Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014 Ran by SYSTEM on MININT-710NL1E on 14-09-2014 14:01:25 Running from E:\ Platform: Windows 8 (X64) OS Language: English (United States) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876304 2013-01-17] (ELAN Microelectronics Corp.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13267016 2013-01-28] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1276488 2013-01-17] (Realtek Semiconductor) HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey HKLM-x32\...\Run: [LManager] => [X] HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2014-06-25] (Dritek System Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [131712 2013-01-24] ( (Qualcomm Atheros Commnucations)) HKU\acer\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\Default\...\RunOnce: [RegAutoPlay] => C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe [1845832 2013-02-20] (Acer Incorporated) HKU\Default User\...\RunOnce: [RegAutoPlay] => C:\Program Files (x86)\Acer\clear.fi Media\RegAutoplay.exe [1845832 2013-02-20] (Acer Incorporated) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [247144 2012-10-12] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [203112 2012-10-12] (NVIDIA Corporation) ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-24] (Qualcomm Atheros Commnucations) S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated) S3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated) S2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2013-01-17] (ELAN Microelectronics Corp.) S2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [694784 2014-08-05] (Cherished Technololgy LIMITED) S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation) S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation) S2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2014-06-25] (Dritek System INC.) S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation) S2 Update Deal Keeper; C:\Program Files (x86)\Deal Keeper\updateDealKeeper.exe [323320 2014-09-11] () S2 Util Deal Keeper; C:\Program Files (x86)\Deal Keeper\bin\utilDealKeeper.exe [323320 2014-09-14] () S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation) S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-01-24] (Qualcomm Atheros) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation) S1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-07-12] (Disc Soft Ltd) S3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2014-06-25] (Dritek System Inc.) S1 {55dce8ba-9dec-4013-937e-adbf9317d990}Gw64; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys [61584 2014-08-05] (StdLib) S1 {55dce8ba-9dec-4013-937e-adbf9317d990}w64; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w64.sys [61584 2014-08-07] (StdLib) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-14 14:00 - 2014-09-14 14:00 - 00000000 ____D () C:\FRST 2014-09-14 13:54 - 2014-09-14 13:54 - 00000000 __SHD () C:\Recovery 2014-09-14 13:54 - 2014-09-14 13:54 - 00000000 _____ () C:\Recovery.txt 2014-08-28 00:04 - 2014-08-22 22:47 - 04036096 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2014-08-26 06:36 - 2014-08-26 06:36 - 00000000 ____D () C:\Users\acer\AppData\Roaming\Unity 2014-08-16 01:18 - 2014-07-15 14:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hdaudbus.sys 2014-08-15 07:27 - 2014-08-15 07:28 - 00000000 ____D () C:\Users\acer\Desktop\Solina ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-14 14:00 - 2014-09-14 14:00 - 00000000 ____D () C:\FRST 2014-09-14 13:54 - 2014-09-14 13:54 - 00000000 __SHD () C:\Recovery 2014-09-14 13:54 - 2014-09-14 13:54 - 00000000 _____ () C:\Recovery.txt 2014-09-14 03:43 - 2014-06-26 06:37 - 01514769 _____ () C:\Windows\WindowsUpdate.log 2014-09-14 03:30 - 2014-06-25 13:28 - 00794946 _____ () C:\Windows\System32\perfh015.dat 2014-09-14 03:30 - 2014-06-25 13:28 - 00159530 _____ () C:\Windows\System32\perfc015.dat 2014-09-14 03:30 - 2012-07-25 23:28 - 01793398 _____ () C:\Windows\System32\PerfStringBackup.INI 2014-09-14 03:26 - 2012-07-25 23:21 - 00028268 _____ () C:\Windows\setupact.log 2014-09-14 03:18 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\System32\sru 2014-09-11 08:54 - 2012-07-25 23:59 - 00000000 ____D () C:\Windows\CbsTemp 2014-09-11 08:54 - 2012-07-25 21:26 - 00000226 _____ () C:\Windows\win.ini 2014-09-10 10:36 - 2014-07-11 21:31 - 00001058 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-08 08:32 - 2014-07-11 21:31 - 00001054 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-08 08:32 - 2012-07-25 23:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-08 08:31 - 2014-06-25 13:30 - 00053284 _____ () C:\Windows\System32\wpbbin.exe 2014-09-08 08:31 - 2012-07-25 21:26 - 00262144 ___SH () C:\Windows\System32\config\BBI 2014-09-07 05:02 - 2014-08-05 08:31 - 00000270 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job 2014-09-07 05:01 - 2014-08-12 05:01 - 00001350 _____ () C:\Users\acer\Desktop\Wyczyść rejestr za darmo!.lnk 2014-09-07 05:01 - 2014-08-05 08:31 - 00003090 _____ () C:\Windows\System32\Tasks\RegClean Pro 2014-09-05 08:40 - 2014-07-11 21:35 - 00002153 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-09-05 08:40 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-08-29 07:57 - 2014-07-12 15:50 - 00000000 ____D () C:\Users\acer\AppData\Roaming\uTorrent 2014-08-29 03:14 - 2014-07-11 21:50 - 00039936 ___SH () C:\Users\acer\Desktop\Thumbs.db 2014-08-29 03:13 - 2014-07-22 18:54 - 00281280 _____ () C:\Windows\System32\FNTCACHE.DAT 2014-08-26 06:36 - 2014-08-26 06:36 - 00000000 ____D () C:\Users\acer\AppData\Roaming\Unity 2014-08-22 22:47 - 2014-08-28 00:04 - 04036096 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2014-08-22 11:25 - 2014-07-08 17:53 - 00000000 ____D () C:\Users\acer\Documents\Bluetooth Folder 2014-08-16 03:30 - 2014-07-21 17:42 - 00000000 ___SD () C:\Windows\System32\CompatTel 2014-08-16 03:30 - 2012-07-26 00:12 - 00000000 ____D () C:\Windows\WinStore 2014-08-16 01:22 - 2014-07-23 17:48 - 00000000 ____D () C:\Windows\System32\MRT 2014-08-16 01:19 - 2014-07-23 17:48 - 99218768 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2014-08-16 00:09 - 2014-08-05 08:31 - 00000278 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job 2014-08-16 00:05 - 2014-07-31 00:58 - 00000000 ____D () C:\Users\acer\AppData\Local\Unity 2014-08-16 00:05 - 2013-03-06 13:13 - 00042480 _____ () C:\Windows\PFRO.log 2014-08-16 00:05 - 2012-07-26 00:12 - 00000000 ___RD () C:\Windows\ToastData 2014-08-15 12:44 - 2014-08-01 07:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2014-08-15 12:44 - 2014-08-01 07:09 - 00040448 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2014-08-15 12:43 - 2014-08-01 07:09 - 03286528 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2014-08-15 12:43 - 2014-08-01 07:09 - 00773632 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2014-08-15 12:43 - 2014-08-01 07:09 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\storewuauth.dll 2014-08-15 12:43 - 2014-08-01 07:09 - 00100352 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2014-08-15 12:43 - 2014-08-01 07:09 - 00059416 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2014-08-15 07:28 - 2014-08-15 07:27 - 00000000 ____D () C:\Users\acer\Desktop\Solina Some content of TEMP: ==================== C:\Users\acer\AppData\Local\Temp\AcerCloudDocsSetup.exe C:\Users\acer\AppData\Local\Temp\AcerCloudSetup.exe C:\Users\acer\AppData\Local\Temp\bitool.dll ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= Restore point made on: 2014-08-01 07:09:18 Restore point made on: 2014-08-14 05:23:39 Restore point made on: 2014-08-22 11:42:58 Restore point made on: 2014-08-28 01:14:34 ==================== Memory info =========================== Percentage of memory in use: 16% Total physical RAM: 3891.6 MB Available physical RAM: 3230.91 MB Total Pagefile: 3891.6 MB Available Pagefile: 3254.76 MB Total Virtual: 131072 MB Available Virtual: 131071.87 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:678.3 GB) (Free:613.59 GB) NTFS Drive d: (IR3_CCSA_X64FRE_EN-US_DV9) (CDROM) (Total:3.83 GB) (Free:0 GB) UDF Drive e: () (Removable) (Total:14.89 GB) (Free:14.89 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: BEDD5648) Partition: GPT Partition Type. ======================================================== Disk: 1 (Size: 14.9 GB) (Disk ID: 00499656) Partition 1: (Not Active) - (Size=14.9 GB) - (Type=0C) LastRegBack: 2014-08-22 09:13 ==================== End Of Log ============================