015-11-07 09:07 - 2015-11-07 09:07 - 00000000 ____D C:\AVG SafeGuard toolbar 2015-11-07 09:01 - 2015-11-07 09:01 - 00000000 ____D C:\Users\TEMP.boom-PC.000\AppData\LocalLow\Sun 2015-11-07 08:56 - 2015-11-07 09:58 - 00002235 _____ C:\Users\TEMP.boom-PC.000\Desktop\Google Chrome.lnk 2015-11-07 08:54 - 2015-11-07 08:56 - 00000000 ____D C:\Users\TEMP.boom-PC.000\AppData\Local\Google 2015-11-07 08:54 - 2015-11-07 08:54 - 00000000 ____D C:\Users\TEMP.boom-PC.000\AppData\LocalLow\AVG SafeGuard toolbar 2015-11-07 08:54 - 2015-11-07 08:54 - 00000000 ____D C:\Users\TEMP.boom-PC.000\AppData\Local\AVG SafeGuard toolbar 2015-11-07 08:54 - 2015-11-07 08:54 - 00000000 ____D C:\users\TEMP.boom-PC.000 2015-10-31 22:57 - 2015-10-31 22:57 - 00117190 _____ C:\Users\boom\Desktop\PMRDFs Poonch.pptx 2015-10-31 19:00 - 2015-10-31 22:56 - 00117190 _____ C:\Users\boom\Downloads\PMRDFs Bandipora.pptx 2015-10-11 11:15 - 2015-10-11 11:15 - 00050090 _____ C:\Users\boom\Downloads\power_english-725622.zip ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-07 10:13 - 2013-12-21 03:03 - 01661477 _____ C:\Windows\WindowsUpdate.log 2015-11-07 09:58 - 2015-03-14 09:25 - 00002235 _____ C:\Users\TEMP.boom-PC\Desktop\Google Chrome.lnk 2015-11-07 09:57 - 2015-02-27 09:54 - 00002235 _____ C:\Users\boom.boom-PC\Desktop\Google Chrome.lnk 2015-11-07 09:52 - 2009-07-13 20:34 - 00010016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-11-07 09:52 - 2009-07-13 20:34 - 00010016 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-11-07 09:47 - 2014-04-15 01:47 - 00069028 _____ C:\Windows\setupact.log 2015-11-07 09:07 - 2014-03-20 09:58 - 00000000 ____D C:\Windows\System32\cache 2015-11-05 10:27 - 2015-08-20 12:50 - 00000000 ____D C:\Program Files\Opera 2015-11-02 06:04 - 2014-04-15 01:47 - 00002044 _____ C:\Windows\PFRO.log 2015-11-01 05:40 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF Some files in TEMP: ==================== C:\Users\boom\AppData\Local\Temp\GUR6D04.exe C:\Users\boom\AppData\Local\Temp\InstallRes.exe C:\Users\boom\AppData\Local\Temp\Modem_installation.exe C:\Users\TEMP\AppData\Local\Temp\{4F431DEF-10ED-4451-9A8E-104DAE928443}-GoogleUpdateSetup.exe ==================== Known DLLs (Whitelisted) ========================= ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\dnsapi.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE Association (Whitelisted) ============= HKLM\...\.exe: => <===== ATTENTION HKLM\...\exefile\DefaultIcon: <===== ATTENTION HKLM\...\exefile\open\command: <===== ATTENTION ==================== Restore Points ========================= Restore point date: 2015-10-31 10:32 ==================== Memory info =========================== Percentage of memory in use: 14% Total physical RAM: 3068.96 MB Available physical RAM: 2617.23 MB Total Virtual: 3067.23 MB Available Virtual: 2630.24 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:38.96 GB) (Free:5.91 GB) NTFS Drive e: () (Fixed) (Total:97.66 GB) (Free:39.13 GB) NTFS Drive f: () (Fixed) (Total:161.37 GB) (Free:22.91 GB) NTFS Drive h: (HP v220w) (Removable) (Total:14.98 GB) (Free:13.67 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: D8B90DDA) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=39 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=161.4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18) Partition 1: (Not Active) - (Size=15 GB) - (Type=0C) LastRegBack: 2015-10-31 10:27 ==================== End of FRST.txt ============================[/code] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
