Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-05-2016 01
Ran by pljarda (administrator) on PLCLW70040 (25-05-2016 10:11:05)
Running from C:\Users\pljarda\Downloads
Loaded Profiles: pljarda (Available Profiles: plkamru & pljarda)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos System Protection\ssp.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamviewerQS\Version4\TeamViewer_Service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
(Polar Electro Oy) C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe
(Docking Station) C:\Program Files (x86)\Lenovo\USB3.0 Dock\igpxtskmgn64win7.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\AuthManager\AuthManSvr.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6064.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionHookAppWIN6032.exe
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
(Microsoft Corporation) C:\Windows\CCM\RemCtrl\CmRcService.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
() C:\ProgramData\Quotenamron\Quotenamron.exe
() C:\ProgramData\Logic Handler\set.exe
() C:\Program Files (x86)\Microsoft Office\Office15\lynchtmlconv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2816848 2012-05-23] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12497552 2012-05-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1180304 2012-05-23] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916112 2012-04-09] (Synaptics Incorporated)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [518456 2015-09-13] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231736 2015-09-13] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1531872 2016-04-15] (Sophos Limited)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-321930979-3402162066-1190322147-8181\...\Run: [DisplayFusion] => C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe [8547320 2016-01-20] (Binary Fortress Software)
HKU\S-1-5-21-321930979-3402162066-1190322147-8181\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-321930979-3402162066-1190322147-8181\...\Run: [Polar FlowSync] => C:\Program Files (x86)\Polar\Polar FlowSync\FlowSync.exe [1191936 2015-11-19] (Polar Electro Oy)
HKU\S-1-5-21-321930979-3402162066-1190322147-8181\...\RunOnce: [PriceFountainUpdateVer] => [X]
HKU\S-1-5-21-321930979-3402162066-1190322147-8181\...\Policies\system: [RunLogonScriptSync] 1
HKU\S-1-5-21-321930979-3402162066-1190322147-8181\...\Policies\Explorer\DisallowRun: [1] msimn.exe
HKU\S-1-5-21-321930979-3402162066-1190322147-8181\...\Policies\Explorer\DisallowRun: [2] msnmsgr.exe
HKU\S-1-5-21-321930979-3402162066-1190322147-8181\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-321930979-3402162066-1190322147-8181\...\Policies\Explorer: [DisablePersonalDirChange] 1
HKU\S-1-5-21-321930979-3402162066-1190322147-8181\...\Policies\Explorer: [NoWindowsUpdate] 1
HKU\S-1-5-21-321930979-3402162066-1190322147-8181\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKU\S-1-5-21-321930979-3402162066-1190322147-8181\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-321930979-3402162066-1190322147-8181\...\Policies\Explorer: [NoDrives] 65536
HKU\S-1-5-21-321930979-3402162066-1190322147-8181\...\Policies\Explorer: [NoInternetIcon] 1
HKU\S-1-5-21-321930979-3402162066-1190322147-8181\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-321930979-3402162066-1190322147-8181\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-321930979-3402162066-1190322147-8181\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-321930979-3402162066-1190322147-8181\...\Policies\Explorer: [NoSMBalloonTip] 1
HKU\S-1-5-21-321930979-3402162066-1190322147-8181\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\ConLogScreenSaver.scr [14341171 2014-06-13] (Jan Kolarik & Ondrej Vaverka)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\ConLogScreenSaver.scr [14341171 2014-06-13] (Jan Kolarik & Ondrej Vaverka)
AppInit_DLLs: C:\ProgramData\Quotenamron\Vilait.dll => C:\ProgramData\Quotenamron\Vilait.dll [363008 2016-05-25] ()
AppInit_DLLs-x32: C:\ProgramData\Quotenamron\Tam-Dex.dll => C:\ProgramData\Quotenamron\Tam-Dex.dll [257536 2016-05-25] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\igpxtskmgn.lnk [2016-02-15]
ShortcutTarget: igpxtskmgn.lnk -> C:\Program Files (x86)\Lenovo\USB3.0 Dock\igpxtskmgn64win7.exe (Docking Station)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-04-15] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-04-15] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-04-15] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-04-15] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-04-15] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-04-15] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-04-15] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-04-15] (Sophos Limited)
Winsock: Catalog9 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [141208 2016-04-15] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-04-15] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-04-15] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-04-15] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-04-15] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-04-15] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-04-15] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-04-15] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-04-15] (Sophos Limited)
Winsock: Catalog9-x64 20 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [194152 2016-04-15] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 10.211.72.19 10.0.72.11
Tcpip\..\Interfaces\{27F9E67A-5450-467E-B82C-453BC87766AD}: [DhcpNameServer] 10.211.72.19 10.0.72.11
Tcpip\..\Interfaces\{E8C7435C-2DB9-4A14-9FDA-68911FBFA268}: [DhcpNameServer] 10.211.72.19 10.0.72.11

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-321930979-3402162066-1190322147-8181\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-321930979-3402162066-1190322147-8181\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/
HKU\S-1-5-21-321930979-3402162066-1190322147-8181\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
HKU\S-1-5-21-321930979-3402162066-1190322147-8181\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com/search?q={searchTerms}
HKU\S-1-5-21-321930979-3402162066-1190322147-8181\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-321930979-3402162066-1190322147-8181 -> DefaultScope {ielnksrch} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-321930979-3402162066-1190322147-8181 -> {A894B9CF-358F-4E79-B180-948169464969} URL = hxxp://www.google.com/search?hl=sv&q={searchTerms}
SearchScopes: HKU\S-1-5-21-321930979-3402162066-1190322147-8181 -> {ielnksrch} URL = hxxp://www.bing.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2016-02-15] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2016-02-15] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2016-02-15] (Oracle Corporation)
BHO-x32: Exact.ESE.Office.Word.WordWIcon -> {A647857E-2A41-7118-A0F0-DDFE7ECD47D4} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Exact.ESE.Office.Excel.ExcelOpenESE -> {B637857E-2A63-7647-A0F0-AAFE7CED46A3} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO-x32: Exact.ESE.Office.PowerPoint.PowerPointOpenESE -> {B747846A-6B41-7335-E0F1-CCFA7ECD64D7} -> C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2016-02-15] (Oracle Corporation)
DPF: HKLM-x32 {B94C2238-346E-4C5E-9B36-8CC627F35574} 
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} 
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-09-13] (Citrix Systems, Inc.)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2016-02-15] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2016-02-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2016-02-15] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2016-02-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-09-13] (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2016-02-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2016-02-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll [2013-08-17] (VMware, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin-x32: vmware.com/client-support-plugin -> C:\Program Files (x86)\VMware\Client Integration Plug-in 5.5\npVMwareClientSupportPlugin-5-5-0.dll [2013-08-16] (VMware, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)

Chrome: 
=======
CHR Profile: C:\Users\pljarda\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentacje Google) - C:\Users\pljarda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-16]
CHR Extension: (Prezentacje Google) - C:\Users\pljarda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-17]
CHR Extension: (Dysk Google) - C:\Users\pljarda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-17]
CHR Extension: (YouTube) - C:\Users\pljarda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-17]
CHR Extension: (Prezentacje Google) - C:\Users\pljarda\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-10]
CHR Extension: (Google Search) - C:\Users\pljarda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-17]
CHR Extension: (Prezentacje Google) - C:\Users\pljarda\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-16]
CHR Extension: (Prezentacje Google) - C:\Users\pljarda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Prezentacje Google) - C:\Users\pljarda\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2016-02-17]
CHR Extension: (Prezentacje Google) - C:\Users\pljarda\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2016-05-24]
CHR Extension: (Pocket) - C:\Users\pljarda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2016-02-17]
CHR Extension: (Plants vs Zombies) - C:\Users\pljarda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2016-02-17]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\pljarda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-11]
CHR Extension: (Gmail) - C:\Users\pljarda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-17]
CHR HKLM-x32\...\Chrome\Extension: [jidkebcigjgheaahopdnlfaohgnocfai] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 backlh; C:\ProgramData\Logic Handler\set.exe [2089472 2016-05-15] () [File not signed]
R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1775288 2015-10-27] (Microsoft Corporation)
R2 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [672440 2015-10-27] (Microsoft Corporation)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [4616216 2016-01-20] (Binary Fortress Software)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9281840 2013-10-11] (DisplayLink Corp.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2013-12-09] (Lenovo.)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50352 2015-09-25] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50352 2015-09-25] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
U2 Quotenamron; C:\ProgramData\\Quotenamron\\Quotenamron.exe [947712 2016-05-25] () [File not signed]
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-05] ()
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [311544 2016-04-15] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [285136 2016-04-15] (Sophos Limited)
S3 smstsmgr; C:\Windows\CCM\TSManager.exe [317624 2015-10-27] (Microsoft Corporation)
R2 SntpService; C:\Program Files\Sophos\Sophos Network Threat Protection\bin\SntpService.exe [901248 2016-04-18] (Sophos Limited)
R2 Sophos Agent; C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe [396040 2016-04-15] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [604000 2016-04-15] (Sophos Limited)
R2 Sophos Message Router; C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe [1069832 2016-04-15] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2016-02-15] (Sophos Limited)
R2 sophossps; C:\Program Files (x86)\Sophos\Sophos System Protection\ssp.exe [2455816 2016-04-15] (Sophos Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3339736 2016-04-15] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2118896 2016-04-15] (Sophos Limited)
R2 TeamViewer4; C:\Program Files (x86)\TeamViewerQS\Version4\TeamViewer_service.exe [185640 2010-09-03] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-04-01] (Broadcom Corporation.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-05] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2011-10-05] (Ericsson AB)
S3 HBtnKey; C:\Windows\system32\drivers\wstbtndb.sys [17064 2010-06-28] (Lenovo)
R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [103184 2012-03-01] (Ericsson AB)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-10-05] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-10-05] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-10-05] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-10-05] (MCCI Corporation)
R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2013-09-11] (Microsoft Corporation)
R3 rzbtendpt; C:\Windows\System32\DRIVERS\rzbtendpt.sys [50392 2015-08-13] (Razer Inc)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-23] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-15] (Razer, Inc.)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [161024 2016-04-15] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2016-04-15] (Sophos Limited)
R2 sntp; C:\Windows\System32\DRIVERS\sntp.sys [116144 2016-04-18] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2016-04-15] (Sophos Limited)
S3 swg3knmea01; C:\Windows\system32\drivers\swg3knmea01.sys [259584 2012-04-13] (Sierra Wireless Incorporated)
S3 swg3kser01; C:\Windows\system32\drivers\swg3kser01.sys [259584 2012-04-13] (Sierra Wireless Incorporated)
S3 swibus01; C:\Windows\system32\drivers\swibus01.sys [79360 2012-04-13] (Sierra Wireless Inc.)
S3 swibusflt01; C:\Windows\system32\drivers\swibusflt01.sys [79360 2012-04-13] (Sierra Wireless Inc.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S3 wacomhidfilter; C:\Windows\system32\drivers\wacomhidfilter.sys [11520 2012-03-23] (Wacom Technology)
S3 WacomVTHid; C:\Windows\system32\drivers\WacomVTHid.sys [14320 2010-12-02] (Wacom Technology)
S3 wisdpen; C:\Windows\system32\drivers\wisdpen.sys [44656 2012-03-23] (Wacom Technology)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [279312 2012-04-27] (Ericsson AB)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 kgriafod; \??\C:\Users\pljarda\AppData\Local\Temp\kgriafod.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-25 10:04 - 2016-05-25 10:04 - 00380928 _____ C:\Users\pljarda\Downloads\0u16fl0h.exe
2016-05-25 09:55 - 2016-05-25 09:56 - 03651136 _____ C:\Users\pljarda\Downloads\adwcleaner_5.117.exe
2016-05-25 09:41 - 2016-05-25 10:11 - 00031718 _____ C:\Users\pljarda\Downloads\FRST.txt
2016-05-25 09:41 - 2016-05-25 10:11 - 00000000 ____D C:\FRST
2016-05-25 09:40 - 2016-05-25 09:40 - 02382848 _____ (Farbar) C:\Users\pljarda\Downloads\FRST64.exe
2016-05-25 09:13 - 2016-05-25 09:15 - 03651136 _____ C:\Users\pljarda\Downloads\adwcleaner.pl 5.117.exe
2016-05-25 09:09 - 2016-05-25 09:30 - 00000000 ____D C:\ProgramData\Quotenamrons
2016-05-25 09:09 - 2016-05-25 09:30 - 00000000 ____D C:\ProgramData\Quotenamron
2016-05-25 09:09 - 2016-05-25 09:09 - 06859776 _____ C:\Users\pljarda\AppData\Roaming\agent.dat
2016-05-25 09:09 - 2016-05-25 09:09 - 02279413 _____ C:\Users\pljarda\AppData\Roaming\Geosantom.bin
2016-05-25 09:09 - 2016-05-25 09:09 - 01755411 _____ C:\Users\pljarda\AppData\Roaming\Cansing.tst
2016-05-25 09:09 - 2016-05-25 09:09 - 00126464 _____ C:\Users\pljarda\AppData\Roaming\noah.dat
2016-05-25 09:09 - 2016-05-25 09:09 - 00065232 _____ C:\Users\pljarda\AppData\Roaming\Config.xml
2016-05-25 09:09 - 2016-05-25 09:09 - 00018432 _____ C:\Users\pljarda\AppData\Roaming\Main.dat
2016-05-25 09:09 - 2016-05-25 09:09 - 00005568 _____ C:\Users\pljarda\AppData\Roaming\md.xml
2016-05-25 09:09 - 2016-05-25 09:09 - 00003456 _____ C:\Windows\System32\Tasks\pljardaTreatiesButtressedV2
2016-05-25 09:09 - 2016-05-25 09:09 - 00003224 _____ C:\Windows\System32\Tasks\{12E43934-F32F-21E8-D449-11CCFD7A970F}
2016-05-25 09:09 - 2016-05-25 09:09 - 00002397 _____ C:\Windows\SysWOW64\findit.xml
2016-05-25 09:09 - 2016-05-25 09:09 - 00000280 _____ C:\Windows\Tasks\{12E43934-F32F-21E8-D449-11CCFD7A970F}.job
2016-05-25 09:09 - 2016-05-25 09:09 - 00000000 ____D C:\Users\pljarda\AppData\Roaming\Mozilla
2016-05-25 09:09 - 2016-05-25 09:09 - 00000000 ____D C:\ProgramData\Logic Handler
2016-05-25 09:09 - 2016-05-25 09:08 - 00947712 _____ C:\Users\pljarda\AppData\Roaming\Cansing.exe
2016-05-25 09:08 - 2016-05-25 09:08 - 00127488 _____ C:\Users\pljarda\AppData\Roaming\Installer.dat
2016-05-25 09:08 - 2016-05-25 09:08 - 00014448 _____ C:\Users\pljarda\AppData\Roaming\InstallationConfiguration.xml
2016-05-25 09:05 - 2016-05-25 09:06 - 41135232 _____ (Any-Audio-Converter.com ) C:\Users\pljarda\Downloads\any-audio-converter.exe
2016-05-25 08:04 - 2016-05-25 08:04 - 00000000 ____D C:\Users\plkamru\AppData\Local\Exact Synergy Enterprise
2016-05-25 07:12 - 2016-05-25 07:12 - 00000000 ____D C:\Windows\system32\config\regsave
2016-05-25 07:07 - 2016-05-25 07:07 - 00000000 ____D C:\My Backups
2016-05-25 07:06 - 2015-12-10 06:10 - 00192552 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\EuFdDisk.sys
2016-05-25 07:06 - 2015-12-10 06:10 - 00060968 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eubakup.sys
2016-05-25 07:06 - 2015-12-10 06:10 - 00048168 _____ C:\Windows\system32\Drivers\EUBKMON.sys
2016-05-25 07:06 - 2015-12-10 06:10 - 00018472 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eudskacs.sys
2016-05-25 07:01 - 2016-05-25 07:02 - 00000000 ____D C:\Program Files (x86)\EaseUS
2016-05-25 06:59 - 2016-05-25 07:00 - 121505600 _____ (CHENGDU YIWO Tech Development Co., Ltd ) C:\Users\plkamru\Downloads\tb_free.exe
2016-05-25 06:51 - 2016-05-25 06:51 - 00000000 ____D C:\Users\plkamru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix Program
2016-05-25 06:51 - 2016-05-25 06:51 - 00000000 ____D C:\Users\plkamru\AppData\Roaming\Citrix
2016-05-25 06:49 - 2016-05-25 06:56 - 00002267 _____ C:\Users\plkamru\Desktop\Google Chrome.lnk
2016-05-25 06:49 - 2016-05-25 06:49 - 00000000 ____D C:\Users\plkamru\AppData\Local\Google
2016-05-24 13:52 - 2016-05-24 13:52 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-05-24 13:47 - 2016-05-24 13:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Polar
2016-05-24 13:47 - 2016-05-24 13:47 - 00000000 ____D C:\Program Files\Bonjour
2016-05-24 13:47 - 2016-05-24 13:47 - 00000000 ____D C:\Program Files (x86)\Polar
2016-05-24 13:47 - 2016-05-24 13:47 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-05-24 13:38 - 2016-05-24 13:40 - 23793864 _____ (Polar Electro Oy ) C:\Users\pljarda\Downloads\FlowSync_2.6.2.exe
2016-05-24 12:53 - 2016-05-24 12:54 - 00067369 _____ C:\Users\pljarda\Desktop\efektywnosc obdzwonek_JD.xlsx
2016-05-24 10:52 - 2016-05-24 12:46 - 00000000 ____D C:\Users\pljarda\Desktop\Praca Consafe
2016-05-23 08:50 - 2016-05-23 08:50 - 01533867 _____ C:\Users\pljarda\Downloads\Morning_Ride.gpx
2016-05-23 08:49 - 2016-05-23 08:49 - 01018474 _____ C:\Users\pljarda\Downloads\20160522_085144.tcx
2016-05-20 11:45 - 2016-05-20 11:45 - 00000000 ____D C:\Users\pljarda\AppData\Local\Sophos
2016-05-19 16:18 - 2016-05-19 16:18 - 00034063 _____ C:\Users\pljarda\Downloads\WA_2016_05_01346.pdf
2016-05-18 16:57 - 2016-05-19 07:39 - 00004978 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for CONSAFE1-pljarda PLCLW70040.consafe1.org
2016-05-17 13:54 - 2016-05-17 13:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Napisy24
2016-05-17 13:53 - 2016-05-17 13:54 - 00000000 ____D C:\ProgramData\Napisy24
2016-05-17 13:53 - 2016-05-17 13:54 - 00000000 ____D C:\Program Files (x86)\Napisy24
2016-05-17 13:30 - 2016-05-25 10:08 - 00000000 ____D C:\Users\pljarda\AppData\Local\CrashDumps
2016-05-16 13:44 - 2016-05-16 15:19 - 00000083 _____ C:\Users\pljarda\Desktop\Panatoni.txt
2016-05-16 09:32 - 2016-05-16 09:32 - 00072254 _____ C:\Users\pljarda\Downloads\20160513 Ritex Astro WMS budget (1).xlsx
2016-05-16 09:11 - 2016-05-16 09:11 - 00000000 ____D C:\ProgramData\MindGems
2016-05-16 09:11 - 2016-05-16 09:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Folder Size
2016-05-16 09:10 - 2016-05-16 09:11 - 00000000 ____D C:\Program Files (x86)\Folder Size
2016-05-15 19:13 - 2016-05-15 19:13 - 02381634 _____ C:\Users\pljarda\Downloads\System_Requirements_Astro_WMS_8.5 (1).pdf
2016-05-15 19:12 - 2016-05-15 19:12 - 01034422 _____ C:\Users\pljarda\Downloads\RITEX_Metodologia wdrożenia Astro Express (1).pdf
2016-05-14 18:21 - 2016-05-14 18:21 - 04427910 _____ C:\Users\pljarda\Downloads\RITEX_Metodologia wdrożenia Astro Express.pptx
2016-05-14 18:21 - 2016-05-14 18:21 - 02381634 _____ C:\Users\pljarda\Downloads\System_Requirements_Astro_WMS_8.5.pdf
2016-05-14 18:21 - 2016-05-14 18:21 - 01034422 _____ C:\Users\pljarda\Downloads\RITEX_Metodologia wdrożenia Astro Express.pdf
2016-05-14 18:20 - 2016-05-14 18:20 - 00072253 _____ C:\Users\pljarda\Downloads\20160513 Ritex Astro WMS budget.xlsx
2016-05-12 16:36 - 2016-05-17 15:52 - 00013012 _____ C:\Users\pljarda\Desktop\Copy of Potencjalni partnerzy (2).xlsx
2016-05-11 13:29 - 2016-05-24 12:38 - 00001260 _____ C:\Users\pljarda\Desktop\Logistyka.xlsx - Shortcut.lnk
2016-05-11 13:29 - 2016-05-24 12:31 - 00001457 _____ C:\Users\pljarda\Desktop\Magazynowanie BISNODE.xlsx - Shortcut.lnk
2016-05-11 13:29 - 2016-05-24 12:00 - 00001240 _____ C:\Users\pljarda\Desktop\BIEŻĄCE.xlsx - Shortcut.lnk
2016-05-11 13:29 - 2016-05-24 11:58 - 00001403 _____ C:\Users\pljarda\Desktop\Bisnode Fashion.xlsx - Shortcut.lnk
2016-05-11 13:29 - 2016-05-11 13:29 - 00001863 _____ C:\Users\pljarda\Desktop\Polski kongres logistyczny lista 2016-05-10.xlsx - Shortcut.lnk
2016-05-11 13:29 - 2016-05-11 13:29 - 00001647 _____ C:\Users\pljarda\Desktop\Log days uczestnicy.xlsx - Shortcut.lnk
2016-05-11 13:29 - 2016-05-11 13:29 - 00001553 _____ C:\Users\pljarda\Desktop\PKD Jarek.xlsx - Shortcut.lnk
2016-05-11 13:29 - 2016-05-11 13:29 - 00001506 _____ C:\Users\pljarda\Desktop\ISOF.xlsx - Shortcut.lnk
2016-05-11 13:29 - 2016-05-11 13:29 - 00001459 _____ C:\Users\pljarda\Desktop\Samochód.xlsx - Shortcut.lnk
2016-05-11 13:14 - 2016-05-11 13:14 - 00000000 ____D C:\Users\pljarda\AppData\Roaming\Dropbox
2016-05-11 13:12 - 2016-05-24 10:49 - 00000000 ____D C:\Users\pljarda\AppData\Local\Dropbox
2016-05-11 11:31 - 2016-05-23 11:47 - 00000000 ____D C:\Users\pljarda\AppData\Local\DisplayFusion
2016-05-11 11:31 - 2016-05-11 11:31 - 00000000 __SHD C:\Users\pljarda\AppData\Roaming\Common
2016-05-11 11:31 - 2016-05-11 11:31 - 00000000 ____D C:\Users\pljarda\AppData\Roaming\DisplayFusion
2016-05-11 11:31 - 2016-05-11 11:31 - 00000000 ____D C:\ProgramData\Binary Fortress Software
2016-05-11 11:30 - 2016-05-11 11:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DisplayFusion
2016-05-11 11:30 - 2016-05-11 11:30 - 00000000 ____D C:\Program Files (x86)\DisplayFusion
2016-05-11 10:29 - 2016-05-25 09:02 - 00004978 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for {8c11f6e6-0ac7-47f6-8d5a-16cc3da30dcb} PLCLW70040.consafe1.org
2016-05-02 10:23 - 2016-05-02 17:17 - 00006801 _____ C:\Users\pljarda\Downloads\20160502_Bisnode Fashion.csv
2016-04-28 15:43 - 2016-04-28 15:43 - 00087721 _____ C:\Users\pljarda\Downloads\eKonto_47004996_160325_160425.pdf
2016-04-28 15:29 - 2016-04-28 15:29 - 00087352 _____ C:\Users\pljarda\Downloads\eKonto_47004996_160425_160425.pdf
2016-04-28 10:25 - 2016-04-28 10:25 - 01683284 _____ C:\Users\pljarda\Downloads\lista_placowek_raty.pdf
2016-04-28 09:09 - 2016-04-28 09:09 - 00000358 _____ C:\Users\pljarda\Downloads\465964cd9a5e41b6af28bdb5361348df.vcs
2016-04-28 08:57 - 2016-04-28 08:57 - 00028334 _____ C:\Users\pljarda\Downloads\RITEX Astro WMS a założenia wobec systemu WMS.xlsx
2016-04-26 09:06 - 2016-04-26 09:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2016-04-26 09:06 - 2016-04-26 09:06 - 00000000 ____D C:\Program Files\Recuva
2016-04-26 08:54 - 2016-04-26 08:59 - 00000000 ____D C:\Users\pljarda\Desktop\Oferta
2016-04-26 08:46 - 2016-04-26 08:54 - 00000000 ____D C:\Users\pljarda\Desktop\Klienci
2016-04-25 08:49 - 2016-04-25 11:40 - 00049959 _____ C:\Users\pljarda\Downloads\efektywnosc obdzwonek_JD.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-25 09:57 - 2009-07-14 07:13 - 00783834 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-25 09:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-05-25 09:44 - 2016-02-15 12:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-25 09:32 - 2009-07-14 06:45 - 00019104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-25 09:32 - 2009-07-14 06:45 - 00019104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-25 09:18 - 2016-02-16 11:45 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-25 09:18 - 2016-02-16 11:45 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-25 09:03 - 2015-04-24 12:10 - 00000601 _____ C:\Windows\SMSCFG.INI
2016-05-25 09:01 - 2016-02-29 11:37 - 00002794 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-05-25 09:00 - 2016-02-15 11:56 - 00000712 _____ C:\Windows\system32\config\netlogon.ftl
2016-05-25 09:00 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-25 08:05 - 2016-02-15 12:54 - 00000000 ____D C:\Users\plkamru\AppData\Roaming\ICAClient
2016-05-25 06:52 - 2015-04-24 12:10 - 00000000 ____D C:\Windows\ccmsetup
2016-05-25 06:49 - 2016-02-15 12:50 - 00057272 __RSH C:\Users\plkamru\ntuser.pol
2016-05-25 06:49 - 2016-02-15 12:50 - 00000000 ____D C:\Users\plkamru
2016-05-24 10:54 - 2016-02-16 11:29 - 00000000 ____D C:\Users\pljarda
2016-05-24 10:51 - 2016-04-11 12:17 - 00000000 ____D C:\ProgramData\Skype
2016-05-24 10:11 - 2016-02-15 12:49 - 00076573 __RSH C:\ProgramData\ntuser.pol
2016-05-24 00:37 - 2016-04-15 12:38 - 00000542 _____ C:\Windows\Tasks\Daily scheduled scan.job
2016-05-20 16:26 - 2016-04-11 12:18 - 00000000 ____D C:\Users\pljarda\AppData\Roaming\Skype
2016-05-20 16:26 - 2016-02-16 11:38 - 01141352 ____H C:\Users\pljarda\AppData\Local\IconCache.db.backup
2016-05-20 13:29 - 2016-02-16 11:29 - 00057272 __RSH C:\Users\pljarda\ntuser.pol
2016-05-18 17:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2016-05-18 07:18 - 2016-02-16 11:29 - 00000000 ____D C:\Users\pljarda\AppData\Local\Microsoft Help
2016-05-17 13:31 - 2016-02-16 11:29 - 00000000 ____D C:\Users\pljarda\AppData\Roaming\vlc
2016-05-13 13:21 - 2016-02-16 11:46 - 00002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-11 09:13 - 2016-02-16 11:45 - 00004044 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 09:13 - 2016-02-16 11:45 - 00003792 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2016-05-25 09:09 - 2016-05-25 09:09 - 6859776 _____ () C:\Users\pljarda\AppData\Roaming\agent.dat
2016-05-25 09:09 - 2016-05-25 09:08 - 0947712 _____ () C:\Users\pljarda\AppData\Roaming\Cansing.exe
2016-05-25 09:09 - 2016-05-25 09:09 - 1755411 _____ () C:\Users\pljarda\AppData\Roaming\Cansing.tst
2016-05-25 09:09 - 2016-05-25 09:09 - 0065232 _____ () C:\Users\pljarda\AppData\Roaming\Config.xml
2016-05-25 09:09 - 2016-05-25 09:09 - 2279413 _____ () C:\Users\pljarda\AppData\Roaming\Geosantom.bin
2016-05-25 09:08 - 2016-05-25 09:08 - 0014448 _____ () C:\Users\pljarda\AppData\Roaming\InstallationConfiguration.xml
2016-05-25 09:08 - 2016-05-25 09:08 - 0127488 _____ () C:\Users\pljarda\AppData\Roaming\Installer.dat
2016-05-25 09:09 - 2016-05-25 09:09 - 0018432 _____ () C:\Users\pljarda\AppData\Roaming\Main.dat
2016-05-25 09:09 - 2016-05-25 09:09 - 0005568 _____ () C:\Users\pljarda\AppData\Roaming\md.xml
2016-05-25 09:09 - 2016-05-25 09:09 - 0126464 _____ () C:\Users\pljarda\AppData\Roaming\noah.dat
2016-05-25 09:09 - 2016-05-25 09:09 - 0032038 _____ () C:\Users\pljarda\AppData\Roaming\uninstall_temp.ico
2016-03-08 10:48 - 2016-05-24 16:36 - 0000073 _____ () C:\Users\pljarda\AppData\Local\Exact.Update.OA.exe.log
2016-02-15 12:50 - 2016-02-15 12:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Windows\Tasks\{12E43934-F32F-21E8-D449-11CCFD7A970F}.job


Some files in TEMP:
====================
C:\Users\pljarda\AppData\Local\Temp\libeay32.dll
C:\Users\pljarda\AppData\Local\Temp\MetatarsalSlows.dll
C:\Users\pljarda\AppData\Local\Temp\msvcr120.dll
C:\Users\pljarda\AppData\Local\Temp\sqlite3.dll


Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-21 18:23

==================== End of FRST.txt ============================