Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:29-12-2015
Ran by Henk (administrator) on HENK-PC (19-12-2016 13:46:41)
Running from C:\Users\Henk\Downloads
Loaded Profiles: Henk (Available Profiles: Henk & Guest)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
(Auslogics) C:\Program Files\Auslogics\BoostSpeed\BoostSpeed.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
() C:\Program Files\Polar\Daemon\polard.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(BitTorrent Inc.) C:\Users\Henk\AppData\Roaming\uTorrent\uTorrent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Dropbox, Inc.) C:\Users\Henk\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
(Polar Electro Oy) C:\Program Files\Polar\Polar FlowSync\flowsync.exe
(BitTorrent Inc.) C:\Users\Henk\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe
(BitTorrent Inc.) C:\Users\Henk\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe
(BitTorrent Inc.) C:\Users\Henk\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe
() C:\Program Files\Polar\WebSync\WebSync.exe
(Dropbox, Inc.) C:\Users\Henk\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Spotify Ltd) C:\Users\Henk\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Henk\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Henk\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Henk\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Henk\AppData\Roaming\Spotify\Spotify.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-27] (AVAST Software)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [2729800 2011-01-25] (O&O Software GmbH)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [164152 2016-06-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3751712453-335629250-587975380-1001\...\Run: [HDDiskService] => C:\Users\Henk\AppData\Roaming\primorialb\nircmd.exe [44032 2013-08-11] (NirSoft)
HKU\S-1-5-21-3751712453-335629250-587975380-1001\...\Run: [uTorrent] => C:\Users\Henk\AppData\Roaming\uTorrent\uTorrent.exe [1977536 2016-10-12] (BitTorrent Inc.)
HKU\S-1-5-21-3751712453-335629250-587975380-1001\...\Run: [Spotify Web Helper] => C:\Users\Henk\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2016-12-19] (Spotify Ltd)
HKU\S-1-5-21-3751712453-335629250-587975380-1001\...\Run: [Dropbox Update] => C:\Users\Henk\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
HKU\S-1-5-21-3751712453-335629250-587975380-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-08-30] (AMD)
HKU\S-1-5-21-3751712453-335629250-587975380-1001\...\Run: [Spotify] => C:\Users\Henk\AppData\Roaming\Spotify\Spotify.exe [6987376 2016-12-19] (Spotify Ltd)
HKU\S-1-5-21-3751712453-335629250-587975380-1001\...\Run: [Polar FlowSync] => C:\Program Files\Polar\Polar FlowSync\flowsync.exe [1191936 2015-11-19] (Polar Electro Oy)
HKU\S-1-5-21-3751712453-335629250-587975380-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3376832 2016-08-29] (Disc Soft Ltd)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henk\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henk\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henk\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henk\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henk\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henk\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henk\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henk\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-05-22] (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2011-02-03] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Polar WebSync (polargofit.com).lnk [2015-06-02]
ShortcutTarget: Polar WebSync (polargofit.com).lnk -> C:\Program Files\Polar\WebSync\WebSync.exe ()
Startup: C:\Users\Henk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-10-16]
ShortcutTarget: Dropbox.lnk -> C:\Users\Henk\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.254 213.75.63.75 213.75.63.76
Tcpip\..\Interfaces\{53390395-F533-433D-B54B-891AB21391F8}: [DhcpNameServer] 192.168.2.254 213.75.63.75 213.75.63.76
Tcpip\..\Interfaces\{5B562016-FFF5-4870-9AA5-61D2DC297E63}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{613B3F36-3FF4-4B95-98E4-CF9B96B8E1A8}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3751712453-335629250-587975380-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3751712453-335629250-587975380-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-09-03] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-05-22] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-03] (Oracle Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\sr8j5zq4.default
FF NewTab: about:newtab
FF Keyword.URL: user_pref("keyword.URL", true);
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-12] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-03] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-3751712453-335629250-587975380-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-3751712453-335629250-587975380-1001: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-07-22] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\sr8j5zq4.default\extensions\2020Player_IKEA@2020Technologies.com [2016-10-12]
FF Extension: Firefox Hotfix - C:\Users\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\sr8j5zq4.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-30]
FF Extension: Nederlands (NL) Language Pack - C:\Users\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\sr8j5zq4.default\Extensions\langpack-nl@firefox.mozilla.org.xpi [2016-10-19]
FF Extension: Woordenboek Nederlands - C:\Users\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\sr8j5zq4.default\Extensions\nl-NL@dictionaries.addons.mozilla.org [2015-05-11] [not signed]
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-10-16] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-22]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-22]
Chrome:
=======
CHR Profile: C:\Users\Henk\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Henk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-20]
CHR Extension: (Google Drive) - C:\Users\Henk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-20]
CHR Extension: (YouTube) - C:\Users\Henk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-20]
CHR Extension: (Google Search) - C:\Users\Henk\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-28]
CHR Extension: (Avast Online Security) - C:\Users\Henk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-28]
CHR Extension: (Google Wallet) - C:\Users\Henk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-12]
CHR Extension: (Gmail) - C:\Users\Henk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-28]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-22]
CHR HKU\S-1-5-21-3751712453-335629250-587975380-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-22] (AVAST Software)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1138368 2016-08-29] (Disc Soft Ltd)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2015-08-14] (Flexera Software, Inc.)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [2336072 2011-01-25] (O&O Software GmbH)
R2 Polar Daemon; C:\Program Files\Polar\Daemon\polard.exe [419536 2012-12-12] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48808 2012-11-20] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-05-22] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-05-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-05-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-05-22] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-05-22] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [815792 2016-05-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449640 2016-05-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [124808 2016-05-22] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224616 2016-08-05] (AVAST Software)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278728 2015-01-01] ()
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2016-09-03] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [40504 2016-09-03] (Disc Soft Ltd)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2014-05-15] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2014-12-05] ()
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [204432 2012-06-05] (Realtek Semiconductor Corp.)
S3 catchme; \??\C:\Users\Henk\AppData\Local\Temp\catchme.sys [X]
S3 eapihdrv; \??\C:\Users\Henk\AppData\Local\Temp\ehdrv.sys [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-19 13:49 - 2014-04-04 10:19 - 00000000 ____D C:\Users\Henk\AppData\Roaming\uTorrent
2016-12-19 13:49 - 2014-04-03 11:05 - 00000000 ____D C:\Users\Henk\AppData\Roaming\Spotify
2016-12-19 13:49 - 2009-07-14 05:34 - 00031104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-19 13:49 - 2009-07-14 05:34 - 00031104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-19 13:48 - 2014-04-22 18:27 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-19 13:48 - 2014-04-03 11:05 - 00000000 ____D C:\Users\Henk\AppData\Local\Spotify
2016-12-19 13:46 - 2015-10-24 09:35 - 00019950 _____ C:\Users\Henk\Downloads\FRST.txt
2016-12-19 13:46 - 2015-10-24 09:35 - 00000000 ____D C:\FRST
2016-12-19 13:39 - 2015-06-18 10:29 - 00001020 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3751712453-335629250-587975380-1001UA.job
2016-12-19 13:21 - 2014-04-03 11:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-19 13:02 - 2010-11-20 22:01 - 00781782 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-19 13:02 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-12-19 12:58 - 2016-10-12 18:59 - 00000000 ____D C:\Users\Henk\AppData\LocalLow\uTorrent
2016-12-19 12:56 - 2014-04-22 18:27 - 00001040 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-19 12:56 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-19 12:56 - 2009-07-14 03:37 - 00000000 ____D C:\Windows
2016-12-19 12:55 - 2016-10-16 19:44 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-12-19 12:55 - 2014-04-03 10:53 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-11-19 14:59 - 2015-06-18 10:29 - 00000968 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3751712453-335629250-587975380-1001Core.job
==================== Files in the root of some directories =======
2015-01-26 20:40 - 2015-01-26 20:40 - 6152669 _____ () C:\Users\Henk\AppData\Roaming\7.0.4.zip
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-04 10:07
==================== End of FRST.txt ============================
Ran by Henk (administrator) on HENK-PC (19-12-2016 13:46:41)
Running from C:\Users\Henk\Downloads
Loaded Profiles: Henk (Available Profiles: Henk & Guest)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
(Auslogics) C:\Program Files\Auslogics\BoostSpeed\BoostSpeed.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
() C:\Program Files\Polar\Daemon\polard.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(BitTorrent Inc.) C:\Users\Henk\AppData\Roaming\uTorrent\uTorrent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Dropbox, Inc.) C:\Users\Henk\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(AMD) C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
(Polar Electro Oy) C:\Program Files\Polar\Polar FlowSync\flowsync.exe
(BitTorrent Inc.) C:\Users\Henk\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe
(BitTorrent Inc.) C:\Users\Henk\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe
(BitTorrent Inc.) C:\Users\Henk\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe
() C:\Program Files\Polar\WebSync\WebSync.exe
(Dropbox, Inc.) C:\Users\Henk\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Spotify Ltd) C:\Users\Henk\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Henk\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Henk\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Henk\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Henk\AppData\Roaming\Spotify\Spotify.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-27] (AVAST Software)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [2729800 2011-01-25] (O&O Software GmbH)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [164152 2016-06-01] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3751712453-335629250-587975380-1001\...\Run: [HDDiskService] => C:\Users\Henk\AppData\Roaming\primorialb\nircmd.exe [44032 2013-08-11] (NirSoft)
HKU\S-1-5-21-3751712453-335629250-587975380-1001\...\Run: [uTorrent] => C:\Users\Henk\AppData\Roaming\uTorrent\uTorrent.exe [1977536 2016-10-12] (BitTorrent Inc.)
HKU\S-1-5-21-3751712453-335629250-587975380-1001\...\Run: [Spotify Web Helper] => C:\Users\Henk\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2016-12-19] (Spotify Ltd)
HKU\S-1-5-21-3751712453-335629250-587975380-1001\...\Run: [Dropbox Update] => C:\Users\Henk\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
HKU\S-1-5-21-3751712453-335629250-587975380-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-08-30] (AMD)
HKU\S-1-5-21-3751712453-335629250-587975380-1001\...\Run: [Spotify] => C:\Users\Henk\AppData\Roaming\Spotify\Spotify.exe [6987376 2016-12-19] (Spotify Ltd)
HKU\S-1-5-21-3751712453-335629250-587975380-1001\...\Run: [Polar FlowSync] => C:\Program Files\Polar\Polar FlowSync\flowsync.exe [1191936 2015-11-19] (Polar Electro Oy)
HKU\S-1-5-21-3751712453-335629250-587975380-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [3376832 2016-08-29] (Disc Soft Ltd)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henk\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henk\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henk\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henk\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henk\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henk\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henk\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Henk\AppData\Roaming\Dropbox\bin\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-05-22] (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2011-02-03] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Polar WebSync (polargofit.com).lnk [2015-06-02]
ShortcutTarget: Polar WebSync (polargofit.com).lnk -> C:\Program Files\Polar\WebSync\WebSync.exe ()
Startup: C:\Users\Henk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-10-16]
ShortcutTarget: Dropbox.lnk -> C:\Users\Henk\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.254 213.75.63.75 213.75.63.76
Tcpip\..\Interfaces\{53390395-F533-433D-B54B-891AB21391F8}: [DhcpNameServer] 192.168.2.254 213.75.63.75 213.75.63.76
Tcpip\..\Interfaces\{5B562016-FFF5-4870-9AA5-61D2DC297E63}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{613B3F36-3FF4-4B95-98E4-CF9B96B8E1A8}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3751712453-335629250-587975380-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3751712453-335629250-587975380-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-09-03] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-05-22] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-03] (Oracle Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\sr8j5zq4.default
FF NewTab: about:newtab
FF Keyword.URL: user_pref("keyword.URL", true);
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-12] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-03] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-3751712453-335629250-587975380-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-3751712453-335629250-587975380-1001: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-07-22] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2014-02-17] (Tracker Software Products (Canada) Ltd.)
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\sr8j5zq4.default\extensions\2020Player_IKEA@2020Technologies.com [2016-10-12]
FF Extension: Firefox Hotfix - C:\Users\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\sr8j5zq4.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-30]
FF Extension: Nederlands (NL) Language Pack - C:\Users\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\sr8j5zq4.default\Extensions\langpack-nl@firefox.mozilla.org.xpi [2016-10-19]
FF Extension: Woordenboek Nederlands - C:\Users\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\sr8j5zq4.default\Extensions\nl-NL@dictionaries.addons.mozilla.org [2015-05-11] [not signed]
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-10-16] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-22]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-22]
Chrome:
=======
CHR Profile: C:\Users\Henk\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Henk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-20]
CHR Extension: (Google Drive) - C:\Users\Henk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-20]
CHR Extension: (YouTube) - C:\Users\Henk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-20]
CHR Extension: (Google Search) - C:\Users\Henk\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-28]
CHR Extension: (Avast Online Security) - C:\Users\Henk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-28]
CHR Extension: (Google Wallet) - C:\Users\Henk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-12]
CHR Extension: (Gmail) - C:\Users\Henk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-28]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-22]
CHR HKU\S-1-5-21-3751712453-335629250-587975380-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-22] (AVAST Software)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1138368 2016-08-29] (Disc Soft Ltd)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2015-08-14] (Flexera Software, Inc.)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [2336072 2011-01-25] (O&O Software GmbH)
R2 Polar Daemon; C:\Program Files\Polar\Daemon\polard.exe [419536 2012-12-12] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48808 2012-11-20] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-05-22] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-05-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-05-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-05-22] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-05-22] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [815792 2016-05-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449640 2016-05-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [124808 2016-05-22] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224616 2016-08-05] (AVAST Software)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278728 2015-01-01] ()
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [26168 2016-09-03] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [40504 2016-09-03] (Disc Soft Ltd)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2014-05-15] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2014-12-05] ()
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [204432 2012-06-05] (Realtek Semiconductor Corp.)
S3 catchme; \??\C:\Users\Henk\AppData\Local\Temp\catchme.sys [X]
S3 eapihdrv; \??\C:\Users\Henk\AppData\Local\Temp\ehdrv.sys [X]
U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-19 13:49 - 2014-04-04 10:19 - 00000000 ____D C:\Users\Henk\AppData\Roaming\uTorrent
2016-12-19 13:49 - 2014-04-03 11:05 - 00000000 ____D C:\Users\Henk\AppData\Roaming\Spotify
2016-12-19 13:49 - 2009-07-14 05:34 - 00031104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-19 13:49 - 2009-07-14 05:34 - 00031104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-19 13:48 - 2014-04-22 18:27 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-19 13:48 - 2014-04-03 11:05 - 00000000 ____D C:\Users\Henk\AppData\Local\Spotify
2016-12-19 13:46 - 2015-10-24 09:35 - 00019950 _____ C:\Users\Henk\Downloads\FRST.txt
2016-12-19 13:46 - 2015-10-24 09:35 - 00000000 ____D C:\FRST
2016-12-19 13:39 - 2015-06-18 10:29 - 00001020 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3751712453-335629250-587975380-1001UA.job
2016-12-19 13:21 - 2014-04-03 11:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-19 13:02 - 2010-11-20 22:01 - 00781782 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-19 13:02 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-12-19 12:58 - 2016-10-12 18:59 - 00000000 ____D C:\Users\Henk\AppData\LocalLow\uTorrent
2016-12-19 12:56 - 2014-04-22 18:27 - 00001040 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-19 12:56 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-19 12:56 - 2009-07-14 03:37 - 00000000 ____D C:\Windows
2016-12-19 12:55 - 2016-10-16 19:44 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-12-19 12:55 - 2014-04-03 10:53 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-11-19 14:59 - 2015-06-18 10:29 - 00000968 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3751712453-335629250-587975380-1001Core.job
==================== Files in the root of some directories =======
2015-01-26 20:40 - 2015-01-26 20:40 - 6152669 _____ () C:\Users\Henk\AppData\Roaming\7.0.4.zip
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-04 10:07
==================== End of FRST.txt ============================