Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

lots of files missing and pc cannot boot saying acpi.sys is missing


  • This topic is locked This topic is locked
8 replies to this topic

#1 gbe

gbe

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 17 April 2016 - 07:55 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-04-2016 01
Ran by SYSTEM on MININT-MKSO3KK (17-04-2016 22:49:06)
Running from D:\
Platform: Windows 8 Pro (X86) Language: English (United States)
Internet Explorer Version 10
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK.
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-18] (GlavSoft LLC.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM\...\Run: [IgfxTray] => "C:\Windows\system32\igfxtray.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\Titan\...\Run: [Air Display Support] => C:\Program Files\Avatron\Air Display\AirDisplay.exe [4189688 2013-12-03] (Avatron Software, Inc)
HKU\Titan\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-20] (Ruiware LLC)
HKU\Titan\...\Run: [Dropbox Update] => C:\Users\Titan\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-28] (Dropbox, Inc.)
HKU\Titan\...\Run: [ASRockXTU] => [X]
HKU\Titan\...\Run: [GameTracker] => C:\Program Files (x86)\GameTracker\GTLite.exe [4019992 2013-12-19] (ClanServers Hosting LLC)
HKU\Titan\...\Run: [uTorrent] => C:\Users\Titan\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2016-01-07] (BitTorrent Inc.)
HKU\Titan\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
HKU\Titan\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [36776 2016-01-03] (Glarysoft Ltd)
Startup: C:\Users\Titan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-12-22]
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\Titan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk [2016-01-08]
ShortcutTarget: GameRanger.lnk ->  (No File)
Startup: C:\Users\Titan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-01-08]
ShortcutTarget: MEGAsync.lnk ->  (No File)
Startup: C:\Users\Titan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-12-18]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk *   
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4784144 2014-09-22] (Emsisoft GmbH)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [269504 2016-01-08] (Adobe Systems Incorporated)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-07] (AVAST Software)
S4 AVTHelper; C:\Program Files\Avatron\Air Display\AVTHelper.exe [237048 2013-12-03] (Avatron Software)
S3 cphs; C:\Windows\SysWow64\IntelCpHeciSvc.exe [290224 2015-06-01] (Intel Corporation)
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [43616 2012-07-05] (Microsoft Corporation)
S2 GS In-Game Service; C:\Program Files (x86)\GameTracker\GSInGameService.exe [1677080 2013-12-19] (ClanServers Hosting LLC)
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-11-28] (Google Inc.)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-11-28] (Google Inc.)
S2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [634632 2012-06-19] (Intel® Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-08-20] (Intel Corporation)
S2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2015-11-28] ()
S2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [277792 2012-09-10] (Intel Corporation)
S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [739640 2015-11-17] (Malwarebytes Corporation)
S3 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139696 2012-07-11] (Microsoft Corporation)
S3 ose64; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [178760 2014-01-22] (Microsoft Corporation)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2012-07-25] (Microsoft Corporation)
S2 PP Assistant Service; C:\Program Files (x86)\PP安卓助手\adevicehelpersvr.exe [145152 2014-09-11] ()
S2 SplashtopRemoteService; C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [792928 2014-11-19] (Splashtop Inc.)
S2 SSUService; C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [609056 2013-10-08] (Splashtop Inc.)
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [836176 2015-12-14] (Valve Corporation)
S4 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-18] (GlavSoft LLC.)
S2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [365344 2012-09-10] (Intel Corporation)
S4 UnsignedThemes; C:\Windows\unsignedthemes.exe [13824 2013-09-22] (The Within Network, LLC)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
S3 AllUserInstallAgent; %SystemRoot%\system32\AUInstallAgent.dll [X]
S3 PrintNotify; C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [X]
S3 SDRSVC; %Systemroot%\System32\SDRSVC.dll [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
S1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-07] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-24] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-07] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-07] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-07] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2015-12-24] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-07] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-07] (AVAST Software)
S3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
S1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-11-17] ()
S1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2016-01-13] (Glarysoft Ltd)
S3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [21376 2012-07-25] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\Windows\System32\drivers\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation)
S3 1394ohci; \SystemRoot\System32\drivers\1394ohci.sys [X]
S0 3ware; System32\drivers\3ware.sys [X]
S3 acpipagr; \SystemRoot\System32\drivers\acpipagr.sys [X]
S3 AcpiPmi; \SystemRoot\System32\drivers\acpipmi.sys [X]
S3 acpitime; \SystemRoot\System32\drivers\acpitime.sys [X]
S0 adp94xx; System32\drivers\adp94xx.sys [X]
S0 adpahci; System32\drivers\adpahci.sys [X]
S0 adpu320; System32\drivers\adpu320.sys [X]
S0 agp440; System32\drivers\agp440.sys [X]
S3 AirDisplayWDDM; \SystemRoot\system32\DRIVERS\AVWDDMMiniPort.sys [X]
S3 AmdK8; \SystemRoot\System32\drivers\amdk8.sys [X]
S3 AmdPPM; \SystemRoot\System32\drivers\amdppm.sys [X]
S0 amdsata; System32\drivers\amdsata.sys [X]
S0 amdsbs; System32\drivers\amdsbs.sys [X]
S0 amdxata; System32\drivers\amdxata.sys [X]
S3 ampa; \??\C:\Windows\system32\ampa.sys [X]
S0 arc; System32\drivers\arc.sys [X]
S0 arcsas; System32\drivers\arcsas.sys [X]
S0 AsrRamDisk; system32\DRIVERS\AsrRamDisk.sys [X]
S0 atapi; System32\drivers\atapi.sys [X]
S3 athr; \SystemRoot\system32\DRIVERS\athrx.sys [X]
S0 AVPCIFilter; System32\drivers\AVPCIFilter.sys [X]
S0 b06bdrv; System32\drivers\bxvbda.sys [X]
S1 BasicDisplay; \SystemRoot\System32\drivers\BasicDisplay.sys [X]
S1 BasicRender; \SystemRoot\System32\drivers\BasicRender.sys [X]
S3 BthAvrcpTg; \SystemRoot\System32\drivers\BthAvrcpTg.sys [X]
S3 BthHFEnum; \SystemRoot\System32\drivers\bthhfenum.sys [X]
S3 bthhfhid; \SystemRoot\System32\drivers\BthHFHid.sys [X]
S3 BTHMODEM; \SystemRoot\System32\drivers\bthmodem.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 cdrom; \SystemRoot\System32\drivers\cdrom.sys [X]
S3 circlass; \SystemRoot\System32\drivers\circlass.sys [X]
S3 CmBatt; \SystemRoot\System32\drivers\CmBatt.sys [X]
S3 CompositeBus; \SystemRoot\System32\drivers\CompositeBus.sys [X]
S3 dc3d; \SystemRoot\System32\drivers\dc3d.sys [X]
S3 dg_ssudbus; \SystemRoot\system32\DRIVERS\ssudbus.sys [X]
S1 discache; System32\drivers\discache.sys [X]
S0 disk; System32\drivers\disk.sys [X]
S3 dmvsc; \SystemRoot\System32\drivers\dmvsc.sys [X]
S3 drmkaud; \SystemRoot\system32\drivers\drmkaud.sys [X]
S0 ebdrv; System32\drivers\evbda.sys [X]
S0 EhStorTcgDrv; System32\drivers\EhStorTcgDrv.sys [X]
S3 ErrDev; \SystemRoot\System32\drivers\errdev.sys [X]
S3 fdc; \SystemRoot\System32\drivers\fdc.sys [X]
S3 flpydisk; \SystemRoot\System32\drivers\flpydisk.sys [X]
S3 FxPPM; \SystemRoot\System32\drivers\fxppm.sys [X]
S0 gagp30kx; System32\drivers\gagp30kx.sys [X]
S3 GEARAspiWDM; \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys [X]
S3 gencounter; \SystemRoot\System32\drivers\vmgencounter.sys [X]
S3 HdAudAddService; \SystemRoot\system32\drivers\HdAudio.sys [X]
S3 HDAudBus; \SystemRoot\System32\drivers\HDAudBus.sys [X]
S3 HidBatt; \SystemRoot\System32\drivers\HidBatt.sys [X]
S3 HidBth; \SystemRoot\System32\drivers\hidbth.sys [X]
S3 hidi2c; \SystemRoot\System32\drivers\hidi2c.sys [X]
S3 HidIr; \SystemRoot\System32\drivers\hidir.sys [X]
S3 HidUsb; \SystemRoot\System32\drivers\hidusb.sys [X]
S0 HpSAMD; System32\drivers\HpSAMD.sys [X]
S3 hyperkbd; \SystemRoot\System32\drivers\hyperkbd.sys [X]
S3 HyperVideo; \SystemRoot\system32\DRIVERS\HyperVideo.sys [X]
S3 i8042prt; \SystemRoot\System32\drivers\i8042prt.sys [X]
S0 iaStorV; System32\drivers\iaStorV.sys [X]
S3 igfx; \SystemRoot\system32\DRIVERS\igdkmd64.sys [X]
S0 iirsp; System32\drivers\iirsp.sys [X]
S0 intelide; System32\drivers\intelide.sys [X]
S3 intelppm; \SystemRoot\System32\drivers\intelppm.sys [X]
S3 IPMIDRV; \SystemRoot\System32\drivers\IPMIDrv.sys [X]
S0 isapnp; System32\drivers\isapnp.sys [X]
S3 iScsiPrt; \SystemRoot\System32\drivers\msiscsi.sys [X]
S3 ISCT; \SystemRoot\System32\drivers\ISCTD64.sys [X]
S3 kbdclass; \SystemRoot\System32\drivers\kbdclass.sys [X]
S3 kbdhid; \SystemRoot\System32\drivers\kbdhid.sys [X]
S3 kdnic; \SystemRoot\system32\DRIVERS\kdnic.sys [X]
S0 LSI_SAS; System32\drivers\lsi_sas.sys [X]
S0 LSI_SAS2; System32\drivers\lsi_sas2.sys [X]
S0 LSI_SCSI; System32\drivers\lsi_scsi.sys [X]
S0 LSI_SSS; System32\drivers\lsi_sss.sys [X]
S0 megasas; System32\drivers\megasas.sys [X]
S0 MegaSR; System32\drivers\MegaSR.sys [X]
S3 MEIx64; \SystemRoot\System32\drivers\HECIx64.sys [X]
S3 monitor; \SystemRoot\System32\drivers\monitor.sys [X]
S3 mouclass; \SystemRoot\System32\drivers\mouclass.sys [X]
S3 mouhid; \SystemRoot\System32\drivers\mouhid.sys [X]
S3 msgpiowin32; \SystemRoot\System32\drivers\msgpiowin32.sys [X]
S0 msisadrv; System32\drivers\msisadrv.sys [X]
S1 mssmbios; \SystemRoot\System32\drivers\mssmbios.sys [X]
S3 MTConfig; \SystemRoot\System32\drivers\MTConfig.sys [X]
S0 mvumis; System32\drivers\mvumis.sys [X]
S3 netr7364; \SystemRoot\system32\DRIVERS\netr7364.sys [X]
S0 nfrd960; System32\drivers\nfrd960.sys [X]
S1 npsvctrig; \SystemRoot\System32\drivers\npsvctrig.sys [X]
S3 nuviocir; \SystemRoot\system32\DRIVERS\nuviocir_x64.sys [X]
S0 nvraid; System32\drivers\nvraid.sys [X]
S0 nvstor; System32\drivers\nvstor.sys [X]
S0 nv_agp; System32\drivers\nv_agp.sys [X]
S3 Parport; \SystemRoot\System32\drivers\parport.sys [X]
S0 pci; System32\drivers\pci.sys [X]
S0 pciide; System32\drivers\pciide.sys [X]
S0 pcmcia; System32\drivers\pcmcia.sys [X]
S3 Processor; \SystemRoot\System32\drivers\processr.sys [X]
S3 rdpbus; \SystemRoot\System32\drivers\rdpbus.sys [X]
S3 RDPWD; no ImagePath
S3 RTL8168; \SystemRoot\system32\DRIVERS\Rt630x64.sys [X]
S3 s3cap; \SystemRoot\System32\drivers\vms3cap.sys [X]
S0 sbp2port; System32\drivers\sbp2port.sys [X]
S3 sdbus; \SystemRoot\System32\drivers\sdbus.sys [X]
S3 sdstor; \SystemRoot\System32\drivers\sdstor.sys [X]
S4 secdrv; no ImagePath
S3 Serenum; \SystemRoot\System32\drivers\serenum.sys [X]
S3 Serial; \SystemRoot\System32\drivers\serial.sys [X]
S3 sermouse; \SystemRoot\System32\drivers\sermouse.sys [X]
S3 sfloppy; \SystemRoot\System32\drivers\sfloppy.sys [X]
S0 SiSRaid2; System32\drivers\SiSRaid2.sys [X]
S0 SiSRaid4; System32\drivers\sisraid4.sys [X]
S0 spaceport; System32\drivers\spaceport.sys [X]
S0 sptd; \SystemRoot\System32\Drivers\sptd.sys [X]
S3 ssudmdm; \SystemRoot\system32\DRIVERS\ssudmdm.sys [X]
S3 stdpms; \SystemRoot\system32\DRIVERS\stdpms.sys [X]
S0 stexstor; System32\drivers\stexstor.sys [X]
S3 sthid; \SystemRoot\System32\drivers\sthid.sys [X]
S0 storahci; System32\drivers\storahci.sys [X]
S0 storflt; system32\DRIVERS\vmstorfl.sys [X]
S0 storvsc; System32\drivers\storvsc.sys [X]
S3 storvsp; \SystemRoot\System32\drivers\storvsp.sys [X]
S3 swenum; \SystemRoot\System32\drivers\swenum.sys [X]
S3 terminpt; \SystemRoot\System32\drivers\terminpt.sys [X]
S3 TPM; \SystemRoot\system32\drivers\tpm.sys [X]
S3 TsUsbGD; \SystemRoot\System32\drivers\TsUsbGD.sys [X]
S0 uagp35; System32\drivers\uagp35.sys [X]
S3 UASPStor; \SystemRoot\System32\drivers\uaspstor.sys [X]
S3 UCX01000; \SystemRoot\System32\drivers\ucx01000.sys [X]
S0 uliagpkx; System32\drivers\uliagpkx.sys [X]
S3 umbus; \SystemRoot\System32\drivers\umbus.sys [X]
S3 UmPass; \SystemRoot\System32\drivers\umpass.sys [X]
S3 USBAAPL64; \SystemRoot\System32\Drivers\usbaapl64.sys [X]
S3 usbccgp; \SystemRoot\System32\drivers\usbccgp.sys [X]
S3 usbcir; \SystemRoot\System32\drivers\usbcir.sys [X]
S3 usbehci; \SystemRoot\System32\drivers\usbehci.sys [X]
S3 usbhub; \SystemRoot\System32\drivers\usbhub.sys [X]
S3 USBHUB3; \SystemRoot\System32\drivers\UsbHub3.sys [X]
S3 usbohci; \SystemRoot\System32\drivers\usbohci.sys [X]
S3 usbprint; \SystemRoot\System32\drivers\usbprint.sys [X]
S3 USBSTOR; \SystemRoot\System32\drivers\USBSTOR.SYS [X]
S3 usbuhci; \SystemRoot\System32\drivers\usbuhci.sys [X]
S3 USBXHCI; \SystemRoot\System32\drivers\USBXHCI.SYS [X]
S2 uxstyle; \??\C:\Windows\system32\Drivers\uxstyle.sys [X]
S1 VBoxDrv; \SystemRoot\system32\DRIVERS\VBoxDrv.sys [X]
S3 VBoxNetAdp; \SystemRoot\system32\DRIVERS\VBoxNetAdp.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VBoxUSB; \SystemRoot\System32\Drivers\VBoxUSB.sys [X]
S1 VBoxUSBMon; \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys [X]
S0 vdrvroot; System32\drivers\vdrvroot.sys [X]
S3 vhdmp; \SystemRoot\System32\drivers\vhdmp.sys [X]
S0 viaide; System32\drivers\viaide.sys [X]
S3 Vid; \SystemRoot\System32\drivers\Vid.sys [X]
S0 vmbus; System32\drivers\vmbus.sys [X]
S3 VMBusHID; \SystemRoot\System32\drivers\VMBusHID.sys [X]
S3 vmbusr; \SystemRoot\System32\drivers\vmbusr.sys [X]
S0 volmgr; System32\drivers\volmgr.sys [X]
S0 volsnap; System32\drivers\volsnap.sys [X]
S3 vpci; \SystemRoot\System32\drivers\vpci.sys [X]
S3 vpcivsp; \SystemRoot\System32\drivers\vpcivsp.sys [X]
S0 vsmraid; System32\drivers\vsmraid.sys [X]
S0 VSTXRAID; System32\drivers\vstxraid.sys [X]
S3 WacomPen; \SystemRoot\System32\drivers\wacompen.sys [X]
S0 Wd; System32\drivers\wd.sys [X]
S3 WinUsb; \SystemRoot\System32\drivers\WinUsb.sys [X]
S3 WmiAcpi; \SystemRoot\System32\drivers\wmiacpi.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-17 22:49 - 2016-04-17 22:49 - 00000000 ____D C:\FRST
2016-04-17 22:08 - 2012-07-25 21:10 - 00337648 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\acpi.sys
2016-04-17 03:59 - 2016-04-17 03:58 - 02375168 _____ (Farbar) C:\FRST64.exe
2016-04-11 19:04 - 2016-04-11 19:04 - 00000033 _____ C:\bootrepair
2016-04-11 17:09 - 2016-04-12 03:13 - 00000000 ____D C:\0000000001111111111111aaaaaaaaaBACKUPUSB
2016-04-11 17:06 - 2016-01-11 23:41 - 02728384 _____ (Copyright © 2015 eSupport.com • All Rights Reserved ) C:\NTFSUndelete_setup_1248.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-12 03:14 - 2014-07-10 12:40 - 4107771904 _____ C:\en_windows_8_x64_x86_aio.iso
2016-04-11 22:35 - 2016-01-13 00:37 - 00000000 ____D C:\Users\Titan\AppData\Roaming\mysites123
2016-04-11 20:28 - 2016-01-09 19:46 - 00000000 ____D C:\Hercules
 
Some files in TEMP:
====================
C:\Users\Titan\AppData\Local\Temp\gu5setup.exe
C:\Users\Titan\AppData\Local\Temp\Uninstall.exe
 
 
==================== Known DLLs (Whitelisted) =========================
 
C:\Windows\System32\_Wow64cpu.dll IS MISSING <==== ATTENTION
C:\Windows\System32\_Wow64win.dll IS MISSING <==== ATTENTION
C:\Windows\System32\_Wow64.dll IS MISSING <==== ATTENTION
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe
[2014-08-10 01:03] - [2013-06-01 03:34] - 2391280 ____A (Microsoft Corporation) 0E8E6463F81C80AFBED533E0F1F8895D
 
C:\Windows\System32\winlogon.exe
[2015-12-31 08:28] - [2015-11-16 06:27] - 0578048 ____A (Microsoft Corporation) 88B4DA29CF8C3628F3647447FD5CDAE5
 
C:\Windows\System32\wininit.exe
[2012-07-25 16:03] - [2012-07-25 19:08] - 0132608 ____A (Microsoft Corporation) FE9AB232B56A12224E8A3F3F9878C9A3
 
C:\Windows\System32\svchost.exe
[2014-08-10 00:57] - [2012-09-19 22:33] - 0029696 ____A (Microsoft Corporation) EDE27EACE742EE2888C5DD36400A2EC0
 
C:\Windows\System32\services.exe
[2015-11-28 19:26] - [2015-04-12 21:32] - 0417280 ____A (Microsoft Corporation) 590A2B4198DD35AA42893BA04F66FD3F
 
C:\Windows\System32\User32.dll
[2015-12-31 08:26] - [2015-11-07 04:46] - 1341952 ____A (Microsoft Corporation) 066F58F19A68A45DE648F95EF0120DFC
 
C:\Windows\System32\userinit.exe
[2012-07-25 16:06] - [2012-07-25 19:08] - 0025088 ____A (Microsoft Corporation) 0E925F7BA032920D58DD284B6181A247
 
C:\Windows\System32\rpcss.dll
[2012-07-25 15:53] - [2012-07-25 19:07] - 0817152 ____A (Microsoft Corporation) 1EC6E533C954BDDF2A37E7851A7E58FD
 
C:\Windows\System32\dnsapi.dll
[2014-12-15 03:34] - [2014-10-08 19:59] - 0623616 ____A (Microsoft Corporation) 7904C03BF9C0C0337563FFAA97D0ACE8
 
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION
 
==================== EXE Association (Whitelisted) =============
 
 
==================== Restore Points  =========================
 
 
==================== Memory info ===========================  
 
Percentage of memory in use: 14%
Total physical RAM: 3791.18 MB
Available physical RAM: 3237.36 MB
Total Virtual: 3791.18 MB
Available Virtual: 3249.15 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:833.86 GB) (Free:606.01 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (W8_X64_X86_AIO_EN-US) (Removable) (Total:7.45 GB) (Free:3.53 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A86B66A8)
Partition 1: (Active) - (Size=833.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.7 GB) - (Type=05)
 
========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 026254A1)
Partition 1: (Active) - (Size=7.5 GB) - (Type=07 NTFS)
 
 
LastRegBack: 2016-01-07 07:28
 
==================== End of FRST.txt ============================



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,350 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:47 PM

Posted 19 April 2016 - 08:53 AM

gbe:
 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil and I am a trainee in the Bleeping Computer Malware Removal Study Hall.  If you would permit me to address you by your first name, I would prefer to do that since we will be working together.
 
I will be assisting you with your computer issues.  All of my proposed fixes and suggestions must be approved by a fully-qualified Malware Removal Team member or instructor.  This will delay response times somewhat, but I will endeavor to respond within a reasonable time, normally 48 hours after your last post.
 
I will need some time to review your FRST logs and consult with a Malware Response Instructor.   That could take a few days.  Once I have done so, I will post back with initial instructions.
 
Thank you and have a great day.
 
Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,350 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:47 PM

Posted 20 April 2016 - 11:57 AM

gbe:

 

Thank you for your patience while I analyzed your FRST logs.  Unfortunately FRST logs run from the Recovery Environment lack a significant amount of very important information, so what I would like to do first is to try to identify why your computer is not booting, even into Safe Mode, and try to fix that issue first.

 

Would you be so kind as to explain, in as much detail as possible, the circumstances surrounding your computer no longer booting?  What were you doing with your computer?  Did you get any warning or error messages?

 

Do you have access to a Windows 8 OS disk, or a Windows 8 Startup Repair disk/USB drive?

 

Have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#4 gbe

gbe
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 21 April 2016 - 05:59 AM

i was just browsing through my files when suddenly i opened my downloads folder which contained over 200gb of files as they wherent only downloads, was empty. i panicked and restarted my computer only to be confronted by a black screen with white writing saying that acpy.sys was missing or not found. i have access to a windows 8 disk however startup repair tells me that it is incompatible even though im pretty sure that it is the same disk i installed windows 8 from. very puzzling.



#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,350 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:47 PM

Posted 22 April 2016 - 09:43 AM

gbe:

Thank you for your post and your explanation of what was happening before the computer was rendered unbootable by normal means.
 

i have access to a windows 8 disk however startup repair tells me that it is incompatible even though im pretty sure that it is the same disk i installed windows 8 from. very puzzling.

 

First off, that is great news that you have a Windows 8 disk. :thumbup2:

It might not be puzzling if your disk is Windows 8, and you subsequently upgraded your computer to Windows 8.1. There were changes to system files between those two versions, so a "Startup Repair" would not be able to automatically fix the errors, using files from the Windows 8 disk.
The ideal solution is to bring up the "System Recovery Options" menu from the hard disk because it is the OS on the hard disk that we want to repair.



:step1: Can you get your computer to boot into the "System Recovery Options" menu without booting from the Windows 8 disk?

This is often not possible with Windows 8 and Windows 10 computers, especially if "Fast Boot" is enabled, because Windows loads before the F8 key keystrokes can be processed, but it is worth a try

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until "Advanced Boot Options" appears.
  • Use the arrow keys to select the "Repair your computer" menu item.
  • Select US as the "keyboard language" setting, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

 

 

:step2: Do you have any restore points that you can use to restore your computer to an earlier time? You can boot from your Windows 8 DVD, or via the hard disk if you can boot as per :step1:, and then select "System Restore" from the "System Recovery Options" menu.

 

 

:step3: Do you have any recent system images, either Windows images or those made by third-party backup software, such as EaseusTodo Backup, Macrium Reflect, Acronis, etc.? If you have one or more C: drive images from third-party backup software, do you have (did you create) a WinPE or Linux recovery disk with that backup software application? You could boot from those backup recovery disks and restore your hard disk to the date and time of the last system image, but be sure it is a system image, not just a file backup, because restoring your data files is not going to help us to get your computer booting normally again.

 

 

:step4: If none of the steps above work; or, the answer is" "No", you don't have restore points enabled (or none are found) and you don't have any system images, and F8 doesn't work, then let's see what we can do.

Do not follow these instructions otherwise. Please stop here and post back if :step1:, :step2:, or :step3: work or are applicable.


First, please download a copy of FRST64.EXE from Bleeping Computer from here using a clean computer, and save it to USB drive. Next, please insert the USB drive into your computer.

Next, please boot your computer from your Windows 8 DVD.

Once you get to the "System Recovery Options" menu you will see the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt

Select Command Prompt

==========

  • Type C: and press <Enter>.
  • Type explorer and press <Enter>. This will bring up Windows Explorer on your hard drive, hopefully.
  • Please copy FRST64.EXE from your USB drive to the Desktop folder (usually C:\<UserName>\Desktop of your computer, where "<UserName>" is your account user name.
  • Please navigate to: C:\Windows\System32 folder and find the file Notepad.exe.
  • Double click notepad.exe and press <Enter>.
  • When Notepad opens, please copy and paste the contents of the code box below into Notepad, and save it to your desktop with the name "Fixlist.txt".
CMD: sfc /scannow
CMD: type C:\Windows\Logs\CBS\cbs.log

Now we are going to perform two operations with FRST64. First I want you to search for the file acpi.sys.

  • Navigate to the Desktop folder, and double click FRST64.EXE.
  • In the FRST "Search" box, type acpi.sys.
  • Click on "Search Files".
  • A file called "Search.txt" will be created in your Desktop folder.

Next we are going to run the "fixlist.txt" that you created.

  • Click the "Fix" button.
  • When the "Fix" is completed, a file called "fixlog.txt" will be created in your Desktop folder.

Now, please copy the following files from your Desktop folder to your USB drive:

  • Search.txt
  • Fixlog.txt

Then please close Windows Explorer and shut down your computer.
 

 

Please copy and paste the two log files into your next reply.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#6 gbe

gbe
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 24 April 2016 - 03:22 AM

steps one through three where unsuccessful unfortunately. I proceeded to step for as instructed and here are the two text files.
 
First of all Search.txt
 
 
 
Farbar Recovery Scan Tool (x86) Version:16-04-2016 01
Ran by SYSTEM (2016-04-24 17:57:10)
Running from C:\Users\Titan\Desktop
Boot Mode: Recovery
 
================== Search Files: "acpi.sys" =============
 
C:\Windows.old.002\Windows\WinSxS\amd64_acpi.inf_31bf3856ad364e35_6.2.9200.20521_none_7c19e8c370bbae85\acpi.sys
[2013-11-30 14:33][2012-09-20 00:41] 0425192 ___AC (Microsoft Corporation) 5602C96BCD1A83E5F1C5A718AD04A2AA
 
C:\Windows.old.002\Windows\WinSxS\amd64_acpi.inf_31bf3856ad364e35_6.2.9200.16420_none_7b8f4bae579ef564\acpi.sys
[2013-11-30 14:33][2012-09-20 00:31] 0425192 ___AC (Microsoft Corporation) 975AABEB243B800C23626D6B652C5A9C
 
C:\Windows.old.002\Windows\WinSxS\amd64_acpi.inf_31bf3856ad364e35_6.2.9200.16384_none_7b526b6857cc053f\acpi.sys
[2012-07-25 18:28][2012-07-25 20:57] 0424688 ___AC (Microsoft Corporation) A3BDA4D1186C8F47FA1BC8E91F197537
 
C:\Windows.old.001\Windows\WinSxS\amd64_acpi.inf_31bf3856ad364e35_6.2.9200.16384_none_7b526b6857cc053f\acpi.sys
[2012-07-25 18:28][2012-07-25 20:57] 0424688 ____A (Microsoft Corporation) A3BDA4D1186C8F47FA1BC8E91F197537
 
C:\Windows.old.001\Windows\System32\DriverStore\FileRepository\acpi.inf_amd64_925dbf14f1d436ac\acpi.sys
[2012-07-25 18:28][2012-07-25 20:57] 0424688 ____A (Microsoft Corporation) A3BDA4D1186C8F47FA1BC8E91F197537
 
C:\Windows.old.001\Windows\System32\Drivers\acpi.sys
[2012-07-25 18:28][2012-07-25 20:57] 0424688 ____A (Microsoft Corporation) A3BDA4D1186C8F47FA1BC8E91F197537
 
C:\Windows\WinSxS\amd64_acpi.inf_31bf3856ad364e35_6.2.9200.20521_none_7c19e8c370bbae85\acpi.sys
[2014-08-10 00:58][2012-09-20 00:41] 0425192 ___AC (Microsoft Corporation) 5602C96BCD1A83E5F1C5A718AD04A2AA
 
C:\Windows\WinSxS\amd64_acpi.inf_31bf3856ad364e35_6.2.9200.16420_none_7b8f4bae579ef564\acpi.sys
[2014-08-10 00:58][2012-09-20 00:31] 0425192 ____C (Microsoft Corporation) 975AABEB243B800C23626D6B652C5A9C
 
C:\Windows\WinSxS\amd64_acpi.inf_31bf3856ad364e35_6.2.9200.16384_none_7b526b6857cc053f\acpi.sys
[2012-07-25 18:28][2012-07-25 20:57] 0424688 ____C (Microsoft Corporation) A3BDA4D1186C8F47FA1BC8E91F197537
 
C:\Windows\System32\Drivers\acpi.sys
[2016-04-17 22:08][2012-07-25 21:10] 0337648 ____A (Microsoft Corporation) 682595B152AA55B2237D40EB9A3271FC
 
C:\Users\Titan\Desktop\desktop\old halim desktop\WINDOWS\$NtServicePackUninstall$\acpi.sys
[2014-02-15 13:59][2004-08-03 04:07] 0187776 ____A (Microsoft Corporation) A10C7534F7223F4A73A948967D00E69B
 
X:\Windows\WinSxS\x86_acpi.inf_31bf3856ad364e35_6.2.9200.16384_none_1f33cfe49f6e9409\acpi.sys
[2012-07-25 21:10][2012-07-25 21:10] 0337648 ____A (Microsoft Corporation) 682595B152AA55B2237D40EB9A3271FC
 
X:\Windows\System32\DriverStore\FileRepository\acpi.inf_x86_9e9050bdb023c11d\acpi.sys
[2012-07-25 21:10][2012-07-25 21:10] 0337648 ____A (Microsoft Corporation) 682595B152AA55B2237D40EB9A3271FC
 
X:\Windows\System32\Drivers\acpi.sys
[2012-07-25 21:10][2012-07-25 21:10] 0337648 ____A (Microsoft Corporation) 682595B152AA55B2237D40EB9A3271FC
 
====== End of Search ======
 
 
 
 
and now fixlog.txt

Attached Files



#7 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,350 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:47 PM

Posted 26 April 2016 - 06:12 AM

gbe:

 

Thank you for your post and for your logs.  Your FRST scans do not show any active infections, BUT, they were run in the Recovery Environment, so are not as complete as FRST scans run from a normally booting computer.

 

My area of study, and some expertise, is malware removal.  What we seem to be dealing with here is significant corruption to the Windows OS itself, caused for reasons not identified.

 

You are probably best advised to seek assistance in the Windows 8 and Windows 8.1 Forum here at Bleeping Computer.

 

You can try to rebuild your boot configuration data and see if that might get your computer booting again normally.  If that works then, you could re-run the FRST and Addition.txt scans, and I could check them to confirm that there is no active malware on your computer.  There is a good article here on the BCD command and how to use it.

 

CAUTION: If the BCD command is not correctly configured and executed, it could incorrectly rebuild the Boot Configuration Data, causing further corruption.  DO THIS AT YOUR OWN RISK!

 

You should back up all of your data files to an external drive or the cloud  BEFORE  running BCD, in case it does become necessary to reset your computer, or repair attempts cause further corruption.

 

Please let me know how you wish to proceed.

 

I am sorry that I can't be of further assistance.  Thank you for your patience in awaiting my response.  Have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#8 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,350 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:06:47 PM

Posted 29 April 2016 - 09:04 AM

gbe:

 

I have not heard back from you.  It has been three days.  Do you still require assistance?

 

If you don't reply in 48 hours, the Moderators will close this topic.

 

Thank you and have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,825 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:47 AM

Posted 01 May 2016 - 11:25 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users