Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

idle threads/ semaphore threads


Recommended Posts

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:

  • USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
  • CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
  • Another computer (optional: only needed if you cannot work from the infected computer directly)

Preparing the USB Flash Drive

  • Download the right version of FRST for your system:
  • Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive
  • Download the attached fixlist.txt, and move it on your USB Flash Drive as well

Boot in the Recovery Environment

  • Plug your USB Flash Drive in the infected computer
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer
    • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
    • Use the arrow keys to select Repair your computer, and press on Enter
    • Select your keyboard layout (US, French, etc.) and click on Next
    • Click on Command Prompt to open the command prompt
      Note:If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.

Once in the command prompt

  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Fix button and wait for the scan to complete
  • A log called fixlog.txt will be saved on your USB Flash Drive. Attach it in your next reply

fixlist.txt

Link to post
Share on other sites

  • Replies 66
  • Created
  • Last Reply

Top Posters In This Topic

Fix result of Farbar Recovery Scan Tool (x64) Version: 04.03.2018
Ran by AlienGamerEH (12-03-2018 10:35:09) Run:1
Running from G:\
Loaded Profiles: AlienGamerEH (Available Profiles: AlienGamerEH)
Boot Mode: Safe Mode (minimal)
Here is the first run of fsrt in safe mode 

 

==============================================

fixlist content:
*****************
U2 .Net Crypt; C:\WINDOWS\System32\mutex-threads.exe [5365224 2016-09-11] ()
U2 .Net Main; C:\WINDOWS\System32\idle-threads.exe [8126440 2016-10-19] ()
U2 .Net Security; C:\WINDOWS\System32\latch-threads.exe [6096872 2016-09-11] ()
U2 .Net Semaphore; C:\WINDOWS\System32\semaphore-threads.exe [1878504 2016-10-19] ()

C:\WINDOWS\System32\idle-threads.exe
C:\WINDOWS\System32\latch-threads.exe
C:\WINDOWS\System32\mutex-threads.exe
C:\WINDOWS\System32\semaphore-threads.exe
*****************

HKLM\System\CurrentControlSet\Services\.Net Crypt => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\.Net Main => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\.Net Security => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\.Net Semaphore => could not remove, key could be protected
Could not move "C:\WINDOWS\System32\idle-threads.exe" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\System32\latch-threads.exe" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\System32\mutex-threads.exe" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\System32\semaphore-threads.exe" => Scheduled to move on reboot.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 12-03-2018 10:38:36)

C:\WINDOWS\System32\idle-threads.exe => Could not move
C:\WINDOWS\System32\latch-threads.exe => Could not move
C:\WINDOWS\System32\mutex-threads.exe => Could not move
C:\WINDOWS\System32\semaphore-threads.exe => Could not move

Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\.Net Crypt => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\.Net Main => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\.Net Security => could not remove, key could be protected
HKLM\System\CurrentControlSet\Services\.Net Semaphore => could not remove, key could be protected

==== End of Fixlog 10:38:45 ====

Link to post
Share on other sites

Hum, are you able to use your USB to create a Recovery USB (once done, copy FRST.exe on it again) and use it to access the Windows RE? Though might as well create a Windows 10 installation media using a USB Flash Drive. Because if we cannot remove that software in the Windows RE, you might have to reinstall Windows to get rid of it.

https://support.microsoft.com/en-ca/help/15088/windows-create-installation-media

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.