Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Startup Repair Offline Bad Driver


  • This topic is locked This topic is locked
62 replies to this topic

#1 larrychu

larrychu

  • Members
  • 46 posts
  • OFFLINE
  •  

Posted 01 February 2014 - 08:01 AM

I'm not good at computers so I'll describe what I did and experienced as far as possible:

There have been some problems with my computer that prevented my computer from shutting down or restarting. I was using Windows 7 English version at that time.

To try to tackle the problem, I installed Windows 7 Enterprise Chinese version (64 bit) that I got from my company. I tried a few times but it stated that windows can't be installed in MBR HDD so I formatted the HDD and converted it into GPT. I finally installed the windows successfully, had it verified and installed the Windows Updates. I then restarted Windows, hoping that the updates will take effect.

However, Windows couldn't start up since then because of "Bad Driver". I tried startup repair but the problem couldn't be fixed. The Problem Signature Screen, from signature 01 to 07 were "6.1.7600.16385, 6.1.7600.16385, unknown, 21199522, AutoFailover, 6, BadDriver" respectively.

What should I do to fix the problem? Are there any fixlogs for my situation?

Thank you in advance for your help and professional advice!


Edited by hamluis, 02 February 2014 - 02:08 PM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 larrychu

larrychu
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  

Posted 01 February 2014 - 07:40 PM

Some more info on the situation:
Windows restarted and went to the "windows boot manager" page with two options-"activate repair" & "start up windows" if i do not insert the installation disc.

Also, for problem signature 06, it is sometimes 6, 7, 8 or 10. Dunno why...

Thanks a lot for your help!

#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:18 PM

Posted 02 February 2014 - 12:25 PM

Hi and welcome.

Lets give it a try.

 

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.

  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt

    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 larrychu

larrychu
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  

Posted 03 February 2014 - 02:03 AM

Done the scan but i'm now using my mobile phone to go online.
Will post the log (it's pretty long though) when i get access to a computer, probably in 4 or 5 hrs
Thanks again in advance!!

#5 larrychu

larrychu
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  

Posted 03 February 2014 - 08:26 AM

here you are the log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04
Ran by SYSTEM on MININT-G592962 on 03-02-2014 14:43:44
Running from F:\
Windows 7 Enterprise (X64) OS Language: 0C04
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-16] (Realtek Semiconductor)
HKLM-x32\...\Run: [ZyngaGamesAgent] - C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe [841544 2010-11-15] (Splashtop Inc.)
HKLM-x32\...\Run: [STCAgent] - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe [771968 2011-08-29] (Splashtop Inc.)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2011-12-16] (Intel Corporation)
HKLM\...\Runonce: [WinSat] - winsat dwm -xml results.xml
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

==================== Services (Whitelisted) =================

S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [138760 2011-08-10] (Symantec Corporation)
S2 SCBackService; C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [477000 2010-11-15] (Splashtop Inc.)

==================== Drivers (Whitelisted) ====================

S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110723.001\BHDrvx64.sys [1151096 2011-07-26] (Symantec Corporation)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys [167048 2011-08-08] (Symantec Corporation)
S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20110726.001\IDSVia64.sys [488568 2011-07-21] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\ENG64.SYS [117880 2011-08-10] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\EX64.SYS [2048632 2011-08-10] (Symantec Corporation)
S3 SRTSP; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSP64.SYS [729720 2011-08-03] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSPX64.SYS [37496 2011-08-03] (Symantec Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS [451192 2011-07-26] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS [1084536 2011-07-29] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2014-02-01] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS [189560 2011-07-26] (Symantec Corporation)
S3 SymNetS; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS [401016 2011-07-26] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-03 14:43 - 2014-02-03 14:43 - 00000000 ____D () C:\FRST
2014-02-02 22:27 - 2014-02-02 22:28 - 00000000 ____D () C:\Windows\System32\config\mybackup
2014-02-01 11:16 - 2014-02-03 14:32 - 281637814 _____ () C:\Windows\MEMORY.DMP
2014-02-01 10:55 - 2014-02-01 11:08 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2014-02-01 10:55 - 2014-02-01 10:55 - 00000000 ____D () C:\Users\LarryChu\AppData\Roaming\Media Player Classic
2014-02-01 10:33 - 2014-02-01 10:57 - 00000000 ____D () C:\Users\LarryChu\Desktop\Ent
2014-02-01 10:02 - 2014-02-01 10:02 - 00000000 ____D () C:\Windows\System32\MRT
2014-02-01 09:59 - 2014-02-01 09:59 - 00000000 ____D () C:\Users\LarryChu\AppData\Roaming\Macromedia
2014-02-01 09:59 - 2014-02-01 09:59 - 00000000 ____D () C:\Users\LarryChu\AppData\Roaming\Adobe
2014-02-01 09:28 - 2014-02-01 09:28 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-02-01 09:26 - 2014-02-01 09:31 - 00000156 _____ () C:\csb.log
2014-02-01 09:26 - 2014-02-01 09:31 - 00000000 ____D () C:\Program Files (x86)\GIGABYTE
2014-02-01 09:26 - 2014-02-01 09:26 - 00000000 ____D () C:\Program Files\GIGABYTE
2014-02-01 09:23 - 2014-02-01 09:25 - 00000189 _____ () C:\Install.log
2014-02-01 09:23 - 2014-02-01 09:23 - 00003044 _____ () C:\RHDSetup.log
2014-02-01 09:23 - 2014-02-01 09:23 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-02-01 09:23 - 2014-02-01 09:23 - 00000000 ____D () C:\Program Files\Realtek
2014-02-01 09:23 - 2014-02-01 09:23 - 00000000 ____D () C:\Program Files\Common Files\Intel
2014-02-01 09:23 - 2014-02-01 09:23 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-02-01 09:23 - 2012-03-21 23:39 - 00121344 _____ (Intel Corporation) C:\Windows\System32\IntelOpenCL64.dll
2014-02-01 09:23 - 2012-03-21 23:39 - 00020992 _____ (Khronos Group) C:\Windows\System32\OpenCL.dll
2014-02-01 09:23 - 2012-03-21 23:33 - 00086528 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2014-02-01 09:23 - 2012-03-21 23:32 - 00017920 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-02-01 09:23 - 2012-01-17 19:19 - 04734440 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
2014-02-01 09:23 - 2012-01-17 16:25 - 00215644 _____ () C:\Windows\System32\Drivers\RTAIODAT.DAT
2014-02-01 09:23 - 2012-01-17 10:39 - 03844200 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll
2014-02-01 09:23 - 2012-01-12 19:25 - 02649704 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll
2014-02-01 09:23 - 2012-01-10 14:48 - 00958296 _____ (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPOShell64.dll
2014-02-01 09:23 - 2011-12-23 13:30 - 00823912 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll
2014-02-01 09:23 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtlCPAPI64.dll
2014-02-01 09:23 - 2011-12-18 17:58 - 02603864 _____ (Waves Audio Ltd.) C:\Windows\System32\WavesGUILib.dll
2014-02-01 09:23 - 2011-12-18 17:58 - 02131288 _____ (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioEQ.dll
2014-02-01 09:23 - 2011-12-16 14:57 - 00894040 _____ (Creative Technology Ltd.) C:\Windows\System32\MBAPO64.dll
2014-02-01 09:23 - 2011-12-16 14:57 - 00750680 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2014-02-01 09:23 - 2011-12-16 14:57 - 00065112 _____ (Creative Technology Ltd.) C:\Windows\System32\MBppld64.dll
2014-02-01 09:23 - 2011-12-15 12:39 - 00100968 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll
2014-02-01 09:23 - 2011-12-13 20:22 - 02528832 _____ (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll
2014-02-01 09:23 - 2011-12-13 16:58 - 01560168 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RTSnMg64.cpl
2014-02-01 09:23 - 2011-12-13 11:01 - 01698408 ____R (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2014-02-01 09:23 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCoLDR64.dll
2014-02-01 09:23 - 2011-07-22 19:35 - 01247848 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll
2014-02-01 09:23 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEP64A.dll
2014-02-01 09:23 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DHT64.dll
2014-02-01 09:23 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DAA64.dll
2014-02-01 09:23 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RTEED64A.dll
2014-02-01 09:23 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEL64A.dll
2014-02-01 09:23 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEG64A.dll
2014-02-01 09:23 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCfg64.dll
2014-02-01 09:23 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO20.dll
2014-02-01 09:23 - 2010-07-22 16:37 - 00200800 _____ (Andrea Electronics Corporation) C:\Windows\System32\AERTAC64.dll
2014-02-01 09:23 - 2010-07-02 19:40 - 00080984 _____ (Creative Technology Ltd.) C:\Windows\System32\MBWrp64.dll
2014-02-01 09:23 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\System32\SRSTSX64.dll
2014-02-01 09:23 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\System32\SRSTSH64.dll
2014-02-01 09:23 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\System32\SRSHP64.dll
2014-02-01 09:23 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\System32\SRSWOW64.dll
2014-02-01 09:23 - 2009-11-18 07:13 - 00060504 _____ (Creative Technology Ltd.) C:\Windows\System32\MBPPCn64.dll
2014-02-01 09:23 - 2009-11-17 18:12 - 00108960 _____ (Andrea Electronics Corporation) C:\Windows\System32\AERTAR64.dll
2014-02-01 09:22 - 2014-02-01 09:22 - 00057560 _____ () C:\Users\LarryChu\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-01 09:22 - 2014-02-01 09:22 - 00000000 ____D () C:\ProgramData\Intel
2014-02-01 09:22 - 2014-02-01 09:22 - 00000000 ____D () C:\Program Files\Intel
2014-02-01 09:22 - 2012-03-31 06:43 - 05888792 _____ (Intel Corporation) C:\Windows\System32\GfxUI.exe
2014-02-01 09:22 - 2012-03-31 06:43 - 00509720 _____ (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
2014-02-01 09:22 - 2012-03-31 06:43 - 00439064 _____ (Intel Corporation) C:\Windows\System32\igfxpers.exe
2014-02-01 09:22 - 2012-03-31 06:43 - 00398616 _____ (Intel Corporation) C:\Windows\System32\hkcmd.exe
2014-02-01 09:22 - 2012-03-31 06:43 - 00276248 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2014-02-01 09:22 - 2012-03-31 06:43 - 00250136 _____ (Intel Corporation) C:\Windows\System32\igfxext.exe
2014-02-01 09:22 - 2012-03-31 06:43 - 00184600 _____ (Intel Corporation) C:\Windows\System32\difx64.exe
2014-02-01 09:22 - 2012-03-31 06:43 - 00170264 _____ (Intel Corporation) C:\Windows\System32\igfxtray.exe
2014-02-01 09:22 - 2012-03-27 10:42 - 00018656 _____ () C:\Windows\System32\iglhxs64.vp
2014-02-01 09:22 - 2012-03-27 10:25 - 00090112 _____ (Intel Corporation) C:\Windows\System32\igfxCoIn_v2712.dll
2014-02-01 09:22 - 2012-03-27 10:09 - 14748416 _____ (Intel Corporation) C:\Windows\System32\Drivers\igdkmd64.sys
2014-02-01 09:22 - 2012-03-27 10:09 - 08087040 _____ (Intel Corporation) C:\Windows\System32\igdumd64.dll
2014-02-01 09:22 - 2012-03-27 10:08 - 00963912 _____ () C:\Windows\SysWOW64\igkrng600.bin
2014-02-01 09:22 - 2012-03-27 10:08 - 00963912 _____ () C:\Windows\System32\igkrng600.bin
2014-02-01 09:22 - 2012-03-27 10:08 - 00261208 _____ () C:\Windows\SysWOW64\igfcg600m.bin
2014-02-01 09:22 - 2012-03-27 10:08 - 00261208 _____ () C:\Windows\System32\igfcg600m.bin
2014-02-01 09:22 - 2012-03-27 10:08 - 00145804 _____ () C:\Windows\SysWOW64\igcompkrng600.bin
2014-02-01 09:22 - 2012-03-27 10:08 - 00145804 _____ () C:\Windows\System32\igcompkrng600.bin
2014-02-01 09:22 - 2012-03-27 10:08 - 00079360 _____ () C:\Windows\System32\igdde64.dll
2014-02-01 09:22 - 2012-03-27 10:05 - 06121472 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll
2014-02-01 09:22 - 2012-03-27 10:03 - 00058880 _____ () C:\Windows\SysWOW64\igdde32.dll
2014-02-01 09:22 - 2012-03-27 09:58 - 09605632 _____ (Intel Corporation) C:\Windows\System32\igd10umd64.dll
2014-02-01 09:22 - 2012-03-27 09:47 - 07795200 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
2014-02-01 09:22 - 2012-03-27 09:05 - 18137088 _____ () C:\Windows\System32\ig4icd64.dll
2014-02-01 09:22 - 2012-03-27 08:47 - 13212672 _____ () C:\Windows\SysWOW64\ig4icd32.dll
2014-02-01 09:22 - 2012-03-27 08:40 - 00440320 _____ (Intel Corporation) C:\Windows\System32\igfxrell.lrc
2014-02-01 09:22 - 2012-03-27 08:40 - 00439808 _____ (Intel Corporation) C:\Windows\System32\igfxrfra.lrc
2014-02-01 09:22 - 2012-03-27 08:40 - 00439808 _____ (Intel Corporation) C:\Windows\System32\igfxresn.lrc
2014-02-01 09:22 - 2012-03-27 08:40 - 00439296 _____ (Intel Corporation) C:\Windows\System32\igfxrrus.lrc
2014-02-01 09:22 - 2012-03-27 08:40 - 00439296 _____ (Intel Corporation) C:\Windows\System32\igfxrrom.lrc
2014-02-01 09:22 - 2012-03-27 08:40 - 00438784 _____ (Intel Corporation) C:\Windows\System32\igfxrptg.lrc
2014-02-01 09:22 - 2012-03-27 08:40 - 00438784 _____ (Intel Corporation) C:\Windows\System32\igfxrplk.lrc
2014-02-01 09:22 - 2012-03-27 08:40 - 00438784 _____ (Intel Corporation) C:\Windows\System32\igfxrnld.lrc
2014-02-01 09:22 - 2012-03-27 08:40 - 00438784 _____ (Intel Corporation) C:\Windows\System32\igfxrita.lrc
2014-02-01 09:22 - 2012-03-27 08:40 - 00438784 _____ (Intel Corporation) C:\Windows\System32\igfxrhrv.lrc
2014-02-01 09:22 - 2012-03-27 08:40 - 00438784 _____ (Intel Corporation) C:\Windows\System32\igfxrdeu.lrc
2014-02-01 09:22 - 2012-03-27 08:40 - 00438272 _____ (Intel Corporation) C:\Windows\System32\igfxrsky.lrc
2014-02-01 09:22 - 2012-03-27 08:40 - 00438272 _____ (Intel Corporation) C:\Windows\System32\igfxrhun.lrc
2014-02-01 09:22 - 2012-03-27 08:40 - 00438272 _____ (Intel Corporation) C:\Windows\System32\igfxrfin.lrc
2014-02-01 09:22 - 2012-03-27 08:40 - 00438272 _____ (Intel Corporation) C:\Windows\System32\igfxrcsy.lrc
2014-02-01 09:22 - 2012-03-27 08:40 - 00437760 _____ (Intel Corporation) C:\Windows\System32\igfxrtrk.lrc
2014-02-01 09:22 - 2012-03-27 08:40 - 00437760 _____ (Intel Corporation) C:\Windows\System32\igfxrsve.lrc
2014-02-01 09:22 - 2012-03-27 08:40 - 00437760 _____ (Intel Corporation) C:\Windows\System32\igfxrslv.lrc
2014-02-01 09:22 - 2012-03-27 08:40 - 00437760 _____ (Intel Corporation) C:\Windows\System32\igfxrptb.lrc
2014-02-01 09:22 - 2012-03-27 08:40 - 00437760 _____ (Intel Corporation) C:\Windows\System32\igfxrnor.lrc
2014-02-01 09:22 - 2012-03-27 08:40 - 00437248 _____ (Intel Corporation) C:\Windows\System32\igfxrtha.lrc
2014-02-01 09:22 - 2012-03-27 08:40 - 00437248 _____ (Intel Corporation) C:\Windows\System32\igfxrdan.lrc
2014-02-01 09:22 - 2012-03-27 08:40 - 00435712 _____ (Intel Corporation) C:\Windows\System32\igfxrheb.lrc
2014-02-01 09:22 - 2012-03-27 08:40 - 00435712 _____ (Intel Corporation) C:\Windows\System32\igfxrara.lrc
2014-02-01 09:22 - 2012-03-27 08:40 - 00432128 _____ (Intel Corporation) C:\Windows\System32\igfxrjpn.lrc
2014-02-01 09:22 - 2012-03-27 08:40 - 00430592 _____ (Intel Corporation) C:\Windows\System32\igfxrkor.lrc
2014-02-01 09:22 - 2012-03-27 08:40 - 00429056 _____ (Intel Corporation) C:\Windows\System32\igfxrcht.lrc
2014-02-01 09:22 - 2012-03-27 08:40 - 00428544 _____ (Intel Corporation) C:\Windows\System32\igfxrchs.lrc
2014-02-01 09:22 - 2012-03-27 08:40 - 00221877 _____ () C:\Windows\System32\Gfxres.th-TH.resources
2014-02-01 09:22 - 2012-03-27 08:40 - 00208522 _____ () C:\Windows\System32\Gfxres.el-GR.resources
2014-02-01 09:22 - 2012-03-27 08:40 - 00192378 _____ () C:\Windows\System32\Gfxres.ru-RU.resources
2014-02-01 09:22 - 2012-03-27 08:40 - 00164821 _____ () C:\Windows\System32\Gfxres.ar-SA.resources
2014-02-01 09:22 - 2012-03-27 08:40 - 00162150 _____ () C:\Windows\System32\Gfxres.ja-JP.resources
2014-02-01 09:22 - 2012-03-27 08:40 - 00157713 _____ () C:\Windows\System32\Gfxres.he-IL.resources
2014-02-01 09:22 - 2012-03-27 08:40 - 00148461 _____ () C:\Windows\System32\Gfxres.it-IT.resources
2014-02-01 09:22 - 2012-03-27 08:40 - 00147116 _____ () C:\Windows\System32\Gfxres.ko-KR.resources
2014-02-01 09:22 - 2012-03-27 08:40 - 00146125 _____ () C:\Windows\System32\Gfxres.es-ES.resources
2014-02-01 09:22 - 2012-03-27 08:40 - 00146008 _____ () C:\Windows\System32\Gfxres.de-DE.resources
2014-02-01 09:22 - 2012-03-27 08:40 - 00144790 _____ () C:\Windows\System32\Gfxres.ro-RO.resources
2014-02-01 09:22 - 2012-03-27 08:40 - 00144267 _____ () C:\Windows\System32\Gfxres.fr-FR.resources
2014-02-01 09:22 - 2012-03-27 08:40 - 00143564 _____ () C:\Windows\System32\Gfxres.tr-TR.resources
2014-02-01 09:22 - 2012-03-27 08:40 - 00143112 _____ () C:\Windows\System32\Gfxres.pt-BR.resources
2014-02-01 09:22 - 2012-03-27 08:40 - 00142797 _____ () C:\Windows\System32\Gfxres.nl-NL.resources
2014-02-01 09:22 - 2012-03-27 08:40 - 00142606 _____ () C:\Windows\System32\Gfxres.hu-HU.resources
2014-02-01 09:22 - 2012-03-27 08:40 - 00142079 _____ () C:\Windows\System32\Gfxres.pt-PT.resources
2014-02-01 09:22 - 2012-03-27 08:40 - 00141854 _____ () C:\Windows\System32\Gfxres.sv-SE.resources
2014-02-01 09:22 - 2012-03-27 08:40 - 00141421 _____ () C:\Windows\System32\Gfxres.pl-PL.resources
2014-02-01 09:22 - 2012-03-27 08:40 - 00141282 _____ () C:\Windows\System32\Gfxres.cs-CZ.resources
2014-02-01 09:22 - 2012-03-27 08:40 - 00140949 _____ () C:\Windows\System32\Gfxres.fi-FI.resources
2014-02-01 09:22 - 2012-03-27 08:40 - 00140548 _____ () C:\Windows\System32\Gfxres.sk-SK.resources
2014-02-01 09:22 - 2012-03-27 08:40 - 00139901 _____ () C:\Windows\System32\Gfxres.hr-HR.resources
2014-02-01 09:22 - 2012-03-27 08:40 - 00136850 _____ () C:\Windows\System32\Gfxres.sl-SI.resources
2014-02-01 09:22 - 2012-03-27 08:40 - 00136778 _____ () C:\Windows\System32\Gfxres.nb-NO.resources
2014-02-01 09:22 - 2012-03-27 08:40 - 00136261 _____ () C:\Windows\System32\Gfxres.da-DK.resources
2014-02-01 09:22 - 2012-03-27 08:40 - 00131674 _____ () C:\Windows\System32\Gfxres.en-US.resources
2014-02-01 09:22 - 2012-03-27 08:40 - 00126976 _____ (Intel Corporation) C:\Windows\System32\igfxcpl.cpl
2014-02-01 09:22 - 2012-03-27 08:40 - 00125306 _____ () C:\Windows\System32\Gfxres.zh-TW.resources
2014-02-01 09:22 - 2012-03-27 08:40 - 00123778 _____ () C:\Windows\System32\Gfxres.zh-CN.resources
2014-02-01 09:22 - 2012-03-27 08:39 - 00410624 _____ (Intel Corporation) C:\Windows\System32\igfxTMM.dll
2014-02-01 09:22 - 2012-03-27 08:39 - 00386560 _____ (Intel Corporation) C:\Windows\System32\igfxpph.dll
2014-02-01 09:22 - 2012-03-27 08:39 - 00063488 _____ (Intel Corporation) C:\Windows\System32\igfxsrvc.dll
2014-02-01 09:22 - 2012-03-27 08:39 - 00028672 _____ (Intel Corporation) C:\Windows\System32\igfxexps.dll
2014-02-01 09:22 - 2012-03-27 08:38 - 00434688 _____ (Intel Corporation) C:\Windows\System32\igfxdev.dll
2014-02-01 09:22 - 2012-03-27 08:38 - 00172032 _____ (Intel Corporation) C:\Windows\System32\gfxSrvc.dll
2014-02-01 09:22 - 2012-03-27 08:38 - 00110592 _____ (Intel Corporation) C:\Windows\System32\hccutils.dll
2014-02-01 09:22 - 2012-03-27 08:38 - 00009216 _____ ( ) C:\Windows\System32\IGFXDEVLib.dll
2014-02-01 09:22 - 2012-03-27 08:37 - 09007616 _____ (Intel Corporation) C:\Windows\System32\igfxress.dll
2014-02-01 09:22 - 2012-03-27 08:37 - 00286208 _____ (Intel Corporation) C:\Windows\System32\igfxrenu.lrc
2014-02-01 09:22 - 2012-03-27 08:37 - 00142336 _____ (Intel Corporation) C:\Windows\System32\igfxdo.dll
2014-02-01 09:22 - 2012-03-27 08:36 - 00025088 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2014-02-01 09:22 - 2012-03-27 08:35 - 00325120 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2014-02-01 09:22 - 2012-03-27 08:33 - 02967040 _____ (Intel Corporation) C:\Windows\System32\igfxcmjit64.dll
2014-02-01 09:22 - 2012-03-27 08:33 - 02321408 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2014-02-01 09:22 - 2012-03-27 08:33 - 01981696 _____ () C:\Windows\System32\iglhxa64.cpa
2014-02-01 09:22 - 2012-03-27 08:33 - 00524800 _____ (Intel Corporation) C:\Windows\System32\iglhsip64.dll
2014-02-01 09:22 - 2012-03-27 08:33 - 00519680 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2014-02-01 09:22 - 2012-03-27 08:33 - 00237056 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2014-02-01 09:22 - 2012-03-27 08:33 - 00213504 _____ (Intel Corporation) C:\Windows\System32\iglhcp64.dll
2014-02-01 09:22 - 2012-03-27 08:33 - 00193024 _____ (Intel Corporation) C:\Windows\System32\igfxcmrt64.dll
2014-02-01 09:22 - 2012-03-27 08:33 - 00177152 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2014-02-01 09:22 - 2012-03-27 08:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-01 09:22 - 2012-03-27 08:33 - 00059425 _____ () C:\Windows\System32\iglhxo64.vp
2014-02-01 09:22 - 2012-03-27 08:33 - 00059398 _____ () C:\Windows\System32\iglhxg64.vp
2014-02-01 09:22 - 2012-03-27 08:33 - 00059230 _____ () C:\Windows\System32\iglhxc64.vp
2014-02-01 09:22 - 2012-03-27 08:33 - 00059104 _____ () C:\Windows\System32\iglhxc64_dev.vp
2014-02-01 09:22 - 2012-03-27 08:33 - 00058796 _____ () C:\Windows\System32\iglhxg64_dev.vp
2014-02-01 09:22 - 2012-03-27 08:33 - 00058109 _____ () C:\Windows\System32\iglhxo64_dev.vp
2014-02-01 09:22 - 2011-12-16 10:40 - 00015128 _____ () C:\Windows\System32\Drivers\IntelMEFWVer.dll
2014-02-01 09:22 - 2011-12-06 19:23 - 00331264 _____ (Intel® Corporation) C:\Windows\System32\Drivers\IntcDAud.sys
2014-02-01 09:22 - 2011-12-06 19:22 - 00014848 _____ (Intel® Corporation) C:\Windows\System32\IntcDAuC.dll
2014-02-01 09:21 - 2014-02-01 09:23 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-01 09:21 - 2014-02-01 09:23 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-02-01 09:21 - 2014-02-01 09:22 - 00000000 ____D () C:\Intel
2014-02-01 09:21 - 2014-02-01 09:21 - 00000000 ___HD () C:\ProgramData\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3}
2014-02-01 09:21 - 2014-02-01 09:21 - 00000000 ____D () C:\Users\LarryChu\AppData\Roaming\InstallShield
2014-02-01 09:21 - 2011-12-07 07:55 - 00053248 ____R (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2014-02-01 09:21 - 2011-11-10 01:04 - 00060184 _____ (Intel Corporation) C:\Windows\System32\Drivers\HECIx64.sys
2014-02-01 09:20 - 2014-02-01 09:26 - 00000000 ____D () C:\ProgramData\Splashtop
2014-02-01 09:20 - 2014-02-01 09:21 - 00001414 _____ () C:\Users\LarryChu\Desktop\Games.lnk
2014-02-01 09:20 - 2014-02-01 09:21 - 00000000 ____D () C:\Users\LarryChu\AppData\Roaming\Splashtop
2014-02-01 09:20 - 2014-02-01 09:21 - 00000000 ____D () C:\Program Files (x86)\Splashtop
2014-02-01 09:20 - 2014-02-01 09:20 - 00174200 _____ (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2014-02-01 09:20 - 2014-02-01 09:20 - 00007530 _____ () C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2014-02-01 09:20 - 2014-02-01 09:20 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-02-01 09:20 - 2014-02-01 09:20 - 00002577 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-02-01 09:20 - 2014-02-01 09:20 - 00000000 ____D () C:\Program Files\Symantec
2014-02-01 09:20 - 2014-02-01 09:20 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-02-01 09:19 - 2014-02-01 11:07 - 00000000 ____D () C:\ProgramData\Norton
2014-02-01 09:19 - 2014-02-01 09:19 - 00000000 ____D () C:\Windows\System32\Drivers\NISx64
2014-02-01 09:19 - 2014-02-01 09:19 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-02-01 09:14 - 2014-02-01 09:14 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-02-01 09:14 - 2014-02-01 09:14 - 00000010 _____ () C:\Windows\GSetup.ini
2014-02-01 08:59 - 2014-02-01 08:59 - 00000000 ____D () C:\Users\LarryChu\AppData\Local\VirtualStore
2014-02-01 08:58 - 2014-02-01 11:09 - 00000000 ____D () C:\users\LarryChu
2014-02-01 08:58 - 2014-02-01 08:58 - 00000020 ___SH () C:\Users\LarryChu\ntuser.ini
2014-02-01 08:58 - 2014-02-01 08:58 - 00000000 __SHD () C:\Recovery
2014-02-01 08:54 - 2014-02-01 08:54 - 00001313 _____ () C:\Windows\TSSysprep.log
2014-02-01 08:54 - 2014-02-01 08:54 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-02-01 08:53 - 2014-02-01 09:20 - 00016575 _____ () C:\Windows\WindowsUpdate.log
2014-02-01 08:50 - 2014-02-01 08:58 - 00000000 ____D () C:\Windows\Panther

==================== One Month Modified Files and Folders =======

2014-02-03 14:43 - 2014-02-03 14:43 - 00000000 ____D () C:\FRST
2014-02-03 14:32 - 2014-02-01 11:16 - 281637814 _____ () C:\Windows\MEMORY.DMP
2014-02-02 22:28 - 2014-02-02 22:27 - 00000000 ____D () C:\Windows\System32\config\mybackup
2014-02-01 11:09 - 2014-02-01 08:58 - 00000000 ____D () C:\users\LarryChu
2014-02-01 11:09 - 2009-07-14 17:41 - 00000000 ____D () C:\Windows\ShellNew
2014-02-01 11:09 - 2009-07-14 17:41 - 00000000 ____D () C:\Program Files\Windows Journal
2014-02-01 11:09 - 2009-07-14 13:32 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-02-01 11:09 - 2009-07-14 13:32 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2014-02-01 11:09 - 2009-07-14 11:20 - 00000000 __RSD () C:\Windows\Media
2014-02-01 11:09 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-02-01 11:09 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\security
2014-02-01 11:09 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-02-01 11:09 - 2009-07-14 11:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-02-01 11:09 - 2009-07-14 11:20 - 00000000 ____D () C:\Program Files\Common Files\Services
2014-02-01 11:08 - 2014-02-01 10:55 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2014-02-01 11:08 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\registration
2014-02-01 11:07 - 2014-02-01 09:19 - 00000000 ____D () C:\ProgramData\Norton
2014-02-01 10:57 - 2014-02-01 10:33 - 00000000 ____D () C:\Users\LarryChu\Desktop\Ent
2014-02-01 10:55 - 2014-02-01 10:55 - 00000000 ____D () C:\Users\LarryChu\AppData\Roaming\Media Player Classic
2014-02-01 10:02 - 2014-02-01 10:02 - 00000000 ____D () C:\Windows\System32\MRT
2014-02-01 09:59 - 2014-02-01 09:59 - 00000000 ____D () C:\Users\LarryChu\AppData\Roaming\Macromedia
2014-02-01 09:59 - 2014-02-01 09:59 - 00000000 ____D () C:\Users\LarryChu\AppData\Roaming\Adobe
2014-02-01 09:31 - 2014-02-01 09:26 - 00000156 _____ () C:\csb.log
2014-02-01 09:31 - 2014-02-01 09:26 - 00000000 ____D () C:\Program Files (x86)\GIGABYTE
2014-02-01 09:28 - 2014-02-01 09:28 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-02-01 09:26 - 2014-02-01 09:26 - 00000000 ____D () C:\Program Files\GIGABYTE
2014-02-01 09:26 - 2014-02-01 09:20 - 00000000 ____D () C:\ProgramData\Splashtop
2014-02-01 09:25 - 2014-02-01 09:23 - 00000189 _____ () C:\Install.log
2014-02-01 09:24 - 2009-07-14 13:32 - 00000000 ____D () C:\Windows\System32\restore
2014-02-01 09:23 - 2014-02-01 09:23 - 00003044 _____ () C:\RHDSetup.log
2014-02-01 09:23 - 2014-02-01 09:23 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-02-01 09:23 - 2014-02-01 09:23 - 00000000 ____D () C:\Program Files\Realtek
2014-02-01 09:23 - 2014-02-01 09:23 - 00000000 ____D () C:\Program Files\Common Files\Intel
2014-02-01 09:23 - 2014-02-01 09:23 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-02-01 09:23 - 2014-02-01 09:21 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-01 09:23 - 2014-02-01 09:21 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-02-01 09:23 - 2009-07-14 12:51 - 00017165 _____ () C:\Windows\setupact.log
2014-02-01 09:22 - 2014-02-01 09:22 - 00057560 _____ () C:\Users\LarryChu\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-01 09:22 - 2014-02-01 09:22 - 00000000 ____D () C:\ProgramData\Intel
2014-02-01 09:22 - 2014-02-01 09:22 - 00000000 ____D () C:\Program Files\Intel
2014-02-01 09:22 - 2014-02-01 09:21 - 00000000 ____D () C:\Intel
2014-02-01 09:21 - 2014-02-01 09:21 - 00000000 ___HD () C:\ProgramData\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3}
2014-02-01 09:21 - 2014-02-01 09:21 - 00000000 ____D () C:\Users\LarryChu\AppData\Roaming\InstallShield
2014-02-01 09:21 - 2014-02-01 09:20 - 00001414 _____ () C:\Users\LarryChu\Desktop\Games.lnk
2014-02-01 09:21 - 2014-02-01 09:20 - 00000000 ____D () C:\Users\LarryChu\AppData\Roaming\Splashtop
2014-02-01 09:21 - 2014-02-01 09:20 - 00000000 ____D () C:\Program Files (x86)\Splashtop
2014-02-01 09:20 - 2014-02-01 09:20 - 00174200 _____ (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2014-02-01 09:20 - 2014-02-01 09:20 - 00007530 _____ () C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2014-02-01 09:20 - 2014-02-01 09:20 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-02-01 09:20 - 2014-02-01 09:20 - 00002577 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-02-01 09:20 - 2014-02-01 09:20 - 00000000 ____D () C:\Program Files\Symantec
2014-02-01 09:20 - 2014-02-01 09:20 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-02-01 09:20 - 2014-02-01 08:53 - 00016575 _____ () C:\Windows\WindowsUpdate.log
2014-02-01 09:19 - 2014-02-01 09:19 - 00000000 ____D () C:\Windows\System32\Drivers\NISx64
2014-02-01 09:19 - 2014-02-01 09:19 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-02-01 09:19 - 2009-07-14 11:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-02-01 09:14 - 2014-02-01 09:14 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-02-01 09:14 - 2014-02-01 09:14 - 00000010 _____ () C:\Windows\GSetup.ini
2014-02-01 09:02 - 2009-07-14 17:24 - 00371100 _____ () C:\Windows\System32\prfh0404.dat
2014-02-01 09:02 - 2009-07-14 17:24 - 00096316 _____ () C:\Windows\System32\prfc0404.dat
2014-02-01 09:02 - 2009-07-14 13:13 - 01179784 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-02-01 09:01 - 2009-07-14 12:45 - 00009984 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-01 09:01 - 2009-07-14 12:45 - 00009984 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-01 08:59 - 2014-02-01 08:59 - 00000000 ____D () C:\Users\LarryChu\AppData\Local\VirtualStore
2014-02-01 08:59 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2014-02-01 08:58 - 2014-02-01 08:58 - 00000020 ___SH () C:\Users\LarryChu\ntuser.ini
2014-02-01 08:58 - 2014-02-01 08:58 - 00000000 __SHD () C:\Recovery
2014-02-01 08:58 - 2014-02-01 08:50 - 00000000 ____D () C:\Windows\Panther
2014-02-01 08:58 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-01 08:55 - 2009-07-14 12:46 - 00001774 _____ () C:\Windows\DtcInstall.log
2014-02-01 08:55 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\System32\sysprep
2014-02-01 08:54 - 2014-02-01 08:54 - 00001313 _____ () C:\Windows\TSSysprep.log
2014-02-01 08:54 - 2014-02-01 08:54 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-02-01 08:51 - 2009-07-14 17:41 - 00000000 ____D () C:\Windows\CSC
2014-02-01 08:51 - 2009-07-14 12:45 - 00266576 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-02-01 08:50 - 2009-07-14 13:38 - 00025600 ___SH () C:\Windows\System32\config\BCD-Template.LOG
2014-02-01 08:50 - 2009-07-14 13:32 - 00028672 _____ () C:\Windows\System32\config\BCD-Template

Some content of TEMP:
====================
C:\Users\LarryChu\AppData\Local\Temp\_is229D.exe

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2014-02-01 09:24:31
Restore point made on: 2014-02-01 09:27:21
Restore point made on: 2014-02-01 09:30:27
Restore point made on: 2014-02-01 09:31:00
Restore point made on: 2014-02-01 09:34:48
Restore point made on: 2014-02-01 10:01:09

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 8069.29 MB
Available physical RAM: 7274.87 MB
Total Pagefile: 8067.43 MB
Available Pagefile: 7271.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.29 GB) (Free:893.02 GB) NTFS
Drive d: (GRMCENXVOL_HK_DVD) (CDROM) (Total:2.96 GB) (Free:0 GB) UDF
Drive f: () (Removable) (Total:3.98 GB) (Free:0.81 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 30FAC7F1)

Partition: GPT Partition Type
========================================================
Disk: 2 (Size: 4 GB) (Disk ID: 62D32822)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

LastRegBack: 2014-02-01 08:51

==================== End Of Log ============================



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:18 PM

Posted 03 February 2014 - 01:43 PM

Did the computer booted after the installation? I see no issues. The only drives visible are part of Norton.

 

Start the computer. Tap on F8 until you reach the Advanced Startup menu. Select "Disable Driver Signature Enforcement" and let it start.

 

Does that makes any difference?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 larrychu

larrychu
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  

Posted 03 February 2014 - 06:28 PM

Sadly, it made no difference
After selecting "Disable Driver Signature Enforcement", it tried to load windows but entered a blue screen for just a split of a second and then it restarted, reached the "Windows Repair Manager" page again showing the two options-"activate repair" and "start up windows". The whole loop then started again....

#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:18 PM

Posted 03 February 2014 - 07:02 PM

Lets take a look at the BlueScreen error message.

   

  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select "Disable Automatic Restart on System Failure", as shown here:

        advancedoptions.png
     
  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:

    bsod_c.jpg


Please post me the Stop error message.

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 larrychu

larrychu
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  

Posted 03 February 2014 - 08:08 PM

It's quite difficult to write down the message as the blue screen just appeared for less than a second. Are there any ways for me to retrieve the error message?

Thanks!!

#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:18 PM

Posted 03 February 2014 - 10:12 PM

Were you able to disable automatic restart after system failure?


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 larrychu

larrychu
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  

Posted 03 February 2014 - 10:16 PM

Sorry, I misread your message. I will try again later and see if I can disable automatic restart after system failure and copy down the error message.

 

Thanks again!



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:18 PM

Posted 03 February 2014 - 10:43 PM

:thumbup2:


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 larrychu

larrychu
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  

Posted 04 February 2014 - 09:54 AM

IRQL_NOT_LESS_OR_EQUAL

Technical information:
*** STOP: 0x0000000A (0xFFFFFA7FFFFFFFE0, 0x0000000000000002, 0x0000000000000001, 0xFFFFF800107C142C)

#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:18 PM

Posted 04 February 2014 - 11:53 AM

That error is usually related to your RAM.

A. If you have more than one RAM module installed, try starting computer with one RAM stick at a time.

NOTE Keep in mind, the manual check listed above is always superior to the software check, listed below. DO NOT proceed with memtest, if you can go with option A

B. If you have only one RAM stick installed...
...run memtest...

1. Download - Pre-Compiled Bootable ISO (.zip)
2. Unzip downloaded memtest86+-2.11.iso.zip file.
3. Inside, you'll find memtest86+-2.11.iso file.
4. Download, and install ImgBurn: http://www.imgburn.com/
5. Insert blank CD into your CD drive.
6. Open ImgBurn, and click on Write image file to disc
7. Click on Browse for a file... icon:
8. Locate memtest86+-2.11.iso file, and click Open button.
9. Click on ImgBurn green arrow to start burning bootable memtest86 CD:
10. Once the CD is created, boot from it, and memtest will automatically start to run.

It's recommended to run 5-6 passes. Each pass contains very same 8 tests.

This will show the progress of the test. It can take a while. Be patient, or leave it running overnight.

The most important item here is the errors line. If you see ANY errors, even one, most likely, you have bad RAM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 larrychu

larrychu
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  

Posted 05 February 2014 - 10:45 AM

I've got two RAM sticks and just tried option A by removing one of the RAM sticks at a time and then tried starting the computer. However, Windows still didn't start up....




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users