Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-02-2017 Ran by Tim (administrator) on NOTEBOOK (18-02-2017 10:33:49) Running from C:\Users\Tim\Desktop Loaded Profiles: Tim (Available Profiles: Tim) Platform: Microsoft Windows 8.1 met Bing (X86) Language: Nederlands (Nederland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\scheduler.exe (Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FCDBLog.exe (Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\fcappdb.exe (Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiProxy.exe (Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiWF.exe (Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiESNAC.exe (Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiSSLVPNdaemon.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files\ASUS\Splendid\ACMON.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiTray.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe (Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (HP Inc.) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe (Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\fmon.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Microsoft Corporation) C:\Windows\System32\UserAccountBroker.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\Tim\Desktop\EnglishFRST.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [1080992 2014-05-12] (ASUSTek Computer Inc.) HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [7761920 2014-09-22] (Realtek Semiconductor) HKLM\...\Run: [Ulead AutoDetector v2] => C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [90112 2004-11-26] (Ulead Systems, Inc.) HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM\...\Run: [] => [X] HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-12-07] (Western Digital Technologies, Inc.) HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [73216 2014-06-24] (Intel Corporation) HKU\S-1-5-21-1556124094-4218111898-1118812907-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6638296 2016-02-12] (Piriform Ltd) HKU\S-1-5-21-1556124094-4218111898-1118812907-1001\...\Run: [GoogleChromeAutoLaunch_035B4E54F90A1EA5C0B1EF50550A533B] => C:\Program Files\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.) HKU\S-1-5-21-1556124094-4218111898-1118812907-1001\...\MountPoints2: {2b2bc6e2-45f5-11e6-9835-6cfaa7f3c859} - "D:\setup_vmb_lite.exe" /checkApplicationPresence HKU\S-1-5-21-1556124094-4218111898-1118812907-1001\...\MountPoints2: {2b2bc7e3-45f5-11e6-9835-6cfaa7f3c859} - "D:\setup_vmb_lite.exe" /checkApplicationPresence ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 84.116.46.20 84.116.46.21 Tcpip\..\Interfaces\{FDD3A532-872B-44B5-B689-698AD0D3A9B5}: [DhcpNameServer] 84.116.46.20 84.116.46.21 Internet Explorer: ================== HKU\S-1-5-21-1556124094-4218111898-1118812907-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB HKU\S-1-5-21-1556124094-4218111898-1118812907-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB SearchScopes: HKU\S-1-5-21-1556124094-4218111898-1118812907-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-1556124094-4218111898-1118812907-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} FireFox: ======== FF Plugin: @FortinetCacheClean -> C:\Program Files\Fortinet\FortiClient\npccplugin.dll [2015-10-06] (Fortinet Inc.) FF Plugin: @FortinetCacheCleanEx -> C:\Program Files\Fortinet\FortiClient\npccpluginex.dll [2015-10-06] (Fortinet Inc.) FF Plugin: @FortinetTunnelControl -> C:\Program Files\Fortinet\FortiClient\nptcplugin.dll [2015-10-06] (Fortinet Inc.) FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2013-07-12] (Intel Corporation) FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2013-07-12] (Intel Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default [2017-02-18] CHR Extension: (Google Documenten) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-09] CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-09] CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-09] CHR Extension: (Adobe Acrobat) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-31] CHR Extension: (Google Spreadsheets) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-09] CHR Extension: (Offline Documenten) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17] CHR Extension: (Google Hangouts) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-01-20] CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20] CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-09] CHR Extension: (Chrome Media Router) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09] CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AsHidService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [103224 2014-05-14] (ASUSTek Computer Inc.) R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe [115512 2014-03-26] (ASUSTek Computer Inc.) R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS) S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1677016 2014-12-17] (Broadcom Corporation.) S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279000 2017-02-15] (Intel Corporation) R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [75264 2014-06-24] (Intel Corporation) R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [89088 2014-06-24] (Intel Corporation) R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [82432 2014-06-24] (Intel Corporation) R2 FA_Scheduler; C:\Program Files\Fortinet\FortiClient\scheduler.exe [107026 2015-10-06] (Fortinet Inc.) [File not signed] R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [277976 2014-06-13] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-01] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-01] (Intel(R) Corporation) R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2015-12-07] (Western Digital Technologies, Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280304 2014-05-13] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2014-05-13] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS) R3 AsusHID; C:\Windows\System32\drivers\AsusHID.sys [70936 2015-08-17] (ASUS Corporation) R1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [17720 2013-07-02] (ASUSTek Computer Inc.) S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [97896 2013-07-18] (ASIX Electronics Corp.) R3 BCMSDH43XX; C:\Windows\system32\DRIVERS\bcmdhd63.sys [307928 2014-12-17] (Broadcom Corp) R3 BthMini; C:\Windows\System32\Drivers\BTHMINI.sys [24064 2013-08-22] (Microsoft Corporation) S3 btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [145112 2014-12-17] (Broadcom Corporation.) R3 BtwSerialBus; C:\Windows\system32\DRIVERS\BtwSerialBus.sys [132312 2014-12-17] (Broadcom Corporation.) S3 camera; C:\Windows\system32\DRIVERS\camera.sys [460800 2014-06-24] (Intel Corporation) R3 DptfDevDBPT; C:\Windows\system32\DRIVERS\DptfDevPower.sys [17408 2014-06-24] (Intel Corporation) R3 DptfDevDisplay; C:\Windows\system32\DRIVERS\DptfDevDisplay.sys [19968 2014-06-24] (Intel Corporation) R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [28160 2014-06-24] (Intel Corporation) R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [72704 2014-06-24] (Intel Corporation) R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [174080 2014-06-24] (Intel Corporation) R3 fortiapd; C:\Windows\System32\drivers\fortiapd.sys [15232 2015-10-06] (Fortinet Inc) R1 FortiFilter; C:\Windows\system32\DRIVERS\FortiFilter.sys [40176 2015-08-26] (Fortinet Inc) S1 FortiFW; C:\Windows\System32\drivers\FortiFW2.sys [32128 2015-10-06] (Fortinet Inc) R0 fortiloader; C:\Windows\System32\drivers\fortiloader.sys [13696 2015-10-06] (Fortinet Inc) R1 fortimon3; C:\Windows\System32\drivers\fortimon3.sys [37760 2015-10-06] (Fortinet Inc) S3 Fortips; C:\Windows\System32\drivers\fortips.sys [126848 2015-10-06] (Fortinet Inc) S3 FortiRdr; C:\Windows\System32\drivers\FortiRdr2.sys [39296 2015-10-06] (Fortinet Inc) R1 FortiShield; C:\Windows\System32\drivers\FortiShield.sys [64896 2015-10-06] (Fortinet Inc) S3 fortisniff; C:\Windows\System32\drivers\fortisniff2.sys [32128 2015-10-06] (Fortinet Inc) R3 FortiWF; C:\Windows\System32\drivers\FortiWF2.sys [28032 2015-10-06] (Fortinet Inc) R3 ft_vnic; C:\Windows\system32\DRIVERS\ftvnic.sys [58120 2015-08-26] (Fortinet Inc) R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [23552 2014-05-16] (Intel Corporation) R3 GpioVirtual; C:\Windows\System32\drivers\iaiogpiovirtual.sys [16896 2014-03-21] (Intel Corporation) R3 HIDSwitch; C:\Windows\System32\drivers\AsHIDSwitch.sys [17720 2013-10-08] (ASUS) R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [62464 2014-05-16] (Intel Corporation) R3 iaiouart; C:\Windows\System32\drivers\iaiouart.sys [87552 2014-03-21] (Intel Corporation) S0 iaStorA; C:\Windows\System32\drivers\iaStorA.sys [489832 2013-12-16] (Intel Corporation) S3 intaud_WaveExtensible; C:\Windows\system32\drivers\intelaud.sys [32152 2014-05-06] (Intel Corporation) R3 IntelSST; C:\Windows\system32\drivers\isstrtc.sys [260608 2014-06-27] (Intel(R) Corporation) R3 iwdbus; C:\Windows\System32\drivers\iwdbus.sys [23448 2014-05-06] (Intel Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation) R0 MBI; C:\Windows\System32\drivers\MBI.sys [21968 2014-03-15] (Intel Corporation) S3 mdareDriver_60; C:\Program Files\Fortinet\FortiClient\mdare32_60.sys [93056 2016-03-09] (Fortinet Inc.) R3 mdareDriver_62; C:\Program Files\Fortinet\FortiClient\mdare32_62.sys [93056 2017-02-18] (Fortinet Inc.) S3 NETwNs32; C:\Windows\system32\DRIVERS\Netwsn00.sys [10372096 2013-06-18] (Intel Corporation) R3 PMIC; C:\Windows\System32\drivers\PMIC.sys [66560 2014-07-01] (Intel Corporation) R3 pppop; C:\Windows\system32\DRIVERS\pppop.sys [46856 2015-07-23] (Fortinet Inc.) R3 rtii2sac; C:\Windows\system32\DRIVERS\rtii2sac.sys [209624 2014-10-23] (Realtek Semiconductor Corp.) R3 TXEI; C:\Windows\System32\drivers\TXEI.sys [75792 2014-01-09] (Intel Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [30224 2014-05-13] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [203096 2014-05-13] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [93016 2014-05-13] (Microsoft Corporation) U0 msahci; system32\drivers\msahci.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-18 10:33 - 2017-02-18 10:34 - 00017010 _____ C:\Users\Tim\Desktop\FRST.txt 2017-02-18 10:32 - 2017-02-18 10:33 - 00003434 _____ C:\Users\Tim\Desktop\Fixlog.txt 2017-02-17 21:56 - 2017-02-18 10:30 - 00000000 ____D C:\Users\Tim\Desktop\FRST-OlderVersion 2017-02-17 14:20 - 2017-02-17 15:26 - 00002295 _____ C:\Users\Tim\Desktop\Serge mail.txt 2017-02-17 10:10 - 2017-02-17 10:10 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys 2017-02-17 10:08 - 2017-02-17 11:03 - 00000000 ____D C:\ProgramData\RogueKiller 2017-02-16 19:48 - 2017-02-17 19:42 - 00000043 _____ C:\Users\Tim\Desktop\REIKI IN HOSPITAL - YOUTUBE.txt 2017-02-16 16:11 - 2017-02-16 16:16 - 00000000 ____D C:\Users\Tim\AppData\Roaming\vlc 2017-02-16 16:10 - 2017-02-16 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2017-02-16 16:09 - 2017-02-16 16:10 - 30533688 _____ C:\Users\Tim\Downloads\vlc-2.2.4-win32.exe 2017-02-16 16:05 - 2017-02-16 16:05 - 03101822 _____ C:\Users\Tim\Downloads\RUMORS.m4a 2017-02-16 16:02 - 2017-02-16 16:03 - 03674657 _____ C:\Users\Tim\Downloads\WAY FROM CREATION.m4a 2017-02-16 15:30 - 2017-02-16 15:30 - 00062925 _____ C:\Users\Tim\Downloads\Nov1610916310-0682015759.pdf 2017-02-16 15:29 - 2017-02-16 15:29 - 00057000 _____ C:\Users\Tim\Downloads\Dec1610916310-0682235234.pdf 2017-02-16 15:09 - 2017-02-16 15:09 - 00298791 _____ C:\Users\Tim\Downloads\Feb1721308350-0nl1701827792.pdf 2017-02-16 12:24 - 2017-02-16 12:35 - 00000000 ____D C:\AVG_Remover 2017-02-16 12:24 - 2017-02-16 12:24 - 07920792 _____ ( ) C:\Users\Tim\Downloads\AVG_Remover.exe 2017-02-16 12:19 - 2017-02-16 12:19 - 00000045 _____ C:\Windows\system32\initdebug.nfo 2017-02-16 11:37 - 2017-02-16 11:37 - 00000000 ____D C:\Users\Tim\Downloads\X205TAAS212 2017-02-16 11:36 - 2017-02-16 11:36 - 02364773 _____ C:\Users\Tim\Downloads\X205TAAS212.zip 2017-02-15 11:46 - 2017-02-15 11:46 - 00892416 _____ (Farbar) C:\Users\Tim\Downloads\MiniToolBox.exe 2017-02-15 11:42 - 2017-02-15 11:43 - 00000000 ____D C:\Users\Tim\AppData\Local\MetaGeek,_LLC 2017-02-15 11:42 - 2017-02-15 11:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MetaGeek 2017-02-15 11:42 - 2017-02-15 11:42 - 00000000 ____D C:\Program Files\MetaGeek 2017-02-15 11:41 - 2017-02-15 11:41 - 04767744 _____ C:\Users\Tim\Downloads\inSSIDer-installer.msi 2017-02-15 11:31 - 2017-02-15 11:31 - 00000000 ____D C:\Program Files\SanDisk 2017-02-15 11:30 - 2017-02-15 11:30 - 108522440 _____ (Western Digital Corporation or its affiliates) C:\Users\Tim\Downloads\SanDiskSSDDashboardSetup.exe 2017-02-15 11:23 - 2017-02-15 11:23 - 00000451 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat 2017-02-15 11:21 - 2017-02-15 11:21 - 00000000 ____D C:\Windows\LastGood.Tmp 2017-02-15 11:20 - 2017-02-15 11:20 - 00000000 ____D C:\Users\Tim\Intel 2017-02-15 11:20 - 2017-02-15 11:20 - 00000000 ____D C:\Users\Tim\Downloads\Chipset_Intel_SOCPackage_X205TA_X205TAH_Win81_32_VER102 2017-02-15 11:17 - 2017-02-15 11:17 - 88974639 _____ C:\Users\Tim\Downloads\Chipset_Intel_SOCPackage_X205TA_X205TAH_Win81_32_VER102.zip 2017-02-15 02:41 - 2017-02-15 02:41 - 00000086 _____ C:\Users\Tim\Desktop\russisch.txt 2017-02-15 00:40 - 2017-02-15 00:40 - 00083216 _____ C:\Users\Tim\Desktop\Stager Tickets - de Vorstin - Order Nr 872330.pdf 2017-02-15 00:40 - 2017-02-15 00:40 - 00000381 _____ C:\Users\Tim\Downloads\de Vorstin-order-15-02-2017.ics 2017-02-14 23:41 - 2017-02-14 23:41 - 00058211 _____ C:\Users\Tim\Downloads\Betaalspecificatie 13 feb. 2017.pdf 2017-02-14 20:41 - 2017-02-14 20:41 - 00072243 _____ C:\Users\Tim\Downloads\NOTEBOOK.txt 2017-02-14 20:29 - 2017-02-17 23:42 - 00000000 ____D C:\Users\Tim\Desktop\geeks 2017-02-14 20:09 - 2017-02-14 20:09 - 06293184 _____ (Piriform Ltd) C:\Users\Tim\Downloads\spsetup130.exe 2017-02-14 00:32 - 2017-02-14 00:32 - 00000111 _____ C:\Users\Tim\Desktop\tees.txt 2017-02-13 22:54 - 2017-02-13 22:54 - 00000000 ____D C:\Users\Tim\Desktop\lidl retour 2017-02-13 21:24 - 2017-02-18 10:30 - 01764352 _____ (Farbar) C:\Users\Tim\Desktop\EnglishFRST.exe 2017-02-13 16:24 - 2017-02-13 16:24 - 00105010 _____ C:\Users\Tim\Downloads\Triodos iDEAL.pdf 2017-02-13 16:15 - 2017-02-13 16:15 - 00000000 _____ C:\Users\Tim\Downloads\56.99 EXCEL VERWERKEN BOL PUNT KOM MA.txt 2017-02-10 23:49 - 2017-02-10 23:49 - 00000000 ____D C:\Users\Tim\Downloads\(27-1-17)SVB_brief_over_jaarafsluiting_2016 2017-02-10 23:47 - 2017-02-10 23:47 - 00077628 _____ C:\Users\Tim\Downloads\780171742.pdf 2017-02-10 23:29 - 2017-02-10 23:29 - 00000000 ____D C:\Users\Tim\Downloads\(10-2-17)CAK_factuur_Periode_13 2017-02-10 15:04 - 2017-02-10 15:04 - 00025170 _____ C:\Users\Tim\Downloads\175262919.pdf 2017-02-10 11:57 - 2017-02-10 11:57 - 00000000 ____D C:\Program Files\Common Files\Skype 2017-02-08 10:03 - 2017-02-08 10:03 - 00000319 _____ C:\Users\Tim\Downloads\Reggae Actueel.txt 2017-02-08 09:46 - 2017-02-08 09:46 - 00000000 ___RD C:\Users\Tim\Documents\Notes 2017-02-06 12:53 - 2017-02-14 13:55 - 00000455 _____ C:\Users\Tim\Desktop\SYRISCHE VLUCHTELING IN AD.txt 2017-02-05 17:36 - 2017-02-05 17:36 - 04537653 _____ C:\Users\Tim\Downloads\Reiki_2_Boekje_+_Healing_defining_+_Scan_body%2fpsyche_+_Uitvaarten%2fReisverzekeringen_+_Toetsenborden.zip 2017-02-05 09:38 - 2017-02-05 09:39 - 03114352 _____ C:\Users\Tim\Downloads\Jah Vinci - Who Feels It Knows.m4a 2017-02-02 15:54 - 2017-02-02 16:03 - 28786876 _____ C:\Users\Tim\Downloads\New reggae 2016 riddims, [XOXO RIDDIM] & [LOVESICK RIDDIM].m4a 2017-02-01 22:36 - 2017-02-16 21:05 - 00000000 ____D C:\Users\Tim\Downloads\Koor 2017-02-01 13:19 - 2017-02-01 13:20 - 03094321 _____ C:\Users\Tim\Downloads\Serenity.m4a 2017-02-01 13:18 - 2017-02-01 13:19 - 03245292 _____ C:\Users\Tim\Downloads\Island Riddim.m4a 2017-02-01 11:19 - 2017-02-01 11:19 - 00000000 ____D C:\Users\Tim\Documents\Finale Files 2017-01-30 08:26 - 2017-01-30 08:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-18 10:33 - 2016-10-09 06:52 - 00000000 ____D C:\FRST 2017-02-18 10:27 - 2014-05-13 03:14 - 00808252 _____ C:\Windows\system32\perfh013.dat 2017-02-18 10:27 - 2014-05-13 03:14 - 00163020 _____ C:\Windows\system32\perfc013.dat 2017-02-18 10:27 - 2014-03-18 08:46 - 01823174 _____ C:\Windows\system32\PerfStringBackup.INI 2017-02-18 10:27 - 2013-08-22 07:21 - 00000000 ____D C:\Windows\inf 2017-02-18 10:24 - 2016-03-09 13:25 - 00000093 _____ C:\Users\Tim\AppData\Roaming\sp_data.sys 2017-02-18 10:22 - 2013-08-22 08:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-02-18 00:06 - 2016-03-23 00:56 - 00000940 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-02-17 11:06 - 2013-08-22 07:13 - 00262144 ___SH C:\Windows\system32\config\BBI 2017-02-17 10:51 - 2013-08-22 09:17 - 00000000 ___HD C:\Windows\system32\GroupPolicy 2017-02-17 10:00 - 2016-03-13 18:59 - 00000000 ____D C:\ProgramData\Apple 2017-02-17 09:21 - 2016-03-13 14:02 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture 2017-02-16 16:10 - 2016-03-09 16:00 - 00000000 ____D C:\Program Files\VideoLAN 2017-02-15 17:13 - 2016-03-09 15:55 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Skype 2017-02-15 11:21 - 2014-12-17 11:58 - 00000000 ____D C:\Program Files\Intel 2017-02-15 11:21 - 2014-12-17 11:58 - 00000000 ____D C:\Program Files\Common Files\Intel 2017-02-15 11:20 - 2016-03-09 13:25 - 00000000 ____D C:\Users\Tim 2017-02-15 11:20 - 2014-06-13 16:57 - 00403416 _____ (Intel Corporation) C:\Windows\system32\igfxTray.exe 2017-02-15 11:20 - 2014-06-13 16:57 - 00294912 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL32.dll 2017-02-15 11:20 - 2014-06-13 16:57 - 00279000 _____ (Intel Corporation) C:\Windows\system32\IntelCpHeciSvc.exe 2017-02-15 11:20 - 2014-06-13 16:57 - 00183800 _____ (Intel Corporation) C:\Windows\system32\iglhcp32.dll 2017-02-15 00:28 - 2016-03-23 00:56 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2017-02-14 20:06 - 2013-08-22 09:17 - 00000000 ____D C:\Windows\system32\Macromed 2017-02-14 19:40 - 2013-08-22 09:05 - 00000000 ____D C:\Windows\CbsTemp 2017-02-10 11:57 - 2016-03-09 15:55 - 00000000 ___RD C:\Program Files\Skype 2017-02-10 11:57 - 2016-03-09 15:55 - 00000000 ____D C:\ProgramData\Skype 2017-02-07 20:34 - 2016-03-09 16:27 - 00002183 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-02 00:15 - 2016-09-09 16:18 - 00001809 _____ C:\Users\Tim\Desktop\Reiki Diploma - Snelkoppeling.lnk 2017-02-02 00:15 - 2016-09-07 09:38 - 00001410 _____ C:\Users\Tim\Desktop\TJ1NG 2.0 - Snelkoppeling.lnk 2017-02-01 11:01 - 2016-08-26 17:56 - 00001515 _____ C:\Users\Tim\Desktop\TOOLS - Snelkoppeling.lnk 2017-02-01 08:37 - 2016-08-26 12:58 - 00001557 _____ C:\Users\Tim\Desktop\BOODSCHAPPEN & KOPEN - Snelkoppeling.lnk 2017-01-31 23:25 - 2016-07-23 14:39 - 00002056 _____ C:\Users\Tim\Desktop\2016 LEVEL 1 + 2 HERZIENING - Snelkoppeling.lnk 2017-01-31 22:46 - 2016-06-26 12:24 - 00001993 _____ C:\Users\Tim\Desktop\2016 MASTER TEACHING - Snelkoppeling.lnk 2017-01-31 21:41 - 2016-08-13 22:26 - 00002079 _____ C:\Users\Tim\Desktop\Oorsprong van de mensheid - Snelkoppeling.lnk 2017-01-31 21:40 - 2016-06-29 10:22 - 00001719 _____ C:\Users\Tim\Desktop\2016 REIKI REFUGEES - Snelkoppeling.lnk 2017-01-31 21:35 - 2016-09-21 05:42 - 00001930 _____ C:\Users\Tim\Desktop\REIKI 1 ROUTES - Snelkoppeling.lnk 2017-01-31 21:32 - 2016-08-14 10:03 - 00001228 _____ C:\Users\Tim\Desktop\ZINGEN - DIVERSE STROMINGEN - Snelkoppeling.lnk 2017-01-31 21:25 - 2016-06-26 12:24 - 00000940 _____ C:\Users\Tim\Desktop\- NOTITIES & FEITEN - - Snelkoppeling.lnk 2017-01-31 18:44 - 2016-09-20 14:39 - 00001930 _____ C:\Users\Tim\Desktop\REIKI 2 ROUTES - Snelkoppeling.lnk 2017-01-31 18:36 - 2016-06-22 16:39 - 00000000 ____D C:\ONTWIKKELINGEN 2017-01-31 16:57 - 2017-01-18 06:44 - 00000000 ____D C:\My Web Sites 2017-01-30 08:26 - 2016-03-09 16:24 - 00000000 ____D C:\Program Files\Google 2017-01-20 10:20 - 2016-05-26 22:30 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk ==================== Files in the root of some directories ======= 2016-03-09 13:25 - 2017-02-18 10:24 - 0000093 _____ () C:\Users\Tim\AppData\Roaming\sp_data.sys 2016-05-27 09:16 - 2016-05-27 09:16 - 0000057 _____ () C:\ProgramData\Ament.ini 2014-05-12 18:43 - 2012-07-30 07:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd 2014-05-12 18:43 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe 2014-05-12 18:43 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS Some files in TEMP: ==================== 2017-02-17 10:09 - 2014-03-18 08:49 - 1451392 _____ (Microsoft Corporation) C:\Users\Tim\AppData\Local\Temp\dllnt_dump.dll 2017-02-16 12:21 - 2017-02-16 12:21 - 0192512 _____ () C:\Users\Tim\AppData\Local\Temp\sfamcc00001.dll 2015-02-10 18:56 - 2015-02-10 18:56 - 0105984 _____ () C:\Users\Tim\AppData\Local\Temp\sfextra.dll 2017-02-17 21:48 - 2017-02-17 21:48 - 1572352 _____ () C:\Users\Tim\AppData\Local\Temp\~tmp1487364484410.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-02-11 09:40 ==================== End of FRST.txt ============================