Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

W7 x64 boot failure C0000135 "%hs is missing".


  • Please log in to reply

#46
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts

In RE, the CurrentControlSet key is not suppose to be available. Lets remove it and see what happens.

 

Download the attached file Attached File  fixlist.txt   111bytes   87 downloads and save it in the same directory FRST64 is saved in the USB drive.

  • Start FRST64.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from (USB drive).

Please copy and paste its contents in your next reply.


  • 0

Advertisements


#47
senselocke

senselocke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

 

Fix result of Farbar Recovery Scan Tool (x64) Version:31-08-2015

Ran by SYSTEM (2015-09-05 13:25:30) Run:13
Running from F:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
Reg: Reg delete HKLM\SYSTEM\CurrentControlSet /f
Reg: Reg query HKLM\SYSTEM
Reg: Reg query HKLM\SYSTEM\Select
*****************
 
 
========= Reg delete HKLM\SYSTEM\CurrentControlSet /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= Reg query HKLM\SYSTEM =========
 
 
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001
HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices
HKEY_LOCAL_MACHINE\SYSTEM\RNG
HKEY_LOCAL_MACHINE\SYSTEM\Select
HKEY_LOCAL_MACHINE\SYSTEM\Setup
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
 
 
========= End of Reg: =========
 
 
========= Reg query HKLM\SYSTEM\Select =========
 
 
HKEY_LOCAL_MACHINE\System\Select
    Current    REG_DWORD    0x1
    Default    REG_DWORD    0x1
    Failed    REG_DWORD    0x0
    LastKnownGood    REG_DWORD    0x2
 
 
 
========= End of Reg: =========
 
 
==== End of Fixlog 13:25:31 ====

  • 0

#48
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts

Perhaps is a virtual key produced by FRST. Will check with the developer.

 

Which is the brand of the computer?

 

Download the attached file Attached File  fixlist.txt   40bytes   79 downloads downloads and save it in the same directory FRST64 is saved in the USB drive.

  • Start FRST64.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from (USB drive).

Please copy and paste its contents in your next reply.


  • 0

#49
senselocke

senselocke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

There isn't a brand, I built it.

 

Components:

  • GIGABYTE GA-78LMT-USB3 Rev 5.0 mobo
  • AMD FX-6300 CPU
  • GIGABYTE GV-N750OC-(GeForce 750) 2GB GPU
  • 2x4GB Kingston DDR3 RAM

Only component that failed was the OCZ Vertex Plus 120GB SSD, which is still under warranty (fat load of good that'll do for my data).

Anyway, used the fixlist and here is the resulting log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:31-08-2015

Ran by SYSTEM (2015-09-05 15:29:50) Run:14
Running from F:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
Reg: Reg query HKLM\SYSTEM\ControlSet001
*****************
 
 
========= Reg query HKLM\SYSTEM\ControlSet001 =========
 
 
HKEY_LOCAL_MACHINE\System\ControlSet001\Control
HKEY_LOCAL_MACHINE\System\ControlSet001\Enum
HKEY_LOCAL_MACHINE\System\ControlSet001\Hardware Profiles
HKEY_LOCAL_MACHINE\System\ControlSet001\Policies
HKEY_LOCAL_MACHINE\System\ControlSet001\services
 
 
========= End of Reg: =========
 
 
==== End of Fixlog 15:29:50 ====

  • 0

#50
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts

That reads correct.

 

There is no tool that we can use to identify the exact problem. There are millions of entries, and maybe just one is causing the problem. The error message you are receiving seems to indicate that the System hive of the registry is corrupted however, there are no working backup to correct the issue.

 

I would recommend a full backup of your data and a Windows Repair Install. It will be like performing an upgrade, instead of performing a clean install of Windows. Many sites provide the instructions to do so.

 

I hate to lose one, but there are limitations.


  • 0

#51
senselocke

senselocke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

i have a full .vhd backup of the data as well as the Acronis backup.

 

I guess my only concern now is how do I go about getting my EFS certificates off of this drive? I tried using the "cipher /x" or "cipher.exe /x" command, from the command prompt, and the response I got was "the system cannot find the file specified". Since I can log into my account credentials in the Recovery Environment, I should think I could run Cipher from there to export/generate an EFS certificate file. I'd still have to reinstall/retweak everything, but at least I wouldn't lose all the encrypted data from my job.

Would doing a Repair install wipe out my EFS certificates, or would those remain intact?

Regardless of the answers to the above question, this was several days worth of work on your part, and I really appreciate all of it. Even though we couldn't fix it, I really want to thank you for trying to work through it with me. It feels a heck of a lot better than just giving up on it would have. Thank you.

 

EDIT: Seems I need to ask one more question of you. I cannot do an upgrade or repair install--my DVD insists I have to initiate from within windows. Since I can't boot into WIndows, I can't do anything but a clean install. Do you have any suggestions for how to get around this limitation?


Edited by senselocke, 05 September 2015 - 03:41 PM.

  • 0

#52
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts

I am not savvy in encryption. Let me ask my co-members. Will post back about this. In regard to the Repair Install, will also ask around.


  • 0

#53
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts

senselocke, have you tried something yet.

A co-worker identified errors on a fixlist previously submitted. If you have not done anything yet, I would like to to fix this.

I have asked about the EFS. Someone should be jumping in with information.

Please let me know.


  • 0

#54
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi senselocke -

 

JSntgRvr is going to try a few more things to get you running again. I'm familiar with EFS and had a question. Was your machine part of a domain or just a workgroup? If part of a domain recovery keys can be obtained. If this is all personal and has nothing to do with work it's going to be trickier. Let me know and let's see if we can get you into Windows.


  • 0

#55
senselocke

senselocke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

JSntgRvr: Yes, I went ahead and installed over the old installation yesterday. I hadn't heard anything back, and I found one of the guides you mentioned for how to push everything to the "windows.old" directory. I wish I'd waited just one more hour. I do still have the source .tib backup, so we could start over if need be. I've saved all the fixlists in order, I was going to try them again when I had the fundage to buy a new hard drive, because we at least reached a point where I could log in to my profile. Which fixlist (which post number) had the error, if I might ask? Could you post the corrected one?

 

BrianDrab: It was in a workgroup called "WORKGROUP" with a half-dozen other PCs on my home network. Right now, however, I cannot log in to my original account (I tried setting up a VMWare to "boot" a virtual machine reading the .vhd backup, and just export the keys there, but keep running into problems). I have the windows.old folder, I have copied the credentials folders:

C:\Windows.old\Users\MyProfileName\AppData\Roaming\Microsoft\Crypto

C:\Windows.old\Users\MyProfileName\AppData\Roaming\Microsoft\Protect
C:\Windows.old\Users\MyProfileName\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates

and thought sites have mentioned these are key, I haven't found any stating what exactly I can do with them. The new installation has the same profiles with the same names and the same passwords. I have not migrated/merged the new profiles with the old ones, because Microsoft's FixIt tool hangs when it reaches an encrypted file.

At this point, I'm willing to go back to bare metal and scrap the new installation and start over with the backup and work my way through the fixlists with JSntgRvr again. But if there's a way to get the EFS certificate key at this stage, with what I have, I'd like to do that with BrianDrab first.

 

And again, I'd like to say "thank you" to everybody. It's really awesome that you folks are willing to do this for people.

 


Edited by senselocke, 07 September 2015 - 08:06 AM.

  • 0

Advertisements


#56
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts

If the new installation is working, better to keep it. The only issue with that type of installation is that all the programs you have installed must be reinstalled as there will be no entries in the registry for these. The error in the fixlist was that a 64 bit file, ole32.dll, was copied to the 32 bit folder and viceversa. Now that you have your system working wont make a difference.

 

I asked BrianDrab to assist you with the EFS.


  • 0

#57
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

In your situation the only way to retrieve your keys is to use a purchased product to do so. Following is an example of one that does this. It's about $150.

 

 

 

 

The other option would be to go back to what you had and try to get your machine bootable so that you could make a backup of your key.


Edited by BrianDrab, 07 September 2015 - 02:43 PM.
removed link - will send via PM

  • 0

#58
senselocke

senselocke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

Okay, here's my plan: I'm going to go and buy another 240GB twin to my current SSD. I was going to do so anyway so I could set up a RAID mirror array (so that the next time this happens I don't lose a thing). And it's a lot less than $150, and I can pick it up tomorrow and get rolling.

 

I'll keep the drive that's working right now, and re-start the process with the new, empty one. Maybe repeating the steps to the first time I can boot (from disk image through fixlist 1, 2, etc), I can run cipher /x and get my EFS keys, or maybe we can get it bootable now that we've identified the mixup. [bleep], maybe we can do both. When we're done, I'll set up whichever installation is working (fingers crossed it'll be the restored original) as a mirrored RAID.

 

Which step along the way was the file put in the wrong spot?


  • 0

#59
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts

If you re-image the drive and the OS does not boot, run FRST in RE and post the FRST.txt log.


  • 0

#60
senselocke

senselocke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

Okay. Brand new, fresh from re-imaging from WindowsImageBackup, I run FRST64 and this message pops up:


 

The file or directory D:\$Mft is corrupt and unreadable. Please run the Chkdsk utility.

This pops up on top of the Farbar Recovery Scan Tool "Disclaimer of Warranty" confirmation box. I hit OK, then Yes, then tried to scan, but that warning popped up for every file being scanned. I had to restart the PC. So I ran chkdsk, then scanned with FRST64, and got the following fixlog:


 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015

Ran by SYSTEM on MININT-9RG957P (10-09-2015 13:17:07)
Running from F:\
Platform: WIN_7 Service Pack 1 (X64) Language: English (United States)
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Winlogon: [Userinit] 
HKLM-x32\...\Winlogon: [Userinit]  [X]
HKLM\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
HKLM-x32\...\Winlogon: [Shell]  [0 ] () <=== ATTENTION
HKLM\...\InprocServer32: [Default-wbemess] ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKLM\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI]  <==== ATTENTION
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AMD FUEL Service; C:\Program Files\ATI\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST\AvastSvc.exe [146600 2015-08-08] (AVAST Software)
S2 dkab_device; C:\Windows\system32\DKabcoms.exe [1034480 2008-07-01] ( )
S2 dkab_device; C:\Windows\SysWOW64\DKabcoms.exe [586992 2008-07-01] ( )
S2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242880 2015-07-02] (Foxit Software Inc.)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-23] (NVIDIA Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-23] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-23] (NVIDIA Corporation)
S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] ()
S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-02] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 AvastVBoxSvc; "C:\Program Files\AVAST\ng\vbox\AvastVBoxSVC.exe" [X]
S3 msiserver; %systemroot%\system32\msiexec.exe /V [X]
S3 SysMain; %systemroot%\system32\sysmain.dll [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AODDriver4.1; C:\Program Files\ATI\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-08] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-08] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-08] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-08] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-08-15] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-08] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-08] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-08] (AVAST Software)
S0 dcrypt; C:\Windows\System32\drivers\dcrypt.sys [210632 2014-07-09] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 ElRawDisk; C:\Windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47976 2015-07-02] (NVIDIA Corporation)
S0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [237600 2015-04-13] (Acronis)
S0 tdrpman174; C:\Windows\System32\DRIVERS\tdrpm174.sys [1581088 2015-04-13] (Acronis)
S3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [225792 2014-10-31] (VIA Technologies, Inc.)
S2 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [10240 2008-04-09] (Nicomsoft Ltd.)
S3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [305664 2014-10-31] (VIA Technologies, Inc.)
S3 AtiDCM; \??\C:\Users\senselocke\AppData\Local\Temp\atdcm64a.sys [X]
S3 monitor; system32\DRIVERS\monitor.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST\ng\vbox\VBoxAswDrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-10 12:30 - 2015-09-10 12:30 - 00000000 __SHD C:\found.000
2015-09-10 12:19 - 2015-09-10 13:17 - 00000000 ____D C:\FRST
2015-08-25 05:41 - 2015-08-25 05:41 - 01048576 ___SH C:\Windows\System32\config\CO7AE4~1.REG
2015-08-25 05:41 - 2015-08-25 05:41 - 01048576 ___SH C:\Windows\System32\config\CO55CA~1.REG
2015-08-25 05:41 - 2015-08-25 05:41 - 01048576 ___SH C:\Windows\System32\config\CO11E9~1.REG
2015-08-17 11:58 - 2015-08-17 11:58 - 00000000 ____D C:\Program Files\Dell_HostCD
2015-08-17 11:58 - 2008-09-08 13:22 - 00594432 _____ ( ) C:\Windows\System32\lexlog.dll
2015-08-17 11:58 - 2008-06-26 06:59 - 00928256 _____ C:\Windows\System32\softcoin.dll
2015-08-17 11:58 - 2008-06-26 06:59 - 00420864 _____ C:\Windows\System32\gencoin.dll
2015-08-17 11:57 - 2015-08-17 11:59 - 00039146 _____ C:\Windows\System32\LexFiles.ulf
2015-08-17 11:57 - 2015-08-17 11:57 - 00000000 ____D C:\Program Files\Dell
2015-08-17 11:57 - 2008-09-08 13:22 - 00020152 _____ C:\Windows\System32\DKabpmui.chm
2015-08-17 11:57 - 2008-07-01 18:03 - 01034480 _____ ( ) C:\Windows\System32\DKabcoms.exe
2015-08-17 11:57 - 2008-07-01 18:03 - 00586992 _____ ( ) C:\Windows\SysWOW64\DKabcoms.exe
2015-08-17 11:57 - 2008-06-25 11:06 - 00982528 _____ ( ) C:\Windows\System32\dkabpmui.dll
2015-08-17 11:57 - 2008-06-25 11:03 - 01620992 _____ ( ) C:\Windows\System32\dkabserv.dll
2015-08-17 11:57 - 2008-06-25 11:03 - 01386496 _____ ( ) C:\Windows\System32\dkabip1.dll
2015-08-17 11:57 - 2008-06-25 11:01 - 01331712 _____ ( ) C:\Windows\System32\dkabusb1.dll
2015-08-17 11:57 - 2008-06-25 10:59 - 00752128 _____ ( ) C:\Windows\System32\dkabpar1.dll
2015-08-17 11:57 - 2008-06-25 10:59 - 00676864 _____ ( ) C:\Windows\System32\dkabhcp.dll
2015-08-17 11:57 - 2008-06-25 10:59 - 00582144 _____ ( ) C:\Windows\System32\dkabcomm.dll
2015-08-17 11:57 - 2008-06-25 10:58 - 01395200 _____ ( ) C:\Windows\System32\dkabcomc.dll
2015-08-17 11:57 - 2008-06-25 10:58 - 00893440 _____ ( ) C:\Windows\System32\dkablmpm.dll
2015-08-17 11:57 - 2008-06-25 10:58 - 00674816 _____ ( ) C:\Windows\System32\dkabiobj.dll
2015-08-17 11:57 - 2008-06-25 10:58 - 00549376 _____ ( ) C:\Windows\System32\dkabinpa.dll
2015-08-17 11:57 - 2008-06-25 10:58 - 00514048 _____ ( ) C:\Windows\System32\dkabiesc.dll
2015-08-17 11:57 - 2008-06-25 10:29 - 01044480 _____ ( ) C:\Windows\SysWOW64\dkabserv.dll
2015-08-17 11:57 - 2008-06-25 10:24 - 00819200 _____ ( ) C:\Windows\SysWOW64\dkabcomc.dll
2015-08-17 11:57 - 2008-06-25 10:24 - 00438272 _____ ( ) C:\Windows\SysWOW64\dkabhcp.dll
2015-08-17 11:57 - 2008-06-25 10:24 - 00376832 _____ ( ) C:\Windows\SysWOW64\dkabcomm.dll
2015-08-17 11:57 - 2008-04-15 11:50 - 00002590 _____ C:\Windows\SysWOW64\dkab.loc
2015-08-17 11:57 - 2008-04-15 11:50 - 00002590 _____ C:\Windows\System32\dkab.loc
2015-08-13 05:13 - 2015-08-13 05:13 - 00000000 ____D C:\Users\senselocke\Desktop\com.gamehivecorp.taptitans --tourney 2874
2015-08-12 13:13 - 2015-08-12 13:13 - 00000000 ____D C:\Program Files (x86)\HFSExplorer
2015-08-12 13:12 - 2015-08-12 13:12 - 01688563 ____X C:\Users\senselocke\Desktop\hfsexplorer-0.23-setup.exe
2015-08-11 18:50 - 2015-08-11 18:50 - 00003118 _____ C:\Windows\System32\Tasks\{227D5253-E7AB-437E-8500-A5BA6259000F}
2015-08-11 18:38 - 2015-08-11 18:38 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2015-08-11 10:42 - 2015-08-11 10:42 - 00000000 ____D C:\Users\senselocke\Desktop\DE=HRDC hard save files
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-27 05:58 - 2015-04-05 16:28 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-27 05:58 - 2015-04-05 12:58 - 01530780 _____ C:\Windows\WindowsUpdate.log
2015-08-26 13:15 - 2009-07-13 20:45 - 00026352 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-26 13:15 - 2009-07-13 20:45 - 00026352 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-26 13:13 - 2009-07-13 21:13 - 00781298 _____ C:\Windows\System32\PerfStringBackup.INI
2015-08-26 13:07 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-26 13:07 - 2009-07-13 20:51 - 00068302 _____ C:\Windows\setupact.log
2015-08-26 07:00 - 2015-04-05 17:31 - 00034559 _____ C:\Users\senselocke\Desktop\bills paid.txt
2015-08-26 04:33 - 2015-04-05 16:29 - 00002385 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-25 20:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2015-08-25 05:39 - 2010-11-20 19:47 - 00183394 _____ C:\Windows\PFRO.log
2015-08-25 05:39 - 2009-07-13 20:45 - 02272232 _____ C:\Windows\System32\FNTCACHE.DAT
2015-08-20 18:17 - 2015-04-05 16:10 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-08-19 03:28 - 2015-05-21 15:53 - 00017950 _____ C:\Users\senselocke\Desktop\tempuh.txt
2015-08-18 09:27 - 2015-04-10 17:30 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-18 09:25 - 2015-08-08 03:53 - 00000000 ____D C:\Users\senselocke\AppData\Local\dxhr
2015-08-17 16:51 - 2015-08-06 17:36 - 00000000 ____D C:\Users\senselocke\Desktop\Barrister Jobs
2015-08-17 16:49 - 2015-04-05 17:29 - 00000000 ____D C:\Users\senselocke\Desktop\Eli Job
2015-08-17 16:48 - 2015-07-31 17:51 - 00000000 ____D C:\Users\senselocke\Desktop\Tina job
2015-08-16 17:15 - 2015-04-05 17:31 - 00016004 _____ C:\Users\senselocke\Desktop\rando.txt
2015-08-15 05:46 - 2015-04-06 05:08 - 01048344 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsnx.sys
2015-08-11 18:50 - 2015-07-29 08:17 - 00000146 _____ C:\Windows\FolderSort.ini
 
==================== Known DLLs (Whitelisted) =========================
 
C:\Windows\System32\ole32.dll IS MISSING <==== ATTENTION
C:\Windows\SysWOW64\ole32.dll IS MISSING <==== ATTENTION
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 8%
Total physical RAM: 8173.55 MB
Available physical RAM: 7442.3 MB
Total Virtual: 8171.75 MB
Available Virtual: 7444.51 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.69 GB) (Free:43.43 GB) NTFS
Drive f: (TI102782W0E) (Removable) (Total:29.82 GB) (Free:11.79 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: 5E56B0F6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 29.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
 
LastRegBack: 2015-08-12 03:34
 
==================== End of FRST.txt ============================

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP