Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01 Ran by SYSTEM on MININT-8U3Q977 on 08-09-2014 20:23:01 Running from F:\ Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-01-08] (Intel Corporation) HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [4789248 2013-03-18] (Broadcom Corporation) HKLM\...\Run: [SoundMAX] => C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-29] (Synaptics Incorporated) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [499768 2009-09-01] (Hewlett-Packard) HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [tuto4pc_pl_17] => [X] HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [761536 2014-01-06] () HKLM-x32\...\Run: [GPULoader] => C:\Program Files (x86)\VLC Player GPU+\GPULog.exe [1303776 2013-12-13] () HKLM-x32\...\Run: [GPUTemp] => C:\Users\Kuba\AppData\Local\Temp\GPUTemp.exe [1312136 2014-01-09] () Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\Kuba\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [909696 2010-12-21] (Microsoft Corporation) HKU\Kuba\...\Run: [GG] => C:\Users\Kuba\AppData\Local\GG\Application\gghub.exe [4023360 2014-04-23] (GG Network S.A.) HKU\Kuba\...\Run: [ALLUpdate] => C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [2995712 2013-07-19] (ALLPlayer Group Ltd.) HKU\Kuba\...\Run: [Spotify] => C:\Users\Kuba\AppData\Roaming\Spotify\Spotify.exe [6087224 2014-04-11] (Spotify Ltd) HKU\Kuba\...\Run: [Spotify Web Helper] => C:\Users\Kuba\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-11] (Spotify Ltd) HKU\Kuba\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.) HKU\Kuba\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Kuba\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l Startup: C:\Users\Kuba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hfrev9h.lnk ShortcutTarget: hfrev9h.lnk -> C:\ProgramData\2992199F9A\h9verfh.cpp (Microsoft Corporation) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2008-07-15] (Andrea Electronics Corporation) S2 AutoKMS; C:\Windows\AutoKMS\AutoKMS.exe [732160 2013-03-18] () S2 iSafeService; C:\Program Files (x86)\iSafe\iSafeSvc.exe [118056 2014-04-23] (Elex do Brasil Participações Ltda) S2 MgAssistService; C:\Program Files (x86)\Mobogenie\MgAssist.exe [70848 2014-04-17] () S2 rpcnetp; C:\Windows\System32\rpcnetp.exe [17408 2014-09-08] () S2 rpcnetp; C:\Windows\SysWOW64\rpcnetp.exe [17408 2014-09-08] () S2 Winmgmt; C:\Users\Kuba\AppData\Local\Temp\Low\mqmqiflf8z.faa [332020 2014-04-01] (Microsoft Corporation) S2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [4202496 2013-03-18] (Broadcom Corporation) S2 HPDrvMntSvc.exe; "C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 iSafeKrnl; C:\Program Files (x86)\iSafe\iSafeKrnl.sys [232960 2014-04-23] (Elex do Brasil Participações Ltda) S1 iSafeKrnlKit; C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys [66048 2014-04-23] (Elex do Brasil Participações Ltda) S1 iSafeNetFilter; C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [48128 2014-04-23] (Elex do Brasil Participações Ltda) S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1848496 2009-07-01] () S3 iSafeKrnlBoot; \??\system32\DRIVERS\iSafeKrnlBoot.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-08 20:20 - 2014-09-08 20:23 - 00000000 ____D () C:\FRST ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-08 20:23 - 2014-09-08 20:20 - 00000000 ____D () C:\FRST 2014-09-08 19:15 - 2013-09-17 09:22 - 00000000 ____D () C:\Users\Kuba\AppData\Roaming\Spotify 2014-09-08 19:14 - 2014-02-15 21:13 - 00000288 _____ () C:\Windows\Tasks\Digital Sites.job 2014-09-08 19:14 - 2013-10-15 07:13 - 00000288 _____ () C:\Windows\Tasks\DigitalSite.job 2014-09-08 19:14 - 2013-03-18 18:08 - 00151552 _____ () C:\Windows\KMSEmulator.exe 2014-09-08 19:11 - 2013-12-15 23:25 - 00000352 _____ () C:\Windows\Tasks\AmiUpdXp.job 2014-09-08 19:11 - 2013-03-18 17:17 - 00017408 _____ () C:\Windows\System32\rpcnetp.exe 2014-09-08 19:10 - 2014-04-25 15:21 - 00000000 ____D () C:\ProgramData\2992199F9A 2014-09-08 19:10 - 2013-12-15 23:36 - 00000000 ____D () C:\Program Files (x86)\iSafe 2014-09-08 19:10 - 2013-06-05 17:54 - 00001040 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-08 19:10 - 2013-03-18 19:30 - 00069792 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll 2014-09-08 19:10 - 2013-03-18 19:08 - 00000262 _____ () C:\Windows\Tasks\AutoKMS.job 2014-09-08 19:10 - 2013-03-18 17:18 - 00017408 _____ () C:\Windows\SysWOW64\rpcnetp.dll 2014-09-08 19:10 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-08 19:10 - 2009-07-14 05:51 - 00081481 _____ () C:\Windows\setupact.log 2014-09-08 19:09 - 2013-03-18 17:17 - 00017408 _____ () C:\Windows\SysWOW64\rpcnetp.exe 2014-09-08 18:59 - 2013-09-17 09:23 - 00000000 ____D () C:\Users\Kuba\AppData\Local\Spotify 2014-09-08 18:58 - 2013-07-23 20:38 - 00000000 ____D () C:\Users\Kuba\AppData\Roaming\GG 2014-09-08 18:55 - 2013-03-18 17:20 - 02016171 _____ () C:\Windows\WindowsUpdate.log 2014-09-08 18:55 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-08 18:55 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-08 18:54 - 2013-10-15 07:16 - 00011625 _____ () C:\Users\Kuba\daemonprocess.txt 2014-09-08 18:51 - 2014-01-30 20:55 - 00001438 __RSH () C:\ProgramData\ntuser.pol 2014-09-08 18:50 - 2010-11-21 04:47 - 00027362 _____ () C:\Windows\PFRO.log Some content of TEMP: ==================== C:\Users\Kuba\AppData\Local\Temp\appinstal1.exe C:\Users\Kuba\AppData\Local\Temp\appinstall.exe C:\Users\Kuba\AppData\Local\Temp\AutoRun.exe C:\Users\Kuba\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Kuba\AppData\Local\Temp\eauninstall.exe C:\Users\Kuba\AppData\Local\Temp\ggdrive-menu.exe C:\Users\Kuba\AppData\Local\Temp\ggdrive-overlay.exe C:\Users\Kuba\AppData\Local\Temp\GPUTemp.exe C:\Users\Kuba\AppData\Local\Temp\installstats.exe C:\Users\Kuba\AppData\Local\Temp\OpenCL.dll C:\Users\Kuba\AppData\Local\Temp\ose00000.exe C:\Users\Kuba\AppData\Local\Temp\prefetch.exe C:\Users\Kuba\AppData\Local\Temp\presetup.exe C:\Users\Kuba\AppData\Local\Temp\Reboot.exe C:\Users\Kuba\AppData\Local\Temp\setapp.exe C:\Users\Kuba\AppData\Local\Temp\Setup-a.exe C:\Users\Kuba\AppData\Local\Temp\Setup.exe C:\Users\Kuba\AppData\Local\Temp\Setup1.exe C:\Users\Kuba\AppData\Local\Temp\Setup2.exe C:\Users\Kuba\AppData\Local\Temp\setup_fsu_cid.exe C:\Users\Kuba\AppData\Local\Temp\SimCity 4_uninst.exe C:\Users\Kuba\AppData\Local\Temp\SkypeSetup.exe C:\Users\Kuba\AppData\Local\Temp\SoFe.dll C:\Users\Kuba\AppData\Local\Temp\t.dll C:\Users\Kuba\AppData\Local\Temp\uninst1.exe C:\Users\Kuba\AppData\Local\Temp\UsageTemp.exe C:\Users\Kuba\AppData\Local\Temp\Wejście.rar__4607_i181505115_il264.exe C:\Users\Kuba\AppData\Local\Temp\wupdater.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= Restore point made on: 2013-10-22 22:20:03 Restore point made on: 2013-10-26 17:39:49 Restore point made on: 2013-11-05 22:06:26 Restore point made on: 2013-11-12 22:49:59 Restore point made on: 2013-11-21 19:21:05 Restore point made on: 2013-11-29 22:54:04 Restore point made on: 2013-12-10 22:12:39 Restore point made on: 2014-01-02 00:41:10 ==================== Memory info =========================== Percentage of memory in use: 15% Total physical RAM: 3996.27 MB Available physical RAM: 3380.72 MB Total Pagefile: 3994.46 MB Available Pagefile: 3366.78 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:215.21 GB) (Free:158.33 GB) NTFS Drive f: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (Zastrzeżone przez system) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 80D2F3EE) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=215.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=17.6 GB) - (Type=OF Extended) ======================================================== Disk: 1 (Size: 966.5 MB) (Disk ID: 01369110) Partition 1: (Active) - (Size=966 MB) - (Type=0B) LastRegBack: 2014-01-02 00:34 ==================== End Of Log ============================