LAG/FREEZE (Screen very frequently freezing 15-30 seconds on both Windows Desktop and any Internet Browser I try to use)
CRASHING: Display Driver, Adobe Reader, 'some' Word files suddenly show a registry problem while they've been good for years
HIGH CPU USE / INSUFFICIENT MEMORY MESSAGES (UPDATE: no longer frequent)
DISK SPACE BEING EATEN (this stopped after removing the latest Office, UPDATE: then came back)
ADDITIONAL (UPDATE): Files of certain filetypes are sometimes 'unremovable'.. if this is the case, its folder also takes extremely long to load.
SYSTEM: Windows 8.1. 32 bits x64 processor
RESETTING the system to Factory Settings didn't help...
Question: Additionally to tracing Malware, which programs are recommended to detect/remove virusses?
I've copied both the FRST log and Addition log beneath (as run with Farbar Recovery Scan Tool 32bit)
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2017
Ran by Tim (administrator) on NOTEBOOK (13-02-2017 21:27:46)
Running from C:\Users\Tim\Desktop
Loaded Profiles: Tim (Available Profiles: Tim)
Platform: Microsoft Windows 8.1 met Bing (X86) Language: Nederlands (Nederland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\scheduler.exe
(Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FCDBLog.exe
(Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\fcappdb.exe
(Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiProxy.exe
(Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiWF.exe
(Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiESNAC.exe
(Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiSSLVPNdaemon.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(HP Inc.) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\Splendid\ACMON.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiTray.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\fmon.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Tim\Desktop\EnglishFRST.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [1080992 2014-05-12] (ASUSTek Computer Inc.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [73216 2014-06-24] (Intel Corporation)
HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [7761920 2014-09-22] (Realtek Semiconductor)
HKLM\...\Run: [Ulead AutoDetector v2] => C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [90112 2004-11-26] (Ulead Systems, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-12-07] (Western Digital Technologies, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [164152 2016-12-06] (Apple Inc.)
HKU\S-1-5-21-1556124094-4218111898-1118812907-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6638296 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-1556124094-4218111898-1118812907-1001\...\Run: [GoogleChromeAutoLaunch_035B4E54F90A1EA5C0B1EF50550A533B] => C:\Program Files\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.)
HKU\S-1-5-21-1556124094-4218111898-1118812907-1001\...\MountPoints2: {2b2bc6e2-45f5-11e6-9835-6cfaa7f3c859} - "D:\setup_vmb_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-1556124094-4218111898-1118812907-1001\...\MountPoints2: {2b2bc7e3-45f5-11e6-9835-6cfaa7f3c859} - "D:\setup_vmb_lite.exe" /checkApplicationPresence
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 84.116.46.20 84.116.46.21
Tcpip\..\Interfaces\{18E1ADCD-3EB8-486B-955A-50F3C0A0AD8D}: [DhcpNameServer] 169.254.125.80
Tcpip\..\Interfaces\{FDD3A532-872B-44B5-B689-698AD0D3A9B5}: [DhcpNameServer] 84.116.46.20 84.116.46.21
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1556124094-4218111898-1118812907-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-1556124094-4218111898-1118812907-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-1556124094-4218111898-1118812907-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1556124094-4218111898-1118812907-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
FireFox:
========
FF Plugin: @FortinetCacheClean -> C:\Program Files\Fortinet\FortiClient\npccplugin.dll [2015-10-06] (Fortinet Inc.)
FF Plugin: @FortinetCacheCleanEx -> C:\Program Files\Fortinet\FortiClient\npccpluginex.dll [2015-10-06] (Fortinet Inc.)
FF Plugin: @FortinetTunnelControl -> C:\Program Files\Fortinet\FortiClient\nptcplugin.dll [2015-10-06] (Fortinet Inc.)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2013-07-12] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2013-07-12] (Intel Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default [2017-02-13]
CHR Extension: (Google Documenten) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-09]
CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-09]
CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-09]
CHR Extension: (Adobe Acrobat) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-31]
CHR Extension: (Google Spreadsheets) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-09]
CHR Extension: (Offline Documenten) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Google Hangouts) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-01-20]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]
CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AsHidService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [103224 2014-05-14] (ASUSTek Computer Inc.)
R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe [115512 2014-03-26] (ASUSTek Computer Inc.)
R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1677016 2014-12-17] (Broadcom Corporation.)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279000 2014-06-13] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [75264 2014-06-24] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [89088 2014-06-24] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [82432 2014-06-24] (Intel Corporation)
R2 FA_Scheduler; C:\Program Files\Fortinet\FortiClient\scheduler.exe [107026 2015-10-06] (Fortinet Inc.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [277976 2014-06-13] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-01] (Intel® Corporation)
R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2015-12-07] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280304 2014-05-13] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2014-05-13] (Microsoft Corporation)
S3 AvgAMPS; "C:\Program Files\AVG\Av\avgamps.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS)
R3 AsusHID; C:\Windows\System32\drivers\AsusHID.sys [70936 2015-08-17] (ASUS Corporation)
R1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [17720 2013-07-02] (ASUSTek Computer Inc.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [97896 2013-07-18] (ASIX Electronics Corp.)
R3 BCMSDH43XX; C:\Windows\system32\DRIVERS\bcmdhd63.sys [307928 2014-12-17] (Broadcom Corp)
R3 BthMini; C:\Windows\System32\Drivers\BTHMINI.sys [24064 2013-08-22] (Microsoft Corporation)
S3 btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [145112 2014-12-17] (Broadcom Corporation.)
R3 BtwSerialBus; C:\Windows\system32\DRIVERS\BtwSerialBus.sys [132312 2014-12-17] (Broadcom Corporation.)
R3 camera; C:\Windows\system32\DRIVERS\camera.sys [460800 2014-06-24] (Intel Corporation)
R3 DptfDevDBPT; C:\Windows\system32\DRIVERS\DptfDevPower.sys [17408 2014-06-24] (Intel Corporation)
R3 DptfDevDisplay; C:\Windows\system32\DRIVERS\DptfDevDisplay.sys [19968 2014-06-24] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [28160 2014-06-24] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [72704 2014-06-24] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [174080 2014-06-24] (Intel Corporation)
R3 fortiapd; C:\Windows\System32\drivers\fortiapd.sys [15232 2015-10-06] (Fortinet Inc)
R1 FortiFilter; C:\Windows\system32\DRIVERS\FortiFilter.sys [40176 2015-08-26] (Fortinet Inc)
S1 FortiFW; C:\Windows\System32\drivers\FortiFW2.sys [32128 2015-10-06] (Fortinet Inc)
R0 fortiloader; C:\Windows\System32\drivers\fortiloader.sys [13696 2015-10-06] (Fortinet Inc)
R1 fortimon3; C:\Windows\System32\drivers\fortimon3.sys [37760 2015-10-06] (Fortinet Inc)
S3 Fortips; C:\Windows\System32\drivers\fortips.sys [126848 2015-10-06] (Fortinet Inc)
S3 FortiRdr; C:\Windows\System32\drivers\FortiRdr2.sys [39296 2015-10-06] (Fortinet Inc)
R1 FortiShield; C:\Windows\System32\drivers\FortiShield.sys [64896 2015-10-06] (Fortinet Inc)
S3 fortisniff; C:\Windows\System32\drivers\fortisniff2.sys [32128 2015-10-06] (Fortinet Inc)
R3 FortiWF; C:\Windows\System32\drivers\FortiWF2.sys [28032 2015-10-06] (Fortinet Inc)
R3 ft_vnic; C:\Windows\system32\DRIVERS\ftvnic.sys [58120 2015-08-26] (Fortinet Inc)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [23552 2014-05-16] (Intel Corporation)
R3 GpioVirtual; C:\Windows\System32\drivers\iaiogpiovirtual.sys [16896 2014-03-21] (Intel Corporation)
R3 HIDSwitch; C:\Windows\System32\drivers\AsHIDSwitch.sys [17720 2013-10-08] (ASUS)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [62464 2014-05-16] (Intel Corporation)
R3 iaiouart; C:\Windows\System32\drivers\iaiouart.sys [87552 2014-03-21] (Intel Corporation)
S0 iaStorA; C:\Windows\System32\drivers\iaStorA.sys [489832 2013-12-16] (Intel Corporation)
S3 intaud_WaveExtensible; C:\Windows\system32\drivers\intelaud.sys [32152 2014-05-06] (Intel Corporation)
R3 IntelSST; C:\Windows\system32\drivers\isstrtc.sys [260608 2014-06-27] (Intel® Corporation)
R3 iwdbus; C:\Windows\System32\drivers\iwdbus.sys [23448 2014-05-06] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [21968 2014-03-15] (Intel Corporation)
S3 mdareDriver_60; C:\Program Files\Fortinet\FortiClient\mdare32_60.sys [93056 2016-03-09] (Fortinet Inc.)
R3 mdareDriver_62; C:\Program Files\Fortinet\FortiClient\mdare32_62.sys [93056 2017-02-13] (Fortinet Inc.)
S3 NETwNs32; C:\Windows\system32\DRIVERS\Netwsn00.sys [10372096 2013-06-18] (Intel Corporation)
R3 PMIC; C:\Windows\System32\drivers\PMIC.sys [66560 2014-07-01] (Intel Corporation)
R3 pppop; C:\Windows\system32\DRIVERS\pppop.sys [46856 2015-07-23] (Fortinet Inc.)
R3 rtii2sac; C:\Windows\system32\DRIVERS\rtii2sac.sys [209624 2014-10-23] (Realtek Semiconductor Corp.)
R3 TXEI; C:\Windows\System32\drivers\TXEI.sys [75792 2014-01-09] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [30224 2014-05-13] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [203096 2014-05-13] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [93016 2014-05-13] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-13 21:27 - 2017-02-13 21:28 - 00017837 _____ C:\Users\Tim\Desktop\FRST.txt
2017-02-13 21:24 - 2017-02-13 21:24 - 01763328 _____ (Farbar) C:\Users\Tim\Desktop\EnglishFRST.exe
2017-02-13 16:40 - 2017-02-13 16:40 - 00000000 _____ C:\Users\Tim\Desktop\Food choices 2016.txt
2017-02-13 16:24 - 2017-02-13 16:24 - 00105010 _____ C:\Users\Tim\Downloads\Triodos iDEAL.pdf
2017-02-13 16:20 - 2017-02-13 16:20 - 00025170 _____ C:\Users\Tim\Downloads\175262919 (1).pdf
2017-02-13 16:15 - 2017-02-13 16:15 - 00000000 _____ C:\Users\Tim\Downloads\56.99 EXCEL VERWERKEN BOL PUNT KOM MA.txt
2017-02-11 11:24 - 2017-02-11 11:50 - 00000217 _____ C:\Users\Tim\Desktop\PUNTO BENZINE.txt
2017-02-10 23:49 - 2017-02-10 23:49 - 00000000 ____D C:\Users\Tim\Downloads\(27-1-17)SVB_brief_over_jaarafsluiting_2016
2017-02-10 23:47 - 2017-02-10 23:47 - 00077628 _____ C:\Users\Tim\Downloads\780171742.pdf
2017-02-10 23:29 - 2017-02-10 23:29 - 00000000 ____D C:\Users\Tim\Downloads\(10-2-17)CAK_factuur_Periode_13
2017-02-10 23:27 - 2017-02-10 23:27 - 00000210 _____ C:\Users\Tim\Desktop\GEEKS_TO_GO.txt
2017-02-10 15:04 - 2017-02-10 15:04 - 00025170 _____ C:\Users\Tim\Downloads\175262919.pdf
2017-02-10 13:44 - 2017-02-11 23:17 - 00000090 _____ C:\Users\Tim\Desktop\jc_uitwerken.txt
2017-02-10 11:57 - 2017-02-10 11:57 - 00000000 ____D C:\Program Files\Common Files\Skype
2017-02-08 10:03 - 2017-02-08 10:03 - 00000319 _____ C:\Users\Tim\Downloads\Reggae Actueel.txt
2017-02-08 09:46 - 2017-02-08 09:46 - 00000000 ___RD C:\Users\Tim\Documents\Notes
2017-02-07 16:39 - 2017-02-07 16:39 - 00001805 _____ C:\Users\Tim\Desktop\JOANNE KONING - Snelkoppeling.lnk
2017-02-06 12:53 - 2017-02-07 10:52 - 00000427 _____ C:\Users\Tim\Desktop\SYRISCHE VLUCHTELING IN AD.txt
2017-02-05 17:36 - 2017-02-05 17:36 - 04537653 _____ C:\Users\Tim\Downloads\Reiki_2_Boekje_+_Healing_defining_+_Scan_body%2fpsyche_+_Uitvaarten%2fReisverzekeringen_+_Toetsenborden.zip
2017-02-05 14:00 - 2017-02-06 13:02 - 00005874 _____ C:\Users\Tim\Desktop\FIAT ACCU PROBLEEM.txt
2017-02-05 11:48 - 2017-02-05 11:48 - 00093150 _____ C:\Users\Tim\Desktop\Aankomst zondag 12 februari 2017 om 10_04 van Binnenhof, Limmen naar Helderseweg 32, Alkmaar.pdf
2017-02-05 09:38 - 2017-02-05 09:39 - 03114352 _____ C:\Users\Tim\Downloads\Jah Vinci - Who Feels It Knows.m4a
2017-02-02 15:54 - 2017-02-02 16:03 - 28786876 _____ C:\Users\Tim\Downloads\New reggae 2016 riddims, [XOXO RIDDIM] & [LOVESICK RIDDIM].m4a
2017-02-01 22:36 - 2017-02-10 11:10 - 00000000 ____D C:\Users\Tim\Downloads\Koor
2017-02-01 13:42 - 2017-02-01 13:43 - 03668325 _____ C:\Users\Tim\Downloads\Everyday.m4a
2017-02-01 13:36 - 2017-02-01 13:37 - 03955753 _____ C:\Users\Tim\Downloads\First Born.m4a
2017-02-01 13:33 - 2017-02-01 13:34 - 04011183 _____ C:\Users\Tim\Downloads\Conquerer.m4a
2017-02-01 13:27 - 2017-02-01 13:27 - 02838764 _____ C:\Users\Tim\Downloads\Alann Ulises.m4a
2017-02-01 13:25 - 2017-02-01 13:26 - 03010606 _____ C:\Users\Tim\Downloads\Longtime riddim.m4a
2017-02-01 13:19 - 2017-02-01 13:20 - 03094321 _____ C:\Users\Tim\Downloads\Serenity.m4a
2017-02-01 13:18 - 2017-02-01 13:19 - 03245292 _____ C:\Users\Tim\Downloads\Island Riddim.m4a
2017-02-01 13:13 - 2017-02-01 13:14 - 03302413 _____ C:\Users\Tim\Downloads\Nuff Vibez.m4a
2017-02-01 13:04 - 2017-02-01 13:05 - 04246878 _____ C:\Users\Tim\Downloads\Run di Chune! Riddim.m4a
2017-02-01 11:19 - 2017-02-01 11:19 - 00000000 ____D C:\Users\Tim\Documents\Finale Files
2017-01-30 08:26 - 2017-01-30 08:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-01-18 06:44 - 2017-01-31 16:57 - 00000000 ____D C:\My Web Sites
2017-01-18 06:43 - 2017-01-18 06:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack
2017-01-18 06:43 - 2017-01-18 06:43 - 00000000 ____D C:\Program Files\WinHTTrack
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-13 21:27 - 2016-10-09 06:52 - 00000000 ____D C:\FRST
2017-02-13 21:06 - 2016-03-23 00:56 - 00000940 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-13 19:14 - 2016-03-13 14:02 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2017-02-13 19:14 - 2016-03-09 13:25 - 00000093 _____ C:\Users\Tim\AppData\Roaming\sp_data.sys
2017-02-13 18:43 - 2014-05-13 03:14 - 00808252 _____ C:\Windows\system32\perfh013.dat
2017-02-13 18:43 - 2014-05-13 03:14 - 00163020 _____ C:\Windows\system32\perfc013.dat
2017-02-13 18:43 - 2014-03-18 08:46 - 01823174 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-13 18:43 - 2013-08-22 07:21 - 00000000 ____D C:\Windows\inf
2017-02-13 18:39 - 2013-08-22 08:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-13 16:42 - 2013-08-22 07:13 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-02-11 23:15 - 2016-03-23 00:56 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-02-11 18:42 - 2016-03-09 15:55 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Skype
2017-02-10 11:57 - 2016-03-09 15:55 - 00000000 ___RD C:\Program Files\Skype
2017-02-10 11:57 - 2016-03-09 15:55 - 00000000 ____D C:\ProgramData\Skype
2017-02-07 20:34 - 2016-03-09 16:27 - 00002183 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-02 00:15 - 2016-09-09 16:18 - 00001809 _____ C:\Users\Tim\Desktop\Reiki Diploma - Snelkoppeling.lnk
2017-02-02 00:15 - 2016-09-07 09:38 - 00001410 _____ C:\Users\Tim\Desktop\TJ1NG 2.0 - Snelkoppeling.lnk
2017-02-01 11:01 - 2016-08-26 17:56 - 00001515 _____ C:\Users\Tim\Desktop\TOOLS - Snelkoppeling.lnk
2017-02-01 08:37 - 2016-08-26 12:58 - 00001557 _____ C:\Users\Tim\Desktop\BOODSCHAPPEN & KOPEN - Snelkoppeling.lnk
2017-01-31 23:25 - 2016-07-23 14:39 - 00002056 _____ C:\Users\Tim\Desktop\2016 LEVEL 1 + 2 HERZIENING - Snelkoppeling.lnk
2017-01-31 22:46 - 2016-06-26 12:24 - 00001993 _____ C:\Users\Tim\Desktop\2016 MASTER TEACHING - Snelkoppeling.lnk
2017-01-31 21:41 - 2016-08-13 22:26 - 00002079 _____ C:\Users\Tim\Desktop\Oorsprong van de mensheid - Snelkoppeling.lnk
2017-01-31 21:40 - 2016-06-29 10:22 - 00001719 _____ C:\Users\Tim\Desktop\2016 REIKI REFUGEES - Snelkoppeling.lnk
2017-01-31 21:35 - 2016-09-21 05:42 - 00001930 _____ C:\Users\Tim\Desktop\REIKI 1 ROUTES - Snelkoppeling.lnk
2017-01-31 21:32 - 2016-08-14 10:03 - 00001228 _____ C:\Users\Tim\Desktop\ZINGEN - DIVERSE STROMINGEN - Snelkoppeling.lnk
2017-01-31 21:25 - 2016-06-26 12:24 - 00000940 _____ C:\Users\Tim\Desktop\- NOTITIES & FEITEN - - Snelkoppeling.lnk
2017-01-31 18:44 - 2016-09-20 14:39 - 00001930 _____ C:\Users\Tim\Desktop\REIKI 2 ROUTES - Snelkoppeling.lnk
2017-01-31 18:36 - 2016-06-22 16:39 - 00000000 ____D C:\ONTWIKKELINGEN
2017-01-30 08:26 - 2016-03-09 16:24 - 00000000 ____D C:\Program Files\Google
2017-01-20 10:20 - 2016-05-26 22:30 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-19 09:52 - 2016-04-24 15:37 - 00002318 _____ C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive voor Bedrijven.lnk
==================== Files in the root of some directories =======
2016-03-09 13:25 - 2017-02-13 19:14 - 0000093 _____ () C:\Users\Tim\AppData\Roaming\sp_data.sys
2016-05-27 09:16 - 2016-05-27 09:16 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-05-12 18:43 - 2012-07-30 07:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2014-05-12 18:43 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-05-12 18:43 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-02-11 09:40
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-02-2017
Ran by Tim (13-02-2017 21:28:41)
Running from C:\Users\Tim\Desktop
Microsoft Windows 8.1 met Bing (X86) (2016-03-09 12:25:24)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1556124094-4218111898-1118812907-500 - Administrator - Disabled)
Gast (S-1-5-21-1556124094-4218111898-1118812907-501 - Limited - Disabled)
Tim (S-1-5-21-1556124094-4218111898-1118812907-1001 - Administrator - Enabled) => C:\Users\Tim
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: FortiClient AntiVirus (Enabled - Up to date) {71629DC5-BE6F-CCD3-C5A5-014980643264}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: FortiClient AntiVirus (Enabled - Up to date) {CA037C21-9855-C35D-FF15-3A3BFBE378D9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 15.14 (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat Reader DC - Nederlands (HKLM\...\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM\...\Adobe Digital Editions 4.5) (Version: 4.5.3 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D9F3D66A-9885-4DDD-A800-9DDF488359A1}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASUS Live Update (HKLM\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Smart Gesture (HKLM\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.9 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.02.0001 - ASUS)
ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0036 - ASUS)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.93.103.4 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
Finale NotePad 2012 (HKLM\...\Finale NotePad 2012) (Version: 2012..r1.5 - MakeMusic)
FortiClient (HKLM\...\{B5E0B33F-91D4-408B-BE40-46BCA75F3914}) (Version: 5.4.0.0780 - Fortinet Inc)
Google Chrome (HKLM\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Earth (HKLM\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
HP Deskjet 2540 series Basissoftware van het apparaat (HKLM\...\{2DAFEEDC-792D-4F00-A854-C4F2AD2A2A73}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM\...\{50467ECF-F6A9-40EC-A649-67EB6FAD9894}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM\...\{2C355CC7-B163-4A89-8970-6C7B60FDA88A}) (Version: 12.5.32.203 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3643 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
iTunes (HKLM\...\{4EEBA4CC-6719-4AA0-B36E-D7748E55804E}) (Version: 12.5.4.42 - Apple Inc.)
Malwarebytes Anti-Malware versie 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1556124094-4218111898-1118812907-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Productverbeteringsonderzoek voor HP Deskjet 2540 series (HKLM\...\{C9340C9F-E64D-4705-8C4D-6C191E530A7B}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9600.4192 - Realtek Semiconductor Corp.)
Skype™ 7.32 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Ulead PhotoImpact 12 (HKLM\...\{11AFE21E-B193-430D-B57A-DFF7815BB962}) (Version: 12.0 - Ulead System)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WD Security (HKLM\...\{249644e6-451a-4a5c-bd5c-21eeb9eec79d}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.)
WD Security (Version: 1.3.1.2 - Western Digital Technologies, Inc.) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-1556124094-4218111898-1118812907-1001\...\WinDirStat) (Version: - )
Windows-stuurprogrammapakket - ASUS (AsusHID) Mouse (02/11/2015 3.0.0.45) (HKLM\...\A552D97B1B8FC58219CD2CF1374B13186F1FE6F0) (Version: 02/11/2015 3.0.0.45 - ASUS)
WinFlash (HKLM\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinHTTrack Website Copier 3.48-22 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.22 - HTTrack)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1556124094-4218111898-1118812907-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Tim\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileCoAuthLib.dll (Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00BF703C-828F-475D-A6F3-B30EA29C0A58} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {4A6EA789-C3FE-4D4F-9668-469C78E45C09} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {4C96F785-60EF-4E4F-A78A-786948B84B54} - System32\Tasks\GoogleUpdateTaskMachineUA1d17a17da5d69ff => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-03-09] (Google Inc.)
Task: {553F14DF-EEE4-4BC7-B084-9DC9CC660F87} - System32\Tasks\Update Checker => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {6ED0AEC7-A3F4-4805-AA6E-AC041D5845CD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {6FE97451-73E2-48BB-A492-0E81D9945AEF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-03-09] (Google Inc.)
Task: {8376A16A-E897-446E-8A66-FBE85D0126DF} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLauncher.exe [2015-08-17] (AsusTek)
Task: {8C38D76A-91B2-4498-8FA6-349885A6250D} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files\ASUS\Splendid\ACMON.exe [2014-06-03] (ASUS)
Task: {99C95E1C-8CFC-408C-9314-E863597E4B5F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-03-09] (Google Inc.)
Task: {9FF19096-4A42-4520-94B8-55783CD66E23} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {A0CB0AFA-6E7C-42EE-9219-DE8C2C098451} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {B2E7F00B-BB26-4065-B1DB-F184FF65B073} - System32\Tasks\ASUS Live Update1 => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {B52E8B5A-810C-4320-A0E3-A1FBD6F56945} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {EAE83D03-C342-47BF-AD5C-6A23C44C7649} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {EDFC9097-63BD-46DE-A623-E8C8AD8E67A7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {F4A46B36-D3DB-41E6-83EC-FB7A75EB7EBF} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\system32\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-10-06 11:08 - 2015-10-06 11:08 - 00552978 _____ () C:\Program Files\Fortinet\FortiClient\sqlite3.dll
2016-11-17 01:29 - 2016-11-17 01:29 - 00080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 01:29 - 2016-11-17 01:29 - 01041720 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-03 21:01 - 2014-06-03 21:01 - 00117248 _____ () C:\Program Files\ASUS\Splendid\CCTAdjust.dll
2014-06-03 21:01 - 2014-06-03 21:01 - 00037936 _____ () C:\Program Files\ASUS\Splendid\DetectDisplayDC.dll
2014-06-03 21:01 - 2014-06-03 21:01 - 00018992 _____ () C:\Program Files\ASUS\Splendid\AMDColorEnhance.dll
2014-06-03 21:01 - 2014-06-03 21:01 - 00020528 _____ () C:\Program Files\ASUS\Splendid\AMDRegammaAndGamut.dll
2017-02-07 20:34 - 2017-02-01 10:01 - 01870168 _____ () C:\Program Files\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 20:34 - 2017-02-01 10:01 - 00085848 _____ () C:\Program Files\Google\Chrome\Application\56.0.2924.87\libegl.dll
2016-03-09 16:11 - 2004-07-26 17:11 - 00028672 ____N () C:\Program Files\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 07:13 - 2013-08-22 07:13 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1556124094-4218111898-1118812907-1001\Control Panel\Desktop\\Wallpaper -> C:\ONTWIKKELINGEN\[ 3D ZAKEN ]\~ MECHANISCHE ELEKTRONICA ~\LAPTOP\Featured-Image-Palazzo-Versace.jpg
DNS Servers: 84.116.46.20 - 84.116.46.21
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{6DE25E97-2325-48BB-8C66-365A01D765E4}] => C:\Program Files\Fortinet\FortiClient\FortiProxy.exe
FirewallRules: [{25DDB58A-9B0A-4C2A-BFDF-CCE0FBFB573C}] => C:\Program Files\Fortinet\FortiClient\ipsec.exe
FirewallRules: [{74AD9D60-0851-4DF1-9C70-ED7BD0C4B21E}] => C:\Program Files\Fortinet\FortiClient\FortiWad.exe
FirewallRules: [{AC234BFC-0570-405E-9C91-51D04D2F750B}] => C:\Program Files\Fortinet\FortiClient\fortiesnac.exe
FirewallRules: [{E1BDC74F-A09B-4153-93C8-9FDCE519B4C5}] => C:\Users\Tim\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [TCP Query User{37E39FEA-EC6E-41B7-9920-9E11FD966208}C:\program files\skype\phone\skype.exe] => C:\program files\skype\phone\skype.exe
FirewallRules: [UDP Query User{8EB7679A-A0D9-4CBB-8AEB-00A319CC768F}C:\program files\skype\phone\skype.exe] => C:\program files\skype\phone\skype.exe
FirewallRules: [{657E7A52-860A-4ACB-9843-E7AC58E4E6C6}] => C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{311CE309-019B-4FCE-BCD0-4FA2E80F9004}] => LPort=5357
FirewallRules: [{21C50817-0081-4BCA-B561-D0FD84715818}] => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{334DC21B-FF93-4C50-A1F0-49348E4C35EC}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7272245F-B427-4C53-BD1C-A9EEDF66D843}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9B68815D-F753-41FD-8B78-F2DBBF31BCF9}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{32DDBDEC-4A30-456E-B37D-666104C88D70}] => C:\Program Files\Zoiper\Zoiper.exe
FirewallRules: [{5306E44F-AF42-4FA3-B257-365AB7225578}] => C:\Program Files\Zoiper\Zoiper.exe
FirewallRules: [TCP Query User{15444C82-2920-4429-BA93-84E8F5011D1E}C:\program files\microsip\microsip.exe] => C:\program files\microsip\microsip.exe
FirewallRules: [UDP Query User{CC63526A-F7E8-4AFE-81D0-08B39AA95A34}C:\program files\microsip\microsip.exe] => C:\program files\microsip\microsip.exe
FirewallRules: [TCP Query User{5ABEE03A-0EEA-4414-95F4-A58B05E7C28A}C:\program files\jitsi\jitsi.exe] => C:\program files\jitsi\jitsi.exe
FirewallRules: [UDP Query User{17ADF414-F6DE-47AB-9329-CFDB8EA942FF}C:\program files\jitsi\jitsi.exe] => C:\program files\jitsi\jitsi.exe
FirewallRules: [{C3E14F7B-D9D9-46F2-A76B-09071C630A3B}] => C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
Name: USB2.0 VGA UVC WebCam
Description: USB-videoapparaat
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/12/2017 12:06:46 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: De lijst met opgenomen en uitgesloten locaties kan niet worden verwerkt door de Windows-zoekservice met de fout <30, 0x80040d07, "iehistory://{S-1-5-21-1556124094-4218111898-1118812907-1001}/">.
Error: (02/11/2017 11:13:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Kan activeringscontext voor 'C:\Program Files\HP\HP Deskjet 2540 series\DriverStore\Yeti\V3\amd64\hpinkinsC211.exe' niet maken.
Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden.
Gebruik sxstrace.exe voor een gedetailleerde diagnose.
Error: (02/11/2017 11:13:04 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Kan activeringscontext voor 'C:\Program Files\ASUS\ASUS Smart Gesture\win7\AsusTPDrv\x64\dpinst.exe' niet maken.
Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden.
Gebruik sxstrace.exe voor een gedetailleerde diagnose.
Error: (02/11/2017 11:13:03 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Kan activeringscontext voor 'C:\Program Files\ASUS\ASUS Smart Gesture\win10\AsusTPDrv\x64\dpinst.exe' niet maken.
Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden.
Gebruik sxstrace.exe voor een gedetailleerde diagnose.
Error: (02/11/2017 11:13:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Kan activeringscontext voor 'C:\Program Files\ASUS\ASUS Smart Gesture\win8\AsusTPDrv\x64\dpinst.exe' niet maken.
Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden.
Gebruik sxstrace.exe voor een gedetailleerde diagnose.
Error: (02/11/2017 11:13:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Kan activeringscontext voor 'C:\Program Files\ASUS\ASUS Smart Gesture\win10\AsusTPDrv\x64\VirtualPTP\AsusVirtualPTP\dpinst.exe' niet maken.
Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden.
Gebruik sxstrace.exe voor een gedetailleerde diagnose.
Error: (02/11/2017 11:13:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Kan activeringscontext voor 'C:\Program Files\ASUS\ASUS Smart Gesture\win81\AsusTPDrv\x64\dpinst.exe' niet maken.
Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden.
Gebruik sxstrace.exe voor een gedetailleerde diagnose.
Error: (02/11/2017 10:53:58 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Kan activeringscontext voor 'C:\Program Files\ASUS\ASUS Smart Gesture\win7\AsusTPDrv\x64\dpinst.exe' niet maken.
Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden.
Gebruik sxstrace.exe voor een gedetailleerde diagnose.
Error: (02/11/2017 10:53:58 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Kan activeringscontext voor 'C:\Program Files\ASUS\ASUS Smart Gesture\win10\AsusTPDrv\x64\dpinst.exe' niet maken.
Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden.
Gebruik sxstrace.exe voor een gedetailleerde diagnose.
Error: (02/11/2017 10:53:56 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Kan activeringscontext voor 'C:\Program Files\ASUS\ASUS Smart Gesture\win8\AsusTPDrv\x64\dpinst.exe' niet maken.
Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden.
Gebruik sxstrace.exe voor een gedetailleerde diagnose.
System errors:
=============
Error: (02/13/2017 09:24:41 PM) (Source: DCOM) (EventID: 10010) (User: Notebook)
Description: De server {1B1F472E-3221-4826-97DB-2C2324D389AE} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd.
Error: (02/13/2017 04:15:47 PM) (Source: DCOM) (EventID: 10010) (User: Notebook)
Description: De server {1B1F472E-3221-4826-97DB-2C2324D389AE} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd.
Error: (02/13/2017 02:29:44 PM) (Source: DCOM) (EventID: 10010) (User: Notebook)
Description: De server {1B1F472E-3221-4826-97DB-2C2324D389AE} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd.
Error: (02/13/2017 11:22:32 AM) (Source: DCOM) (EventID: 10010) (User: Notebook)
Description: De server {1B1F472E-3221-4826-97DB-2C2324D389AE} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd.
Error: (02/13/2017 11:22:02 AM) (Source: DCOM) (EventID: 10010) (User: Notebook)
Description: De server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd.
Error: (02/12/2017 03:25:05 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Een melding van een onherstelbare fout is ontvangen van het externe eindpunt. De door het TLS-protocol gedefinieerde meldingcode van de onherstelbare fout is 70.
Error: (02/12/2017 03:24:45 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Een melding van een onherstelbare fout is ontvangen van het externe eindpunt. De door het TLS-protocol gedefinieerde meldingcode van de onherstelbare fout is 70.
Error: (02/12/2017 03:23:05 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Een melding van een onherstelbare fout is ontvangen van het externe eindpunt. De door het TLS-protocol gedefinieerde meldingcode van de onherstelbare fout is 70.
Error: (02/12/2017 03:22:45 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Een melding van een onherstelbare fout is ontvangen van het externe eindpunt. De door het TLS-protocol gedefinieerde meldingcode van de onherstelbare fout is 70.
Error: (02/11/2017 03:15:21 PM) (Source: DCOM) (EventID: 10010) (User: Notebook)
Description: De server {1B1F472E-3221-4826-97DB-2C2324D389AE} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd.
CodeIntegrity:
===================================
Date: 2016-03-09 16:36:39.188
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Framework\1\avgnetclix.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-09 16:36:39.002
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Framework\1\avgnetclix.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-03-09 16:36:37.870
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel® Atom CPU Z3735F @ 1.33GHz
Percentage of memory in use: 55%
Total physical RAM: 1983.15 MB
Available physical RAM: 883.28 MB
Total Virtual: 4031.15 MB
Available Virtual: 2764.39 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:20.9 GB) (Free:4.43 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: 7A5C92A5)
Partition: GPT.
==================== End of Addition.txt ============================
Edited by DutchCoastWest, 13 February 2017 - 02:47 PM.