Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-03-2017 Ran by arkadiusz.nawrocki (administrator) on ANAWROE7240-WRO (05-03-2017 22:05:22) Running from C:\Users\arkadiusz.nawrocki\Downloads Loaded Profiles: arkadiusz.nawrocki (Available Profiles: arkadiusz.nawrocki & Administrator) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkManager.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkUserAgent.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Dell Inc.) C:\Program Files (x86)\Dell\KACE\AMPWatchDog.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Dell Inc.) C:\Program Files (x86)\Dell\KACE\KSWMeterSvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe () C:\Program Files (x86)\Dell\KACE\konea.exe () C:\ProgramData\MobileBrServ\mbbService.exe (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE (Dell Inc.) C:\Program Files (x86)\Dell\KACE\KSchedulerSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkUI.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Sony) C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Windows\System32\regsvr32.exe (Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe (Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe (BitTorrent Inc.) C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Mozy, Inc.) C:\Program Files\MozyEnterprise\MozyEnterprisestat.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe (BitTorrent Inc.) C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe (BitTorrent Inc.) C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\updates\3.4.9_43293\utorrentie.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Microsoft Corporation) C:\Windows\CCM\CcmExec.exe (Microsoft Corporation) C:\Windows\CCM\RemCtrl\cmrcservice.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Mozy, Inc.) C:\Program Files\MozyEnterprise\MozyEnterprisebackup.exe (O2Micro International) C:\Windows\System32\drivers\o2flash.exe (Mozy, Inc.) C:\Program Files\MozyEnterprise\MozyEnterprisebackup.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Microsoft Corporation) C:\Windows\CCM\SCNotification.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [727896 2014-03-13] (Alps Electric Co., Ltd.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-28] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1291848 2013-03-23] (Realtek Semiconductor) HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [114944 2013-04-18] (Waves Audio Ltd.) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1291848 2013-03-23] (Realtek Semiconductor) HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-05-29] (Intel Corporation) HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4876528 2014-01-17] (Intel(R) Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-04-10] (Intel Corporation) HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-11-13] (Intel Corporation) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [526648 2016-11-07] (Citrix Systems, Inc.) HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231736 2016-11-07] (Citrix Systems, Inc.) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\KUsrInit.exe Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3129900288-4173637057-1646714126-22263\...\Run: [AVCworks] => regsvr32.exe C:\Users\arkadiusz.nawrocki\AppData\Local\AVCworks\iTunesTray.dll <===== ATTENTION HKU\S-1-5-21-3129900288-4173637057-1646714126-22263\...\Run: [Emftion] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\arkadiusz.nawrocki\AppData\Local\Obics\ptracedec.dll <===== ATTENTION HKU\S-1-5-21-3129900288-4173637057-1646714126-22263\...\Run: [uTorrent] => C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent\uTorrent.exe [1995968 2017-02-11] (BitTorrent Inc.) HKU\S-1-5-21-3129900288-4173637057-1646714126-22263\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-08] (Piriform Ltd) HKU\S-1-5-21-3129900288-4173637057-1646714126-22263\...\MountPoints2: {03fa13b6-a860-11e4-9624-a0a8cdc052b9} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\start.exe HKU\S-1-5-21-3129900288-4173637057-1646714126-22263\...\MountPoints2: {29780137-e55f-11e5-ae1e-a0a8cdc052b9} - D:\AutoRun.exe HKU\S-1-5-21-3129900288-4173637057-1646714126-22263\...\MountPoints2: {7697dd6f-e146-11e6-9512-a0a8cdc052b9} - D:\Startme.exe HKU\S-1-5-18\...\Run: [Guardian] => "C:\Windows\TEMP\UserActivation\20151017T033756Z\DeploymentPro.exe" <===== ATTENTION HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> AppInit_DLLs: PGPmapih.dll => C:\Windows\system32\PGPmapih.dll [81248 2014-06-12] (Symantec Corporation) AppInit_DLLs-x32: PGPmapih.dll => C:\Windows\system32\PGPmapih.dll [81248 2014-06-12] (Symantec Corporation) Lsa: [Notification Packages] scecli PGPpwflt ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll [2017-02-23] () ShellIconOverlayIdentifiers: [1IconOverlayHandlerAccessible] -> {3DBF5F01-3287-46EB-82CF-45AA5C241162} => C:\Windows\system32\PGPfsshl.dll [2014-06-12] (Symantec Corporation) ShellIconOverlayIdentifiers: [MozyEnterprise] -> {8abe130f-b6b8-31ee-d585-8e356a348e3f} => C:\Program Files\MozyEnterprise\MozyEnterpriseshell.dll [2014-06-16] (Mozy, Inc.) ShellIconOverlayIdentifiers: [MozyEnterprise2] -> {842a4d15-2372-9c6f-d717-5592271eed4b} => C:\Program Files\MozyEnterprise\MozyEnterpriseshell.dll [2014-06-16] (Mozy, Inc.) ShellIconOverlayIdentifiers: [MozyEnterprise3] -> {4674c3c1-5baf-165f-b5ce-3130639c81a0} => C:\Program Files\MozyEnterprise\MozyEnterpriseshell.dll [2014-06-16] (Mozy, Inc.) ShellIconOverlayIdentifiers-x32: [1IconOverlayHandlerAccessible] -> {3DBF5F01-3287-46EB-82CF-45AA5C241162} => C:\Windows\SysWOW64\PGPfsshl.dll [2014-06-12] (Symantec Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyEnterprise Status.lnk [2015-01-07] ShortcutTarget: MozyEnterprise Status.lnk -> C:\Program Files\MozyEnterprise\MozyEnterprisestat.exe (Mozy, Inc.) GroupPolicy: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [S-1-5-21-3129900288-4173637057-1646714126-22263] => proxy.kozminski.edu.pl:8080 Winsock: Catalog9 01 C:\Windows\SysWOW64\PGPlsp.dll [65768 2014-06-12] (Symantec Corporation) Winsock: Catalog9 13 C:\Windows\SysWOW64\PGPlsp.dll [65768 2014-06-12] (Symantec Corporation) Winsock: Catalog9-x64 01 C:\Windows\system32\PGPlsp.dll [76128 2014-06-12] (Symantec Corporation) Winsock: Catalog9-x64 13 C:\Windows\system32\PGPlsp.dll [76128 2014-06-12] (Symantec Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{1328B156-F3CF-41F1-BB31-035AF3C68D70}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{1EDC0785-6240-4078-A345-556E06A70A70}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{ADD1E524-43C3-4201-9F34-BC47CF05051C}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{B489E9C9-F55C-4182-AE4C-1276218E2E45}: [DhcpNameServer] 10.236.128.20 10.235.97.20 10.235.96.20 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-3129900288-4173637057-1646714126-22263\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://login.credit-suisse.com/vpn/landing.html HKU\S-1-5-21-3129900288-4173637057-1646714126-22263\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com SearchScopes: HKU\S-1-5-21-3129900288-4173637057-1646714126-22263 -> DefaultScope 0633EE93-D776-472f-A0FF-E1416B8B2E3A URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-11-01] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-01] (Microsoft Corporation) BHO: OktaBHO Class -> {E411779C-5CFE-413F-A57B-18C55A4EFADA} -> C:\Program Files\Okta IE plugin\x64\OktaBHO.dll [2013-11-20] (Okta) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation) BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\bin\IPS\IPSBHO.DLL [2014-09-12] (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-01-29] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-11-01] (Microsoft Corporation) BHO-x32: CutePDF Form Filler Helper -> {D41289F2-69C6-417B-897E-C653D677CBAF} -> C:\Program Files (x86)\Acro Software\CutePDF Pro\CPFillerCo.dll [2008-12-07] (Acro Software Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-29] (Oracle Corporation) BHO-x32: OktaBHO Class -> {E411779C-5CFE-413F-A57B-18C55A4EFADA} -> C:\Program Files\Okta IE plugin\x86\OktaBHO.dll [2013-11-20] (Okta) DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation) Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-11-07] (Citrix Systems, Inc.) FireFox: ======== FF ProfilePath: C:\Users\arkadiusz.nawrocki\AppData\Roaming\Mozilla\Firefox\Profiles\4h541jtu.default-1431930886333 [2017-03-05] FF NewTab: Mozilla\Firefox\Profiles\4h541jtu.default-1431930886333 -> hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p17_serp_ff_us_display?ie=UTF8&tagbase=bds-p17&tbrId=v1_abb-channel-17_0_1201_1403_20160127_PL_ff_nt_ FF Homepage: Mozilla\Firefox\Profiles\4h541jtu.default-1431930886333 -> hxxp://google.pl/ FF Extension: (Firefox Hotfix) - C:\Users\arkadiusz.nawrocki\AppData\Roaming\Mozilla\Firefox\Profiles\4h541jtu.default-1431930886333\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31] FF Extension: (MEGA) - C:\Users\arkadiusz.nawrocki\AppData\Roaming\Mozilla\Firefox\Profiles\4h541jtu.default-1431930886333\Extensions\firefox@mega.co.nz.xpi [2017-03-02] FF Extension: (FoxyProxy Standard) - C:\Users\arkadiusz.nawrocki\AppData\Roaming\Mozilla\Firefox\Profiles\4h541jtu.default-1431930886333\Extensions\foxyproxy@eric.h.jung [2017-01-30] FF Extension: (Okta Secure Web Authentication Plug-in) - C:\Users\arkadiusz.nawrocki\AppData\Roaming\Mozilla\Firefox\Profiles\4h541jtu.default-1431930886333\Extensions\plugin@okta.com.xpi [2017-02-02] FF Extension: (Google Translator for Firefox) - C:\Users\arkadiusz.nawrocki\AppData\Roaming\Mozilla\Firefox\Profiles\4h541jtu.default-1431930886333\Extensions\translator@zoli.bod.xpi [2017-02-03] FF Extension: (Adblock Plus) - C:\Users\arkadiusz.nawrocki\AppData\Roaming\Mozilla\Firefox\Profiles\4h541jtu.default-1431930886333\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-24] FF Extension: (Library Factory) - C:\Users\arkadiusz.nawrocki\AppData\Roaming\Mozilla\Firefox\Profiles\4h541jtu.default-1431930886333\Extensions\{EA812AAB-775E-FBDC-6B5B-1232C5C6153A} [2017-02-23] [not signed] FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\arkadiusz.nawrocki\AppData\Roaming\Mozilla\Firefox\Profiles\4h541jtu.default-1431930886333\features\{15c96490-80e6-4450-b287-26d31bcd10bb}\disableSHA1rollout@mozilla.org.xpi [2017-03-03] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-25] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-25] () FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2016-11-07] (Citrix Systems, Inc.) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-11-13] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-11-13] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-29] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-29] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-09-23] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3129900288-4173637057-1646714126-22263: @citrixonline.com/appdetectorplugin -> C:\Users\arkadiusz.nawrocki\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-01-07] (Citrix Online) FF Plugin HKU\S-1-5-21-3129900288-4173637057-1646714126-22263: @tools.google.com/Google Update;version=3 -> C:\Users\arkadiusz.nawrocki\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin HKU\S-1-5-21-3129900288-4173637057-1646714126-22263: @tools.google.com/Google Update;version=9 -> C:\Users\arkadiusz.nawrocki\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\arkadiusz.nawrocki\AppData\Local\Google\Chrome\User Data\Default [2017-03-03] CHR Extension: (No Name) - C:\Users\arkadiusz.nawrocki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-09] CHR Extension: (Library Factory) - C:\Users\arkadiusz.nawrocki\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2017-02-23] [UpdateUrl: hxxps://clients2.google/service/klckibokfohhnmplglflbcdcmfmgbfdk] <==== ATTENTION CHR Extension: (No Name) - C:\Users\arkadiusz.nawrocki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-09] CHR Extension: (No Name) - C:\Users\arkadiusz.nawrocki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-25] CHR Extension: (Rapport) - C:\Users\arkadiusz.nawrocki\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-03-17] CHR Extension: (No Name) - C:\Users\arkadiusz.nawrocki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (No Name) - C:\Users\arkadiusz.nawrocki\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-25] CHR Extension: (Adobe Acrobat) - C:\Users\arkadiusz.nawrocki\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-13] CHR Extension: (No Name) - C:\Users\arkadiusz.nawrocki\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-09] CHR Extension: (No Name) - C:\Users\arkadiusz.nawrocki\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17] CHR Extension: (Vysor) - C:\Users\arkadiusz.nawrocki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gidgenkbbabolejbgbpnhbimgjbffefm [2017-01-29] CHR Extension: (Momentum) - C:\Users\arkadiusz.nawrocki\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2017-01-10] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\arkadiusz.nawrocki\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-05-18] CHR Extension: (Chrome Web Store Payments) - C:\Users\arkadiusz.nawrocki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-29] CHR Extension: (No Name) - C:\Users\arkadiusz.nawrocki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-27] CHR Extension: (Chrome Media Router) - C:\Users\arkadiusz.nawrocki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-10] CHR HKU\S-1-5-21-3129900288-4173637057-1646714126-22263\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3129900288-4173637057-1646714126-22263\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx StartMenuInternet: Google Chrome.WJFP4GXDN3PHCMSZPTOSJOXLJM - C:\Users\arkadiusz.nawrocki\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMPWatchDog; C:\Program Files (x86)\Dell\KACE\AMPWatchDog.exe [1367848 2016-10-21] (Dell Inc.) R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [87384 2014-03-27] (Alps Electric Co., Ltd.) R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1785528 2016-06-20] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2017-01-17] (Microsoft Corporation) R2 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [698552 2016-06-20] (Microsoft Corporation) R2 Dell KACE Software Meter; C:\Program Files (x86)\Dell\KACE\KSWMeterSvc.exe [2478888 2016-10-21] (Dell Inc.) R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\8.0.778.0\DisplayLinkManager.exe [11871976 2016-08-23] (DisplayLink Corp.) S4 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2016-05-11] () R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-05-29] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-11-13] (Intel Corporation) R2 konea; C:\Program Files (x86)\Dell\KACE\konea.exe [9149952 2016-10-21] () [File not signed] S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50352 2016-05-31] (Microsoft Corporation) S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50352 2016-05-31] (Microsoft Corporation) R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [232288 2012-03-12] () R2 MozyEnterprisebackup; C:\Program Files\MozyEnterprise\MozyEnterprisebackup.exe [37200 2014-06-16] (Mozy, Inc.) R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2024864 2010-08-17] (Microsoft Corp.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] () R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed] S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3833776 2016-03-03] (INCA Internet Co., Ltd.) R2 OfflineScheduler; C:\Program Files (x86)\Dell\KACE\KSchedulerSvc.exe [4014376 2016-10-21] (Dell Inc.) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed] R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2401264 2017-01-22] (IBM Corp.) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [223816 2013-01-10] (Realtek Semiconductor) R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe [144496 2014-09-12] (Symantec Corporation) S3 smstsmgr; C:\Windows\CCM\TSManager.exe [324792 2016-06-20] (Microsoft Corporation) S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exe [394592 2014-09-12] (Symantec Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10362608 2016-12-15] (TeamViewer GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-11-04] (Microsoft Corporation) R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2205568 2016-12-22] (Sony) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation) R2 Dell.PowerManager.Service; C:\Windows\system32\dllhost.exe /Processid:{75CEDF37-3C5E-4023-AE57-4E69F8499EF9} ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\BASHDefs\20170224.002\BHDrvx64.sys [1874136 2016-11-07] (Symantec Corporation) R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1385272 2013-04-23] (Motorola Solutions, Inc.) R1 ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279}; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\ccSetx64.sys [162392 2014-09-12] (Symantec Corporation) S3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_8.0.778.0.sys [58640 2016-10-10] () S3 dlcdcncm; C:\Windows\System32\DRIVERS\dlcdcncm62_x64.sys [92944 2016-08-23] (DisplayLink Corp.) S3 dlusbaudio; C:\Windows\System32\DRIVERS\dlusbaudio_x64.sys [229648 2016-08-23] (DisplayLink Corp.) R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [489752 2014-08-14] (Intel Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497312 2017-01-26] (Symantec Corporation) S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [30424 2016-10-14] (Sony Mobile Communications) R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2014-05-02] (Intel Corporation) R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [112072 2013-06-13] (Intel Corporation) R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\IPSDefs\20170302.011\IDSvia64.sys [1012952 2017-02-02] (Symantec Corporation) R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2161752 2013-06-29] (Realtek Semiconductor Corp.) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-11-13] (Intel Corporation) R1 MozyEnterpriseFilter; C:\Windows\System32\DRIVERS\MozyEnterprise.sys [67808 2014-06-16] (Mozy, Inc.) R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20170303.001\ENG64.SYS [138912 2017-02-01] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20170303.001\EX64.SYS [2151072 2017-02-01] (Symantec Corporation) R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw02.sys [3429344 2014-02-18] (Intel Corporation) R3 O2FJ2RDR; C:\Windows\System32\DRIVERS\O2FJ2w7x64.sys [185760 2013-05-07] (O2Micro ) R2 PGPdisk; C:\Windows\System32\Drivers\PGPdisk.sys [275496 2014-06-12] (Symantec Corporation) R0 pgpfs; C:\Windows\System32\Drivers\PGPfsfd.sys [184856 2014-06-12] (Symantec Corporation) R1 PGPsdkDriver; C:\Windows\System32\Drivers\PGPsdk.sys [52968 2014-06-12] (Symantec Corporation) R0 PGPwded; C:\Windows\System32\Drivers\PGPwded.sys [393904 2014-06-12] (Symantec Corporation) R0 Pgpwdefs; C:\Windows\System32\DRIVERS\Pgpwdefs.sys [20536 2014-06-12] (Symantec Corporation) R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2016-06-22] (Microsoft Corporation) R1 RapportAegle64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportAegle64.sys [380872 2017-01-22] (IBM Corp.) R1 RapportCerberus_1804047; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1804047.sys [1264776 2017-02-07] (IBM Corp.) R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [580648 2017-01-22] (IBM Corp.) R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [250728 2017-01-22] (IBM Corp.) R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [504456 2017-01-22] (IBM Corp.) R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [603464 2017-01-22] (IBM Corp.) S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd) R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSP64.SYS [880856 2014-09-12] (Symantec Corporation) R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSPX64.SYS [37592 2014-09-12] (Symantec Corporation) S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\SyDvCtrl64.sys [36952 2014-09-12] (Symantec Corporation) R0 SymEFASI; C:\Windows\System32\drivers\symefasi\0500010.01F\symefasi.sys [1611992 2015-01-28] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-01-28] (Symantec Corporation) R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\Ironx64.SYS [266968 2014-09-12] (Symantec Corporation) R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SYMNETS.SYS [593112 2014-09-12] (Symantec Corporation) R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [159552 2015-01-28] (Symantec Corporation) R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [107504 2014-09-12] (Symantec Corporation) R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-21] (Windows (R) Win 7 DDK provider) S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-05 22:05 - 2017-03-05 22:05 - 00039106 _____ C:\Users\arkadiusz.nawrocki\Downloads\FRST.txt 2017-03-05 22:04 - 2017-03-05 22:05 - 00000000 ____D C:\FRST 2017-03-05 22:04 - 2017-03-05 22:04 - 02423808 _____ (Farbar) C:\Users\arkadiusz.nawrocki\Downloads\FRST64.exe 2017-03-05 22:02 - 2017-03-05 22:03 - 01765888 _____ (Farbar) C:\Users\arkadiusz.nawrocki\Downloads\FRST.exe 2017-03-05 22:02 - 2017-03-05 22:03 - 00380928 _____ C:\Users\arkadiusz.nawrocki\Downloads\ubjhgrry.exe 2017-03-05 21:59 - 2017-03-05 21:59 - 00141568 _____ C:\Users\arkadiusz.nawrocki\Downloads\shexview_setup.exe 2017-03-05 21:59 - 2017-03-05 21:59 - 00000000 ____D C:\Users\arkadiusz.nawrocki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft ShellExView 2017-03-05 21:59 - 2017-03-05 21:59 - 00000000 ____D C:\Program Files (x86)\NirSoft 2017-03-05 21:40 - 2017-03-05 21:40 - 00003352 ____N C:\bootsqm.dat 2017-03-05 21:32 - 2017-03-05 21:41 - 00000000 ____D C:\Users\arkadiusz.nawrocki\AppData\LocalLow\uTorrent 2017-03-03 23:13 - 2017-03-03 23:13 - 00000973 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12 Host.lnk 2017-03-03 23:13 - 2017-03-03 23:13 - 00000961 _____ C:\Users\Public\Desktop\TeamViewer 12 Host.lnk 2017-03-03 20:08 - 2017-03-03 20:08 - 00266378 _____ C:\Users\arkadiusz.nawrocki\Downloads\cc_20170303_200812.reg 2017-03-03 19:53 - 2017-03-03 19:53 - 00002810 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2017-03-03 19:53 - 2017-03-03 19:53 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk 2017-03-03 19:53 - 2017-03-03 19:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2017-03-03 19:53 - 2017-03-03 19:53 - 00000000 ____D C:\Program Files\CCleaner 2017-03-03 19:51 - 2017-03-03 19:51 - 09261616 _____ (Piriform Ltd) C:\Users\arkadiusz.nawrocki\Downloads\ccsetup527.exe 2017-03-03 12:02 - 2017-03-03 12:02 - 00000000 ____D C:\Windows\pss 2017-03-01 19:36 - 2017-03-02 20:58 - 00000000 ____D C:\Users\arkadiusz.nawrocki\Downloads\The.Magnificent.Seven.2016.720p.BRRip.x264.AAC-ETRG 2017-02-28 20:20 - 2017-03-01 09:14 - 00000000 ____D C:\Users\arkadiusz.nawrocki\AppData\Local\41ea 2017-02-23 22:58 - 2017-02-23 22:59 - 00000000 ____D C:\Users\arkadiusz.nawrocki\AppData\Local\AVCworks 2017-02-23 22:55 - 2017-02-28 20:17 - 00000000 ____D C:\Users\arkadiusz.nawrocki\AppData\Local\Obics 2017-02-23 22:54 - 2017-02-23 23:13 - 00000000 ___HD C:\Users\arkadiusz.nawrocki\AppData\Local\SysHashTable 2017-02-19 00:04 - 2017-02-19 00:04 - 00000000 _____ C:\Users\arkadiusz.nawrocki\AppData\Local\{0B9B19F5-45DF-47AA-AFD0-E418C45F0EBA} 2017-02-15 18:36 - 2017-02-15 18:36 - 00091649 _____ C:\Users\arkadiusz.nawrocki\Downloads\017552229Z.pdf 2017-02-15 18:35 - 2017-02-15 18:36 - 00088165 _____ C:\Users\arkadiusz.nawrocki\Downloads\018000720Z.pdf 2017-02-15 18:35 - 2017-02-15 18:35 - 00091645 _____ C:\Users\arkadiusz.nawrocki\Downloads\018000088Z.pdf 2017-02-15 10:13 - 2017-03-05 21:42 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2017-02-13 10:44 - 2017-02-13 10:44 - 01615356 _____ C:\Users\arkadiusz.nawrocki\Downloads\passport_NAWROCKI_ARKADIUSZ(1).jpeg 2017-02-12 08:20 - 2017-02-12 08:20 - 00002189 _____ C:\Users\Public\Desktop\Xperia Companion.lnk 2017-02-12 08:20 - 2017-02-12 08:20 - 00000000 ____D C:\Program Files\Sony 2017-02-12 08:16 - 2017-02-12 08:17 - 00020228 _____ C:\Users\arkadiusz.nawrocki\Downloads\BoardingCard_138787063_POZ_LTN.pkpass 2017-02-11 15:36 - 2017-02-11 15:36 - 00034553 _____ C:\Users\arkadiusz.nawrocki\Downloads\faktura.pdf 2017-02-10 15:30 - 2017-02-10 15:30 - 01615356 _____ C:\Users\arkadiusz.nawrocki\Downloads\passport_NAWROCKI_ARKADIUSZ.jpeg 2017-02-03 14:49 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll 2017-02-03 14:26 - 2017-02-03 15:47 - 00000000 ____D C:\Users\arkadiusz.nawrocki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pulse Secure 2017-02-03 14:21 - 2017-02-03 15:04 - 00000000 ____D C:\Users\arkadiusz.nawrocki\AppData\Roaming\Juniper Networks 2017-02-03 14:21 - 2017-02-03 14:21 - 00000000 ____D C:\Users\arkadiusz.nawrocki\AppData\Local\Juniper Networks ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-05 22:01 - 2015-10-20 22:20 - 00000000 ____D C:\Users\arkadiusz.nawrocki\AppData\Roaming\uTorrent 2017-03-05 22:00 - 2015-01-14 17:07 - 00000000 ____D C:\Users\arkadiusz.nawrocki\AppData\Local\CrashDumps 2017-03-05 21:46 - 2009-07-14 05:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-03-05 21:46 - 2009-07-14 05:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-03-05 21:45 - 2009-07-14 06:13 - 00790350 _____ C:\Windows\system32\PerfStringBackup.INI 2017-03-05 21:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2017-03-05 21:43 - 2016-09-15 15:56 - 00000569 _____ C:\Windows\SMSCFG.ini 2017-03-05 21:42 - 2016-11-15 23:57 - 00000000 ____D C:\Users\arkadiusz.nawrocki\AppData\LocalLow\Mozilla 2017-03-05 21:41 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-03-05 21:41 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Registration 2017-03-05 21:35 - 2013-11-04 18:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-03-05 13:13 - 2014-06-16 12:53 - 00006396 _____ C:\Windows\MozyEnterprise.blk 2017-03-05 13:13 - 2014-06-16 12:53 - 00000062 _____ C:\Windows\MozyEnterprise.flt 2017-03-05 12:25 - 2009-07-14 05:45 - 00438816 _____ C:\Windows\system32\FNTCACHE.DAT 2017-03-04 13:06 - 2015-12-04 14:31 - 00000000 ____D C:\dbNotowania 4 MAX 2017-03-04 00:10 - 2015-01-07 10:40 - 00111448 _____ C:\Users\arkadiusz.nawrocki\AppData\Local\GDIPFONTCACHEV1.DAT 2017-03-03 20:44 - 2015-10-24 05:30 - 00000000 ____D C:\Users\arkadiusz.nawrocki\AppData\Roaming\vlc 2017-03-03 19:59 - 2014-06-02 19:34 - 00000000 ____D C:\Windows\Minidump 2017-03-03 19:59 - 2011-02-10 15:25 - 00000000 ____D C:\Windows\panther 2017-03-03 19:59 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\ModemLogs 2017-03-03 16:03 - 2013-11-19 16:35 - 00000000 ____D C:\ProgramData\Symantec 2017-03-03 12:43 - 2015-05-18 07:32 - 00000000 ____D C:\Users\arkadiusz.nawrocki\Documents\Outlook Files 2017-03-03 12:38 - 2016-10-15 16:24 - 00000000 ____D C:\Users\arkadiusz.nawrocki\.android 2017-03-03 12:37 - 2015-08-24 10:53 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin 2017-03-03 12:37 - 2015-08-24 10:53 - 00000000 ____D C:\Users\arkadiusz.nawrocki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Statica 2017-03-03 12:37 - 2015-08-24 10:53 - 00000000 ____D C:\Statica 2017-03-03 12:37 - 2015-08-24 10:52 - 00000000 ____D C:\Users\arkadiusz.nawrocki\AppData\Roaming\Statica 2017-03-03 12:36 - 2013-11-19 02:10 - 00000000 ____D C:\Program Files (x86)\Citrix 2017-03-03 12:36 - 2013-11-04 18:33 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-03-03 12:35 - 2016-10-28 12:30 - 00000000 ____D C:\Flashtool 2017-03-03 12:35 - 2015-08-25 14:48 - 00000000 ____D C:\Users\arkadiusz.nawrocki\AppData\Local\Research In Motion 2017-03-03 12:14 - 2016-10-21 12:22 - 00000000 ____D C:\Users\arkadiusz.nawrocki\AppData\Local\Android 2017-03-03 12:12 - 2016-10-21 12:21 - 00000000 ____D C:\Program Files\Android 2017-03-02 07:45 - 2015-09-23 22:08 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-03-02 07:41 - 2015-09-23 22:05 - 00000000 ____D C:\Program Files\Microsoft Office 15 2017-02-23 22:55 - 2009-07-14 05:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2017-02-22 17:06 - 2016-04-08 08:41 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-02-21 20:47 - 2013-11-04 18:40 - 00000000 ___HD C:\Windows\system32\WLANProfiles 2017-02-17 10:47 - 2015-02-10 13:27 - 00000000 ____D C:\Users\arkadiusz.nawrocki\AppData\Local\ElevatedDiagnostics 2017-02-17 09:41 - 2009-07-14 06:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-02-16 23:05 - 2014-06-09 17:14 - 00003718 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 2017-02-12 08:20 - 2015-07-17 08:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2017-02-12 08:20 - 2015-07-17 08:47 - 00000000 ____D C:\Program Files (x86)\Sony 2017-02-12 08:20 - 2013-11-04 18:36 - 00000000 ____D C:\ProgramData\Package Cache 2017-02-10 17:36 - 2014-12-09 13:50 - 00037488 _____ C:\Users\arkadiusz.nawrocki\Downloads\Zestawienie wydatków.xlsx 2017-02-10 15:36 - 2015-01-07 10:40 - 00000000 ____D C:\Users\arkadiusz.nawrocki\AppData\Local\Citrix 2017-02-08 22:52 - 2013-11-04 18:43 - 00000000 ____D C:\Program Files (x86)\Dell 2017-02-07 22:36 - 2014-10-06 09:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection 2017-02-06 22:12 - 2015-01-07 13:53 - 00002405 _____ C:\Users\arkadiusz.nawrocki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-03 14:50 - 2015-01-22 12:25 - 00001663 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk 2017-02-03 14:50 - 2013-11-20 16:00 - 00000000 ____D C:\ProgramData\Citrix 2017-02-03 14:21 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\Downloaded Program Files ==================== Files in the root of some directories ======= 2015-01-22 12:17 - 2015-01-22 12:17 - 0000093 _____ () C:\Users\arkadiusz.nawrocki\AppData\Roaming\ARCompanion.log 2015-08-25 14:48 - 2015-08-25 14:48 - 0000000 _____ () C:\Users\arkadiusz.nawrocki\AppData\Roaming\Rim.Desktop.Exception.log 2015-08-25 14:47 - 2017-03-03 12:35 - 0002021 _____ () C:\Users\arkadiusz.nawrocki\AppData\Roaming\Rim.Desktop.HttpServerSetup.log 2015-08-25 14:48 - 2015-08-25 15:05 - 0000077 _____ () C:\Users\arkadiusz.nawrocki\AppData\Roaming\Rim.DesktopHelper.Exception.log 2017-02-19 00:04 - 2017-02-19 00:04 - 0000000 _____ () C:\Users\arkadiusz.nawrocki\AppData\Local\{0B9B19F5-45DF-47AA-AFD0-E418C45F0EBA} ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-03-04 00:52 ==================== End of FRST.txt ============================