Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-06-2017 Ran by Kenny (administrator) on KENNY-PC (11-06-2017 00:11:17) Running from C:\Users\Kenny\Desktop Loaded Profiles: Kenny (Available Profiles: Kenny) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Engels (Verenigde Staten) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Safe Mode (minimal) Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe [1688856 2017-05-24] (BullGuard Ltd.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] () HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes) HKLM-x32\...\Run: [Hercules DJ Series] => C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe [3409264 2012-04-04] (Hercules®) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3455111124-2029184662-1593870379-1000\...\Run: [Mio Share] => C:\Users\Kenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mio\Mio Share.appref-ms [342 2014-01-04] () HKU\S-1-5-21-3455111124-2029184662-1593870379-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-06] (Google Inc.) HKU\S-1-5-21-3455111124-2029184662-1593870379-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.) HKU\S-1-5-21-3455111124-2029184662-1593870379-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [912480 2015-09-02] (Microsoft Corporation) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-12-06] (Microsoft Corporation) AppInit_DLLs: BgGamingMonitor.dll => C:\Windows\system32\BgGamingMonitor.dll [171192 2017-05-24] (BullGuard Ltd.) AppInit_DLLs-x32: BgGamingMonitor.dll => C:\Windows\system32\BgGamingMonitor.dll [171192 2017-05-24] (BullGuard Ltd.) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Kenny\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-02-03] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Kenny\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-02-03] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Kenny\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-02-03] (Microsoft Corporation) ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2017-05-24] (BullGuard Ltd.) ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2017-05-24] (BullGuard Ltd.) ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2017-05-24] (BullGuard Ltd.) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Kenny\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll [2017-02-03] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Kenny\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll [2017-02-03] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Kenny\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll [2017-02-03] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-10-11] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2013-09-27] ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 195.130.131.4 195.130.130.4 Tcpip\..\Interfaces\{06E78598-DCA6-41B9-912E-2ED7A4283E2C}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{6F9724FC-EA02-4CD5-BAE8-BBF31F1C8980}: [DhcpNameServer] 195.130.131.4 195.130.130.4 Internet Explorer: ================== HKU\S-1-5-21-3455111124-2029184662-1593870379-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://be.msn.com/default.aspx?pc=UP97&ocid=UP97DHP BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.) Toolbar: HKU\S-1-5-21-3455111124-2029184662-1593870379-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.) FireFox: ======== FF Extension: (Belgium eID) - C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be [2016-10-18] FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard FF Extension: (BullGuard Safe Browsing) - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard [2013-11-27] [not signed] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-10-11] [not signed] FF HKLM-x32\...\Firefox\Extensions: [belgiumeid@eid.belgium.be] - C:\Program Files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be FF HKU\S-1-5-21-3455111124-2029184662-1593870379-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-02] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3455111124-2029184662-1593870379-1000: SkypePlugin -> C:\Users\Kenny\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi.dll [2017-04-18] (Skype Technologies S.A.) FF Plugin HKU\S-1-5-21-3455111124-2029184662-1593870379-1000: SkypePlugin64 -> C:\Users\Kenny\AppData\Local\SkypePlugin\7.32.6.278\npGatewayNpapi-x64.dll [2017-04-18] (Skype Technologies S.A.) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://be.msn.com/default.aspx?pc=UP97&ocid=UP97DHP CHR StartupUrls: Default -> "hxxp://be.msn.com/default.aspx?pc=UP97&ocid=UP97DHP", "hxxp://www.google.com/" CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms} CHR DefaultSearchKeyword: Default -> bing.com___ CHR DefaultSuggestURL: Default -> hxxp://api.bing.com/osjson.aspx?query={searchTerms}&language={language}&form=UP97DF&PC=UP97 CHR Profile: C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default [2015-01-08] CHR Extension: (Google Documenten) - C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-04] CHR Extension: (Google Drive) - C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-06] CHR Extension: (YouTube) - C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-04] CHR Extension: (Google Zoeken) - C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-06] CHR Extension: (Google Wallet) - C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-17] CHR Extension: (Gmail) - C:\Users\Kenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-04] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [1551128 2017-05-24] (BullGuard Ltd.) S2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [671512 2017-05-24] (BullGuard Ltd.) S2 BsCache; C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll [185112 2017-05-24] (BullGuard Ltd.) S2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll [505624 2017-05-24] (BullGuard Ltd.) S2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [5814552 2017-05-24] (BullGuard Ltd.) R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [768280 2017-05-24] (BullGuard Ltd.) S2 BsNet; C:\Program Files\BullGuard Ltd\BullGuard\BsNet.dll [546584 2017-05-24] (BullGuard Ltd.) S2 BsNetworkScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardNetworkScanner.exe [458008 2017-05-24] (BullGuard Ltd.) R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [325400 2017-05-24] (BullGuard Ltd.) S2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [423704 2017-05-24] (BullGuard Ltd.) S2 HerculesDJControlMP3; C:\Program Files\Hercules\Audio\DJ Console Series\drivers\amd64\HerculesDJControlMP3.EXE [18944 2012-04-10] (Hercules®) [File not signed] S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed] S2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed] S2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes) S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 BdNet; C:\Windows\System32\drivers\BdNet.sys [152152 2017-05-24] (BullGuard Ltd.) S1 BdSpy; C:\Windows\System32\drivers\BdSpy.sys [76728 2015-10-12] (BullGuard Ltd.) S3 Bulk; C:\Windows\System32\Drivers\HDJBulk.sys [232272 2012-04-10] (© Guillemot R&D, 2012. All rights reserved.) S3 HDJAsioK; C:\Windows\System32\Drivers\HDJAsioK.sys [304976 2012-04-10] (© Guillemot R&D, 2012. All rights reserved.) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-11] (Malwarebytes) R3 MTsensor; C:\Windows\System32\DRIVERS\ATK64AMD.sys [13680 2007-08-09] () S1 NovaShieldFilterDriver; C:\Windows\System32\DRIVERS\NSKernel.sys [325752 2016-07-31] (BullGuard Ltd.) S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [485512 2016-04-14] (BitDefender S.R.L.) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-11 00:11 - 2017-06-11 00:11 - 00016854 _____ C:\Users\Kenny\Desktop\FRST.txt 2017-06-11 00:10 - 2017-06-11 00:11 - 00000000 ____D C:\FRST 2017-06-11 00:10 - 2017-06-10 23:59 - 02437120 _____ (Farbar) C:\Users\Kenny\Desktop\FRST64.exe 2017-06-11 00:06 - 2017-06-11 00:06 - 00262144 _____ C:\Windows\Minidump\061117-71542-01.dmp 2017-06-11 00:01 - 2017-06-11 00:01 - 00262144 _____ C:\Windows\Minidump\061117-147062-01.dmp 2017-06-10 23:57 - 2017-06-10 23:57 - 00262144 _____ C:\Windows\Minidump\061017-148325-01.dmp 2017-06-10 23:53 - 2017-06-10 23:53 - 00262144 _____ C:\Windows\Minidump\061017-146703-01.dmp 2017-06-10 23:27 - 2017-06-10 23:27 - 00262144 _____ C:\Windows\Minidump\061017-72836-01.dmp 2017-06-10 23:07 - 2017-06-10 23:07 - 00262144 _____ C:\Windows\Minidump\061017-148887-01.dmp 2017-06-10 23:04 - 2017-06-10 23:04 - 00262144 _____ C:\Windows\Minidump\061017-147795-01.dmp 2017-06-10 22:30 - 2017-06-10 22:30 - 00000796 _____ C:\Users\Public\Desktop\Speccy.lnk 2017-06-10 22:30 - 2017-06-10 22:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2017-06-10 22:30 - 2017-06-10 22:30 - 00000000 ____D C:\Program Files\Speccy 2017-06-10 22:30 - 2017-06-10 22:30 - 00000000 _____ C:\Users\Kenny\Desktop\Nieuw tekstdocument.txt 2017-06-10 22:25 - 2017-06-10 22:25 - 00262144 _____ C:\Windows\Minidump\061017-74599-01.dmp 2017-06-10 22:23 - 2017-06-10 22:23 - 00262144 _____ C:\Windows\Minidump\061017-144347-01.dmp 2017-06-10 17:38 - 2017-06-11 00:06 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2017-06-10 17:38 - 2017-06-10 17:38 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-06-10 17:38 - 2017-06-10 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-06-10 17:38 - 2017-06-10 17:38 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-06-10 17:38 - 2017-06-10 17:38 - 00000000 ____D C:\Program Files\Malwarebytes 2017-06-10 17:38 - 2017-05-25 11:58 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys 2017-05-31 14:05 - 2017-05-31 14:05 - 00262144 _____ C:\Windows\Minidump\053117-64693-01.dmp 2017-05-31 14:03 - 2017-05-31 14:03 - 00262144 _____ C:\Windows\Minidump\053117-58796-01.dmp 2017-05-31 14:01 - 2017-05-31 14:01 - 00262144 _____ C:\Windows\Minidump\053117-58266-01.dmp 2017-05-31 13:59 - 2017-05-31 13:59 - 00262144 _____ C:\Windows\Minidump\053117-57096-01.dmp 2017-05-31 13:57 - 2017-05-31 13:57 - 00262144 _____ C:\Windows\Minidump\053117-57969-01.dmp 2017-05-31 13:55 - 2017-05-31 13:55 - 00262144 _____ C:\Windows\Minidump\053117-56893-01.dmp 2017-05-31 13:53 - 2017-05-31 13:53 - 00262144 _____ C:\Windows\Minidump\053117-58562-01.dmp 2017-05-31 13:51 - 2017-05-31 13:51 - 00262144 _____ C:\Windows\Minidump\053117-55380-01.dmp 2017-05-31 13:49 - 2017-05-31 13:49 - 00262144 _____ C:\Windows\Minidump\053117-58375-01.dmp 2017-05-31 13:47 - 2017-05-31 13:47 - 00262144 _____ C:\Windows\Minidump\053117-57143-01.dmp 2017-05-31 13:44 - 2017-05-31 13:45 - 00262144 _____ C:\Windows\Minidump\053117-57330-01.dmp 2017-05-31 13:42 - 2017-05-31 13:42 - 00262144 _____ C:\Windows\Minidump\053117-57517-01.dmp 2017-05-31 13:40 - 2017-05-31 13:40 - 00262144 _____ C:\Windows\Minidump\053117-57860-01.dmp 2017-05-31 13:38 - 2017-05-31 13:38 - 00262144 _____ C:\Windows\Minidump\053117-56831-01.dmp 2017-05-31 13:36 - 2017-05-31 13:36 - 00262144 _____ C:\Windows\Minidump\053117-57954-01.dmp 2017-05-31 13:34 - 2017-05-31 13:34 - 00262144 _____ C:\Windows\Minidump\053117-56472-01.dmp 2017-05-29 05:21 - 2017-05-31 13:32 - 00262144 _____ C:\Windows\Minidump\052917-21659756-01.dmp 2017-05-28 23:19 - 2017-05-28 23:19 - 00262144 _____ C:\Windows\Minidump\052817-58016-01.dmp 2017-05-28 23:16 - 2017-05-28 23:16 - 00262144 _____ C:\Windows\Minidump\052817-57345-01.dmp 2017-05-28 23:14 - 2017-05-28 23:14 - 00262144 _____ C:\Windows\Minidump\052817-56550-01.dmp 2017-05-28 23:12 - 2017-05-28 23:12 - 00262144 _____ C:\Windows\Minidump\052817-57735-01.dmp 2017-05-28 23:10 - 2017-05-28 23:10 - 00262144 _____ C:\Windows\Minidump\052817-57439-01.dmp 2017-05-28 23:08 - 2017-05-28 23:08 - 00262144 _____ C:\Windows\Minidump\052817-57174-01.dmp 2017-05-28 23:06 - 2017-05-28 23:06 - 00262144 _____ C:\Windows\Minidump\052817-56316-01.dmp 2017-05-28 23:04 - 2017-05-28 23:04 - 00262144 _____ C:\Windows\Minidump\052817-56363-01.dmp 2017-05-28 23:02 - 2017-05-28 23:02 - 00262144 _____ C:\Windows\Minidump\052817-58079-01.dmp 2017-05-28 22:59 - 2017-05-28 22:59 - 00262144 _____ C:\Windows\Minidump\052817-57361-02.dmp 2017-05-28 22:57 - 2017-05-28 22:57 - 00262144 _____ C:\Windows\Minidump\052817-57533-02.dmp 2017-05-28 22:55 - 2017-05-28 22:55 - 00262144 _____ C:\Windows\Minidump\052817-58219-01.dmp 2017-05-28 22:53 - 2017-05-28 22:53 - 00262144 _____ C:\Windows\Minidump\052817-57299-01.dmp 2017-05-28 22:51 - 2017-05-28 22:51 - 00262144 _____ C:\Windows\Minidump\052817-57377-01.dmp 2017-05-28 22:49 - 2017-05-28 22:49 - 00262144 _____ C:\Windows\Minidump\052817-57189-01.dmp 2017-05-28 22:47 - 2017-05-28 22:47 - 00262144 _____ C:\Windows\Minidump\052817-57314-01.dmp 2017-05-28 22:44 - 2017-05-28 22:44 - 00262144 _____ C:\Windows\Minidump\052817-57330-01.dmp 2017-05-28 22:42 - 2017-05-28 22:42 - 00262144 _____ C:\Windows\Minidump\052817-57985-01.dmp 2017-05-28 22:40 - 2017-05-28 22:40 - 00262144 _____ C:\Windows\Minidump\052817-57969-01.dmp 2017-05-28 22:38 - 2017-05-28 22:38 - 00262144 _____ C:\Windows\Minidump\052817-57486-02.dmp 2017-05-28 22:36 - 2017-05-28 22:36 - 00262144 _____ C:\Windows\Minidump\052817-57455-01.dmp 2017-05-28 22:34 - 2017-05-28 22:34 - 00262144 _____ C:\Windows\Minidump\052817-57080-02.dmp 2017-05-28 22:32 - 2017-05-28 22:32 - 00262144 _____ C:\Windows\Minidump\052817-56425-01.dmp 2017-05-28 22:29 - 2017-05-28 22:30 - 00262144 _____ C:\Windows\Minidump\052817-57018-01.dmp 2017-05-26 09:08 - 2017-06-11 00:11 - 01193004 _____ C:\Windows\ntbtlog.txt 2017-05-24 15:25 - 2017-05-24 15:23 - 00171192 _____ (BullGuard Ltd.) C:\Windows\system32\BgGamingMonitor.dll 2017-05-24 15:25 - 2017-05-24 15:23 - 00152640 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BgGamingMonitor.dll 2017-05-24 15:25 - 2017-05-24 15:23 - 00076568 _____ (BullGuard Ltd.) C:\Windows\system32\BGLsp.dll 2017-05-24 15:25 - 2017-05-24 15:23 - 00061720 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BGLsp.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-11 00:08 - 2013-09-27 14:33 - 00000000 ____D C:\ProgramData\BullGuard 2017-06-11 00:06 - 2015-05-05 19:40 - 00000000 ____D C:\Windows\Minidump 2017-06-10 23:51 - 2009-07-14 07:08 - 00032650 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-06-10 17:38 - 2013-09-27 12:55 - 00746178 _____ C:\Windows\system32\perfh013.dat 2017-06-10 17:38 - 2013-09-27 12:55 - 00153932 _____ C:\Windows\system32\perfc013.dat 2017-06-10 17:38 - 2009-07-14 07:13 - 01677642 _____ C:\Windows\system32\PerfStringBackup.INI 2017-06-10 17:38 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf 2017-05-31 14:42 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing 2017-05-31 14:07 - 2014-03-04 22:46 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2017-05-31 14:07 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-05-26 08:43 - 2009-07-14 06:45 - 00017296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-05-26 08:43 - 2009-07-14 06:45 - 00017296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-05-26 08:42 - 2016-01-11 22:56 - 00642560 _____ C:\Users\Kenny\Documents\HET BROODPALEIS 215001.xls 2017-05-25 15:04 - 2014-08-06 13:06 - 00000000 ____D C:\Users\Kenny\AppData\Roaming\Skype 2017-05-25 09:04 - 2013-11-27 20:25 - 00000000 ____D C:\Users\Kenny\Documents\Outlook-bestanden 2017-05-25 08:59 - 2013-09-27 14:54 - 00000312 _____ C:\Windows\system32\config\afw_hm.conf 2017-05-25 08:59 - 2013-09-27 14:54 - 00000004 _____ C:\Windows\system32\config\afw_db.conf 2017-05-24 16:07 - 2016-09-07 20:04 - 00043448 _____ C:\Users\Kenny\Downloads\document.pdf 2017-05-24 15:23 - 2012-10-04 09:38 - 00152152 _____ (BullGuard Ltd.) C:\Windows\system32\Drivers\BdNet.sys 2017-05-23 13:52 - 2015-08-17 19:40 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2017-05-17 10:53 - 2013-12-06 21:07 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-05-17 10:50 - 2013-12-06 21:05 - 00004422 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-05-17 10:50 - 2013-12-06 21:04 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-05-17 10:50 - 2013-12-06 21:04 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-05-17 10:50 - 2013-12-06 21:04 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-05-17 10:50 - 2013-12-06 21:04 - 00000000 ____D C:\Windows\system32\Macromed ==================== Files in the root of some directories ======= 2015-10-11 20:46 - 2015-10-11 21:17 - 0001253 _____ () C:\ProgramData\hpzinstall.log 2014-12-29 15:10 - 2014-12-29 15:11 - 0008476 _____ () C:\ProgramData\Install_vcredist64.log 2014-12-29 15:10 - 2014-12-29 15:11 - 0169936 _____ () C:\ProgramData\Install_vcredist64_0_vcRuntimeMinimum_x64.log 2014-12-29 15:11 - 2014-12-29 15:11 - 0197894 _____ () C:\ProgramData\Install_vcredist64_1_vcRuntimeAdditional_x64.log 2014-12-29 15:11 - 2014-12-29 15:13 - 0008401 _____ () C:\ProgramData\Install_vcredist86.log 2014-12-29 15:12 - 2014-12-29 15:12 - 0173060 _____ () C:\ProgramData\Install_vcredist86_0_vcRuntimeMinimum_x86.log 2014-12-29 15:12 - 2014-12-29 15:12 - 0211502 _____ () C:\ProgramData\Install_vcredist86_1_vcRuntimeAdditional_x86.log Some files in TEMP: ==================== 2012-06-19 17:51 - 2012-06-19 17:51 - 0174440 ____R (Microsoft Corporation) C:\Users\Kenny\AppData\Local\Temp\ose00000.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-05-23 14:28 ==================== End of FRST.txt ============================