Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015 Ran by SYSTEM on MININT-5HI2K1I on 17-06-2015 09:17:14 Running from d:\ Platform: Windows 7 Ultimate (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-29] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-02] (AVAST Software) HKU\hell\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google) HKU\hell\...\Run: [OfficeSyncProcess] => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" HKU\hell\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd) HKU\hell\...\Run: [f.lux] => C:\Users\hell\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC) HKU\hell\...\Run: [uTorrent] => C:\Users\hell\AppData\Roaming\uTorrent\uTorrent.exe [1690192 2014-11-16] (BitTorrent Inc.) AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File not found ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-02] (AVAST Software) S2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [192160 2014-07-22] (Microsoft Corporation) S2 postgresql-8.4; C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe [66048 2011-01-27] (PostgreSQL Global Development Group) S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613024 2014-07-22] (Microsoft Corporation) S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-02] () S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-10-02] (AVAST Software) S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-02] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-02] () S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-10-02] (AVAST Software) S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-10-02] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-10-02] (AVAST Software) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-10-02] () S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-25] (DT Soft Ltd) S4 RsFx0201; C:\Windows\System32\DRIVERS\RsFx0201.sys [336880 2012-10-19] (Microsoft Corporation) S5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-17 09:16 - 2015-06-17 09:17 - 00000000 ____D C:\FRST ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) Some files in TEMP: ==================== C:\Users\hell\AppData\Local\Temp\bitool.dll C:\Users\hell\AppData\Local\Temp\BullseyeCoverage-2-x86.dll C:\Users\hell\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppsdnzs.dll C:\Users\hell\AppData\Local\Temp\jikdfy5v.dll C:\Users\hell\AppData\Local\Temp\OptimizerPro.exe C:\Users\hell\AppData\Local\Temp\ose00000.exe C:\Users\hell\AppData\Local\Temp\ose00001.exe C:\Users\hell\AppData\Local\Temp\UnInstallPlus500.exe C:\Users\hell\AppData\Local\Temp\utt80E9.tmp.exe C:\Users\hell\AppData\Local\Temp\uttCE0A.tmp.exe C:\Users\hell\AppData\Local\Temp\xmlUpdater.exe C:\Users\hell\AppData\Local\Temp\{BC19783D-C8A7-40AA-AAC7-A343DB46791A}-27.0.1453.94_27.0.1453.93_chrome_updater.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= ==================== BCD ================================ Windows Boot Manager -------------------- identifier {bootmgr} device partition=C: description Windows Boot Manager locale pt-PT inherit {globalsettings} default {default} resumeobject {a13a0cd3-6471-11e2-8e2f-935f5122b16d} displayorder {default} toolsdisplayorder {memdiag} timeout 30 Windows Boot Loader ------------------- identifier {default} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale pt-PT inherit {bootloadersettings} recoverysequence {a13a0cd5-6471-11e2-8e2f-935f5122b16d} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {a13a0cd3-6471-11e2-8e2f-935f5122b16d} nx OptIn Windows Boot Loader ------------------- identifier {a13a0cd5-6471-11e2-8e2f-935f5122b16d} device ramdisk=[C:]\Recovery\a13a0cd5-6471-11e2-8e2f-935f5122b16d\Winre.wim,{a13a0cd6-6471-11e2-8e2f-935f5122b16d} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\a13a0cd5-6471-11e2-8e2f-935f5122b16d\Winre.wim,{a13a0cd6-6471-11e2-8e2f-935f5122b16d} systemroot \windows nx OptIn winpe Yes Resume from Hibernate --------------------- identifier {a13a0cd3-6471-11e2-8e2f-935f5122b16d} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale pt-PT inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=C: path \boot\memtest.exe description Diagn¢stico de Mem¢ria do Windows locale pt-PT inherit {globalsettings} badmemoryaccess Yes EMS Settings ------------ identifier {emssettings} bootems Yes Debugger Settings ----------------- identifier {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisor Settings ------------------- identifier {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} Device options -------------- identifier {a13a0cd6-6471-11e2-8e2f-935f5122b16d} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\a13a0cd5-6471-11e2-8e2f-935f5122b16d\boot.sdi ==================== Memory info =========================== Percentage of memory in use: 21% Total physical RAM: 3691.71 MB Available physical RAM: 2898.33 MB Total Pagefile: 3689.86 MB Available Pagefile: 2958.69 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:149.41 GB) (Free:14.39 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (Repair disc Windows 7 64-bit) (Removable) (Total:0.94 GB) (Free:0.74 GB) NTFS Drive e: (Data) (Fixed) (Total:147.21 GB) (Free:3.96 GB) NTFS Drive f: (WinRE) (Fixed) (Total:1.46 GB) (Free:1.22 GB) NTFS Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 5813A3A5) Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27) Partition 2: (Active) - (Size=149.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=147.2 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 961 MB) (Disk ID: 00128FFF) Partition 1: (Active) - (Size=960 MB) - (Type=07 NTFS) LastRegBack: 2014-11-19 13:25 ==================== End of log ============================