Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Boot Repair Startuprepair Offline Bad Driver


  • This topic is locked This topic is locked
3 replies to this topic

#1 jkratzer

jkratzer

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 15 October 2013 - 03:25 PM

I have a PC with staruprepair unale to fix a offline Bad Driver.
System crashes then reboots to startup repair. Same results either regular or safe mode.

Error as follows:
Problem Event Name StarupRepairOffline
ProblemSignature01 6.1.760.16385
ProblemSignature02 6.1.760.16385
ProblemSignature03 unknown
ProblemSignature04 21200260
ProblemSignature05 AutoFailover
ProblemSignature06 20
ProblemSignature07 BadDriver
OS Version 6.1.760.2.0.0.256.1
Locale ID 1033


I have run chkdsk and it fixed a few minor issues.



Output of FRST64 run from Repair Computer is attached

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MININT-OCRTPC8 on 15-10-2013 14:13:56
Running from H:\
Windows 7 Professional (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AutoLockProcess] - C:\Program Files\Acer\Empowering Technology\eLock\autolockprocess\autolockprocess.exe [451912 2010-06-03] (Acer Inc.)
HKLM\...\Run: [Acer PowerSaver] - C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe [536576 2009-04-17] (Acer Incorporated)
HKLM\...\Run: [Acer SmartBoot] - C:\Program Files\Acer\Acer SmartBoot\ASLTray.exe [448000 2009-05-12] (Acer Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9608224 2009-11-17] (Realtek Semiconductor)
HKLM\...\Run: [WavXMgr] - "C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe"
HKLM\...\Run: [EmbassySecurityCheck] - C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe [99712 2010-04-21] (Wave Systems Corp.)
HKLM\...\Run: [CANON DR2010C SVC] - rundll32.exe DR201SVC.dll,EntryPointUserMessage
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888 2009-11-17] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ZocDoc Alerter] - C:\Program Files (x86)\ZocDoc\ZocDoc Alerter\launcher.bat [67 2012-02-16] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default
HKU\ebass\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\ebass\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe [232912 2010-09-17] (Adobe Systems, Inc.)
HKU\Front Desk 2\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe [232912 2010-09-17] (Adobe Systems, Inc.)
Lsa: [Authentication Packages] msv1_0 wvauth

==================== Services (Whitelisted) =================

S2 ASLSvc; C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe [502784 2009-05-12] (Acer Incorporated)
S2 eBLVD; C:\Program Files (x86)\eBLVD\ebhost.exe [588856 2012-09-26] (ENC)
S2 eCenoWkstnUpdateSvc; C:\Program Files (x86)\MedEvolve\eCeno\Bin\ECENO.exe [8354816 2012-06-05] (MedEvolve LLC)
S2 eLockService; C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe [30016 2010-06-03] (Acer Inc.)
S2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2009-02-17] ()
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 eLock2BurnerLockDriver; C:\Windows\System32\DRIVERS\eLock2BurnerLockDriver.sys [25120 2008-03-11] (Acer, Inc.)
S2 eLock2FSCTLDriver; C:\Windows\System32\DRIVERS\eLock2FSCTLDriver.sys [100384 2008-03-11] (Acer, Inc.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-15 14:12 - 2013-10-15 14:12 - 00000000 ____D C:\FRST
2013-10-14 10:34 - 2013-10-14 10:34 - 00003368 ____N C:\bootsqm.dat
2013-10-12 09:56 - 2013-10-15 11:00 - 230816252 _____ C:\Windows\MEMORY.DMP
2013-10-09 00:31 - 2013-10-09 00:31 - 00001024 _____ C:\.rnd
2013-10-09 00:09 - 2013-09-22 15:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 00:09 - 2013-09-22 15:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 00:09 - 2013-09-22 15:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 00:09 - 2013-09-22 15:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 00:09 - 2013-09-22 15:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 00:09 - 2013-09-22 15:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 00:09 - 2013-09-22 15:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 00:09 - 2013-09-22 15:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 00:09 - 2013-09-22 15:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 00:09 - 2013-09-22 15:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-09 00:09 - 2013-09-22 15:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-09 00:09 - 2013-09-22 15:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 00:09 - 2013-09-22 15:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-09 00:09 - 2013-09-22 14:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-10-09 00:09 - 2013-09-22 14:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-10-09 00:09 - 2013-09-22 14:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-10-09 00:09 - 2013-09-22 14:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-10-09 00:09 - 2013-09-22 14:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-10-09 00:09 - 2013-09-22 14:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-10-09 00:09 - 2013-09-22 14:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-10-09 00:09 - 2013-09-22 14:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-10-09 00:09 - 2013-09-22 14:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-10-09 00:09 - 2013-09-22 14:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-10-09 00:09 - 2013-09-22 14:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-10-09 00:09 - 2013-09-22 14:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-10-09 00:09 - 2013-09-22 14:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-10-09 00:09 - 2013-09-22 14:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-10-09 00:09 - 2013-09-20 19:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-10-09 00:09 - 2013-09-20 19:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 00:09 - 2013-09-20 18:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-09 00:09 - 2013-09-20 18:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-08 16:08 - 2013-09-13 17:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-10-08 16:08 - 2013-09-07 18:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-10-08 16:08 - 2013-09-07 18:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\System32\mswsock.dll
2013-10-08 16:08 - 2013-09-07 18:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-08 16:08 - 2013-09-04 04:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-10-08 16:08 - 2013-09-04 04:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-10-08 16:08 - 2013-09-04 04:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2013-10-08 16:08 - 2013-09-04 04:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2013-10-08 16:08 - 2013-09-04 04:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2013-10-08 16:08 - 2013-09-04 04:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2013-10-08 16:08 - 2013-09-04 04:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2013-10-08 16:08 - 2013-08-28 18:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-10-08 16:08 - 2013-08-28 18:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-10-08 16:08 - 2013-08-28 18:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\tdh.dll
2013-10-08 16:08 - 2013-08-28 18:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-10-08 16:08 - 2013-08-28 18:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2013-10-08 16:08 - 2013-08-28 17:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-08 16:08 - 2013-08-28 17:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-08 16:08 - 2013-08-28 17:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-08 16:08 - 2013-08-28 17:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-08 16:08 - 2013-08-28 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-08 16:08 - 2013-08-28 17:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-08 16:08 - 2013-08-28 16:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-08 16:08 - 2013-08-28 16:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-08 16:08 - 2013-08-28 16:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-08 16:08 - 2013-08-28 16:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-08 16:08 - 2013-08-27 17:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-10-08 16:08 - 2013-08-27 17:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\System32\scavengeui.dll
2013-10-08 16:08 - 2013-08-01 04:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-10-08 16:08 - 2013-07-20 02:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-08 16:08 - 2013-07-20 02:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-08 16:08 - 2013-07-12 02:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2013-10-08 16:08 - 2013-07-04 04:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2013-10-08 16:08 - 2013-07-04 04:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll
2013-10-08 16:08 - 2013-07-04 04:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2013-10-08 16:08 - 2013-07-04 03:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-08 16:08 - 2013-07-04 03:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-08 16:08 - 2013-07-04 03:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-08 16:08 - 2013-07-04 02:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2013-10-08 16:08 - 2013-07-02 20:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbscan.sys
2013-10-08 16:08 - 2013-07-02 20:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2013-10-08 16:08 - 2013-07-02 20:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2013-10-08 16:08 - 2013-06-25 14:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-10-08 16:08 - 2013-06-05 21:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2013-10-08 16:08 - 2013-06-05 21:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2013-10-08 16:08 - 2013-06-05 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2013-10-08 16:08 - 2013-06-05 21:47 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-10-08 16:08 - 2013-06-05 20:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-08 16:08 - 2013-06-05 20:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-08 16:08 - 2013-06-05 20:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-08 16:08 - 2013-06-05 19:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-10-08 16:08 - 2013-06-05 19:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-08 16:08 - 2013-06-05 19:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

==================== One Month Modified Files and Folders =======

2013-10-15 14:12 - 2013-10-15 14:12 - 00000000 ____D C:\FRST
2013-10-15 11:01 - 2009-07-13 20:45 - 00313176 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-15 11:00 - 2013-10-12 09:56 - 230816252 _____ C:\Windows\MEMORY.DMP
2013-10-15 09:21 - 2012-09-19 13:43 - 00000000 ____D C:\users\support
2013-10-15 09:21 - 2012-02-11 08:17 - 00000000 ____D C:\users\ccorey
2013-10-15 09:21 - 2012-01-26 06:40 - 00000000 ____D C:\users\hmccracken
2013-10-15 09:21 - 2012-01-25 13:21 - 00000000 ____D C:\users\ebass
2013-10-15 09:21 - 2012-01-25 12:41 - 00000000 ____D C:\users\administrator
2013-10-15 09:21 - 2012-01-24 10:37 - 00000000 ____D C:\users\Front Desk 2
2013-10-15 09:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-10-14 10:34 - 2013-10-14 10:34 - 00003368 ____N C:\bootsqm.dat
2013-10-14 08:07 - 2012-02-14 16:20 - 00634880 _____ (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2013-10-12 08:56 - 2011-05-12 22:49 - 01376108 _____ C:\Windows\WindowsUpdate.log
2013-10-12 08:39 - 2012-01-27 06:53 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-12 07:09 - 2012-01-25 12:36 - 00000112 _____ C:\Windows\System32\config\netlogon.ftl
2013-10-11 11:39 - 2012-01-27 06:53 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-11 10:07 - 2012-01-30 06:38 - 00000000 ____D C:\Users\ebass\.meridianemr
2013-10-11 09:01 - 2012-01-27 07:19 - 00000069 _____ C:\Windows\iltwain.ini
2013-10-11 09:01 - 2012-01-27 06:56 - 00000000 ____D C:\ProgramData\MedEvolve
2013-10-09 04:54 - 2012-02-29 10:04 - 00000000 ____D C:\Users\ebass\Tracing
2013-10-09 04:54 - 2012-02-01 12:06 - 00002525 _____ C:\Users\ebass\Sti_Trace.log
2013-10-09 01:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-10-09 00:40 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-09 00:40 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-09 00:37 - 2009-07-13 21:13 - 00726444 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-09 00:31 - 2013-10-09 00:31 - 00001024 _____ C:\.rnd
2013-10-09 00:31 - 2013-03-13 14:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 00:31 - 2013-03-13 14:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-09 00:31 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-09 00:31 - 2009-07-13 20:51 - 00035325 _____ C:\Windows\setupact.log
2013-10-09 00:11 - 2012-01-27 07:04 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-04 04:54 - 2012-11-13 14:50 - 00001819 _____ C:\Users\ebass\Desktop\Billing (DC1) - Shortcut.lnk
2013-09-22 15:28 - 2013-10-09 00:09 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-22 15:28 - 2013-10-09 00:09 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-22 15:27 - 2013-10-09 00:09 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-22 15:27 - 2013-10-09 00:09 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-22 15:27 - 2013-10-09 00:09 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-22 15:27 - 2013-10-09 00:09 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-22 15:27 - 2013-10-09 00:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-22 15:27 - 2013-10-09 00:09 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-22 15:27 - 2013-10-09 00:09 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-22 15:27 - 2013-10-09 00:09 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-22 15:27 - 2013-10-09 00:09 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-22 15:27 - 2013-10-09 00:09 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-22 15:27 - 2013-10-09 00:09 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-22 14:55 - 2013-10-09 00:09 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-09-22 14:55 - 2013-10-09 00:09 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-09-22 14:55 - 2013-10-09 00:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-09-22 14:54 - 2013-10-09 00:09 - 19252224 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-09-22 14:54 - 2013-10-09 00:09 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-09-22 14:54 - 2013-10-09 00:09 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-09-22 14:54 - 2013-10-09 00:09 - 02647552 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-09-22 14:54 - 2013-10-09 00:09 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-09-22 14:54 - 2013-10-09 00:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-09-22 14:54 - 2013-10-09 00:09 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-09-22 14:54 - 2013-10-09 00:09 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-09-22 14:54 - 2013-10-09 00:09 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-09-22 14:54 - 2013-10-09 00:09 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-09-22 14:54 - 2013-10-09 00:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-09-20 19:38 - 2013-10-09 00:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-09-20 19:30 - 2013-10-09 00:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-20 18:48 - 2013-10-09 00:09 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-20 18:39 - 2013-10-09 00:09 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

Files to move or delete:
====================
C:\Users\ebass\g2ax_customer_downloadhelper_win32_x86.exe
C:\Users\Front Desk 2\g2ax_customer_downloadhelper_win32_x86.exe

Some content of TEMP:
====================
C:\Users\administrator\AppData\Local\Temp\AskSLib.dll
C:\Users\administrator\AppData\Local\Temp\MSN9197.exe
C:\Users\administrator\AppData\Local\Temp\msvcr90.dll
C:\Users\administrator\AppData\Local\Temp\pc-decrapifier.exe
C:\Users\administrator\AppData\Local\Temp\sqlite3.dll
C:\Users\ebass\AppData\Local\Temp\_is2CFA.exe
C:\Users\ebass\AppData\Local\Temp\_is4846.exe
C:\Users\ebass\AppData\Local\Temp\_is7DF6.exe
C:\Users\ebass\AppData\Local\Temp\_isAE2A.exe

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

8
Restore point made on: 2013-09-16 00:40:36
Restore point made on: 2013-09-20 00:40:57
Restore point made on: 2013-09-24 00:40:32
Restore point made on: 2013-09-28 00:41:15
Restore point made on: 2013-10-02 00:41:02
Restore point made on: 2013-10-05 23:09:16
Restore point made on: 2013-10-09 00:00:25
Restore point made on: 2013-10-12 00:42:50

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 4061.24 MB
Available physical RAM: 3355.2 MB
Total Pagefile: 4059.39 MB
Available Pagefile: 3343.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:134.95 GB) (Free:82.85 GB) NTFS
Drive e: (DATA) (Fixed) (Total:135.04 GB) (Free:134.93 GB) NTFS
Drive f: (PQSERVICE) (Fixed) (Total:28 GB) (Free:9.89 GB) NTFS
Drive h: () (Removable) (Total:1.88 GB) (Free:1.51 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: E5E84A05)
Partition 1: (Not Active) - (Size=28 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=135 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=135 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 002D382C)
Partition 1: (Active) - (Size=2 GB) - (Type=06)

LastRegBack: 2013-10-10 21:11

==================== End Of Log ============================


Edited by jkratzer, 15 October 2013 - 03:26 PM.


BC AdBot (Login to Remove)

 


#2 jkratzer

jkratzer
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 16 October 2013 - 09:42 AM

I apologise, I ran out of time to try to fix this unit.

 

I am reloading it.

 

Thanks.

 

Please close this item.



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,439 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:42 PM

Posted 20 October 2013 - 09:12 AM

Sorry for the delay in getting to your issue. Unfortunately we are quite busy in attempting to assist people and sometimes the delay is longer than we would like.

I really do apologize we were not available to assist you.

Thanks for letting us know.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,439 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:42 PM

Posted 20 October 2013 - 09:12 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users