Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016 Ran by z00269rd (administrator) on MD1KHMNC (15-12-2016 19:43:11) Running from C:\Users\z00269rd\Desktop Loaded Profiles: z00269rd (Available Profiles: z00269rd) Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: Angielski (Stany Zjednoczone) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Program Files\Siemens\UCMS\Core\UCMS.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Pulse Secure, LLC) C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe (IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\nslsvice.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Pulse Secure, LLC) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe (IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe (IBM) C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe (Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Utils\SwiService.exe (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe (McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe (Pulse Secure, LLC) C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe (McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.SmartMonitor.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (Atos IT Solutions and Services GmbH) C:\Program Files\CardOS API\bin\cardoscp.exe (Syncplicity LLC) C:\Program Files\Syncplicity\Syncplicity.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe () C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\Pulse.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe (Siemens) C:\Users\z00269rd\AppData\Roaming\Siemens\PCS\PCSMonitor.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Microsoft Corporation) C:\Windows\SysWOW64\CCM\CcmExec.exe (Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Service.exe (Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Pulse Secure, LLC) C:\Users\z00269rd\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\NTRTScan.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\TmCCSF.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\Temp\pccntupd.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\AuthManager\AuthManSvr.exe (Pulse Secure, LLC") C:\Users\z00269rd\AppData\Roaming\Juniper Networks\Host Checker\dsHostChecker.exe (Pulse Secure, LLC) C:\Program Files (x86)\Juniper Networks\Network Connect 8.0\dsNetworkConnect.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNT.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184632 2013-11-13] (Motorola Solutions, Inc.) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [158416 2013-07-08] (FUJITSU LIMITED) HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [23248 2013-07-08] (FUJITSU LIMITED) HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [171344 2013-07-28] (FUJITSU LIMITED) HKLM\...\Run: [CardOS API] => C:\Program Files\CardOS API\bin\cardoscp.exe [178000 2014-02-25] (Atos IT Solutions and Services GmbH) HKLM\...\Run: [Syncplicity] => C:\Program Files\Syncplicity\Syncplicity.exe [129536 2016-08-01] (Syncplicity LLC) HKLM\...\Run: [SIECACST] => C:\Program Files\Siemens\CardOS API\bin\siecacst.exe HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-12-20] (Intel Corporation) HKLM-x32\...\Run: [USM] => C:\Program Files (x86)\Siemens\USM\USM.exe [57344 2007-11-07] (Siemens AG) HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [530560 2016-04-25] (Citrix Systems, Inc.) HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [239744 2016-04-25] (Citrix Systems, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-10-01] (Adobe Systems Incorporated) HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [2503608 2016-05-26] (Trend Micro Inc.) HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe [5164712 2013-04-10] (Microsoft Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2016-10-01] (Adobe Systems Inc.) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2724896 2016-06-24] (Sony Corporation) HKLM-x32\...\Run: [PulseSecure] => C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\Pulse.exe [3168216 2016-05-06] () HKLM\...\Policies\Explorer: [NoThumbnailCache] 1 HKLM\...\Policies\Explorer: [NoAutorun] 1 HKLM\...\Policies\Explorer: [NoPublishingWizard] 1 HKLM\...\Policies\Explorer: [NoWebServices] 1 HKLM\...\Policies\Explorer: [NoOnlinePrintsWizard] 1 HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1 HKLM\...\Disallowed\Certificates: 02C2D931062D7B1DC2A5C7F5F0685064081FB221 (U) HKLM\...\Disallowed\Certificates: 08738A96A4853A52ACEF23F782E8E1FEA7BCED02 (U) HKLM\...\Disallowed\Certificates: 08E4987249BC450748A4A78133CBF041A3510033 (U) HKLM\...\Disallowed\Certificates: 09271DD621EBD3910C2EA1D059F99B8181405A17 (U) HKLM\...\Disallowed\Certificates: 09FF2CC86CEEFA8A8BB3F2E3E84D6DA3FABBF63E (U) HKLM\...\Disallowed\Certificates: 1916A2AF346D399F50313C393200F14140456616 (U) HKLM\...\Disallowed\Certificates: 23EF3384E21F70F034C467D4CBA6EB61429F174E (U) HKLM\...\Disallowed\Certificates: 2A83E9020591A55FC6DDAD3FB102794C52B24E70 (U) HKLM\...\Disallowed\Certificates: 2B84BFBB34EE2EF949FE1CBE30AA026416EB2216 (U) HKLM\...\Disallowed\Certificates: 305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6 (U) HKLM\...\Disallowed\Certificates: 330D8D3FD325A0E5FDDDA27013A2E75E7130165F (U) HKLM\...\Disallowed\Certificates: 367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB (U) HKLM\...\Disallowed\Certificates: 374D5B925B0BD83494E656EB8087127275DB83CE (U) HKLM\...\Disallowed\Certificates: 3A26012171855D4020C973BEC3F4F9DA45BD2B83 (U) HKLM\...\Disallowed\Certificates: 3A850044D8A195CD401A680C012CB0A3B5F8DC08 (U) HKLM\...\Disallowed\Certificates: 3EB44E5FFE6DC72DED703E99902722DB38FFD1CB (U) HKLM\...\Disallowed\Certificates: 40AA38731BD189F9CDB5B9DC35E2136F38777AF4 (U) HKLM\...\Disallowed\Certificates: 43D9BCB568E039D073A74A71D8511F7476089CC3 (U) HKLM\...\Disallowed\Certificates: 471C949A8143DB5AD5CDF1C972864A2504FA23C9 (U) HKLM\...\Disallowed\Certificates: 4822824ECE7ED1450C039AA077DC1F8AE3489BBF (U) HKLM\...\Disallowed\Certificates: 4D8547B7F864132A7F62D9B75B068521F10B68E3 (U) HKLM\...\Disallowed\Certificates: 4DF13947493CFF69CDE554881C5F114E97C3D03B (U) HKLM\...\Disallowed\Certificates: 4ED8AA06D1BC72CA64C47B1DFE05ACC8D51FC76F (U) HKLM\...\Disallowed\Certificates: 51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74 (U) HKLM\...\Disallowed\Certificates: 587B59FB52D8A683CBE1CA00E6393D7BB923BC92 (U) HKLM\...\Disallowed\Certificates: 5CE339465F41A1E423149F65544095404DE6EBE2 (U) HKLM\...\Disallowed\Certificates: 5D5185DF1EB7DC76015422EC8138A5724BEE2886 (U) HKLM\...\Disallowed\Certificates: 5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179 (U) HKLM\...\Disallowed\Certificates: 61793FCBFA4F9008309BBA5FF12D2CB29CD4151A (U) HKLM\...\Disallowed\Certificates: 637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6 (U) HKLM\...\Disallowed\Certificates: 63FEAE960BAA91E343CE2BD8B71798C76BDB77D0 (U) HKLM\...\Disallowed\Certificates: 6431723036FD26DEA502792FA595922493030F97 (U) HKLM\...\Disallowed\Certificates: 6690C02B922CBD3FF0D0A5994DBD336592887E3F (U) HKLM\...\Disallowed\Certificates: 7311E77EC400109D6A5326D8F6696204FD59AA3B (U) HKLM\...\Disallowed\Certificates: 7613BF0BA261006CAC3ED2DDBEF343425357F18B (U) HKLM\...\Disallowed\Certificates: 7D7F4414CCEF168ADF6BF40753B5BECD78375931 (U) HKLM\...\Disallowed\Certificates: 80962AE4D6C5B442894E95A13E4A699E07D694CF (U) HKLM\...\Disallowed\Certificates: 838FFD509DE868F481C29819992E38A4F7082873 (U) HKLM\...\Disallowed\Certificates: 86E817C81A5CA672FE000F36F878C19518D6F844 (U) HKLM\...\Disallowed\Certificates: 8977E8569D2A633AF01D0394851681CE122683A6 (U) HKLM\...\Disallowed\Certificates: 8B2E65A5DA17FCCCBCDE7EF87B0C0ED5D0701F9F (U) HKLM\...\Disallowed\Certificates: 8E5BD50D6AE686D65252F843A9D4B96D197730AB (U) HKLM\...\Disallowed\Certificates: 915A478DB939925DA8D9AEA12D8BBA140D26599C (U) HKLM\...\Disallowed\Certificates: 9845A431D51959CAF225322B4A4FE9F223CE6D15 (U) HKLM\...\Disallowed\Certificates: 98A04E4163357790C4A79E6D713FF0AF51FE6927 (U) HKLM\...\Disallowed\Certificates: A1505D9843C826DD67ED4EA5209804BDBB0DF502 (U) HKLM\...\Disallowed\Certificates: A221D360309B5C3C4097C44CC779ACC5A9845B66 (U) HKLM\...\Disallowed\Certificates: A35A8C727E88BCCA40A3F9679CE8CA00C26789FD (U) HKLM\...\Disallowed\Certificates: A7B5531DDC87129E2C3BB14767953D6745FB14A6 (U) HKLM\...\Disallowed\Certificates: A81706D31E6F5C791CD9D3B1B9C63464954BA4F5 (U) HKLM\...\Disallowed\Certificates: B533345D06F64516403C00DA03187D3BFEF59156 (U) HKLM\...\Disallowed\Certificates: B86E791620F759F17B8D25E38CA8BE32E7D5EAC2 (U) HKLM\...\Disallowed\Certificates: BED412B1334D7DFCEBA3015E5F9F905D571C45CF (U) HKLM\...\Disallowed\Certificates: C060ED44CBD881BD0EF86C0BA287DDCF8167478C (U) HKLM\...\Disallowed\Certificates: C6796490CDEEAAB31AED798752ECD003E6866CB2 (U) HKLM\...\Disallowed\Certificates: C69F28C825139E65A646C434ACA5A1D200295DB1 (U) HKLM\...\Disallowed\Certificates: CEA586B2CE593EC7D939898337C57814708AB2BE (U) HKLM\...\Disallowed\Certificates: D018B62DC518907247DF50925BB09ACF4A5CB3AD (U) HKLM\...\Disallowed\Certificates: D0BB3E3DFBFB86C0EEE2A047E328609E6E1F185E (U) HKLM\...\Disallowed\Certificates: D2DBF71823B2B8E78F5958096150BFCB97CC388A (U) HKLM\...\Disallowed\Certificates: D43153C8C25F0041287987250F1E3CABAC8C2177 (U) HKLM\...\Disallowed\Certificates: D8CE8D07F9F19D2569C2FB854401BC99C1EB7C3B (U) HKLM\...\Disallowed\Certificates: DB5042ED256FF426867B332887ECCE2D95E79614 (U) HKLM\...\Disallowed\Certificates: E1F3591E769865C4E447ACC37EAFC9E2BFE4C576 (U) HKLM\...\Disallowed\Certificates: E38A2B7663B86796436D8DF5898D9FAA6835B238 (U) HKLM\...\Disallowed\Certificates: E95DD86F32C771F0341743EBD75EC33C74A3DED9 (U) HKLM\...\Disallowed\Certificates: E9809E023B4512AA4D4D53F40569C313C1D0294D (U) HKLM\...\Disallowed\Certificates: F5A874F3987EB0A9961A564B669A9050F770308A (U) HKLM\...\Disallowed\Certificates: F8A54E03AADC5692B850496A4C4630FFEAA29D83 (U) HKLM\...\Disallowed\Certificates: F92BE5266CC05DB2DC0DC3F2DC74E02DEFD949CB (U) HKLM\...\Disallowed\Certificates: FA6660A94AB45F6A88C0D7874D89A863D74DEE97 (U) HKU\S-1-5-21-462691900-2967613020-3702357964-499332\...\Run: [SiemensPulseCheckSurvey] => C:\Users\z00269rd\AppData\Roaming\Siemens\PCS\PCSLauncher.exe [38048 2016-01-08] (Siemens) HKU\S-1-5-21-462691900-2967613020-3702357964-499332\...\Policies\system: [HideLogonScripts] 0 HKU\S-1-5-21-462691900-2967613020-3702357964-499332\...\Policies\system: [HideLogoffScripts] 0 HKU\S-1-5-21-462691900-2967613020-3702357964-499332\...\Policies\system: [HideLegacyLogonScripts] 0 HKU\S-1-5-21-462691900-2967613020-3702357964-499332\...\Policies\Explorer: [NoStartMenuMyGames] 1 HKU\S-1-5-21-462691900-2967613020-3702357964-499332\...\Policies\Explorer: [NoDrives] 2 HKU\S-1-5-21-462691900-2967613020-3702357964-499332\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-462691900-2967613020-3702357964-499332\...\Policies\Explorer: [DisallowCpl] 1 HKU\S-1-5-21-462691900-2967613020-3702357964-499332\...\Policies\Explorer: [NoWindowsUpdate] 1 HKU\S-1-5-21-462691900-2967613020-3702357964-499332\...\Policies\Explorer: [NoInplaceSharing] 1 HKU\S-1-5-21-462691900-2967613020-3702357964-499332\...\MountPoints2: {2d0dbe00-ad76-11e6-8a3b-d8fc93c983b6} - E:\AutoRun.exe HKU\S-1-5-21-462691900-2967613020-3702357964-499332\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [Greenshot] => C:\Program Files\GREENSHOT\Greenshot.exe [528384 2015-11-10] (Greenshot) Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter ShellIconOverlayIdentifiers: [ Syncplicity Icon Overlay (Folder)] -> {02FCECC2-84DC-4FAA-A718-C41FFCA5B8D1} => C:\Program Files\Syncplicity\SyncplicityShellExt.dll [2016-08-01] (Syncplicity LLC.) ShellIconOverlayIdentifiers: [ Syncplicity Icon Overlay (Fully Synced)] -> {CA4FCCBF-F4B7-4DD1-861E-1F42AAD396D1} => C:\Program Files\Syncplicity\SyncplicityShellExt.dll [2016-08-01] (Syncplicity LLC.) ShellIconOverlayIdentifiers: [ Syncplicity Icon Overlay (Not Latest Version)] -> {284C090F-EB1D-4A6E-872E-6DB72E417E24} => C:\Program Files\Syncplicity\SyncplicityShellExt.dll [2016-08-01] (Syncplicity LLC.) ShellIconOverlayIdentifiers: [ Syncplicity Icon Overlay (Shared Folder)] -> {3DFC86AD-F2CC-4AdA-98DD-AC5DC84119CC} => C:\Program Files\Syncplicity\SyncplicityShellExt.dll [2016-08-01] (Syncplicity LLC.) GroupPolicy: Restriction <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) AutoConfigURL: [S-1-5-21-462691900-2967613020-3702357964-499332] => hxxp://proxyconf-uba.siemens.net/proxy-coia.pac Hosts: 217.194.36.219 ura-emea.siemens.com Tcpip\Parameters: [DhcpNameServer] 146.254.168.114 146.254.160.30 Tcpip\..\Interfaces\{43DEFFFB-69ED-4C33-AA1A-59EC200414FC}: [NameServer] 213.158.199.1 213.158.199.5 Tcpip\..\Interfaces\{63B419CD-CD6E-43A7-B3FE-9A8BD896DF27}: [DhcpNameServer] 146.254.168.114 146.254.160.30 ManualProxies: 0hxxp://proxyconf-uba.siemens.net/proxy-coia.pac Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-462691900-2967613020-3702357964-499332\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-462691900-2967613020-3702357964-499332\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://intranet.entry.siemens.com SearchScopes: HKU\S-1-5-21-462691900-2967613020-3702357964-499332 -> DefaultScope {34457E82-8AB6-4930-BBC5-172592CE241C} URL = BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated) BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-11-02] (Intel Security) BHO-x32: PDF-XChange V6 IE Plugin -> {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} -> C:\Program Files\Tracker Software\PDF-XChange 6\PXCIEAddin6.dll [2016-04-19] (Tracker Software Products (Canada) Ltd.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-26] (Oracle Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-26] (Oracle Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - PDF-XChange V6 IE Plugin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 6\PXCIEAddin6.dll [2016-04-19] (Tracker Software Products (Canada) Ltd.) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-11-02] (Intel Security) Toolbar: HKU\S-1-5-21-462691900-2967613020-3702357964-499332 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File DPF: HKLM {583C990C-2D38-410c-9A4A-0932D66A754F} hxxps://pulsesecure.net/dana-cached/sc/PulseSetupClient64.cab DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab DPF: HKLM-x32 {1ad2de06-0e2d-440a-ba6a-689a25c9c57c} hxxps://share-emea.med.siemens.de/sales_eni/19255/applets/SiebelAx_Calendar.cab DPF: HKLM-x32 {25aeb462-f578-4c60-b373-1b031353c8b3} hxxps://share-emea.med.siemens.de/sales_eni/19255/applets/SiebelAx_Test_Automation.cab DPF: HKLM-x32 {453738a0-2128-485b-b017-d9dd3079099e} hxxps://share-emea.med.siemens.de/sales_eni/19255/applets/SiebelAx_CTI_Toolbar.cab DPF: HKLM-x32 {461d6f62-dad7-4485-b024-20fe729b255c} hxxps://share-emea.med.siemens.de/sales_eni/19255/applets/SiebelAx_Marketing_HTML_Editor.cab DPF: HKLM-x32 {484e693c-e417-48e7-8c6f-8f4604f1e660} hxxps://share-emea.med.siemens.de/sales_eni/19255/applets/SiebelAx_iHelp.cab DPF: HKLM-x32 {5b2405b8-fd81-4d43-962e-43242e24ee01} hxxps://share-emea.med.siemens.de/sales_eni/19255/applets/SiebelAx_OutBound_mail.cab DPF: HKLM-x32 {5ce5859d-4e09-4b84-8969-028247c0d623} hxxps://share-emea.med.siemens.de/sales_eni/19255/applets/SiebelAx_UInbox.cab DPF: HKLM-x32 {64c820cc-3e4c-4dfd-a06c-e4cd24577135} hxxps://share-emea.med.siemens.de/sales_eni/19255/applets/SiebelAx_Marketing_Calendar.cab DPF: HKLM-x32 {6dd7f7e0-7b77-4b71-86bc-0dd0893f7e83} hxxps://share-emea.med.siemens.de/sales_eni/19255/applets/SiebelAx_Smartscript.cab DPF: HKLM-x32 {8c244272-1dc1-4ce7-9c6c-fabca09eb543} hxxps://share-emea.med.siemens.de/sales_eni/19255/applets/SiebelAx_Desktop_Integration.cab DPF: HKLM-x32 {8E375A63-C616-46F1-AC77-59DF78F3A826} hxxps://pulsesecure.net/dana-cached/sc/PulseSetupClient.cab DPF: HKLM-x32 {ab48b760-4d1a-42c6-8f2c-81ead95db518} hxxps://share-emea.med.siemens.de/sales_eni/19255/applets/SiebelAx_Gantt_Chart.cab DPF: HKLM-x32 {ABA1822A-2B3B-41DF-AAE5-069178349797} hxxps://hdx-siebelservice-prod.siemens.com/emedical_eng/23030/applets/SiebelAx_HI_Client.cab DPF: HKLM-x32 {abd4052a-554d-4ce4-8210-8689ea7bcfa5} hxxps://share-emea.med.siemens.de/sales_eni/19255/applets/SiebelAx_Microsite_Layout.cab DPF: HKLM-x32 {b5d4d23e-58b1-4332-bdf1-d25adb99ccfd} hxxps://share-emea.med.siemens.de/sales_eni/19255/applets/SiebelAx_HI_Client.cab DPF: HKLM-x32 {be780fb9-8d11-4025-9b58-b3dcbb96e37f} hxxps://share-emea.med.siemens.de/sales_eni/19255/applets/SiebelAx_Marketing_Allocation.cab DPF: HKLM-x32 {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab DPF: HKLM-x32 {EFB7D763-97A3-11CF-AE19-00608CEADE00} hxxps://share-emea.med.siemens.de/sales_eni/19255/applets/iTools.cab DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-04-25] (Citrix Systems, Inc.) FireFox: ======== FF ProfilePath: C:\Users\z00269rd\AppData\Roaming\Mozilla\Firefox\Profiles\r32andwq.default [2016-12-15] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\r32andwq.default -> find.siemens.com FF SelectedSearchEngine: Mozilla\Firefox\Profiles\r32andwq.default -> find.siemens.com FF Homepage: Mozilla\Firefox\Profiles\r32andwq.default -> www.google.pl/ FF Extension: (PDF Viewer) - C:\Users\z00269rd\AppData\Roaming\Mozilla\Firefox\Profiles\r32andwq.default\Extensions\uriloader@pdf.js.xpi [2014-08-19] [not signed] FF Extension: (IE Tab) - C:\Users\z00269rd\AppData\Roaming\Mozilla\Firefox\Profiles\r32andwq.default\Extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2016-10-20] [not signed] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-12-07] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\findsiemenscom.xml [2014-05-16] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\scd---siemens-corporate-directory.xml [2014-05-16] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-29] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2016-04-19] (Tracker Software Products (Canada) Ltd.) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-14] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll [2015-10-19] (Adobe Systems, Inc.) FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2016-04-25] (Citrix Systems, Inc.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google) FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-26] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.1011.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-26] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-20] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-10-20] (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2016-04-19] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-10-01] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems) FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\local-settings.js [2014-05-07] <==== ATTENTION (Points to *.cfg file) FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\mozilla.cfg [2014-09-17] <==== ATTENTION Chrome: ======= CHR Profile: C:\Users\z00269rd\AppData\Local\Google\Chrome\User Data\Default [2016-12-15] CHR Extension: (Siemens - Circuit by Unify) - C:\Users\z00269rd\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnkbplodbhpkiphfeldjmaoickanlanc [2016-12-11] CHR Extension: (Chrome Web Store Payments) - C:\Users\z00269rd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-28] CHR Extension: (Chrome Media Router) - C:\Users\z00269rd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-28] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2016-10-01] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021056 2016-03-03] (Adobe Systems, Incorporated) R2 dsNcService; C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe [674136 2016-01-19] (Pulse Secure, LLC) R2 EMET_Service; C:\Program Files (x86)\EMET 5.5\EMET_Service.exe [33960 2016-01-29] (Microsoft Corporation) R2 FUJ02E3Service; C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [74448 2013-07-18] (FUJITSU LIMITED) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.) R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [282096 2014-03-20] (Intel Corporation) R2 LNSUSvc; C:\Program Files (x86)\IBM\Lotus\Notes\SUService.exe [189832 2011-09-16] (IBM Corp) R2 Lotus Notes Diagnostics; C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe [4455560 2012-03-08] (IBM) R2 Lotus Notes Single Logon; C:\Program Files (x86)\IBM\Lotus\Notes\nslsvice.exe [62856 2011-09-16] (IBM Corp) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe [119408 2014-07-17] (Mozilla Foundation) S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed] R2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [5684544 2016-05-26] (Trend Micro Inc.) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [506912 2016-06-24] (Sony Corporation) S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed] R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [51608 2013-07-12] (FUJITSU LIMITED) R2 PulseSecureService; C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe [182232 2016-05-06] (Pulse Secure, LLC) S3 sit-WinVNC4; C:\Program Files (x86)\RealVNC4GAIN\VNC4\winvnc4.exe [1504632 2010-08-19] (RealVNC Ltd.) S3 smstsmgr; C:\Windows\SysWOW64\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation) R2 SwiService; C:\Program Files (x86)\Sierra Wireless Inc\Utils\SWIService.exe [424752 2014-04-03] (Sierra Wireless, Inc.) R3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [592896 2016-05-27] (Trend Micro Inc.) R3 TmCCSF; C:\Program Files (x86)\Trend Micro\OfficeScan Client\CCSF\TmCCSF.exe [851056 2016-05-26] (Trend Micro Inc.) R2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [5298688 2016-05-26] (Trend Micro Inc.) R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [990656 2016-10-28] (McAfee, Inc.) R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2016-10-28] (McAfee, Inc.) S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-10-28] (McAfee, Inc.) R2 UCMS; C:\Program Files\Siemens\UCMS\Core\UCMS.exe [216576 2016-04-21] () [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-06-08] (Microsoft Corporation) S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 btmaux; C:\WINDOWS\System32\DRIVERS\btmaux.sys [140600 2013-11-07] (Motorola Solutions, Inc.) R3 btmhsf; C:\WINDOWS\System32\DRIVERS\btmhsf.sys [1419576 2013-12-10] (Motorola Solutions, Inc.) R3 e1dexpress; C:\WINDOWS\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation) S3 FBIOSDRV; C:\WINDOWS\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED) R0 FJGSDis2; C:\WINDOWS\System32\DRIVERS\FJGSDis2.sys [18768 2016-10-19] (FUJITSU LIMITED) R3 FUJ02B1; C:\WINDOWS\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED) R3 FUJ02E3; C:\WINDOWS\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED) R3 guardian2; C:\WINDOWS\System32\Drivers\oz776x64.sys [88744 2015-04-23] (O2Micro) R3 ibtusb; C:\WINDOWS\System32\DRIVERS\ibtusb.sys [169680 2014-04-04] (Intel Corporation) R1 jnprns; C:\WINDOWS\System32\DRIVERS\jnprns.sys [507192 2016-05-06] (Juniper Networks) S4 jnprTdi_823_537; C:\WINDOWS\system32\Drivers\jnprTdi_823_537.sys [105848 2016-05-06] (Pulse Secure, LLC) R3 JnprVaMgr; C:\WINDOWS\System32\DRIVERS\jnprvamgr.sys [45352 2016-05-06] (Juniper Networks, Inc.) R3 MEIx64; C:\WINDOWS\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) R3 NETwNs64; C:\WINDOWS\System32\DRIVERS\Netwsw02.sys [4011760 2015-09-24] (Intel Corporation) R3 prepdrvr; C:\Windows\SysWOW64\CCM\prepdrv.sys [26992 2009-09-18] (Microsoft Corporation) R3 RTSPER; C:\WINDOWS\System32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation) S3 RtsUIR; C:\WINDOWS\system32\drivers\RtsUIR.sys [19968 2009-09-14] (Realtek Semiconductor Corp.) S3 STCFUx64; C:\WINDOWS\system32\drivers\STCFUx64.SYS [10240 2007-01-24] (SCM Microsystems Inc.) R3 swg3kmbb00; C:\WINDOWS\System32\DRIVERS\swg3kmbb00.sys [490768 2014-04-03] (Sierra Wireless Incorporated) S3 swg3knet00; C:\WINDOWS\System32\DRIVERS\swg3knet00.sys [380176 2013-08-02] (Sierra Wireless Incorporated) R3 swg3knmea00; C:\WINDOWS\System32\DRIVERS\swg3knmea00.sys [272272 2014-04-03] (Sierra Wireless Incorporated) S3 swg3knmea03; C:\WINDOWS\system32\drivers\swg3knmea03.sys [271888 2013-08-02] (Sierra Wireless Incorporated) R3 swg3kser00; C:\WINDOWS\System32\DRIVERS\swg3kser00.sys [272272 2014-04-03] (Sierra Wireless Incorporated) S3 swg3kser03; C:\WINDOWS\system32\drivers\swg3kser03.sys [271888 2013-08-02] (Sierra Wireless Incorporated) R3 swibus00; C:\WINDOWS\System32\DRIVERS\swibus00.sys [88848 2013-08-02] (Sierra Wireless Inc.) S3 swibus03; C:\WINDOWS\system32\drivers\swibus03.sys [88848 2013-08-02] (Sierra Wireless Inc.) R3 swibusflt00; C:\WINDOWS\System32\DRIVERS\swibusflt00.sys [88848 2013-08-02] (Sierra Wireless Inc.) S3 swibusflt03; C:\WINDOWS\system32\drivers\swibusflt03.sys [88848 2013-08-02] (Sierra Wireless Inc.) R2 tmactmon; C:\WINDOWS\System32\DRIVERS\tmactmon.sys [120640 2016-04-21] (Trend Micro Inc.) R1 tmcomm; C:\WINDOWS\System32\DRIVERS\tmcomm.sys [324408 2016-04-21] (Trend Micro Inc.) R0 TMEBC; C:\WINDOWS\System32\DRIVERS\TMEBC64.sys [72504 2015-11-19] (Trend Micro Inc.) R3 tmeevw; C:\WINDOWS\System32\DRIVERS\tmeevw.sys [116576 2015-06-08] (Trend Micro Inc.) R2 tmevtmgr; C:\WINDOWS\System32\DRIVERS\tmevtmgr.sys [79168 2016-04-21] (Trend Micro Inc.) R2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [393952 2016-08-22] (Trend Micro Inc.) R3 tmnciesc; C:\WINDOWS\System32\DRIVERS\tmnciesc.sys [416608 2015-05-28] (Trend Micro Inc.) R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [66784 2016-08-22] (Trend Micro Inc.) R1 tmtdi; C:\WINDOWS\System32\DRIVERS\tmtdi.sys [109080 2013-06-18] (Trend Micro Inc.) S3 tmusa; C:\WINDOWS\System32\DRIVERS\tmusa.sys [116536 2015-06-22] (Trend Micro Inc.) R2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2578656 2016-08-22] (Trend Micro Inc.) S3 FscBapi; system32\DRIVERS\FscBapi.sys [X] S3 FscEfDmi; system32\DRIVERS\FscEfDmi.sys [X] S3 FscGabi; system32\DRIVERS\FscGabi.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-15 19:43 - 2016-12-15 19:43 - 00041681 _____ C:\Users\z00269rd\Desktop\FRST.txt 2016-12-15 19:41 - 2016-12-15 19:06 - 02420224 _____ (Farbar) C:\Users\z00269rd\Desktop\FRST64.exe 2016-12-15 19:22 - 2016-12-15 19:23 - 00039496 _____ C:\Users\z00269rd\Downloads\Addition.txt 2016-12-15 19:20 - 2016-12-15 19:23 - 00052710 _____ C:\Users\z00269rd\Downloads\FRST.txt 2016-12-15 19:19 - 2016-12-15 19:43 - 00000000 ____D C:\FRST 2016-12-15 19:18 - 2016-12-15 19:19 - 02420224 _____ (Farbar) C:\Users\z00269rd\Downloads\FRST64 (2).exe 2016-12-15 19:15 - 2016-12-15 19:16 - 02420224 _____ (Farbar) C:\Users\z00269rd\Downloads\FRST64 (1).exe 2016-12-15 19:04 - 2016-12-15 19:06 - 02420224 _____ (Farbar) C:\Users\z00269rd\Downloads\FRST64.exe 2016-12-15 18:54 - 2016-12-15 15:30 - 03279752 _____ C:\Users\z00269rd\Desktop\ANALYTICAL PARAMETERS (CHEMISTRY) LIST_15DEC2016_153006.TXT 2016-12-15 10:14 - 2016-12-15 10:14 - 00000000 ___HD C:\WINDOWS\AxInstSV 2016-12-12 11:44 - 2016-12-12 11:44 - 00044101 _____ C:\Users\z00269rd\Downloads\45730.pdf 2016-12-09 08:46 - 2016-12-09 08:46 - 00000965 _____ C:\Users\z00269rd\Downloads\ADVIA Centaur XPT-IRL13561637_vnc_connection (2).vnc 2016-12-09 08:35 - 2016-12-09 08:35 - 00000965 _____ C:\Users\z00269rd\Downloads\ADVIA Centaur XPT-IRL13561637_vnc_connection (1).vnc 2016-12-09 08:10 - 2016-12-09 08:10 - 00000965 _____ C:\Users\z00269rd\Downloads\ADVIA Centaur XPT-IRL13561637_vnc_connection.vnc 2016-12-07 21:57 - 2016-12-08 21:17 - 00000000 ____D C:\Users\z00269rd\Desktop\Paski 2016-12-06 14:25 - 2016-12-07 21:57 - 00000000 ____D C:\Users\z00269rd\Desktop\AMEX 2016-12-05 19:58 - 2016-12-05 19:58 - 04178332 _____ C:\Users\z00269rd\Desktop\XPT Instrukcja.pdf 2016-12-05 17:32 - 2016-12-05 17:32 - 01550415 _____ C:\Users\z00269rd\Desktop\hestia.pdf 2016-12-04 18:43 - 2016-12-04 18:43 - 00000000 ____D C:\Users\z00269rd\AppData\Local\TomTom 2016-12-04 18:42 - 2016-12-04 18:42 - 00000000 ____D C:\Program Files (x86)\TomTom International B.V 2016-12-03 12:44 - 2016-12-06 14:35 - 00023111 _____ C:\Users\z00269rd\Desktop\Kopia ALAB.xlsx 2016-12-03 12:31 - 2016-12-03 12:31 - 00167919 _____ C:\Users\z00269rd\Desktop\1332418825624_druk_zgloszenia_szkody_uproszczony_hestia.pdf 2016-12-03 11:33 - 2016-12-03 11:33 - 00037743 _____ C:\Users\z00269rd\Desktop\PMP 2016.pdf 2016-12-02 19:03 - 2016-12-06 17:12 - 00068096 _____ C:\Users\z00269rd\Desktop\Centaur - XP SVK Worksheet Lot 40310 -dilution (10-05-2016).xls 2016-12-01 08:14 - 2016-12-01 08:14 - 00000000 ____D C:\Program Files\Atos 2016-11-30 12:22 - 2016-12-15 19:38 - 00000000 ____D C:\Users\z00269rd\AppData\LocalLow\Mozilla 2016-11-29 22:34 - 2016-11-29 22:36 - 00000000 ____D C:\Users\z00269rd\Desktop\Badania 2016-11-28 14:14 - 2016-12-07 20:42 - 00000000 ____D C:\Users\z00269rd\Desktop\Aktualne tłumaczenia 2016-11-28 12:12 - 2016-11-28 12:12 - 00581741 _____ C:\Users\z00269rd\Desktop\mobbing_ankieta.pdf 2016-11-27 22:31 - 2016-11-27 22:35 - 00000000 ____D C:\Users\z00269rd\Desktop\Praca 2016-11-27 16:19 - 2016-12-10 10:18 - 00000000 ____D C:\Users\z00269rd\AppData\Local\CrashDumps 2016-11-26 18:39 - 2016-12-02 22:57 - 00000000 ____D C:\Users\z00269rd\VirtualBox VMs 2016-11-26 18:24 - 2016-12-03 10:46 - 00000000 ____D C:\Users\z00269rd\.VirtualBox 2016-11-26 18:23 - 2016-11-26 18:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox 2016-11-26 18:23 - 2013-07-04 15:58 - 00238352 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys 2016-11-26 18:21 - 2016-11-26 18:21 - 00000000 ____D C:\Program Files\Oracle 2016-11-26 18:21 - 2013-07-04 15:57 - 00120080 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys 2016-11-26 18:18 - 2016-11-26 18:20 - 99776784 _____ (Oracle Corporation) C:\Users\z00269rd\Desktop\VirtualBox-4.2.16-86992-Win.exe 2016-11-22 12:38 - 2016-11-29 22:49 - 00000000 ____D C:\Users\z00269rd\Desktop\SZJ 2016-11-21 20:09 - 2016-11-22 07:53 - 00000000 ____D C:\Users\z00269rd\AppData\Local\PKISelfServicesClient 2016-11-21 20:07 - 2016-11-29 10:21 - 00000000 ____D C:\Users\z00269rd\AppData\Local\Deployment 2016-11-19 20:03 - 2016-11-19 20:04 - 00000000 ____D C:\Program Files (x86)\Java 2016-11-16 13:51 - 2016-11-16 13:51 - 00001111 _____ C:\Users\z00269rd\Desktop\IMMUNOCHEMIA — skrót.lnk 2016-11-16 13:38 - 2016-11-27 16:54 - 00000000 ____D C:\Users\z00269rd\Desktop\XPT 2016-11-16 12:15 - 2016-11-16 12:15 - 00000000 ____D C:\SIEMENS 2016-11-16 09:49 - 2016-11-16 09:49 - 00014183 _____ C:\Users\z00269rd\Desktop\Rekamacja SPCSK Banacha Warszawa qt -popr.pdf 2016-11-16 08:49 - 2016-12-07 21:57 - 00000000 ____D C:\Users\z00269rd\Desktop\SIEBEL ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-15 19:42 - 2016-10-20 04:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-12-15 19:39 - 2016-10-20 06:56 - 00000000 ____D C:\Users\z00269rd\AppData\Local\Syncplicity 2016-12-15 19:06 - 2016-10-20 04:30 - 00010576 _____ C:\WINDOWS\cfgall.ini 2016-12-15 18:56 - 2016-10-19 16:36 - 00778580 _____ C:\WINDOWS\system32\perfh015.dat 2016-12-15 18:56 - 2016-10-19 16:36 - 00170280 _____ C:\WINDOWS\system32\perfc015.dat 2016-12-15 18:56 - 2016-06-10 08:28 - 00766796 _____ C:\WINDOWS\system32\prfh0816.dat 2016-12-15 18:56 - 2016-06-10 08:28 - 00166902 _____ C:\WINDOWS\system32\prfc0816.dat 2016-12-15 18:56 - 2016-06-10 08:22 - 00751658 _____ C:\WINDOWS\system32\prfh0416.dat 2016-12-15 18:56 - 2016-06-10 08:22 - 00161652 _____ C:\WINDOWS\system32\prfc0416.dat 2016-12-15 18:56 - 2016-06-10 08:17 - 00783494 _____ C:\WINDOWS\system32\perfh00C.dat 2016-12-15 18:56 - 2016-06-10 08:17 - 00163576 _____ C:\WINDOWS\system32\perfc00C.dat 2016-12-15 18:56 - 2016-06-10 08:12 - 00783234 _____ C:\WINDOWS\system32\perfh00A.dat 2016-12-15 18:56 - 2016-06-10 08:12 - 00172470 _____ C:\WINDOWS\system32\perfc00A.dat 2016-12-15 18:56 - 2016-06-10 08:07 - 00734986 _____ C:\WINDOWS\system32\perfh007.dat 2016-12-15 18:56 - 2016-06-10 08:07 - 00163112 _____ C:\WINDOWS\system32\perfc007.dat 2016-12-15 18:56 - 2009-07-14 06:13 - 06384074 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-12-15 18:56 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\inf 2016-12-15 18:01 - 2016-10-01 09:59 - 01026048 _____ C:\Users\z00269rd\Desktop\Pieniadze.xls 2016-12-15 17:09 - 2016-10-20 06:56 - 00002109 _____ C:\Users\z00269rd\Desktop\MD1KHMNC z00269rd.lnk 2016-12-15 17:09 - 2016-10-19 16:10 - 00001856 _____ C:\WINDOWS\system32\config\netlogon.ftl 2016-12-15 14:44 - 2016-10-30 14:40 - 00609280 _____ C:\Users\z00269rd\Desktop\moje ręczne zestawienie1.xls 2016-12-15 14:25 - 2016-10-20 05:20 - 00000000 ____D C:\Program Files\LSAPlugin 2016-12-15 10:12 - 2016-06-10 07:52 - 00000000 ____D C:\ccmcache 2016-12-14 14:11 - 2016-10-20 06:54 - 00031282 __RSH C:\Users\z00269rd\ntuser.pol 2016-12-14 14:11 - 2016-10-20 06:54 - 00000000 ____D C:\Users\z00269rd 2016-12-14 14:07 - 2016-11-14 13:34 - 00000000 ____D C:\Users\z00269rd\Desktop\PEN 2016-12-14 11:22 - 2016-10-20 10:30 - 00000000 ____D C:\Users\z00269rd\Tracing 2016-12-14 11:07 - 2016-10-20 05:22 - 01233928 __RSH C:\ProgramData\ntuser.pol 2016-12-14 11:07 - 2009-07-14 04:20 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-12-13 13:23 - 2009-07-14 05:45 - 00019120 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-12-13 13:23 - 2009-07-14 05:45 - 00019120 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-12-13 13:18 - 2016-06-10 07:51 - 00000404 _____ C:\WINDOWS\SMSCFG.INI 2016-12-13 13:17 - 2016-10-20 06:56 - 00001294 _____ C:\Users\z00269rd\AppData\Roaming\Microsoft\Windows\Start Menu\ATF Customer Portal.lnk 2016-12-13 13:17 - 2016-10-20 06:56 - 00001196 _____ C:\Users\z00269rd\AppData\Roaming\Microsoft\Windows\Start Menu\.myIT Portal.lnk 2016-12-13 13:15 - 2016-10-29 12:59 - 00000000 ____D C:\Program Files (x86)\McAfee 2016-12-13 13:15 - 2009-07-14 06:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-12-13 13:14 - 2016-10-29 12:49 - 00000000 ____D C:\Program Files\TrueKey 2016-12-12 20:34 - 2016-10-29 13:01 - 00001196 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk 2016-12-12 16:42 - 2016-11-07 20:34 - 00905535 _____ C:\Users\z00269rd\Desktop\Grafik_DX.xlsm 2016-12-11 20:47 - 2016-06-10 11:00 - 00000000 ____D C:\Program Files\Siemens 2016-12-10 14:45 - 2016-10-01 09:59 - 00209920 _____ C:\Users\z00269rd\Desktop\Rozliczenie 2.xls 2016-12-09 16:10 - 2016-10-20 06:54 - 00000000 ____D C:\Users\z00269rd\AppData\Local\Microsoft Help 2016-12-08 09:33 - 2009-07-14 03:34 - 00000478 _____ C:\WINDOWS\win.ini 2016-12-07 21:44 - 2016-10-29 13:01 - 00000000 ____D C:\Users\z00269rd\AppData\Local\tkdata 2016-12-06 14:42 - 2016-10-20 04:37 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2016-12-04 13:21 - 2016-06-09 08:35 - 00000583 _____ C:\Users\z00269rd\Desktop\Lipski Marcin.txt 2016-12-01 16:15 - 2016-10-26 08:46 - 00000000 ____D C:\Users\z00269rd\AppData\Local\ElevatedDiagnostics 2016-12-01 10:33 - 2016-09-13 16:59 - 00000000 ____D C:\Users\z00269rd\Desktop\DIMENSION 10.1.2 2016-11-21 20:07 - 2016-10-20 06:57 - 00000000 ____D C:\Users\z00269rd\AppData\Local\Apps\2.0 2016-11-16 13:19 - 2016-10-19 16:45 - 00000000 ____D C:\ProgramData\Package Cache 2016-11-16 08:34 - 2016-10-20 04:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2016-11-16 08:33 - 2016-10-20 04:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Communication 2016-11-16 08:31 - 2016-10-20 06:56 - 00000000 ____D C:\Users\z00269rd\AppData\Roaming\Microsoft\Windows\Start Menu\Communication ==================== Files in the root of some directories ======= 2016-11-03 14:50 - 2016-11-03 14:50 - 0007597 _____ () C:\Users\z00269rd\AppData\Local\Resmon.ResmonCfg ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\SysWOW64\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-12-14 12:04 ==================== End of FRST.txt ============================