Shingdao Posted November 12, 2017 ID:1181871 Share Posted November 12, 2017 Hello, I have an HP Pavilion G7 1310US running Windows 10 (I think 64x) and I have recently run into boot issues as in the laptop will no longer boot up. I recently upgraded the HDD to a Samsung SSD and all was working fine for about a week and I have since checked that the SSD works OK in another computer but replaced the SSD with the original HDD for this machine and continue to have the same boot issues. Here is an overview of the symptoms: When I try to boot up, the power, HDD lights and keyboard lights all come on (Num Lock and CapsLk) but the wifi light does not change from amber to white. The screen is backlit but stays that way and nothing loads. I've since tried a number of remedies including reseating RAM modules, plugging into external monitor, etc to no avail. I just booted and got into recovery mode using F8 key and I received the following message: The operating system could not be loaded because a required file is missing or contains errors. Windows\System32\Drivers\mbamswissarmy.sys error code: 0xc000007b. Any assistance with this issues is much appreciated. Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted November 13, 2017 ID:1182242 Share Posted November 13, 2017 Hello and Please download Farbar Recovery Scan Tool x64 and save it to a flash drive. Plug the flashdrive into the infected PC. Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter. In the Choose Recovery Tool menu select Command Prompt. You will see a big black window with a blinking cursor (command prompt). You will see a big black window with a blinking cursor (command prompt). Access the notepad and identify your USB drive In the Command Prompt please type in:notepad and press Enter. When the notepad opens, go to File menu. Select Open. Go to Computer and search there for your USB drive letter. Note down the letter and close the notepad. Scan with Farbar Recovery Scan Tool Once back in the command prompt window, please do the following: Type in e:\frst64.exe and press Enter.You need to replace ewith the letter of your USB drive taken from notepad! FRST will start to run. Give him a minute or so to load itself. Click Yes to Disclaimer. In the main console, please click Scan and wait. When finished it will produce a logfile named FRST.txt in the root of your pendrive and display it. Close that logfile. Transfer it to your clean machine and include it in your next reply. Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted November 13, 2017 ID:1182245 Share Posted November 13, 2017 If that doesn't work, try on of these steps to boot to recovery: https://www.digitalcitizen.life/4-ways-boot-safe-mode-windows-10 Tutorial says Safe Mode, but you can get to open Command Prompt that would be enough. Link to post Share on other sites More sharing options...
Shingdao Posted November 13, 2017 Author ID:1182249 Share Posted November 13, 2017 Thank you for your reply! I am going to have to try one of the other suggested steps (probably steps 4 or 5) to boot to recovery via your link to digitalcitizen.life. I can access the Advanced menu using F8 but none of the 8 recovery options work....when I enter any one of them they all bring me back to the original operating error screen. I also entered the BIOS mode? using F11 I believe and have tried to change the boot order from HDD to flash drive with FRST64 on that drive but that did nothing as well. Question: Can I create a Windows recovery drive on another Windows 10 machine and use that to boot into recovery for the laptop that is not currently booting? Is this preferable to step 5? Thanks again. Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted November 13, 2017 ID:1182253 Share Posted November 13, 2017 Yes, I think you can create a recovery drive. After that you can copy FRST to the same USB and run its scan. Link to post Share on other sites More sharing options...
Shingdao Posted November 13, 2017 Author ID:1182259 Share Posted November 13, 2017 OK, thanks. I will need some time to purchase a USB flash drive large enough to create the recovery drive and then revert back to you in a couple of days. Also, I tried previously using the Media Creation Tool. I was able to download the tool and start the download of Windows 10 but it failed to load after completing the download. I had my antivirus still on so am wondering if this prevented the executable file from running. Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted November 13, 2017 ID:1182313 Share Posted November 13, 2017 If you can force Windows to offer startup repair by force shutdown you can finish the job with small USB having FRST on it. Link to post Share on other sites More sharing options...
Shingdao Posted November 13, 2017 Author ID:1182409 Share Posted November 13, 2017 I managed to get a USB drive today so will try to create the recovery disk this evening my time and run the FRST scan. I'll let you know if any problems, otherwise I'll post the scan results in my next update. Link to post Share on other sites More sharing options...
Shingdao Posted November 14, 2017 Author ID:1182500 Share Posted November 14, 2017 OK, the recovery media worked and so did FRST. Following is the scan results: I've also attached it if that is preferable. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2017 03 Ran by SYSTEM on MININT-LR8FJD4 (13-11-2017 16:19:33) Running from d:\ Platform: Windows 10 Home Version 1607 14393.1770 (X64) Language: English (United States) Internet Explorer Version 11 Boot Mode: Recovery Default: ControlSet001ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log. Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [CnxtCoInstallerDefer] => C:\Program Files\CONEXANT\PREINSTALL\SETUP5536A6301\KESLYN.EXE [1574528 2010-12-15] (Conexant Systems, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-27] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (IvoSoft) HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [123488 2017-07-11] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Digital Coupon Print Driver] => C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe [90048 2015-09-22] (Inmar, Inc.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-11-01] (Dropbox, Inc.) HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll GroupPolicy\User: Restriction <==== ATTENTION GroupPolicyUsers\S-1-5-21-2199892262-2015300230-4014997920-1004\User: Restriction <==== ATTENTION ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com) S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2286848 2015-10-01] (Broadcom Corporation.) S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063656 2017-10-31] (Microsoft Corporation) S2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1413736 2016-09-13] (Coupons.com Inc.) S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-24] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-24] (Dropbox, Inc.) S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51016 2017-11-01] (Dropbox, Inc.) S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries) S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.) S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes) S2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28256 2017-07-11] (Samsung Electronics Co., Ltd.) S4 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [110416 2017-05-05] (Code Sector) S4 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [242936 2015-11-05] (RaMMicHaeL) S4 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [1148120 2014-06-06] (VMware, Inc.) S4 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (Western Digital Technologies, Inc.) S4 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (Western Digital Technologies, Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-08-07] (Microsoft Corporation) S4 wsnm; C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe [528600 2014-06-09] (VMware, Inc.) S4 Avira.ServiceHost; "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [208176 2015-10-01] (Broadcom Corporation.) S1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-10-08] () S2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [192952 2017-11-11] (Malwarebytes) S3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [110016 2017-11-11] (Malwarebytes) S3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [45504 2017-11-11] () S0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2017-11-11] () S3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [94144 2017-11-11] (Malwarebytes) S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) S0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [285312 2017-07-31] (Samsung Electronics Co., Ltd.) S0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [119424 2017-07-31] (Samsung Electronics Co., Ltd.) S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [52904 2016-04-27] (Synaptics Incorporated) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) S3 WirelessButtonDriver64; C:\Windows\system32\DRIVERS\WirelessButtonDriver64.sys [31656 2016-04-14] (HP) S3 dbx; system32\DRIVERS\dbx.sys [X] S3 idsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-11-13 16:19 - 2017-11-13 16:19 - 000000000 ____D C:\FRST 2017-11-05 05:02 - 2017-11-05 05:03 - 002168440 _____ (Valassis) C:\Users\Lilya\Desktop\P@H_prod308-wilxzAql.exe 2017-11-04 14:35 - 2017-11-04 14:37 - 026783176 _____ (Qples Inc) C:\Users\Lilya\Desktop\QponPrinter (1).exe 2017-11-04 14:29 - 2017-11-04 14:33 - 026783176 _____ (Qples Inc) C:\Users\Lilya\Desktop\QponPrinter.exe 2017-11-02 16:28 - 2017-11-02 16:28 - 002168440 _____ (Valassis) C:\Users\Lilya\Desktop\P@H_prod308-z9k1jrhN.exe 2017-11-01 03:58 - 2017-11-01 03:58 - 000051016 _____ (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe 2017-11-01 03:58 - 2017-11-01 03:58 - 000045672 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-dev.sys 2017-11-01 03:58 - 2017-11-01 03:58 - 000045640 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-stable.sys 2017-11-01 03:58 - 2017-11-01 03:58 - 000045640 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-canary.sys 2017-10-31 12:22 - 2017-10-31 12:22 - 000826248 _____ (HP Inc.) C:\Users\Lilya\Downloads\HPBRCULauncher.exe 2017-10-31 10:53 - 2017-10-31 10:53 - 000003938 _____ C:\Windows\System32\Tasks\CCleaner Update 2017-10-31 10:51 - 2017-10-31 10:52 - 010427120 _____ (Piriform Ltd) C:\Users\Lilya\Downloads\ccsetup536.exe 2017-10-31 10:29 - 2017-10-31 10:29 - 001436196 _____ C:\Users\Lilya\Downloads\hwmonitor_1.33.zip 2017-10-30 12:07 - 2017-10-30 12:07 - 000000000 ____D C:\Windows\System32\RAPID 2017-10-30 12:07 - 2017-07-31 01:06 - 000285312 _____ (Samsung Electronics Co., Ltd.) C:\Windows\System32\Drivers\SamsungRapidDiskFltr.sys 2017-10-30 11:59 - 2017-10-30 11:59 - 000003344 _____ C:\Windows\System32\Tasks\SamsungMagician 2017-10-30 11:59 - 2017-10-30 11:59 - 000000000 ____D C:\ProgramData\Samsung 2017-10-30 07:15 - 2017-10-30 07:15 - 000000031 _____ C:\Windows\script.txt 2017-10-30 07:05 - 2017-10-30 07:05 - 000000000 ____D C:\Temp 2017-10-30 07:04 - 2017-10-30 12:06 - 000000000 ____D C:\Program Files (x86)\Samsung 2017-10-23 11:21 - 2017-10-23 11:21 - 000000000 ____D C:\Program Files\SUPERAntiSpyware 2017-10-23 11:12 - 2017-10-31 10:43 - 000000000 ____D C:\Users\Lilya\Downloads\Samsung Software 2017-10-15 19:31 - 2017-10-15 19:31 - 000000000 ____D C:\Program Files (x86)\qBittorrent 2017-10-15 19:28 - 2017-10-15 19:28 - 000425304 _____ (Secure By Design Inc.) C:\Users\Lilya\Downloads\Ninite Chrome Classic Start Essentials Firefox Installer.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-11-11 07:20 - 2017-10-08 12:00 - 000110016 _____ (Malwarebytes) C:\Windows\System32\Drivers\farflt.sys 2017-11-11 07:19 - 2017-10-08 12:00 - 000192952 _____ (Malwarebytes) C:\Windows\System32\Drivers\MbamChameleon.sys 2017-11-11 07:18 - 2016-09-21 15:52 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-11-11 07:18 - 2016-09-21 15:05 - 000000000 ____D C:\Windows\System32\SleepStudy 2017-11-11 07:16 - 2017-10-01 07:56 - 000094144 _____ (Malwarebytes) C:\Windows\System32\Drivers\mwac.sys 2017-11-11 07:16 - 2017-10-01 07:56 - 000045504 _____ C:\Windows\System32\Drivers\mbam.sys 2017-11-11 07:16 - 2016-07-13 15:22 - 000000000 ____D C:\Users\Lilya\AppData\Local\ClassicShell 2017-11-11 07:15 - 2017-10-01 07:56 - 000252232 _____ C:\Windows\System32\Drivers\mbamswissarmy.sys 2017-11-11 07:12 - 2016-09-21 15:15 - 000000000 ____D C:\users\Lilya 2017-11-11 07:09 - 2016-09-21 15:14 - 002752404 _____ C:\Windows\System32\PerfStringBackup.INI 2017-11-11 07:07 - 2016-07-16 03:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-11-11 07:05 - 2015-12-28 14:46 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2017-11-11 07:04 - 2017-05-09 18:21 - 000000356 _____ C:\Windows\Tasks\HPCeeScheduleForLilya.job 2017-11-11 07:04 - 2016-07-15 22:04 - 001572864 _____ C:\Windows\System32\config\BBI 2017-11-11 07:02 - 2016-07-16 03:47 - 000000000 ____D C:\Windows\AppReadiness 2017-11-10 17:27 - 2012-09-27 10:37 - 000000000 ____D C:\Users\Lilya\AppData\Roaming\Skype 2017-11-10 04:15 - 2016-07-16 03:47 - 000000000 ___HD C:\Program Files\WindowsApps 2017-11-07 19:10 - 2017-07-27 03:17 - 000003370 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2199892262-2015300230-4014997920-1003 2017-11-07 19:10 - 2016-07-12 10:21 - 000000000 ___RD C:\Users\Lilya\OneDrive 2017-11-07 17:27 - 2017-05-09 18:21 - 000003248 _____ C:\Windows\System32\Tasks\HPCeeScheduleForLilya 2017-11-07 16:33 - 2015-01-05 08:33 - 000000000 ____D C:\Users\Lilya\AppData\Local\IE Tab 2017-11-07 16:30 - 2015-04-21 11:22 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-11-05 05:03 - 2014-05-19 18:58 - 000000000 ____D C:\Users\Lilya\AppData\Roaming\Valassis 2017-11-04 14:38 - 2016-08-28 10:10 - 000000000 ____D C:\Users\Lilya\Desktop\QponPrinterV2 2017-11-03 05:48 - 2017-09-29 09:32 - 000000000 ____D C:\Program Files\rempl 2017-11-02 16:06 - 2015-08-05 13:14 - 000000000 ____D C:\Program Files (x86)\Dropbox 2017-11-01 08:12 - 2016-07-16 03:45 - 000000000 ____D C:\Windows\INF 2017-11-01 07:45 - 2012-02-27 17:49 - 000000000 ____D C:\Program Files\TeraCopy 2017-11-01 07:42 - 2016-09-21 15:52 - 000004562 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2017-10-31 10:54 - 2016-07-16 03:47 - 000000000 ____D C:\Windows\LiveKernelReports 2017-10-31 10:53 - 2012-02-28 10:39 - 000000000 ____D C:\Program Files\CCleaner 2017-10-31 10:45 - 2014-02-13 17:11 - 000000000 ____D C:\Users\Lilya\AppData\Roaming\TeraCopy 2017-10-30 11:54 - 2012-05-19 16:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-10-30 11:16 - 2016-07-16 03:47 - 000028672 _____ C:\Windows\System32\config\BCD-Template 2017-10-30 07:04 - 2011-10-29 19:44 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-10-27 16:05 - 2017-10-01 07:51 - 000001220 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2017-10-27 16:05 - 2015-12-29 18:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-10-23 11:21 - 2017-05-31 14:52 - 000003224 _____ C:\Windows\System32\Tasks\klcp_update 2017-10-23 11:20 - 2016-01-02 06:04 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2017-10-23 11:19 - 2014-12-28 11:13 - 000000000 ____D C:\Program Files\Java 2017-10-23 11:18 - 2015-06-20 15:03 - 000110144 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll 2017-10-23 11:16 - 2013-06-24 18:26 - 000000000 ____D C:\Program Files (x86)\Java 2017-10-23 11:15 - 2016-01-21 09:11 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2017-10-23 09:03 - 2016-07-16 03:47 - 000000000 ____D C:\Windows\System32\NDF 2017-10-23 06:54 - 2015-11-25 09:06 - 000000000 ____D C:\Program Files\PDFCreator 2017-10-20 06:03 - 2016-07-12 10:10 - 000000000 ____D C:\Users\Lilya\AppData\Local\Packages 2017-10-17 18:18 - 2016-07-16 03:36 - 000000000 ____D C:\Windows\CbsTemp Some files in TEMP: ==================== 2017-11-04 14:34 - 2017-11-04 14:46 - 000035680 _____ () C:\Users\Lilya\AppData\Local\Temp\i4jdel0.exe ==================== Known DLLs (Whitelisted) ========================= ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe [2017-07-14 04:17] - [2017-06-20 22:39] - 000673792 _____ (Microsoft Corporation) CB440E1C4EC9C369EC9DD07B48A83F36 C:\Windows\System32\wininit.exe [2016-07-16 03:42] - [2016-07-16 03:42] - 000304240 _____ (Microsoft Corporation) 99A19C9A74E2F9820E501DCE77F84F70 C:\Windows\explorer.exe [2017-08-15 17:35] - [2017-07-11 21:55] - 004674872 _____ (Microsoft Corporation) 577119EC77525D3F80FFB03BFACC17D4 C:\Windows\SysWOW64\explorer.exe [2017-08-15 17:30] - [2017-07-11 21:52] - 004312760 _____ (Microsoft Corporation) 54210509B3129D716D6C9C5775710598 C:\Windows\System32\svchost.exe [2016-07-16 03:42] - [2016-07-16 03:42] - 000044496 _____ (Microsoft Corporation) 36F670D89040709013F6A460176767EC C:\Windows\SysWOW64\svchost.exe [2016-07-16 03:42] - [2016-07-16 03:42] - 000038792 _____ (Microsoft Corporation) 1F8434DD4907C832E6E90D6298EAB85B C:\Windows\System32\services.exe [2017-10-04 09:55] - [2017-08-07 21:45] - 000453544 _____ (Microsoft Corporation) 29C7C9F0FE9F048FB47DEE5F66134940 C:\Windows\System32\User32.dll [2017-10-11 20:02] - [2017-09-17 18:57] - 001460696 _____ (Microsoft Corporation) BAB449E496892494C1E8152A25A1E867 C:\Windows\SysWOW64\User32.dll [2017-10-11 20:05] - [2017-09-17 18:49] - 001435896 _____ (Microsoft Corporation) 99216EEF4FE75AB440C4168E5420BFBC C:\Windows\System32\userinit.exe [2016-07-16 03:42] - [2016-07-16 03:42] - 000033280 _____ (Microsoft Corporation) C1B1FFC800BE2F31EB2CF8CB40629C69 C:\Windows\SysWOW64\userinit.exe [2016-07-16 03:42] - [2016-07-16 03:42] - 000027648 _____ (Microsoft Corporation) FA900E6CCCF0A429D5B720C6F0E2274B C:\Windows\System32\rpcss.dll [2017-05-10 13:18] - [2017-04-27 15:41] - 000890368 _____ (Microsoft Corporation) 4A7015195E49A3BA7DB967B277B21E9D C:\Windows\System32\dnsapi.dll [2017-10-11 20:03] - [2017-09-17 19:09] - 000646688 _____ (Microsoft Corporation) 2DA9DA17F0FE6C0A8598EBBB1E59E320 C:\Windows\SysWOW64\dnsapi.dll [2017-10-11 20:05] - [2017-09-17 19:05] - 000497424 _____ (Microsoft Corporation) C1A05F68C92A8B9D4D5A3D4953427154 C:\Windows\System32\Drivers\volsnap.sys [2016-07-16 03:42] - [2016-07-16 03:42] - 000391520 _____ (Microsoft Corporation) BF2546583BB75F01DDA60A7921DFB230 ==================== Association (Whitelisted) ============= ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 11% Total physical RAM: 8139.86 MB Available physical RAM: 7237.04 MB Total Virtual: 8139.86 MB Available Virtual: 7289.49 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:209.11 GB) (Free:103.45 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (RECOVERY) (Removable) (Total:29.23 GB) (Free:18.93 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS Drive y: () (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 232.9 GB) (Disk ID: C9BE519E) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=209.1 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 29.3 GB) (Disk ID: F6B101A3) Partition 1: (Active) - (Size=29.2 GB) - (Type=0C) LastRegBack: 2017-11-07 09:51 ==================== End of FRST.txt ============================ FRST.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted November 14, 2017 ID:1182617 Share Posted November 14, 2017 Download attached fixlist.txt and save it to your USB flashdrive as fixlist.txt >> Boot into Recovery Environment Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens .... Press the Fix button once and wait. FRST will process fixlist.txt When finished, it will produce a log fixlog.txt on your USB flashdrive. >> Exit out of Recovery Environment and post me the log please. Try to boot Windows normally... fixlist.txt Link to post Share on other sites More sharing options...
Shingdao Posted November 14, 2017 Author ID:1182645 Share Posted November 14, 2017 Thank you for this. I won't be able to get to this until this evening my time (about 12 hours or so) but I will follow your instructions and post with the fixlog.txt file once completed. Link to post Share on other sites More sharing options...
Shingdao Posted November 15, 2017 Author ID:1182894 Share Posted November 15, 2017 OK, ran the fixlist.txt and the log follows. Tried to reboot after leaving recovery and was unsuccessful, still getting the original error message with mbamswissarmy missing or contains errors. Fix result of Farbar Recovery Scan Tool (x64) Version: 12-11-2017 03 Ran by SYSTEM (14-11-2017 14:36:49) Run:1 Running from d:\ Boot Mode: Recovery ============================================== fixlist content: ***************** S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes) S2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [192952 2017-11-11] (Malwarebytes) S3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [110016 2017-11-11] (Malwarebytes) S3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [94144 2017-11-11] (Malwarebytes) C:\Windows\system32\DRIVERS\mwac.sys C:\Windows\system32\DRIVERS\farflt.sys C:\Windows\System32\Drivers\MbamChameleon.sys C:\Program Files\Malwarebytes ***************** HKLM\System\ControlSet001\Services\MBAMService => key removed successfully MBAMService => service removed successfully HKLM\System\ControlSet001\Services\MBAMChameleon => key removed successfully MBAMChameleon => service removed successfully HKLM\System\ControlSet001\Services\MBAMFarflt => key removed successfully MBAMFarflt => service removed successfully HKLM\System\ControlSet001\Services\MBAMWebProtection => key removed successfully MBAMWebProtection => service removed successfully C:\Windows\system32\DRIVERS\mwac.sys => moved successfully C:\Windows\system32\DRIVERS\farflt.sys => moved successfully C:\Windows\System32\Drivers\MbamChameleon.sys => moved successfully C:\Program Files\Malwarebytes => moved successfully ==== End of Fixlog 14:36:49 ==== Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted November 15, 2017 ID:1183001 Share Posted November 15, 2017 Can you scan one more time from recovery? Link to post Share on other sites More sharing options...
Shingdao Posted November 15, 2017 Author ID:1183025 Share Posted November 15, 2017 OK, will do this again this evening my time or in about 12 hours time. Link to post Share on other sites More sharing options...
Shingdao Posted November 16, 2017 Author ID:1183271 Share Posted November 16, 2017 OK, here is the latest frst64 scan... Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2017 03 Ran by SYSTEM on MININT-84UE5L6 (15-11-2017 14:02:33) Running from d:\ Platform: Windows 10 Home Version 1607 14393.1770 (X64) Language: English (United States) Internet Explorer Version 11 Boot Mode: Recovery Default: ControlSet001ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log. Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [CnxtCoInstallerDefer] => C:\Program Files\CONEXANT\PREINSTALL\SETUP5536A6301\KESLYN.EXE [1574528 2010-12-15] (Conexant Systems, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-27] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (IvoSoft) HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [123488 2017-07-11] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Digital Coupon Print Driver] => C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe [90048 2015-09-22] (Inmar, Inc.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-11-01] (Dropbox, Inc.) HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll GroupPolicy\User: Restriction <==== ATTENTION GroupPolicyUsers\S-1-5-21-2199892262-2015300230-4014997920-1004\User: Restriction <==== ATTENTION ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com) S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2286848 2015-10-01] (Broadcom Corporation.) S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063656 2017-10-31] (Microsoft Corporation) S2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1413736 2016-09-13] (Coupons.com Inc.) S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-24] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-24] (Dropbox, Inc.) S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51016 2017-11-01] (Dropbox, Inc.) S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries) S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.) S2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28256 2017-07-11] (Samsung Electronics Co., Ltd.) S4 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [110416 2017-05-05] (Code Sector) S4 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [242936 2015-11-05] (RaMMicHaeL) S4 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [1148120 2014-06-06] (VMware, Inc.) S4 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (Western Digital Technologies, Inc.) S4 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (Western Digital Technologies, Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2017-08-07] (Microsoft Corporation) S4 wsnm; C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe [528600 2014-06-09] (VMware, Inc.) S4 Avira.ServiceHost; "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [208176 2015-10-01] (Broadcom Corporation.) S1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-10-08] () S3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [45504 2017-11-11] () S0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2017-11-11] () S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) S0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [285312 2017-07-31] (Samsung Electronics Co., Ltd.) S0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [119424 2017-07-31] (Samsung Electronics Co., Ltd.) S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [52904 2016-04-27] (Synaptics Incorporated) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) S3 WirelessButtonDriver64; C:\Windows\system32\DRIVERS\WirelessButtonDriver64.sys [31656 2016-04-14] (HP) S3 dbx; system32\DRIVERS\dbx.sys [X] S3 idsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-11-14 14:44 - 2017-11-14 14:58 - 000000000 _____ C:\Recovery.txt 2017-11-13 16:19 - 2017-11-14 14:36 - 000000000 ____D C:\FRST 2017-11-05 05:02 - 2017-11-05 05:03 - 002168440 _____ (Valassis) C:\Users\Lilya\Desktop\P@H_prod308-wilxzAql.exe 2017-11-04 14:35 - 2017-11-04 14:37 - 026783176 _____ (Qples Inc) C:\Users\Lilya\Desktop\QponPrinter (1).exe 2017-11-04 14:29 - 2017-11-04 14:33 - 026783176 _____ (Qples Inc) C:\Users\Lilya\Desktop\QponPrinter.exe 2017-11-02 16:28 - 2017-11-02 16:28 - 002168440 _____ (Valassis) C:\Users\Lilya\Desktop\P@H_prod308-z9k1jrhN.exe 2017-11-01 03:58 - 2017-11-01 03:58 - 000051016 _____ (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe 2017-11-01 03:58 - 2017-11-01 03:58 - 000045672 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-dev.sys 2017-11-01 03:58 - 2017-11-01 03:58 - 000045640 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-stable.sys 2017-11-01 03:58 - 2017-11-01 03:58 - 000045640 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-canary.sys 2017-10-31 12:22 - 2017-10-31 12:22 - 000826248 _____ (HP Inc.) C:\Users\Lilya\Downloads\HPBRCULauncher.exe 2017-10-31 10:53 - 2017-10-31 10:53 - 000003938 _____ C:\Windows\System32\Tasks\CCleaner Update 2017-10-31 10:51 - 2017-10-31 10:52 - 010427120 _____ (Piriform Ltd) C:\Users\Lilya\Downloads\ccsetup536.exe 2017-10-31 10:29 - 2017-10-31 10:29 - 001436196 _____ C:\Users\Lilya\Downloads\hwmonitor_1.33.zip 2017-10-30 12:07 - 2017-10-30 12:07 - 000000000 ____D C:\Windows\System32\RAPID 2017-10-30 12:07 - 2017-07-31 01:06 - 000285312 _____ (Samsung Electronics Co., Ltd.) C:\Windows\System32\Drivers\SamsungRapidDiskFltr.sys 2017-10-30 11:59 - 2017-10-30 11:59 - 000003344 _____ C:\Windows\System32\Tasks\SamsungMagician 2017-10-30 11:59 - 2017-10-30 11:59 - 000000000 ____D C:\ProgramData\Samsung 2017-10-30 07:15 - 2017-10-30 07:15 - 000000031 _____ C:\Windows\script.txt 2017-10-30 07:05 - 2017-10-30 07:05 - 000000000 ____D C:\Temp 2017-10-30 07:04 - 2017-10-30 12:06 - 000000000 ____D C:\Program Files (x86)\Samsung 2017-10-23 11:21 - 2017-10-23 11:21 - 000000000 ____D C:\Program Files\SUPERAntiSpyware 2017-10-23 11:12 - 2017-10-31 10:43 - 000000000 ____D C:\Users\Lilya\Downloads\Samsung Software ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-11-11 07:18 - 2016-09-21 15:52 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-11-11 07:18 - 2016-09-21 15:05 - 000000000 ____D C:\Windows\System32\SleepStudy 2017-11-11 07:16 - 2017-10-01 07:56 - 000045504 _____ C:\Windows\System32\Drivers\mbam.sys 2017-11-11 07:16 - 2016-07-13 15:22 - 000000000 ____D C:\Users\Lilya\AppData\Local\ClassicShell 2017-11-11 07:15 - 2017-10-01 07:56 - 000252232 _____ C:\Windows\System32\Drivers\mbamswissarmy.sys 2017-11-11 07:12 - 2016-09-21 15:15 - 000000000 ____D C:\users\Lilya 2017-11-11 07:09 - 2016-09-21 15:14 - 002752404 _____ C:\Windows\System32\PerfStringBackup.INI 2017-11-11 07:07 - 2016-07-16 03:47 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-11-11 07:05 - 2015-12-28 14:46 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2017-11-11 07:04 - 2017-05-09 18:21 - 000000356 _____ C:\Windows\Tasks\HPCeeScheduleForLilya.job 2017-11-11 07:04 - 2016-07-15 22:04 - 001572864 _____ C:\Windows\System32\config\BBI 2017-11-11 07:02 - 2016-07-16 03:47 - 000000000 ____D C:\Windows\AppReadiness 2017-11-10 17:27 - 2012-09-27 10:37 - 000000000 ____D C:\Users\Lilya\AppData\Roaming\Skype 2017-11-10 04:15 - 2016-07-16 03:47 - 000000000 ___HD C:\Program Files\WindowsApps 2017-11-07 19:10 - 2017-07-27 03:17 - 000003370 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2199892262-2015300230-4014997920-1003 2017-11-07 19:10 - 2016-07-12 10:21 - 000000000 ___RD C:\Users\Lilya\OneDrive 2017-11-07 17:27 - 2017-05-09 18:21 - 000003248 _____ C:\Windows\System32\Tasks\HPCeeScheduleForLilya 2017-11-07 16:33 - 2015-01-05 08:33 - 000000000 ____D C:\Users\Lilya\AppData\Local\IE Tab 2017-11-07 16:30 - 2015-04-21 11:22 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-11-05 05:03 - 2014-05-19 18:58 - 000000000 ____D C:\Users\Lilya\AppData\Roaming\Valassis 2017-11-04 14:38 - 2016-08-28 10:10 - 000000000 ____D C:\Users\Lilya\Desktop\QponPrinterV2 2017-11-03 05:48 - 2017-09-29 09:32 - 000000000 ____D C:\Program Files\rempl 2017-11-02 16:06 - 2015-08-05 13:14 - 000000000 ____D C:\Program Files (x86)\Dropbox 2017-11-01 08:12 - 2016-07-16 03:45 - 000000000 ____D C:\Windows\INF 2017-11-01 07:45 - 2012-02-27 17:49 - 000000000 ____D C:\Program Files\TeraCopy 2017-11-01 07:42 - 2016-09-21 15:52 - 000004562 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2017-10-31 10:54 - 2016-07-16 03:47 - 000000000 ____D C:\Windows\LiveKernelReports 2017-10-31 10:53 - 2012-02-28 10:39 - 000000000 ____D C:\Program Files\CCleaner 2017-10-31 10:45 - 2014-02-13 17:11 - 000000000 ____D C:\Users\Lilya\AppData\Roaming\TeraCopy 2017-10-30 11:54 - 2012-05-19 16:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-10-30 11:16 - 2016-07-16 03:47 - 000028672 _____ C:\Windows\System32\config\BCD-Template 2017-10-30 07:04 - 2011-10-29 19:44 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-10-27 16:05 - 2017-10-01 07:51 - 000001220 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2017-10-27 16:05 - 2015-12-29 18:42 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-10-23 11:21 - 2017-05-31 14:52 - 000003224 _____ C:\Windows\System32\Tasks\klcp_update 2017-10-23 11:20 - 2016-01-02 06:04 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2017-10-23 11:19 - 2014-12-28 11:13 - 000000000 ____D C:\Program Files\Java 2017-10-23 11:18 - 2015-06-20 15:03 - 000110144 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll 2017-10-23 11:16 - 2013-06-24 18:26 - 000000000 ____D C:\Program Files (x86)\Java 2017-10-23 11:15 - 2016-01-21 09:11 - 000097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2017-10-23 09:03 - 2016-07-16 03:47 - 000000000 ____D C:\Windows\System32\NDF 2017-10-23 06:54 - 2015-11-25 09:06 - 000000000 ____D C:\Program Files\PDFCreator 2017-10-20 06:03 - 2016-07-12 10:10 - 000000000 ____D C:\Users\Lilya\AppData\Local\Packages 2017-10-17 18:18 - 2016-07-16 03:36 - 000000000 ____D C:\Windows\CbsTemp Some files in TEMP: ==================== 2017-11-04 14:34 - 2017-11-04 14:46 - 000035680 _____ () C:\Users\Lilya\AppData\Local\Temp\i4jdel0.exe ==================== Known DLLs (Whitelisted) ========================= ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe [2017-07-14 04:17] - [2017-06-20 22:39] - 000673792 _____ (Microsoft Corporation) CB440E1C4EC9C369EC9DD07B48A83F36 C:\Windows\System32\wininit.exe [2016-07-16 03:42] - [2016-07-16 03:42] - 000304240 _____ (Microsoft Corporation) 99A19C9A74E2F9820E501DCE77F84F70 C:\Windows\explorer.exe [2017-08-15 17:35] - [2017-07-11 21:55] - 004674872 _____ (Microsoft Corporation) 577119EC77525D3F80FFB03BFACC17D4 C:\Windows\SysWOW64\explorer.exe [2017-08-15 17:30] - [2017-07-11 21:52] - 004312760 _____ (Microsoft Corporation) 54210509B3129D716D6C9C5775710598 C:\Windows\System32\svchost.exe [2016-07-16 03:42] - [2016-07-16 03:42] - 000044496 _____ (Microsoft Corporation) 36F670D89040709013F6A460176767EC C:\Windows\SysWOW64\svchost.exe [2016-07-16 03:42] - [2016-07-16 03:42] - 000038792 _____ (Microsoft Corporation) 1F8434DD4907C832E6E90D6298EAB85B C:\Windows\System32\services.exe [2017-10-04 09:55] - [2017-08-07 21:45] - 000453544 _____ (Microsoft Corporation) 29C7C9F0FE9F048FB47DEE5F66134940 C:\Windows\System32\User32.dll [2017-10-11 20:02] - [2017-09-17 18:57] - 001460696 _____ (Microsoft Corporation) BAB449E496892494C1E8152A25A1E867 C:\Windows\SysWOW64\User32.dll [2017-10-11 20:05] - [2017-09-17 18:49] - 001435896 _____ (Microsoft Corporation) 99216EEF4FE75AB440C4168E5420BFBC C:\Windows\System32\userinit.exe [2016-07-16 03:42] - [2016-07-16 03:42] - 000033280 _____ (Microsoft Corporation) C1B1FFC800BE2F31EB2CF8CB40629C69 C:\Windows\SysWOW64\userinit.exe [2016-07-16 03:42] - [2016-07-16 03:42] - 000027648 _____ (Microsoft Corporation) FA900E6CCCF0A429D5B720C6F0E2274B C:\Windows\System32\rpcss.dll [2017-05-10 13:18] - [2017-04-27 15:41] - 000890368 _____ (Microsoft Corporation) 4A7015195E49A3BA7DB967B277B21E9D C:\Windows\System32\dnsapi.dll [2017-10-11 20:03] - [2017-09-17 19:09] - 000646688 _____ (Microsoft Corporation) 2DA9DA17F0FE6C0A8598EBBB1E59E320 C:\Windows\SysWOW64\dnsapi.dll [2017-10-11 20:05] - [2017-09-17 19:05] - 000497424 _____ (Microsoft Corporation) C1A05F68C92A8B9D4D5A3D4953427154 C:\Windows\System32\Drivers\volsnap.sys [2016-07-16 03:42] - [2016-07-16 03:42] - 000391520 _____ (Microsoft Corporation) BF2546583BB75F01DDA60A7921DFB230 ==================== Association (Whitelisted) ============= ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 11% Total physical RAM: 8139.86 MB Available physical RAM: 7213.3 MB Total Virtual: 8139.86 MB Available Virtual: 7289.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:209.11 GB) (Free:101.51 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (RECOVERY) (Removable) (Total:29.23 GB) (Free:18.93 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS Drive y: () (Fixed) (Total:0.49 GB) (Free:0.46 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 232.9 GB) (Disk ID: C9BE519E) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=209.1 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 29.3 GB) (Disk ID: F6B101A3) Partition 1: (Active) - (Size=29.2 GB) - (Type=0C) LastRegBack: 2017-11-07 09:51 ==================== End of FRST.txt ============================ Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted November 20, 2017 ID:1184591 Share Posted November 20, 2017 (edited) Apology for late response. I need you to do one more fix. Fixlist attached. Try to boot afterwards. fixlist.txt Edited November 20, 2017 by TwinHeadedEagle Link to post Share on other sites More sharing options...
Shingdao Posted November 20, 2017 Author ID:1184600 Share Posted November 20, 2017 Hello - In the meantime, I managed to use frst and fixlist.txt to go back to an earlier registry version and was able to boot up. I performed a few diagnostic checks (e.g. sfc /scannow) with no integrity issues found, updated Windows and then did a clean uninstall of MBAM and reinstalled with the latest version and performed a full scan. It found a couple PUPS which I deleted but otherwise, nothing else. This was now several days ago with many successful boots in between and so far no issues. One thing though is that I could not create a recovery drive using the Create Recovery Drive feature as it stated some files are missing. I then created a USB recovery using the Windows Media creation tool. Link to post Share on other sites More sharing options...
Recommended Posts