Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2017 Ran by Danielle (administrator) on DANB01 (18-05-2017 11:43:34) Running from C:\Users\Danielle\Downloads Loaded Profiles: Danielle (Available Profiles: Danielle & DBol) Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: Engels (Verenigde Staten) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Microsoft Corporation) C:\Windows\System32\makecab.exe (Optimal Software s.r.o.) C:\Program Files (x86)\PC Speed Up\PCSUService.exe (Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (O2Micro International) C:\Windows\System32\drivers\o2flash.exe (Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe (Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\avgui.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe (© 2015 Microsoft Corporation) C:\Users\Danielle\AppData\Local\Microsoft\BingSvc\BingSvc.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4520 series\Bin\HPNetworkCommunicatorCom.exe (Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Microsoft Corporation) C:\Windows\CCM\CcmExec.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [611192 2011-10-03] (Alps Electric Co., Ltd.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-10-03] (IDT, Inc.) HKLM\...\Run: [DFEPApplication] => C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077880 2013-01-22] (Dell Inc.) HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-04-27] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [263088 2017-04-03] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239592 2017-04-27] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.) HKU\S-1-5-21-4277049813-1552598357-2010247912-1003\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-4277049813-1552598357-2010247912-1003\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation) HKU\S-1-5-21-4277049813-1552598357-2010247912-1003\...\Run: [HP ENVY 4520 series (NET)] => C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe [3651080 2015-03-09] (Hewlett-Packard Development Company, LP) HKU\S-1-5-21-4277049813-1552598357-2010247912-1003\...\Run: [BingSvc] => C:\Users\Danielle\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation) HKU\S-1-5-21-4277049813-1552598357-2010247912-1003\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1143640 2017-05-09] (Google Inc.) ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-12-15] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\Danielle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2015-12-15] ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2015-12-15] ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2015-12-15] ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.) BootExecute: PDBoot.exeautocheck autochk * GroupPolicy: Restriction <======= ATTENTION GroupPolicyScripts: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 89.101.251.229 89.101.251.228 Tcpip\..\Interfaces\{F752050E-8DB5-498B-B3EE-E09C72512A71}: [DhcpNameServer] 89.101.251.229 89.101.251.228 Internet Explorer: ================== HKU\S-1-5-21-4277049813-1552598357-2010247912-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.nl/ SearchScopes: HKU\S-1-5-21-4277049813-1552598357-2010247912-1003 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={F15D07A8-4720-43B9-BCEF-D3DBFD0797F6}&mid=c5199dec956047cc8fc34dfe4b0a0b68-f7ab2dea96f1d9a3848ab4e9a9a17d1bec830208&lang=nl&ds=AVG&coid=avgtbavg&cmpid=0316avz&pr=fr&d=2016-03-11 07:34:57&v=4.2.8.608&pid=wtu&sg=&sap=dsp&q={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated) FireFox: ======== FF DefaultProfile: lgmlcfdi.default FF ProfilePath: C:\Users\Danielle\AppData\Roaming\Mozilla\Firefox\Profiles\lgmlcfdi.default [2017-04-11] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\lgmlcfdi.default -> Bing FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\lgmlcfdi.default -> Bing FF SelectedSearchEngine: Mozilla\Firefox\Profiles\lgmlcfdi.default -> Bing FF Homepage: Mozilla\Firefox\Profiles\lgmlcfdi.default -> hxxp://www.msn.com/?pc=SK216&ocid=SK216DHP&osmkt=nl-nl FF Keyword.URL: Mozilla\Firefox\Profiles\lgmlcfdi.default -> hxxp://www.bing.com/search?FORM=SK216DF&PC=SK216&q= FF Extension: (Bing Search) - C:\Users\Danielle\AppData\Roaming\Mozilla\Firefox\Profiles\lgmlcfdi.default\Extensions\bingsearch.full@microsoft.com.xpi [2017-02-17] FF SearchPlugin: C:\Users\Danielle\AppData\Roaming\Mozilla\Firefox\Profiles\lgmlcfdi.default\searchplugins\bing-.xml [2017-02-17] FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-21] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\new_plugin\npjp2.dll [No File] FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-21] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.) Chrome: ======= CHR HomePage: Default -> msn.com CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms} CHR DefaultSearchKeyword: Default -> bing.com CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms} CHR Profile: C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default [2017-05-18] CHR Extension: (Google Presentaties) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-06] CHR Extension: (Google Documenten) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-06] CHR Extension: (Google Drive) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-06] CHR Extension: (YouTube) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-06] CHR Extension: (Google Search) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-06] CHR Extension: (Farm Mania) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiclocjknonhfemolhopdghdkhdpbbeh [2016-01-06] CHR Extension: (Bing) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2017-02-28] CHR Extension: (Google Spreadsheets) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-06] CHR Extension: (Jigsaw Puzzles Daily) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjcfkigenhanhgbeajpachkjahjmmbk [2016-01-06] CHR Extension: (woord zoeken) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggckablhhmjagmokplgnbamljajnhanm [2016-01-06] CHR Extension: (Offline Documenten) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21] CHR Extension: (The Elementals) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfhfehlnocjpbnbcabcjjnemkkkghaak [2016-01-06] CHR Extension: (Little Alchemy) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2016-02-11] CHR Extension: (Pursued) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\mglmffkipgdhdkolbbkofkfhappinpin [2016-01-06] CHR Extension: (fysica spellen) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkpbdagoacfjmcijkielfiboipojaffd [2016-01-06] CHR Extension: (The Sims FreePlay) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlddaajkichhldjonlafcjhdhilmbdg [2016-01-06] CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-16] CHR Extension: (Gmail) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-06] CHR Extension: (Chrome Media Router) - C:\Users\Danielle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-18] CHR HKU\S-1-5-21-4277049813-1552598357-2010247912-1003\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [262696 2017-04-03] (AVG Technologies CZ, s.r.o.) R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7448992 2017-04-03] (AVG Technologies CZ, s.r.o.) R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428656 2017-04-27] (AVG Technologies CZ, s.r.o.) R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1773744 2015-10-04] (Microsoft Corporation) S4 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [671928 2015-04-14] (Microsoft Corporation) R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280952 2013-01-22] (Dell Inc.) S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2015-12-20] (Macrovision Europe Ltd.) [File not signed] S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation) S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-12-30] (Electronic Arts) S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2180624 2016-12-30] (Electronic Arts) R2 PCSUService; C:\Program Files (x86)\PC Speed Up\PCSUService.exe [445600 2016-01-28] (Optimal Software s.r.o.) <==== ATTENTION S3 smstsmgr; C:\Windows\CCM\TSManager.exe [316600 2015-04-14] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 avgbdisk; C:\Windows\system32\drivers\avgbdiska.sys [166136 2017-04-03] (AVG Technologies CZ, s.r.o.) R1 avgbidsdriver; C:\Windows\system32\drivers\avgbidsdrivera.sys [310056 2017-04-03] (AVG Technologies CZ, s.r.o.) R0 avgbidsh; C:\Windows\system32\drivers\avgbidsha.sys [192096 2017-04-03] (AVG Technologies CZ, s.r.o.) R0 avgblog; C:\Windows\system32\drivers\avgbloga.sys [336408 2017-04-03] (AVG Technologies CZ, s.r.o.) R0 avgbuniv; C:\Windows\system32\drivers\avgbuniva.sys [50848 2017-04-03] (AVG Technologies CZ, s.r.o.) S3 avgHwid; C:\Windows\system32\drivers\avgHwid.sys [39288 2017-04-03] (AVG Technologies CZ, s.r.o.) R2 avgMonFlt; C:\Windows\system32\drivers\avgMonFlt.sys [129776 2017-04-30] (AVG Technologies CZ, s.r.o.) R1 avgRdr; C:\Windows\system32\drivers\avgRdr2.sys [102136 2017-04-03] (AVG Technologies CZ, s.r.o.) R0 avgRvrt; C:\Windows\system32\drivers\avgRvrt.sys [76688 2017-04-03] (AVG Technologies CZ, s.r.o.) R1 avgSnx; C:\Windows\system32\drivers\avgSnx.sys [1006040 2017-04-03] (AVG Technologies CZ, s.r.o.) R1 avgSP; C:\Windows\system32\drivers\avgSP.sys [557912 2017-04-30] (AVG Technologies CZ, s.r.o.) R2 avgStm; C:\Windows\system32\drivers\avgStm.sys [165048 2017-04-03] (AVG Technologies CZ, s.r.o.) R0 avgVmm; C:\Windows\system32\drivers\avgVmm.sys [340688 2017-04-03] (AVG Technologies CZ, s.r.o.) S3 d554gps; C:\Windows\system32\drivers\d554gps64.sys [101416 2011-10-03] (Ericsson AB) S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-10-03] (Ericsson AB) S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2011-10-03] (Ericsson AB) S3 Mbm3CBus; C:\Windows\system32\drivers\Mbm3CBus.sys [411208 2011-10-03] (MCCI Corporation) S3 Mbm3DevMt; C:\Windows\system32\drivers\Mbm3DevMt.sys [419912 2011-10-03] (MCCI Corporation) S3 nwdelgobi3kfilter; C:\Windows\system32\drivers\nwdelgobi3kfilter.sys [34304 2011-10-03] (Novatel Wireless Inc) S3 nwdelserial; C:\Windows\system32\drivers\nwdelserial.sys [234112 2011-10-03] (Novatel Wireless Inc.) S3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2015-04-14] (Microsoft Corporation) S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2015-07-24] (Cisco Systems, Inc.) R3 wbfcvusbdrv; C:\Windows\System32\Drivers\wbfcvusbdrv.sys [17120 2013-03-07] () S3 dcdbas; system32\DRIVERS\dcdbas64.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-05-18 11:08 - 2017-05-18 11:46 - 00022560 _____ C:\Users\Danielle\Downloads\FRST.txt 2017-05-18 11:07 - 2017-05-18 11:08 - 00899584 _____ (Farbar) C:\Users\Danielle\Downloads\FSS.exe 2017-05-18 10:59 - 2017-05-18 11:08 - 00000000 ____D C:\FRST 2017-05-18 10:56 - 2017-05-18 10:57 - 02429952 _____ (Farbar) C:\Users\Danielle\Downloads\FRST64.exe 2017-05-18 00:16 - 2017-05-18 00:30 - 00000000 ____D C:\Program Files\trend micro 2017-05-18 00:16 - 2017-05-18 00:20 - 00000000 ____D C:\rsit 2017-05-18 00:14 - 2017-05-18 00:15 - 01222144 _____ C:\Users\Danielle\Downloads\RSITx64.exe 2017-05-18 00:14 - 2017-05-18 00:15 - 01222144 _____ C:\Users\Danielle\Desktop\RSITx64 (1).exe 2017-05-15 13:46 - 2017-05-15 13:46 - 00332786 _____ C:\Users\Danielle\Downloads\APV11 Bijeenkomst 1 2016-2017.pptx 2017-05-15 13:46 - 2017-05-15 13:46 - 00332786 _____ C:\Users\Danielle\Downloads\APV11 Bijeenkomst 1 2016-2017 (1).pptx 2017-05-08 14:05 - 2017-05-08 14:05 - 00159122 _____ C:\Users\Danielle\Downloads\Bericht studiefinanciering (2).pdf 2017-05-01 18:44 - 2017-05-05 11:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2017-05-01 15:52 - 2017-05-01 15:54 - 04419917 _____ C:\Users\Danielle\Downloads\3ABDCA97-8A19-2B5A-EFCB-E20D50CC97BA.pdf 2017-05-01 15:51 - 2017-05-01 15:51 - 00162360 _____ C:\Users\Danielle\Downloads\2010-k3-v4-p33-art.pdf 2017-05-01 13:29 - 2017-05-01 13:29 - 01036037 _____ C:\Users\Danielle\Downloads\Speelwijzer Go VMBO game docenten.pdf.pdf 2017-05-01 13:29 - 2017-05-01 13:29 - 00496702 _____ C:\Users\Danielle\Downloads\Speelwijzer Go VMBO game leerlingen.pdf.pdf 2017-04-18 23:52 - 2017-04-19 00:14 - 194999859 _____ C:\Users\Danielle\Downloads\6006 - Professor Layton en de Melodie van het Spook (N) (ABSTRAKT) (1).7z 2017-04-18 23:51 - 2017-04-18 23:51 - 00021770 _____ C:\Users\Danielle\Downloads\yx4WsANwDBCieLtuW7AkBqO_WoAmzyZT9LSITxpLWLuT9RUdg2ewf1YYBryq1WOuZJbAXRfrEltFm1y4J_nfgUZ6UlP9yMqV6gdjM1WLA38AYnl1TVPIsQN_QK+FlJfZ59DADkx_kwza0dh1FeXz98XtX5DK7nh1prOvR5UcovzGA4s90frclp16Y_a5+BUbNdGAXiwELMV9bY2Mx7XtJ7Gz.htm 2017-04-18 23:29 - 2017-04-18 23:51 - 194999859 _____ C:\Users\Danielle\Downloads\6006 - Professor Layton en de Melodie van het Spook (N) (ABSTRAKT).7z 2017-04-18 23:29 - 2017-04-18 23:29 - 00021773 _____ C:\Users\Danielle\Downloads\uaf6Iuzsm8zFNefZMI+ceZ0FlqlNCKdrpn_x7JyBLYvb3v+VTmlamD6mmHKzGpDExov5pzE3_97AieINSp8uZ4t5RMDEpzwFWp8Sqt1XFQx+_NBzDGGmWEAGxe07rWwPTUKmdzXUH8wtIYibXhDJp+d6luHjlavnt9RQq2agIhdQWAyEFNhPy+f2KKO3plyIsRWYhg1qbROq3BaKih5Xezx9.htm 2017-04-18 23:28 - 2017-04-18 23:28 - 00021769 _____ C:\Users\Danielle\Downloads\dP4heGBEdG9kpCH7ggXVOeE8w46JkD1Y2ooS5YJYP5z5v7W6zS_zedrkMbkpj2h9uhdu_jQ_CtSF1T8Tmo4lcJVLPvSpUdtSakgWx7xtQwT4baH6Nf0UlyHoUXfq+gr56KM4vg+a73I0Vaw8mXkjW7pjXecIe4ik7kWggJyMpOSPKipX2H6PLSUlA3sZHz_1R68b9vlbriMeXn7mL1LC5hl8.htm ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-05-18 11:45 - 2015-06-02 20:39 - 00000600 _____ C:\Windows\SMSCFG.INI 2017-05-18 11:42 - 2016-01-06 18:20 - 00000000 ____D C:\Users\Danielle\Tracing 2017-05-18 11:39 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-05-18 11:38 - 2017-01-04 19:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-05-18 11:38 - 2016-08-29 20:49 - 00000000 ____D C:\Program Files (x86)\PC Speed Up 2017-05-18 11:06 - 2017-04-03 14:39 - 00004178 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update 2017-05-18 10:57 - 2015-12-15 16:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-05-18 10:50 - 2009-07-14 06:45 - 00019712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-05-18 10:50 - 2009-07-14 06:45 - 00019712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-05-18 01:27 - 2016-01-08 01:00 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2017-05-18 01:26 - 2016-01-08 01:02 - 00001311 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2017-05-18 01:20 - 2016-01-08 01:02 - 00001380 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2017-05-17 23:47 - 2016-01-06 18:20 - 00000000 ____D C:\ProgramData\Skype 2017-05-17 23:46 - 2016-01-06 18:20 - 00000000 ____D C:\Users\Danielle\AppData\Roaming\Skype 2017-05-17 22:25 - 2015-12-15 20:43 - 00000000 ____D C:\Windows\system32\appmgmt 2017-05-17 22:12 - 2015-12-15 17:59 - 00000000 ____D C:\ProgramData\FreePDF 2017-05-17 22:12 - 2015-12-15 17:59 - 00000000 ____D C:\Program Files (x86)\FreePDF_XP 2017-05-17 20:24 - 2015-12-16 00:57 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3997D7DD-C060-4BB8-8CDE-BB4138132AC0} 2017-05-16 19:14 - 2016-09-20 19:54 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task 2017-05-16 09:49 - 2016-01-06 13:57 - 00002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-05-16 09:49 - 2016-01-06 13:57 - 00002407 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-05-05 11:54 - 2016-02-19 20:31 - 00001008 _____ C:\Users\Public\Desktop\AVG.lnk 2017-05-04 23:15 - 2009-07-14 07:08 - 00032644 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-04-30 17:32 - 2017-04-03 14:39 - 00557912 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgsp.sys 2017-04-30 17:31 - 2017-04-03 14:39 - 00129776 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmonflt.sys 2017-04-30 16:40 - 2016-01-06 13:57 - 00003488 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2017-04-30 16:40 - 2016-01-06 13:57 - 00003360 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2017-04-20 16:17 - 2015-06-02 21:11 - 00745218 _____ C:\Windows\system32\perfh013.dat 2017-04-20 16:17 - 2015-06-02 21:11 - 00153704 _____ C:\Windows\system32\perfc013.dat 2017-04-20 16:17 - 2015-06-02 21:02 - 00699214 _____ C:\Windows\system32\perfh007.dat 2017-04-20 16:17 - 2015-06-02 21:02 - 00149886 _____ C:\Windows\system32\perfc007.dat 2017-04-20 16:17 - 2009-07-14 07:13 - 02514888 _____ C:\Windows\system32\PerfStringBackup.INI 2017-04-20 16:17 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2017-04-19 19:09 - 2016-08-29 20:49 - 00000346 _____ C:\Windows\Tasks\PC SpeedUp Service Deactivator.job 2017-04-18 00:12 - 2009-07-14 06:45 - 00409024 _____ C:\Windows\system32\FNTCACHE.DAT ==================== Files in the root of some directories ======= 2016-02-04 16:30 - 2016-02-04 16:30 - 0003584 _____ () C:\Users\Danielle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-11-27 22:16 - 2016-11-27 22:16 - 0000057 _____ () C:\ProgramData\Ament.ini Some files in TEMP: ==================== 2016-06-01 16:01 - 2016-04-22 10:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Danielle\AppData\Local\Temp\avguirn_081123704826.exe 2016-04-07 19:48 - 2016-02-18 13:09 - 0179624 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Danielle\AppData\Local\Temp\avguirn_081220492301.exe 2016-04-18 23:26 - 2016-03-23 16:57 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Danielle\AppData\Local\Temp\avguirn_08128113000.exe 2016-08-28 00:20 - 2016-07-20 14:01 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Danielle\AppData\Local\Temp\avguirn_081408848996.exe 2016-02-23 20:32 - 2016-01-12 17:23 - 0179624 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Danielle\AppData\Local\Temp\avguirn_081562647419.exe 2016-07-27 11:26 - 2016-06-21 18:49 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Danielle\AppData\Local\Temp\avguirn_081711109549.exe 2016-06-24 14:29 - 2016-05-18 13:03 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Danielle\AppData\Local\Temp\avguirn_081959965630.exe 2016-01-06 13:00 - 2015-11-12 17:54 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Danielle\AppData\Local\Temp\avguirn_08344720863.exe 2016-05-14 16:40 - 2016-04-14 17:29 - 0186640 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Danielle\AppData\Local\Temp\avguirn_08625421984.exe 2016-01-19 00:28 - 2015-12-08 08:23 - 0091048 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Danielle\AppData\Local\Temp\avguirn_08640748438.exe 2017-02-17 19:06 - 2017-02-17 19:06 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\Danielle\AppData\Local\Temp\BSvcProcessor.exe 2017-02-17 19:06 - 2017-02-17 19:06 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\Danielle\AppData\Local\Temp\BSvcUpdater.exe 2016-08-29 20:49 - 2016-08-29 20:49 - 5113120 _____ (Optimal Software s.r.o. ) C:\Users\Danielle\AppData\Local\Temp\g7LYu2jrzt.exe 2017-04-19 20:46 - 2017-04-19 20:46 - 0739904 _____ (Oracle Corporation) C:\Users\Danielle\AppData\Local\Temp\jre-8u131-windows-au.exe 2016-03-23 21:45 - 2016-03-23 21:45 - 0736320 _____ (Oracle Corporation) C:\Users\Danielle\AppData\Local\Temp\jre-8u77-windows-au.exe 2016-06-25 11:46 - 2016-06-25 11:46 - 0739904 _____ (Oracle Corporation) C:\Users\Danielle\AppData\Local\Temp\jre-8u91-windows-au.exe 2017-05-17 22:25 - 2017-02-05 18:00 - 7133808 _____ (Spotify Ltd) C:\Users\Danielle\AppData\Local\Temp\SpotifyUninstall.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-04-13 18:11 ==================== End of FRST.txt ============================