Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

LAG/FREEZE, Crashes, Memory, HD Space & File Removal problems


  • Please log in to reply

#1
DutchCoastWest

DutchCoastWest

    Member

  • Member
  • PipPip
  • 21 posts
LAG/FREEZE (Screen very frequently freezing 15-30 seconds on both Windows Desktop and any Internet Browser I try to use)
 
CRASHING: Display Driver, Adobe Reader, 'some' Word files suddenly show a registry problem while they've been good for years
 
HIGH CPU USE / INSUFFICIENT MEMORY MESSAGES (UPDATE: no longer frequent)
 
DISK SPACE BEING EATEN (this stopped after removing the latest Office, UPDATE: then came back)
 
ADDITIONAL (UPDATE): Files of certain filetypes are sometimes 'unremovable'.. if this is the case, its folder also takes extremely long to load.
 
SYSTEM: Windows 8.1. 32 bits x64 processor
 
RESETTING the system to Factory Settings didn't help...
 
Question: Additionally to tracing Malware, which programs are recommended to detect/remove virusses?
 
I've copied both the FRST log and Addition log beneath (as run with Farbar Recovery Scan Tool 32bit)
 
 
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2017
Ran by Tim (administrator) on NOTEBOOK (13-02-2017 21:27:46)
Running from C:\Users\Tim\Desktop
Loaded Profiles: Tim (Available Profiles: Tim)
Platform: Microsoft Windows 8.1 met Bing (X86) Language: Nederlands (Nederland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\scheduler.exe
(Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FCDBLog.exe
(Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\fcappdb.exe
(Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiProxy.exe
(Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiWF.exe
(Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiESNAC.exe
(Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiSSLVPNdaemon.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(HP Inc.) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\Splendid\ACMON.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiTray.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\fmon.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Tim\Desktop\EnglishFRST.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [1080992 2014-05-12] (ASUSTek Computer Inc.)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [73216 2014-06-24] (Intel Corporation)
HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [7761920 2014-09-22] (Realtek Semiconductor)
HKLM\...\Run: [Ulead AutoDetector v2] => C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [90112 2004-11-26] (Ulead Systems, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-12-07] (Western Digital Technologies, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [164152 2016-12-06] (Apple Inc.)
HKU\S-1-5-21-1556124094-4218111898-1118812907-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6638296 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-1556124094-4218111898-1118812907-1001\...\Run: [GoogleChromeAutoLaunch_035B4E54F90A1EA5C0B1EF50550A533B] => C:\Program Files\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.)
HKU\S-1-5-21-1556124094-4218111898-1118812907-1001\...\MountPoints2: {2b2bc6e2-45f5-11e6-9835-6cfaa7f3c859} - "D:\setup_vmb_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-1556124094-4218111898-1118812907-1001\...\MountPoints2: {2b2bc7e3-45f5-11e6-9835-6cfaa7f3c859} - "D:\setup_vmb_lite.exe" /checkApplicationPresence
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 84.116.46.20 84.116.46.21
Tcpip\..\Interfaces\{18E1ADCD-3EB8-486B-955A-50F3C0A0AD8D}: [DhcpNameServer] 169.254.125.80
Tcpip\..\Interfaces\{FDD3A532-872B-44B5-B689-698AD0D3A9B5}: [DhcpNameServer] 84.116.46.20 84.116.46.21
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-1556124094-4218111898-1118812907-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-1556124094-4218111898-1118812907-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-1556124094-4218111898-1118812907-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1556124094-4218111898-1118812907-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
 
FireFox:
========
FF Plugin: @FortinetCacheClean -> C:\Program Files\Fortinet\FortiClient\npccplugin.dll [2015-10-06] (Fortinet Inc.)
FF Plugin: @FortinetCacheCleanEx -> C:\Program Files\Fortinet\FortiClient\npccpluginex.dll [2015-10-06] (Fortinet Inc.)
FF Plugin: @FortinetTunnelControl -> C:\Program Files\Fortinet\FortiClient\nptcplugin.dll [2015-10-06] (Fortinet Inc.)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2013-07-12] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2013-07-12] (Intel Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default [2017-02-13]
CHR Extension: (Google Documenten) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-09]
CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-09]
CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-09]
CHR Extension: (Adobe Acrobat) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-31]
CHR Extension: (Google Spreadsheets) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-09]
CHR Extension: (Offline Documenten) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Google Hangouts) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-01-20]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-20]
CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-09]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AsHidService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [103224 2014-05-14] (ASUSTek Computer Inc.)
R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe [115512 2014-03-26] (ASUSTek Computer Inc.)
R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1677016 2014-12-17] (Broadcom Corporation.)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279000 2014-06-13] (Intel Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [75264 2014-06-24] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [89088 2014-06-24] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [82432 2014-06-24] (Intel Corporation)
R2 FA_Scheduler; C:\Program Files\Fortinet\FortiClient\scheduler.exe [107026 2015-10-06] (Fortinet Inc.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [277976 2014-06-13] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-01] (Intel® Corporation)
R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2015-12-07] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280304 2014-05-13] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2014-05-13] (Microsoft Corporation)
S3 AvgAMPS; "C:\Program Files\AVG\Av\avgamps.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS)
R3 AsusHID; C:\Windows\System32\drivers\AsusHID.sys [70936 2015-08-17] (ASUS Corporation)
R1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [17720 2013-07-02] (ASUSTek Computer Inc.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [97896 2013-07-18] (ASIX Electronics Corp.)
R3 BCMSDH43XX; C:\Windows\system32\DRIVERS\bcmdhd63.sys [307928 2014-12-17] (Broadcom Corp)
R3 BthMini; C:\Windows\System32\Drivers\BTHMINI.sys [24064 2013-08-22] (Microsoft Corporation)
S3 btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [145112 2014-12-17] (Broadcom Corporation.)
R3 BtwSerialBus; C:\Windows\system32\DRIVERS\BtwSerialBus.sys [132312 2014-12-17] (Broadcom Corporation.)
R3 camera; C:\Windows\system32\DRIVERS\camera.sys [460800 2014-06-24] (Intel Corporation)
R3 DptfDevDBPT; C:\Windows\system32\DRIVERS\DptfDevPower.sys [17408 2014-06-24] (Intel Corporation)
R3 DptfDevDisplay; C:\Windows\system32\DRIVERS\DptfDevDisplay.sys [19968 2014-06-24] (Intel Corporation)
R3 DptfDevGen; C:\Windows\system32\DRIVERS\DptfDevGen.sys [28160 2014-06-24] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [72704 2014-06-24] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [174080 2014-06-24] (Intel Corporation)
R3 fortiapd; C:\Windows\System32\drivers\fortiapd.sys [15232 2015-10-06] (Fortinet Inc)
R1 FortiFilter; C:\Windows\system32\DRIVERS\FortiFilter.sys [40176 2015-08-26] (Fortinet Inc)
S1 FortiFW; C:\Windows\System32\drivers\FortiFW2.sys [32128 2015-10-06] (Fortinet Inc)
R0 fortiloader; C:\Windows\System32\drivers\fortiloader.sys [13696 2015-10-06] (Fortinet Inc)
R1 fortimon3; C:\Windows\System32\drivers\fortimon3.sys [37760 2015-10-06] (Fortinet Inc)
S3 Fortips; C:\Windows\System32\drivers\fortips.sys [126848 2015-10-06] (Fortinet Inc)
S3 FortiRdr; C:\Windows\System32\drivers\FortiRdr2.sys [39296 2015-10-06] (Fortinet Inc)
R1 FortiShield; C:\Windows\System32\drivers\FortiShield.sys [64896 2015-10-06] (Fortinet Inc)
S3 fortisniff; C:\Windows\System32\drivers\fortisniff2.sys [32128 2015-10-06] (Fortinet Inc)
R3 FortiWF; C:\Windows\System32\drivers\FortiWF2.sys [28032 2015-10-06] (Fortinet Inc)
R3 ft_vnic; C:\Windows\system32\DRIVERS\ftvnic.sys [58120 2015-08-26] (Fortinet Inc)
R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [23552 2014-05-16] (Intel Corporation)
R3 GpioVirtual; C:\Windows\System32\drivers\iaiogpiovirtual.sys [16896 2014-03-21] (Intel Corporation)
R3 HIDSwitch; C:\Windows\System32\drivers\AsHIDSwitch.sys [17720 2013-10-08] (ASUS)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [62464 2014-05-16] (Intel Corporation)
R3 iaiouart; C:\Windows\System32\drivers\iaiouart.sys [87552 2014-03-21] (Intel Corporation)
S0 iaStorA; C:\Windows\System32\drivers\iaStorA.sys [489832 2013-12-16] (Intel Corporation)
S3 intaud_WaveExtensible; C:\Windows\system32\drivers\intelaud.sys [32152 2014-05-06] (Intel Corporation)
R3 IntelSST; C:\Windows\system32\drivers\isstrtc.sys [260608 2014-06-27] (Intel® Corporation)
R3 iwdbus; C:\Windows\System32\drivers\iwdbus.sys [23448 2014-05-06] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [21968 2014-03-15] (Intel Corporation)
S3 mdareDriver_60; C:\Program Files\Fortinet\FortiClient\mdare32_60.sys [93056 2016-03-09] (Fortinet Inc.)
R3 mdareDriver_62; C:\Program Files\Fortinet\FortiClient\mdare32_62.sys [93056 2017-02-13] (Fortinet Inc.)
S3 NETwNs32; C:\Windows\system32\DRIVERS\Netwsn00.sys [10372096 2013-06-18] (Intel Corporation)
R3 PMIC; C:\Windows\System32\drivers\PMIC.sys [66560 2014-07-01] (Intel Corporation)
R3 pppop; C:\Windows\system32\DRIVERS\pppop.sys [46856 2015-07-23] (Fortinet Inc.)
R3 rtii2sac; C:\Windows\system32\DRIVERS\rtii2sac.sys [209624 2014-10-23] (Realtek Semiconductor Corp.)
R3 TXEI; C:\Windows\System32\drivers\TXEI.sys [75792 2014-01-09] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [30224 2014-05-13] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [203096 2014-05-13] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [93016 2014-05-13] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-13 21:27 - 2017-02-13 21:28 - 00017837 _____ C:\Users\Tim\Desktop\FRST.txt
2017-02-13 21:24 - 2017-02-13 21:24 - 01763328 _____ (Farbar) C:\Users\Tim\Desktop\EnglishFRST.exe
2017-02-13 16:40 - 2017-02-13 16:40 - 00000000 _____ C:\Users\Tim\Desktop\Food choices 2016.txt
2017-02-13 16:24 - 2017-02-13 16:24 - 00105010 _____ C:\Users\Tim\Downloads\Triodos iDEAL.pdf
2017-02-13 16:20 - 2017-02-13 16:20 - 00025170 _____ C:\Users\Tim\Downloads\175262919 (1).pdf
2017-02-13 16:15 - 2017-02-13 16:15 - 00000000 _____ C:\Users\Tim\Downloads\56.99 EXCEL VERWERKEN BOL PUNT KOM MA.txt
2017-02-11 11:24 - 2017-02-11 11:50 - 00000217 _____ C:\Users\Tim\Desktop\PUNTO BENZINE.txt
2017-02-10 23:49 - 2017-02-10 23:49 - 00000000 ____D C:\Users\Tim\Downloads\(27-1-17)SVB_brief_over_jaarafsluiting_2016
2017-02-10 23:47 - 2017-02-10 23:47 - 00077628 _____ C:\Users\Tim\Downloads\780171742.pdf
2017-02-10 23:29 - 2017-02-10 23:29 - 00000000 ____D C:\Users\Tim\Downloads\(10-2-17)CAK_factuur_Periode_13
2017-02-10 23:27 - 2017-02-10 23:27 - 00000210 _____ C:\Users\Tim\Desktop\GEEKS_TO_GO.txt
2017-02-10 15:04 - 2017-02-10 15:04 - 00025170 _____ C:\Users\Tim\Downloads\175262919.pdf
2017-02-10 13:44 - 2017-02-11 23:17 - 00000090 _____ C:\Users\Tim\Desktop\jc_uitwerken.txt
2017-02-10 11:57 - 2017-02-10 11:57 - 00000000 ____D C:\Program Files\Common Files\Skype
2017-02-08 10:03 - 2017-02-08 10:03 - 00000319 _____ C:\Users\Tim\Downloads\Reggae Actueel.txt
2017-02-08 09:46 - 2017-02-08 09:46 - 00000000 ___RD C:\Users\Tim\Documents\Notes
2017-02-07 16:39 - 2017-02-07 16:39 - 00001805 _____ C:\Users\Tim\Desktop\JOANNE KONING - Snelkoppeling.lnk
2017-02-06 12:53 - 2017-02-07 10:52 - 00000427 _____ C:\Users\Tim\Desktop\SYRISCHE VLUCHTELING IN AD.txt
2017-02-05 17:36 - 2017-02-05 17:36 - 04537653 _____ C:\Users\Tim\Downloads\Reiki_2_Boekje_+_Healing_defining_+_Scan_body%2fpsyche_+_Uitvaarten%2fReisverzekeringen_+_Toetsenborden.zip
2017-02-05 14:00 - 2017-02-06 13:02 - 00005874 _____ C:\Users\Tim\Desktop\FIAT ACCU PROBLEEM.txt
2017-02-05 11:48 - 2017-02-05 11:48 - 00093150 _____ C:\Users\Tim\Desktop\Aankomst zondag 12 februari 2017 om 10_04 van Binnenhof, Limmen naar Helderseweg 32, Alkmaar.pdf
2017-02-05 09:38 - 2017-02-05 09:39 - 03114352 _____ C:\Users\Tim\Downloads\Jah Vinci - Who Feels It Knows.m4a
2017-02-02 15:54 - 2017-02-02 16:03 - 28786876 _____ C:\Users\Tim\Downloads\New reggae 2016 riddims, [XOXO RIDDIM] & [LOVESICK RIDDIM].m4a
2017-02-01 22:36 - 2017-02-10 11:10 - 00000000 ____D C:\Users\Tim\Downloads\Koor
2017-02-01 13:42 - 2017-02-01 13:43 - 03668325 _____ C:\Users\Tim\Downloads\Everyday.m4a
2017-02-01 13:36 - 2017-02-01 13:37 - 03955753 _____ C:\Users\Tim\Downloads\First Born.m4a
2017-02-01 13:33 - 2017-02-01 13:34 - 04011183 _____ C:\Users\Tim\Downloads\Conquerer.m4a
2017-02-01 13:27 - 2017-02-01 13:27 - 02838764 _____ C:\Users\Tim\Downloads\Alann Ulises.m4a
2017-02-01 13:25 - 2017-02-01 13:26 - 03010606 _____ C:\Users\Tim\Downloads\Longtime riddim.m4a
2017-02-01 13:19 - 2017-02-01 13:20 - 03094321 _____ C:\Users\Tim\Downloads\Serenity.m4a
2017-02-01 13:18 - 2017-02-01 13:19 - 03245292 _____ C:\Users\Tim\Downloads\Island Riddim.m4a
2017-02-01 13:13 - 2017-02-01 13:14 - 03302413 _____ C:\Users\Tim\Downloads\Nuff Vibez.m4a
2017-02-01 13:04 - 2017-02-01 13:05 - 04246878 _____ C:\Users\Tim\Downloads\Run di Chune! Riddim.m4a
2017-02-01 11:19 - 2017-02-01 11:19 - 00000000 ____D C:\Users\Tim\Documents\Finale Files
2017-01-30 08:26 - 2017-01-30 08:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-01-18 06:44 - 2017-01-31 16:57 - 00000000 ____D C:\My Web Sites
2017-01-18 06:43 - 2017-01-18 06:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack
2017-01-18 06:43 - 2017-01-18 06:43 - 00000000 ____D C:\Program Files\WinHTTrack
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-13 21:27 - 2016-10-09 06:52 - 00000000 ____D C:\FRST
2017-02-13 21:06 - 2016-03-23 00:56 - 00000940 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-02-13 19:14 - 2016-03-13 14:02 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2017-02-13 19:14 - 2016-03-09 13:25 - 00000093 _____ C:\Users\Tim\AppData\Roaming\sp_data.sys
2017-02-13 18:43 - 2014-05-13 03:14 - 00808252 _____ C:\Windows\system32\perfh013.dat
2017-02-13 18:43 - 2014-05-13 03:14 - 00163020 _____ C:\Windows\system32\perfc013.dat
2017-02-13 18:43 - 2014-03-18 08:46 - 01823174 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-13 18:43 - 2013-08-22 07:21 - 00000000 ____D C:\Windows\inf
2017-02-13 18:39 - 2013-08-22 08:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-13 16:42 - 2013-08-22 07:13 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-02-11 23:15 - 2016-03-23 00:56 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-02-11 18:42 - 2016-03-09 15:55 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Skype
2017-02-10 11:57 - 2016-03-09 15:55 - 00000000 ___RD C:\Program Files\Skype
2017-02-10 11:57 - 2016-03-09 15:55 - 00000000 ____D C:\ProgramData\Skype
2017-02-07 20:34 - 2016-03-09 16:27 - 00002183 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-02 00:15 - 2016-09-09 16:18 - 00001809 _____ C:\Users\Tim\Desktop\Reiki Diploma - Snelkoppeling.lnk
2017-02-02 00:15 - 2016-09-07 09:38 - 00001410 _____ C:\Users\Tim\Desktop\TJ1NG 2.0 - Snelkoppeling.lnk
2017-02-01 11:01 - 2016-08-26 17:56 - 00001515 _____ C:\Users\Tim\Desktop\TOOLS - Snelkoppeling.lnk
2017-02-01 08:37 - 2016-08-26 12:58 - 00001557 _____ C:\Users\Tim\Desktop\BOODSCHAPPEN & KOPEN - Snelkoppeling.lnk
2017-01-31 23:25 - 2016-07-23 14:39 - 00002056 _____ C:\Users\Tim\Desktop\2016 LEVEL 1 + 2 HERZIENING - Snelkoppeling.lnk
2017-01-31 22:46 - 2016-06-26 12:24 - 00001993 _____ C:\Users\Tim\Desktop\2016 MASTER TEACHING - Snelkoppeling.lnk
2017-01-31 21:41 - 2016-08-13 22:26 - 00002079 _____ C:\Users\Tim\Desktop\Oorsprong van de mensheid - Snelkoppeling.lnk
2017-01-31 21:40 - 2016-06-29 10:22 - 00001719 _____ C:\Users\Tim\Desktop\2016 REIKI REFUGEES - Snelkoppeling.lnk
2017-01-31 21:35 - 2016-09-21 05:42 - 00001930 _____ C:\Users\Tim\Desktop\REIKI 1 ROUTES - Snelkoppeling.lnk
2017-01-31 21:32 - 2016-08-14 10:03 - 00001228 _____ C:\Users\Tim\Desktop\ZINGEN - DIVERSE STROMINGEN - Snelkoppeling.lnk
2017-01-31 21:25 - 2016-06-26 12:24 - 00000940 _____ C:\Users\Tim\Desktop\- NOTITIES & FEITEN - - Snelkoppeling.lnk
2017-01-31 18:44 - 2016-09-20 14:39 - 00001930 _____ C:\Users\Tim\Desktop\REIKI 2 ROUTES - Snelkoppeling.lnk
2017-01-31 18:36 - 2016-06-22 16:39 - 00000000 ____D C:\ONTWIKKELINGEN
2017-01-30 08:26 - 2016-03-09 16:24 - 00000000 ____D C:\Program Files\Google
2017-01-20 10:20 - 2016-05-26 22:30 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-19 09:52 - 2016-04-24 15:37 - 00002318 _____ C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive voor Bedrijven.lnk
 
==================== Files in the root of some directories =======
 
2016-03-09 13:25 - 2017-02-13 19:14 - 0000093 _____ () C:\Users\Tim\AppData\Roaming\sp_data.sys
2016-05-27 09:16 - 2016-05-27 09:16 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-05-12 18:43 - 2012-07-30 07:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2014-05-12 18:43 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2014-05-12 18:43 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-11 09:40
 
==================== End of FRST.txt ============================

 

 

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-02-2017
Ran by Tim (13-02-2017 21:28:41)
Running from C:\Users\Tim\Desktop
Microsoft Windows 8.1 met Bing (X86) (2016-03-09 12:25:24)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1556124094-4218111898-1118812907-500 - Administrator - Disabled)
Gast (S-1-5-21-1556124094-4218111898-1118812907-501 - Limited - Disabled)
Tim (S-1-5-21-1556124094-4218111898-1118812907-1001 - Administrator - Enabled) => C:\Users\Tim
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: FortiClient AntiVirus (Enabled - Up to date) {71629DC5-BE6F-CCD3-C5A5-014980643264}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: FortiClient AntiVirus (Enabled - Up to date) {CA037C21-9855-C35D-FF15-3A3BFBE378D9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.14 (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat Reader DC - Nederlands (HKLM\...\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM\...\Adobe Digital Editions 4.5) (Version: 4.5.3 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D9F3D66A-9885-4DDD-A800-9DDF488359A1}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASUS Live Update (HKLM\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Smart Gesture (HKLM\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.9 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.02.0001 - ASUS)
ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0036 - ASUS)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.93.103.4 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
Finale NotePad 2012 (HKLM\...\Finale NotePad 2012) (Version: 2012..r1.5 - MakeMusic)
FortiClient (HKLM\...\{B5E0B33F-91D4-408B-BE40-46BCA75F3914}) (Version: 5.4.0.0780 - Fortinet Inc)
Google Chrome (HKLM\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Earth (HKLM\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
HP Deskjet 2540 series Basissoftware van het apparaat (HKLM\...\{2DAFEEDC-792D-4F00-A854-C4F2AD2A2A73}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM\...\{50467ECF-F6A9-40EC-A649-67EB6FAD9894}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM\...\{2C355CC7-B163-4A89-8970-6C7B60FDA88A}) (Version: 12.5.32.203 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3643 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
iTunes (HKLM\...\{4EEBA4CC-6719-4AA0-B36E-D7748E55804E}) (Version: 12.5.4.42 - Apple Inc.)
Malwarebytes Anti-Malware versie 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1556124094-4218111898-1118812907-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Productverbeteringsonderzoek voor HP Deskjet 2540 series (HKLM\...\{C9340C9F-E64D-4705-8C4D-6C191E530A7B}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9600.4192 - Realtek Semiconductor Corp.)
Skype™ 7.32 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Ulead PhotoImpact 12 (HKLM\...\{11AFE21E-B193-430D-B57A-DFF7815BB962}) (Version: 12.0 - Ulead System)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WD Security (HKLM\...\{249644e6-451a-4a5c-bd5c-21eeb9eec79d}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.)
WD Security (Version: 1.3.1.2 - Western Digital Technologies, Inc.) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-1556124094-4218111898-1118812907-1001\...\WinDirStat) (Version:  - )
Windows-stuurprogrammapakket - ASUS (AsusHID) Mouse  (02/11/2015 3.0.0.45) (HKLM\...\A552D97B1B8FC58219CD2CF1374B13186F1FE6F0) (Version: 02/11/2015 3.0.0.45 - ASUS)
WinFlash (HKLM\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinHTTrack Website Copier 3.48-22 (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.22 - HTTrack)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1556124094-4218111898-1118812907-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Tim\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileCoAuthLib.dll (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00BF703C-828F-475D-A6F3-B30EA29C0A58} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {4A6EA789-C3FE-4D4F-9668-469C78E45C09} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {4C96F785-60EF-4E4F-A78A-786948B84B54} - System32\Tasks\GoogleUpdateTaskMachineUA1d17a17da5d69ff => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-03-09] (Google Inc.)
Task: {553F14DF-EEE4-4BC7-B084-9DC9CC660F87} - System32\Tasks\Update Checker => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {6ED0AEC7-A3F4-4805-AA6E-AC041D5845CD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {6FE97451-73E2-48BB-A492-0E81D9945AEF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-03-09] (Google Inc.)
Task: {8376A16A-E897-446E-8A66-FBE85D0126DF} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLauncher.exe [2015-08-17] (AsusTek)
Task: {8C38D76A-91B2-4498-8FA6-349885A6250D} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files\ASUS\Splendid\ACMON.exe [2014-06-03] (ASUS)
Task: {99C95E1C-8CFC-408C-9314-E863597E4B5F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-03-09] (Google Inc.)
Task: {9FF19096-4A42-4520-94B8-55783CD66E23} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {A0CB0AFA-6E7C-42EE-9219-DE8C2C098451} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {B2E7F00B-BB26-4065-B1DB-F184FF65B073} - System32\Tasks\ASUS Live Update1 => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {B52E8B5A-810C-4320-A0E3-A1FBD6F56945} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {EAE83D03-C342-47BF-AD5C-6A23C44C7649} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {EDFC9097-63BD-46DE-A623-E8C8AD8E67A7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {F4A46B36-D3DB-41E6-83EC-FB7A75EB7EBF} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\system32\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-06 11:08 - 2015-10-06 11:08 - 00552978 _____ () C:\Program Files\Fortinet\FortiClient\sqlite3.dll
2016-11-17 01:29 - 2016-11-17 01:29 - 00080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 01:29 - 2016-11-17 01:29 - 01041720 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-03 21:01 - 2014-06-03 21:01 - 00117248 _____ () C:\Program Files\ASUS\Splendid\CCTAdjust.dll
2014-06-03 21:01 - 2014-06-03 21:01 - 00037936 _____ () C:\Program Files\ASUS\Splendid\DetectDisplayDC.dll
2014-06-03 21:01 - 2014-06-03 21:01 - 00018992 _____ () C:\Program Files\ASUS\Splendid\AMDColorEnhance.dll
2014-06-03 21:01 - 2014-06-03 21:01 - 00020528 _____ () C:\Program Files\ASUS\Splendid\AMDRegammaAndGamut.dll
2017-02-07 20:34 - 2017-02-01 10:01 - 01870168 _____ () C:\Program Files\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 20:34 - 2017-02-01 10:01 - 00085848 _____ () C:\Program Files\Google\Chrome\Application\56.0.2924.87\libegl.dll
2016-03-09 16:11 - 2004-07-26 17:11 - 00028672 ____N () C:\Program Files\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:13 - 2013-08-22 07:13 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1556124094-4218111898-1118812907-1001\Control Panel\Desktop\\Wallpaper -> C:\ONTWIKKELINGEN\[ 3D ZAKEN ]\~ MECHANISCHE ELEKTRONICA ~\LAPTOP\Featured-Image-Palazzo-Versace.jpg
DNS Servers: 84.116.46.20 - 84.116.46.21
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{6DE25E97-2325-48BB-8C66-365A01D765E4}] => C:\Program Files\Fortinet\FortiClient\FortiProxy.exe
FirewallRules: [{25DDB58A-9B0A-4C2A-BFDF-CCE0FBFB573C}] => C:\Program Files\Fortinet\FortiClient\ipsec.exe
FirewallRules: [{74AD9D60-0851-4DF1-9C70-ED7BD0C4B21E}] => C:\Program Files\Fortinet\FortiClient\FortiWad.exe
FirewallRules: [{AC234BFC-0570-405E-9C91-51D04D2F750B}] => C:\Program Files\Fortinet\FortiClient\fortiesnac.exe
FirewallRules: [{E1BDC74F-A09B-4153-93C8-9FDCE519B4C5}] => C:\Users\Tim\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [TCP Query User{37E39FEA-EC6E-41B7-9920-9E11FD966208}C:\program files\skype\phone\skype.exe] => C:\program files\skype\phone\skype.exe
FirewallRules: [UDP Query User{8EB7679A-A0D9-4CBB-8AEB-00A319CC768F}C:\program files\skype\phone\skype.exe] => C:\program files\skype\phone\skype.exe
FirewallRules: [{657E7A52-860A-4ACB-9843-E7AC58E4E6C6}] => C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{311CE309-019B-4FCE-BCD0-4FA2E80F9004}] => LPort=5357
FirewallRules: [{21C50817-0081-4BCA-B561-D0FD84715818}] => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{334DC21B-FF93-4C50-A1F0-49348E4C35EC}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7272245F-B427-4C53-BD1C-A9EEDF66D843}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9B68815D-F753-41FD-8B78-F2DBBF31BCF9}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{32DDBDEC-4A30-456E-B37D-666104C88D70}] => C:\Program Files\Zoiper\Zoiper.exe
FirewallRules: [{5306E44F-AF42-4FA3-B257-365AB7225578}] => C:\Program Files\Zoiper\Zoiper.exe
FirewallRules: [TCP Query User{15444C82-2920-4429-BA93-84E8F5011D1E}C:\program files\microsip\microsip.exe] => C:\program files\microsip\microsip.exe
FirewallRules: [UDP Query User{CC63526A-F7E8-4AFE-81D0-08B39AA95A34}C:\program files\microsip\microsip.exe] => C:\program files\microsip\microsip.exe
FirewallRules: [TCP Query User{5ABEE03A-0EEA-4414-95F4-A58B05E7C28A}C:\program files\jitsi\jitsi.exe] => C:\program files\jitsi\jitsi.exe
FirewallRules: [UDP Query User{17ADF414-F6DE-47AB-9329-CFDB8EA942FF}C:\program files\jitsi\jitsi.exe] => C:\program files\jitsi\jitsi.exe
FirewallRules: [{C3E14F7B-D9D9-46F2-A76B-09071C630A3B}] => C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
Name: USB2.0 VGA UVC WebCam
Description: USB-videoapparaat
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/12/2017 12:06:46 AM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: De lijst met opgenomen en uitgesloten locaties kan niet worden verwerkt door de Windows-zoekservice met de fout <30, 0x80040d07, "iehistory://{S-1-5-21-1556124094-4218111898-1118812907-1001}/">.
 
Error: (02/11/2017 11:13:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Kan activeringscontext voor 'C:\Program Files\HP\HP Deskjet 2540 series\DriverStore\Yeti\V3\amd64\hpinkinsC211.exe' niet maken.
Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden.
Gebruik sxstrace.exe voor een gedetailleerde diagnose.
 
Error: (02/11/2017 11:13:04 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Kan activeringscontext voor 'C:\Program Files\ASUS\ASUS Smart Gesture\win7\AsusTPDrv\x64\dpinst.exe' niet maken.
Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden.
Gebruik sxstrace.exe voor een gedetailleerde diagnose.
 
Error: (02/11/2017 11:13:03 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Kan activeringscontext voor 'C:\Program Files\ASUS\ASUS Smart Gesture\win10\AsusTPDrv\x64\dpinst.exe' niet maken.
Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden.
Gebruik sxstrace.exe voor een gedetailleerde diagnose.
 
Error: (02/11/2017 11:13:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Kan activeringscontext voor 'C:\Program Files\ASUS\ASUS Smart Gesture\win8\AsusTPDrv\x64\dpinst.exe' niet maken.
Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden.
Gebruik sxstrace.exe voor een gedetailleerde diagnose.
 
Error: (02/11/2017 11:13:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Kan activeringscontext voor 'C:\Program Files\ASUS\ASUS Smart Gesture\win10\AsusTPDrv\x64\VirtualPTP\AsusVirtualPTP\dpinst.exe' niet maken.
Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden.
Gebruik sxstrace.exe voor een gedetailleerde diagnose.
 
Error: (02/11/2017 11:13:02 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Kan activeringscontext voor 'C:\Program Files\ASUS\ASUS Smart Gesture\win81\AsusTPDrv\x64\dpinst.exe' niet maken.
Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden.
Gebruik sxstrace.exe voor een gedetailleerde diagnose.
 
Error: (02/11/2017 10:53:58 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Kan activeringscontext voor 'C:\Program Files\ASUS\ASUS Smart Gesture\win7\AsusTPDrv\x64\dpinst.exe' niet maken.
Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden.
Gebruik sxstrace.exe voor een gedetailleerde diagnose.
 
Error: (02/11/2017 10:53:58 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Kan activeringscontext voor 'C:\Program Files\ASUS\ASUS Smart Gesture\win10\AsusTPDrv\x64\dpinst.exe' niet maken.
Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden.
Gebruik sxstrace.exe voor een gedetailleerde diagnose.
 
Error: (02/11/2017 10:53:56 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Kan activeringscontext voor 'C:\Program Files\ASUS\ASUS Smart Gesture\win8\AsusTPDrv\x64\dpinst.exe' niet maken.
Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden.
Gebruik sxstrace.exe voor een gedetailleerde diagnose.
 
 
System errors:
=============
Error: (02/13/2017 09:24:41 PM) (Source: DCOM) (EventID: 10010) (User: Notebook)
Description: De server {1B1F472E-3221-4826-97DB-2C2324D389AE} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd.
 
Error: (02/13/2017 04:15:47 PM) (Source: DCOM) (EventID: 10010) (User: Notebook)
Description: De server {1B1F472E-3221-4826-97DB-2C2324D389AE} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd.
 
Error: (02/13/2017 02:29:44 PM) (Source: DCOM) (EventID: 10010) (User: Notebook)
Description: De server {1B1F472E-3221-4826-97DB-2C2324D389AE} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd.
 
Error: (02/13/2017 11:22:32 AM) (Source: DCOM) (EventID: 10010) (User: Notebook)
Description: De server {1B1F472E-3221-4826-97DB-2C2324D389AE} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd.
 
Error: (02/13/2017 11:22:02 AM) (Source: DCOM) (EventID: 10010) (User: Notebook)
Description: De server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd.
 
Error: (02/12/2017 03:25:05 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Een melding van een onherstelbare fout is ontvangen van het externe eindpunt. De door het TLS-protocol gedefinieerde meldingcode van de onherstelbare fout is 70.
 
Error: (02/12/2017 03:24:45 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Een melding van een onherstelbare fout is ontvangen van het externe eindpunt. De door het TLS-protocol gedefinieerde meldingcode van de onherstelbare fout is 70.
 
Error: (02/12/2017 03:23:05 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Een melding van een onherstelbare fout is ontvangen van het externe eindpunt. De door het TLS-protocol gedefinieerde meldingcode van de onherstelbare fout is 70.
 
Error: (02/12/2017 03:22:45 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: Een melding van een onherstelbare fout is ontvangen van het externe eindpunt. De door het TLS-protocol gedefinieerde meldingcode van de onherstelbare fout is 70.
 
Error: (02/11/2017 03:15:21 PM) (Source: DCOM) (EventID: 10010) (User: Notebook)
Description: De server {1B1F472E-3221-4826-97DB-2C2324D389AE} heeft zich niet binnen de vereiste termijn bij DCOM geregistreerd.
 
 
CodeIntegrity:
===================================
  Date: 2016-03-09 16:36:39.188
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Framework\1\avgnetclix.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-09 16:36:39.002
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Framework\1\avgnetclix.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-03-09 16:36:37.870
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Atom™ CPU Z3735F @ 1.33GHz
Percentage of memory in use: 55%
Total physical RAM: 1983.15 MB
Available physical RAM: 883.28 MB
Total Virtual: 4031.15 MB
Available Virtual: 2764.39 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:20.9 GB) (Free:4.43 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: 7A5C92A5)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

Edited by DutchCoastWest, 13 February 2017 - 02:47 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Open an elevated command prompt:
 
 
If you open an elevated command prompt it will by default open in c:\Windows\system32
 
Once you have an elevated command prompt:
 
Type(with an Enter after each line):
 
 DISM  /Online  /Cleanup-Image  /RestoreHealth
 
 (I use two spaces so you can be sure to see where one space goes.)
This will take a while to complete.  Once the prompt returns:
 
Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):
 
sfc  /scannow
 
 
 
This will also take a few minutes.  
 
When it finishes it will say one of the following:
 
Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)
 
If you get the last result then type:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \junk.txt 
 
Hit Enter.  Then type::
 
 
notepad  \junk.txt 
 
Hit Enter. 
 
 Copy the text from notepad and paste it into a reply.
 
 
 
 
 
 
 
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.
 
First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.
 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 
 

  • 0

#3
DutchCoastWest

DutchCoastWest

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

SFC SCAN RESULT: Windows Resource Protection did not find any integrity violations

 

You didn't need the text now did you? Only in case of the 'no good' message? If you do, I will run it again and copy/paste its text in here.

 

 

SPECCY: Attached filename is 'NOTEBOOK' + I've translated the following from Dutch (what SPECCY says under the Graphics part):

 

Can't check the digital signature for this file. Due to a recent modification on software or hardware it's possible that a file was installed that has been signed incorrectly or is damaged, or that might be harmful software from an unknown source.

 

 

PROCESS EXPLORER (copied/pasted from within the file System Idle Process):

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 81.91 0 K 8 K 0
procexp.exe 11.16 20.228 K 39.948 K 4112 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
dwm.exe 1.83 22.636 K 18.672 K 880 Beheer van bureaubladvensters Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.93 283.472 K 288.600 K 3072 Google Chrome Google Inc. (Verified) Google Inc
Interrupts 0.96 0 K 0 K n/a Hardware Interrupts and DPCs
System 0.58 736 K 9.560 K 4
csrss.exe 0.43 1.804 K 25.380 K 536 Runtimeproces voor client-server Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.26 149.424 K 164.760 K 5932 Google Chrome Google Inc. (Verified) Google Inc
explorer.exe 0.26 87.304 K 105.564 K 3596 Windows Verkenner Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.16 54.992 K 84.052 K 4792 Google Chrome Google Inc. (Verified) Google Inc
AsusTPCenter.exe 0.06 4.656 K 2.916 K 3212 ASUS Smart Gesture Center AsusTek (Verified) ASUSTeK Computer Inc.
FortiTray.exe 0.05 4.500 K 11.764 K 4056 FortiClient System Tray Controller Fortinet Inc. (Verified) Fortinet Technologies (Canada) Inc.
WDDriveService.exe 0.05 4.184 K 7.748 K 2232 WD Drive Service Western Digital Technologies, Inc. (Verified) Western Digital Technologies
fmon.exe 0.03 8.916 K 78.172 K 5700 FortiClient Realtime AntiVirus Protection Fortinet Inc. (Geen handtekening aanwezig in het onderwerp) Fortinet Inc.
FortiWF.exe 0.03 2.572 K 6.396 K 1844 FortiClient Web Filter Service Fortinet Inc. (Geen handtekening aanwezig in het onderwerp) Fortinet Inc.
CCleaner.exe 0.02 5.884 K 2.892 K 4776 CCleaner Piriform Ltd (Verified) Piriform Ltd
AsusTPLoader.exe 0.02 3.628 K 716 K 3644 ASUS Smart Gesture Loader AsusTek (Verified) ASUSTeK Computer Inc.
AsusTPHelper.exe 0.02 3.180 K 488 K 1020 ASUS Smart Gesture Helper AsusTek (Verified) ASUSTeK Computer Inc.
svchost.exe 0.02 1.708 K 4.596 K 2024 Hostproces voor Windows-services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.02 3.324 K 7.072 K 716 Hostproces voor Windows-services Microsoft Corporation (Verified) Microsoft Windows Publisher
WDDriveAutoUnlock.exe 0.02 1.424 K 5.632 K 4628 WD Drive Auto Unlock Western Digital Technologies, Inc. (Verified) Western Digital Technologies
iPodService.exe 0.02 1.432 K 4.712 K 5156 iPodService Module (32-bit) Apple Inc. (Verified) Apple Inc.
AppleMobileDeviceService.exe 0.01 2.296 K 7.560 K 520 MobileDeviceService Apple Inc. (Verified) Apple Inc.
Monitor.exe 0.01 1.048 K 5.076 K 4548 AutoDetector Ulead Systems, Inc. (Geen handtekening aanwezig in het onderwerp) Ulead Systems, Inc.
chrome.exe 0.01 34.940 K 33.808 K 4968 Google Chrome Google Inc. (Verified) Google Inc
WINWORD.EXE < 0.01 22.116 K 44.440 K 4620 Microsoft Office Word Microsoft Corporation (Verified) Microsoft Corporation
chrome.exe < 0.01 51.216 K 56.572 K 4856 Google Chrome Google Inc. (Verified) Google Inc
FortiSSLVPNdaemon.exe < 0.01 1.576 K 5.232 K 1860 FortiClient SSLVPN daemon Fortinet Inc. (Verified) Fortinet Technologies (Canada) Inc.
FortiProxy.exe < 0.01 11.556 K 16.000 K 1660 FortiClient Proxy Service Fortinet Inc. (Geen handtekening aanwezig in het onderwerp) Fortinet Inc.
iTunesHelper.exe < 0.01 2.888 K 8.868 K 4636 iTunesHelper Apple Inc. (Verified) Apple Inc.
csrss.exe < 0.01 1.420 K 3.324 K 460 Runtimeproces voor client-server Microsoft Corporation (Verified) Microsoft Windows Publisher
WmiPrvSE.exe 18.468 K 23.640 K 1192 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
wlanext.exe 1.140 K 4.056 K 1344 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 1.020 K 4.544 K 588 Toepassing Windows-aanmelden Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 692 K 2.976 K 528 Windows Toepassing Opstarten Microsoft Corporation (Verified) Microsoft Windows
taskhostex.exe 3.448 K 8.628 K 3420 Hostproces voor Windows-taken Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 3.772 K 7.108 K 3364 Hostproces voor Windows-taken Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 6.168 K 10.276 K 1204 Hostproces voor Windows-services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3.004 K 6.312 K 748 Hostproces voor Windows-services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 19.160 K 26.676 K 900 Hostproces voor Windows-services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 12.304 K 16.616 K 1052 Hostproces voor Windows-services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 12.172 K 14.160 K 840 Hostproces voor Windows-services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 11.188 K 13.300 K 1228 Hostproces voor Windows-services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4.536 K 7.604 K 956 Hostproces voor Windows-services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.356 K 4.552 K 2172 Hostproces voor Windows-services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.180 K 3.080 K 2788 Hostproces voor Windows-services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.136 K 5.048 K 1464 Hostproces voor Windows-services Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe 3.400 K 8.060 K 2000 App voor Spooler-subsysteem Microsoft Corporation (Verified) Microsoft Windows
splwow64.exe 1.868 K 6.260 K 4720 Print driver host for applications Microsoft Corporation (Verified) Microsoft Windows
smss.exe 172 K 712 K 292 Windows-sessiebeheer Microsoft Corporation (Verified) Microsoft Windows Publisher
services.exe 2.300 K 5.196 K 632 Services en controller-app Microsoft Corporation (Verified) Microsoft Windows Publisher
SearchIndexer.exe 24.816 K 16.964 K 3224 Indexeerfunctie van Microsoft Windows Search Microsoft Corporation (Verified) Microsoft Windows
scheduler.exe 3.576 K 9.416 K 1428 FortiClient Scheduler Fortinet Inc. (Geen handtekening aanwezig in het onderwerp) Fortinet Inc.
RtkNGUI.exe 1.712 K 6.132 K 4468 Realtek Audio configuratie Realtek Semiconductor (Geen handtekening aanwezig in het onderwerp) Realtek Semiconductor
PresentationFontCache.exe 15.484 K 6.864 K 3536 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
notepad.exe 1.044 K 6.224 K 4136 Kladblok Microsoft Corporation (Verified) Microsoft Windows
mDNSResponder.exe 1.128 K 3.676 K 1132 Bonjour Service Apple Inc. (Verified) Apple Inc.
lsass.exe 3.072 K 6.824 K 640 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
jhi_service.exe 760 K 3.472 K 6072 Intel® Dynamic Application Loader Host Interface Intel Corporation (Verified) Intel Corporation - Client Components Group
igfxTray.exe 12.284 K 12.384 K 3856 igfxTray Module Intel Corporation (Verified) Intel Corporation - pGFX
igfxHK.exe 6.224 K 8.648 K 3844 igfxHK Module Intel Corporation (Verified) Intel Corporation - pGFX
igfxEM.exe 6.492 K 9.992 K 3836 igfxEM Module Intel Corporation (Verified) Intel Corporation - pGFX
igfxCUIService.exe 1.092 K 4.704 K 1024 igfxCUIService Module Intel Corporation (Verified) Intel Corporation - pGFX
hpwuschd2.exe 580 K 2.956 K 4608 hpwuSchd Application Hewlett-Packard (Verified) Hewlett-Packard Company
HPSupportSolutionsFrameworkService.exe 35.328 K 13.504 K 5868 HP Support Solutions Framework Service HP Inc. (Verified) HP Inc.
HeciServer.exe 888 K 3.860 K 1904 Intel® Capability Licensing Service Interface Intel® Corporation (Geen handtekening aanwezig in het onderwerp) Intel® Corporation
HControl.exe 1.080 K 4.664 K 3392 HControl ASUSTek Computer Inc. (Verified) ASUSTeK Computer Inc.
GFNEXSrv.exe 352 K 1.780 K 1392 GFNEXSrv ASUS (Verified) ASUSTeK Computer Inc.
FortiESNAC.exe 2.196 K 6.224 K 1852 FortiClient Network Access Control Fortinet Inc. (Geen handtekening aanwezig in het onderwerp) Fortinet Inc.
FCDBLog.exe 9.068 K 13.028 K 1600 FortiClient Logging daemon Fortinet Inc. (Geen handtekening aanwezig in het onderwerp) Fortinet Inc.
fcappdb.exe 5.384 K 8.704 K 1652 FortiClient Application Database Service Fortinet Inc. (Geen handtekening aanwezig in het onderwerp) Fortinet Inc.
DptfPolicyLpmServiceHelper.exe 392 K 2.008 K 4452 Intel DPTF LPM Service Helper Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
DptfPolicyLpmService.exe 524 K 2.620 K 1792 Intel DPTF LPM Service Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
DptfPolicyCriticalService.exe 528 K 2.612 K 1608 Intel DPTF Critical Service Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
DptfParticipantProcessorService.exe 556 K 2.680 K 1476 Intel DPTF Processor Service Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
DMedia.exe 868 K 3.944 K 3956 ATK Media ASUSTek Computer Inc. (Verified) ASUSTeK Computer Inc.
conhost.exe 416 K 2.304 K 1380 Consolevensterhost Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 920 K 4.256 K 4592 Consolevensterhost Microsoft Corporation (Verified) Microsoft Windows
cmd.exe 1.404 K 2.096 K 4584 Windows Command Processor Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 24.924 K 27.292 K 5056 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 924 K 3.756 K 4828 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 984 K 4.460 K 4864 Google Chrome Google Inc. (Verified) Google Inc
audiodg.exe 5.184 K 6.908 K 2768 Grafiekisolatie voor Windows-audioapparaten Microsoft Corporation (Verified) Microsoft Windows
ATKOSD2.exe 1.144 K 4.464 K 3936 ATKOSD2 ASUSTek Computer Inc. (Verified) ASUSTeK Computer Inc.
AsLdrSrv.exe 636 K 2.968 K 1324 ASLDR Service ASUSTek Computer Inc. (Verified) ASUSTeK Computer Inc.
AsHidSrv.exe 588 K 2.644 K 644 AsHidSrv Service ASUSTek Computer Inc. (Verified) ASUSTeK Computer Inc.
armsvc.exe 704 K 2.836 K 380 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
ACMON.exe 1.332 K 584 K 3444 ACMON ASUS (Verified) ASUSTeK Computer Inc.
 

 

Attached Files


Edited by DutchCoastWest, 14 February 2017 - 01:44 PM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

No need to translate.  I'm fluent in German and took a semester of Dutch when I was working near Euskirchen and there is always Google Translate.

 

Not sure what is going on with the graphics but I would try to upgrade the driver.  Perhaps your PC maker has a newer driver available?

 

Your HD is an SSD that doesn't offer S.M.A.R.T. info to speccy so can't tell if it's OK.

 

See if the SanDisk SSD Dashboard will work for you:

http://downloads.san...hboardSetup.exe

Manual is at: http://downloads.san...board-um-en.pdf

 

Temps look OK.

 

Not too happy with your wireless connection.  Only 72 and that is in the clear.  Any of your neighbors can get on and suck all of your bandwidth.  You do have a lot of neighboring WiFi sources so may be getting some interference from them.

 

Go to http://www.speedtest.net/and click on Begin Test
 
When the Test finishes click on Share This Result and then select Forum then Copy then move to a reply and Ctrl + v
 
Is that about what you paid for?
 
There is a program called inssider which can help to optimize your wireless.
 

Download inssider
 
Double click to install it. Then run it by right click and Run As Admni.
 
It will show you a graph in the bottom right that has your signal in blue and competing signals in orange and yellow.  It may also recommend a different channel which might have less interference.
 
Moving to a different channel (by logging on to your router) can drastically improve performance.
 
Let's also look at your errors.  

 

Please download MiniToolBox, save it to your desktop and run it.
 
Checkmark only  the following checkboxes:
 
  • List last 10 Event Viewer Errors
  •  
  • List Minidump Files
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

    • 0

    #5
    DutchCoastWest

    DutchCoastWest

      Member

    • Topic Starter
    • Member
    • PipPip
    • 21 posts
    Great about the German and Dutch.
     
     
    Graphics: Removed and reinstalled the driver after calling ASUS, message stays the same. They say 'this can happen' and don't seem to know any more than I do.
     
     
    SanDisk SSD Dashboard: Downloaded, read the Manual but it doesn't seem to recognize my HD.
     
     
    Speedtest:
     
    6054441238.png
     
    ATTACHMENTS:
     
    Inssider result
     
    WIRELESS CONNECTION:
     
    Yea the problem is I'm renting an appartment and there are 10+ other appartments sharing the same connection. There are several internal 'access points', the one I'm on now has the best performance so far. Internet used to be unstable (needed to reset it every week), but after they called the ISP it improved a lot. Only crashes sporadically now (once in 6 months or something and when I reset the router it's back online within 5 minutes).
     
    Although Skype works great 90% of the time, downloading is going very well and I can watch anything on Youtube, the Saturday nights and Sundays are sometimes problematic due to many people using Internet simultaneously.
     
     
     
    Mini Toolbox (2 checkboxes right? 1 empty dot there. I checked List last 10 Event Viewer Errors + List Minidump Files):
     
    MiniToolBox by Farbar  Version: 17-06-2016
    Ran by Tim (administrator) on 15-02-2017 at 11:47:52
    Running from "C:\Users\Tim\Desktop"
    Microsoft Windows 8.1 met Bing  (X86)
    Model: X205TA Manufacturer: ASUSTeK COMPUTER INC.
    Boot Mode: Normal
    ***************************************************************************
     
    ========================= Event log errors: ===============================
     
    Application errors:
    ==================
    Error: (02/15/2017 11:24:16 AM) (Source: Perflib) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll4
     
    Error: (02/14/2017 08:23:40 PM) (Source: Perflib) (User: )
    Description: .NETFrameworkC:\Windows\system32\mscoree.dll4
     
    Error: (02/14/2017 07:52:09 PM) (Source: DptfPolicyLpmService) (User: )
    Description: DptfPolicyLpmServiceServiceMainThread:  GetForegroundApplicationIndex() failed.
     
    Error: (02/14/2017 11:12:58 AM) (Source: SideBySide) (User: )
    Description: Kan activeringscontext voor 'Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1' niet maken.
    Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden.
    Gebruik sxstrace.exe voor een gedetailleerde diagnose.
     
    Error: (02/14/2017 11:12:53 AM) (Source: SideBySide) (User: )
    Description: Kan activeringscontext voor 'Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1' niet maken.
    Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden.
    Gebruik sxstrace.exe voor een gedetailleerde diagnose.
     
    Error: (02/14/2017 11:12:53 AM) (Source: SideBySide) (User: )
    Description: Kan activeringscontext voor 'Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1' niet maken.
    Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden.
    Gebruik sxstrace.exe voor een gedetailleerde diagnose.
     
    Error: (02/14/2017 11:12:51 AM) (Source: SideBySide) (User: )
    Description: Kan activeringscontext voor 'Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1' niet maken.
    Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden.
    Gebruik sxstrace.exe voor een gedetailleerde diagnose.
     
    Error: (02/14/2017 11:12:51 AM) (Source: SideBySide) (User: )
    Description: Kan activeringscontext voor 'Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1' niet maken.
    Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden.
    Gebruik sxstrace.exe voor een gedetailleerde diagnose.
     
    Error: (02/14/2017 11:12:51 AM) (Source: SideBySide) (User: )
    Description: Kan activeringscontext voor 'Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1' niet maken.
    Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden.
    Gebruik sxstrace.exe voor een gedetailleerde diagnose.
     
    Error: (02/14/2017 11:12:14 AM) (Source: SideBySide) (User: )
    Description: Kan activeringscontext voor 'Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1' niet maken.
    Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden.
    Gebruik sxstrace.exe voor een gedetailleerde diagnose.
     
     
    System errors:
    =============
    Error: (02/15/2017 11:24:32 AM) (Source: DCOM) (User: Notebook)
    Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
     
    Error: (02/15/2017 11:24:11 AM) (Source: Service Control Manager) (User: )
    Description: De speccy-service kan vanwege de volgende fout niet worden gestart: 
    %%577 = Kan de digitale handtekening voor dit bestand niet controleren. Door een recente wijziging in software of hardware is mogelijk een bestand geïnstalleerd dat onjuist is ondertekend of beschadigd is, of dat mogelijk schadelijke software van een onbekende bron is.
     
     
    Error: (02/15/2017 11:19:48 AM) (Source: DCOM) (User: Notebook)
    Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
     
    Error: (02/15/2017 11:19:24 AM) (Source: Service Control Manager) (User: )
    Description: De speccy-service kan vanwege de volgende fout niet worden gestart: 
    %%577 = Kan de digitale handtekening voor dit bestand niet controleren. Door een recente wijziging in software of hardware is mogelijk een bestand geïnstalleerd dat onjuist is ondertekend of beschadigd is, of dat mogelijk schadelijke software van een onbekende bron is.
     
     
    Error: (02/15/2017 11:13:25 AM) (Source: Service Control Manager) (User: )
    Description: De speccy-service kan vanwege de volgende fout niet worden gestart: 
    %%577 = Kan de digitale handtekening voor dit bestand niet controleren. Door een recente wijziging in software of hardware is mogelijk een bestand geïnstalleerd dat onjuist is ondertekend of beschadigd is, of dat mogelijk schadelijke software van een onbekende bron is.
     
     
    Error: (02/15/2017 11:06:25 AM) (Source: Service Control Manager) (User: )
    Description: De speccy-service kan vanwege de volgende fout niet worden gestart: 
    %%577 = Kan de digitale handtekening voor dit bestand niet controleren. Door een recente wijziging in software of hardware is mogelijk een bestand geïnstalleerd dat onjuist is ondertekend of beschadigd is, of dat mogelijk schadelijke software van een onbekende bron is.
     
     
    Error: (02/15/2017 11:03:26 AM) (Source: DCOM) (User: Notebook)
    Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
     
    Error: (02/15/2017 09:19:42 AM) (Source: DCOM) (User: Notebook)
    Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
     
    Error: (02/14/2017 08:21:15 PM) (Source: DCOM) (User: Notebook)
    Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
     
    Error: (02/14/2017 08:13:36 PM) (Source: Service Control Manager) (User: )
    Description: De speccy-service kan vanwege de volgende fout niet worden gestart: 
    %%577 = Kan de digitale handtekening voor dit bestand niet controleren. Door een recente wijziging in software of hardware is mogelijk een bestand geïnstalleerd dat onjuist is ondertekend of beschadigd is, of dat mogelijk schadelijke software van een onbekende bron is.
     
     
     
    Microsoft Office Sessions:
    =========================
     
    CodeIntegrity Errors:
    ===================================
      Date: 2017-02-15 11:24:11.243
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Tim\AppData\Local\Temp\b25e2be4-6a21-4b0c-9a65-a87c1739622e because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2017-02-15 11:19:24.489
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Tim\AppData\Local\Temp\31d90c53-d130-46a5-90de-6048487a590c because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2017-02-15 11:13:25.369
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Tim\AppData\Local\Temp\361296b9-fb35-4dfd-a21b-2ef6be911163 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2017-02-15 11:06:25.937
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Tim\AppData\Local\Temp\68597c96-2e77-48ff-8f14-380c82e29d68 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2017-02-14 20:13:36.916
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Tim\AppData\Local\Temp\fc35d1fd-32c8-4d31-99c1-061d308984f6 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2016-03-09 16:36:39.188
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Framework\1\avgnetclix.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2016-03-09 16:36:39.002
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Framework\1\avgnetclix.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2016-03-09 16:36:37.870
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
    ========================= Minidump Files ==================================
     
    No minidump file found
     
     
    **** End of log ****

    Attached Thumbnails

    • INSSIDER1.jpg
    • INSSIDER2.jpg

    Edited by DutchCoastWest, 15 February 2017 - 05:12 AM.

    • 0

    #6
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    Uninstall Speccy.  For some reason it's not happy on your PC and we don't need it any more.

     

    I am seeing errors from:

    Intel® Dynamic Platform and Thermal Framework

    https://software.int...framework-intel

     

    Near as I can tell this is a BIOS program so check and see if there is an update to your BIOS.

     

    inssider shows your router would probably work better on Channel 1 but I guess you don't have control of it so nothing we can do about it.

     

    Your speed is actually pretty decent right now.  Might want to recheck it on the weekend when you say it gets slow.

     



    Error: (02/14/2017 11:12:53 AM) (Source: SideBySide) (User: )
    Description: Kan activeringscontext voor 'Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1' niet maken.
    Kan afhankelijke assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" niet vinden.
    Gebruik sxstrace.exe voor een gedetailleerde diagnose.

     

     

    This looks like an install that is not working.  Probably a chipset utility program which tries to tell Windows how to talk to the AMD chipset.  See if ASUS has a new version.
     
    If you do not use Skydrive then turn off the tasks associated with it:
     
     
    (Search for
     
    task scheduler
     
    hit Enter.
     
    Then follow the rest of the instructions in the reply at the bottom of the above link.  Probably not a major problem but I like to clear as many errors from the event log as possible)
     
    Let's see if Speedfan has any better luck at talking to your hard drive.

     
    Download, save and Install it (Win 7+ or Vista right click and Run As Admin.) then run it (Win 7+ or Vista right click and Run As Admin.).
     
     
    click on the S.M.A.R.T. tab.  Click on the down arrow to the right of the Hard Disk box.  Select your hard drive.  If it's able to get SMART info from your drive then: Click on Perform and In-depth Online Analysis of this hard disk.  Your browser will open.
     
    At the bottom of the new page will be a line:  
     
    The link to get back and see a new report about this hard disk in the future is this.
     
    Right click on the underlined "this" and select Copy Link Address.  Move to a Reply and Paste (Ctrl + v).
     
    If not then see if either the short test or the extended test will work.
     
    You can uninstall Speedfan if it can't see/test your drive 
     

     
    Download and save the AVG removal tool
    Click on AVG Remover
     
    Save the file then right click and Run As Admin.
     
    Let's rule out rootkits:
     

     
    Save the log as before and post in your next reply
    Download aswMBR.exe  to your desktop.
    The link is a direct download so the page won't change.
     
    Right click the aswMBR.exe and select Run As Administrator to run it
    Wait until the AV Scan shows up at the bottom left.
    Change AV Scan: from Quick Scan to  C:\
    Click the "Scan" button to start scan
    If it asks you to allow the Avast engine to download then say Yes.  It will take a while to finish.  
    On completion of the scan (Note if the Fix button is enabled and tell me but do not push any buttons) click save log, save it to your desktop and post in your next reply
     
    If it crashes then try it again but uncheck Trace Disk IO Calls before hitting Scan.
     

     
     

    • 0

    #7
    DutchCoastWest

    DutchCoastWest

      Member

    • Topic Starter
    • Member
    • PipPip
    • 21 posts

    Speccy uninstalled

     

    Errors: Bios updated.

     

    Inssider: Yes the channel 1 connections are password protected, probably belonging to people living in the other appartment block. Will re-check the speed over the weekend.

     

    Not-working-install: I 'updated' the chipset yesterday, as they told me this was the only way to update the graphics driver. Must be said... it probably wasn't a newer version comparing its date with the date on which I bought the machine.

     

    Skydrive/Onedrive: Need a little help here, I ended up where the screenshot shows, mine deviates from the description (green I have found, red I haven’t found) (see picture)

     

    Task Scheduler Library > Microsoft > Windows, scroll down and click on SkyDrive (OneDrive is the same right?), you find two scheduled jobs, "Idle Sync Maintenance Task" and "Routine Maintenance Task".

     

    In addition: I'd like to disable more auto-updates, if you agree on that? Which ones shall we turn off?

     

    I imagine that "Optimize Start Menu Cache Files" is essential to leave intact, but a lot of these auto-updates are unnecessary right?

     

    I.e. I always disable Windows Update.

     

    SKYDRIVE.jpg

     

    Speedfan: Didn't recognize the HD, uninstalled it as you said.

     

    AVG Remover: Done that.

     

    aswMBR.exe: Both with and without 'Trace disk IO calls' it says 'Scan error'. It still seems to be running then because I can press 'stop', but I don't know whether it actually runs... or is doing nothing due to the error? I could wait for an hour, but would that make sense?

     

    When reopening the program it gives a 'write error' as well. See both pictures.

     

    aswmbr1.jpg

     

    aswmbr2.jpg


    Edited by DutchCoastWest, 16 February 2017 - 06:14 AM.

    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    We want to change your router to channel 1 since there is only a weak signal on 1.  

    You might try logging in to your router with the default password.  It would be foolish of the company to leave it unchanged but it doesn't take long to try it.

    http://www.draytek.c...r_password.html

     

    To find its address: open an elevated command prompt 

    http://www.eightforu...indows-8-a.html

    type:

    ipconfig

    hit Enter.

     

    Look for:


    ...

       IPv4 Address. . . . . . . . . . . : 192.168.0.5
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.0.1

     

     
     
    The Default Gateway's IP address is what we want.  On mine it's 192.168.0.1.
     
    Open any browser and put in the default gateway'IP address and hit Enter.  This should open up the password box on the router.  It may tell you exactly which model you are talking to but if not there are only three different combinations.  
     
    If you get in then somewhere under the advanced wireless configuration you will find channel selection.  It's usually set to Auto which really doesn't work so change it to manual and then change the channel to 1.  Save your changes.  (Router will probably reboot).  Check with Inssider to see if it really worked and then with Speedtest to see if there is any improvement.
     
     

     

     

     

    On Task Scheduler you need to go a bit deeper.  If you click on the arrow in front of "Bibliotheek voor taskplanner" it should show you  Microsoft as a sub entry.  Click on its arrow and it will show you Windows.  Click on its arrow and you should be able to find the Skydrive folder.

     

    As for disabling other tasks you can look at the output from FRST under Additions.txt to see what exactly each task does:

     



    Task: {00BF703C-828F-475D-A6F3-B30EA29C0A58} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
    Task: {4A6EA789-C3FE-4D4F-9668-469C78E45C09} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
    Task: {4C96F785-60EF-4E4F-A78A-786948B84B54} - System32\Tasks\GoogleUpdateTaskMachineUA1d17a17da5d69ff => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-03-09] (Google Inc.)
    Task: {553F14DF-EEE4-4BC7-B084-9DC9CC660F87} - System32\Tasks\Update Checker => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
    Task: {6ED0AEC7-A3F4-4805-AA6E-AC041D5845CD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
    Task: {6FE97451-73E2-48BB-A492-0E81D9945AEF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-03-09] (Google Inc.)
    Task: {8376A16A-E897-446E-8A66-FBE85D0126DF} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLauncher.exe [2015-08-17] (AsusTek)
    Task: {8C38D76A-91B2-4498-8FA6-349885A6250D} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files\ASUS\Splendid\ACMON.exe [2014-06-03] (ASUS)
    Task: {99C95E1C-8CFC-408C-9314-E863597E4B5F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-03-09] (Google Inc.)
    Task: {9FF19096-4A42-4520-94B8-55783CD66E23} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated)
    Task: {A0CB0AFA-6E7C-42EE-9219-DE8C2C098451} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe [2017-01-10] (Adobe Systems Incorporated)
    Task: {B2E7F00B-BB26-4065-B1DB-F184FF65B073} - System32\Tasks\ASUS Live Update1 => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
    Task: {B52E8B5A-810C-4320-A0E3-A1FBD6F56945} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
    Task: {EAE83D03-C342-47BF-AD5C-6A23C44C7649} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
    Task: {EDFC9097-63BD-46DE-A623-E8C8AD8E67A7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
    Task: {F4A46B36-D3DB-41E6-83EC-FB7A75EB7EBF} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)
     

     

     

     
    I assume the HP tasks are for your printer.  I doubt it gets updates often enough to be needed so these you can right click on and Disable.  Do you use any Apple products? If not you can turn off the Apple tasks (and uninstall all of the Apple software and Bonjour).
    ASUS Smart Gesture Launcher is something most people don't use and it looks like it is having problems so you might try Disabling it.  You should keep the Adobe tasks and if you use Chrome the Google tasks.  
    If you are not using OneDrive you can turn it off and uninstall Microsoft OneDrive.  The ASUS Updates are optional.  The older your PC the less likely there will be any updates.  You may want to keep the ASUS Splendid ACMON if you use it:

     



    ASUS Splendid Video Enhancement Technology

    This particular piece of kit is especially tailored for compatible displays and only comes with selected notebooks. The main advantage of using this application is the possibility to have the video parameters adjusted automatically to the optimal parameters.

    There are several built-in profiles that are meant to be used in various scenarios like watching movies or adjusting gamma settings. More so, in case you prefer to have a softer or a more vivid color profile, simply select it by pressing the appropriate button in the main window of ASUS Splendid Video Enhancement Technology.

    A neat feature of this utility is the instant preview it offers. Thus, you will be able to compare the current setting, displayed on the left side, with any of the profiles you choose, shown on the right pane.

    Creating a custom profile is also possible with ASUS Splendid Video Enhancement Technology. All you have to do is pick the desired values for each RGB channel and also alter the color temperature, if necessary.

    All in all, this program seems to be one of the smartest choices that ASUS laptop owners can make in terms of tweaking the display settings. Very easy to use and with sufficient default profiles, while also featuring a customizable personal profile, ASUS Splendid Video Enhancement Technology earns a place among the recommended software solutions.

     

     

     

     First time I have had a problem like that with aswMBR.  You did right click and Run As Admin didn't you?
     

    Let's try Rogue Killer
     
    • Download RogueKiller  and save it on your desktop.  
  • Quit all programs 
  • Start RogueKiller.exe (Right click and Run As Admin). 
  • Wait until Prescan has finished ...  
  • Click on Scan
  •  
  • Wait for the end of the scan.  
  • Send me the RKreport.txt located on your desktop.
  •  
    Clear the existing events:
     
     
    Copy the next line:

    for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
     
    Open an Elevated Command Prompt:
     
    Then right click and Paste (or Edit then Paste) and the copied line should appear.  Hit Enter.  It will give you a few errors but it does work for what we want it to do.
     
    Reboot.
     
    Run Minitoolbox with just the one [*]List last 10 Event Viewer Errors checked and post the result.

    • 0

    #9
    DutchCoastWest

    DutchCoastWest

      Member

    • Topic Starter
    • Member
    • PipPip
    • 21 posts
    ROUTER: It's a Technicolor, managed to login by getting the username & password from the sticker on the router. The thing is, if I'd change anything now and it effects the connection of one or more neighbours, I'd be responsible, so I believe it would be best for me to call the ISP, explain the issue and have them walk me through it 'officially'.
     
     
    TASK SCHEDULER: Walked through it as you said, disabling most things, removing a few and leaving a few active.
     
     
    ASWMBR: Yes I ran it as Admin.
     
     
    ROGUE KILLER: 14 Detections + an error in the MBR check. I didn't remove any before sharing the text with you. One question though: If I open Rogue Killer again I can find the log with the 14 detections, but no longer how to remove them? Need to scan it again? Anyway, I'll wait until you've analyzed the text and instruct me further.
     
     
     
    ELEVATED COMMAND PROMPT / MINITOOLBOX: A few errors left.
     
     
     
     
    What did you mean by 'Clear the existing events'?
     

    Attached Files


    • 0

    #10
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP
    What did you mean by 'Clear the existing events'?

     

     

    That's what these commands do:

     

     
    Copy the next line:

    for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
     
    Open an Elevated Command Prompt:
     
    Then right click and Paste (or Edit then Paste) and the copied line should appear.  Hit Enter.  It will give you a few errors but it does work for what we want it to do.
     
    Reboot.

     

     

    The commands just remove all old events from the event log so that minitoolbox would just see the events that are still happening.
     
    We need to uninstall SanDiskSSDDashboard as it is not happy and caused 3 of our four errors.  
     
    The remaining error is something to do with OneDrive that is apparently found on most Windows 8.1's so probably not worth worrying about.  Tho you might try disabling the onedrive task that you found in the task scheduler library (or enabling if you have it disabled)
     
    RogueKiller results:
    PUP.Gen0] HKEY_CLASSES_ROOT\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96} (C:\PROGRA~1\COMMON~1\WONDER~1\WONDER~1\WSHelper.exe) -> Gevonden

     

     

    Wondershare is a program that RK doesn't like.  Probably has some ads in it but as far as I know it's harmless.  See: Virustotal's check of the file:
     
    PUP.Gen1] HKEY_USERS\S-1-5-21-1556124094-4218111898-1118812907-1001\Software\APN PIP 

     

     

    The second line is not clear.  Many programs write to Software\APN PIP\ so we will have to look a bit closer.

     
    [PUM.HomePage] HKEY_USERS\S-1-5-21-1556124094-4218111898-1118812907-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus13.msn.com/?pc=ASJB -> Gevonden
    [PUM.HomePage] HKEY_USERS\S-1-5-21-1556124094-4218111898-1118812907-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus13.msn.com/?pc=ASJB -> Gevonden
     

     

     

    RK doesn't  like your default homepage because it was assigned by ASUS and isn't a standard Windows homepage.  Nothing to worry about.

    [PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{18E1ADCD-3EB8-486B-955A-50F3C0A0AD8D} | DhcpNameServer : 169.254.125.80 ([])  -> Gevonden
     

     

     

    RK has a valid complaint here.  The DNS server's IP address is an address that is not valid.  169.254.x.x is a range of addresses that windows uses when it can't get an address from the router.  I suspect that you booted up one time when there was no wireless around.  I saw this in FRST but it didn't seem to be your current DNS address so I didn't worry about it.

     

     

    ¤¤¤ Bestanden : 9 ¤¤¤
    [File.Forged][Bestand] C:\Windows\AsDCDVer.txt -> Gevonden
    [File.Forged][Bestand] C:\Windows\AsHDIVer.txt -> Gevonden
    [File.Forged][Bestand] C:\Windows\AsOFSVer.txt -> Gevonden
    [File.Forged][Bestand] C:\Windows\AsToolCDVer.txt -> Gevonden
    [File.Forged][Bestand] C:\Windows\csup.txt -> Gevonden
    [File.Forged][Bestand] C:\Windows\explorer.exe.config -> Gevonden
    [File.Forged][Bestand] C:\Windows\system.ini -> Gevonden
    [File.Forged][Bestand] C:\Windows\win.ini -> Gevonden
    [File.Forged][Bestand] C:\Windows\System32\Drivers\etc\networks -> Gevonden
     

     

     

    The files that RogueKiller found that it calls forged would probably be labeled suspicious if your system were in English.  I suspect that there is a translation error in RogueKiller as these are just text files.  They are suspicious because they do not normally appear in in \Windows or \Windows\System32 or have been modified from the original versions in the case of system.ini and win.ini  but it appears that these were put there/changed  by an Asus program.   
     
    The MBR Check can be ignored because Windows 8 uses GPT.
     
    We will check the "forged" files & the APN registry key and remove the bad DNS server with a FRST fixlist so we won't need to bring up RogueKiller again.  You can uninstall it and delete its logs.
     
     
    Download the attached fixlist.txt to the same location as FRST
     
     
    Run FRST and press Fix
    A fix log will be generated please post that 
     
     
    Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
     
    How is it running now?  Are you still getting the crashes?  Are you getting Windows crashes or just programs?
     
    How old is the PC?  Did it come with Windows 8 or did you upgrade from an earlier version?
     
    Could your PC be so old that the SSD is an IDE rather than a SATA?  I tried to use Speedfan to read an IDE drive and it can't do it.  
     
     
     
     
     
     
     
     
     
     
     
     
     

    • 0

    Advertisements


    #11
    DutchCoastWest

    DutchCoastWest

      Member

    • Topic Starter
    • Member
    • PipPip
    • 21 posts

    SanDiskSSDDashboard: Removed.

     

    OneDrive: Disabled it earlier to get rid of the other errors, so it seems like a cache 22, but probably nothing to worry about as you say.

     

    Wondershare: I believe I deleted that some time ago... can't find Wondershare nor the company name Filmora in the programs list. How can we trace its leftovers and delete them?

     

    The second line is not clear.  Many programs write to Software\APN PIP\ so we will have to look a bit closer. How to look closer on this one?

     

    Fixlist / FRST: Done.

     

    How is it running now?  Are you still getting the crashes?  Are you getting Windows crashes or just programs?

     

    NOW: Can’t tell if there’s been improvement in Windows, but it was just freezing again in my browser, the most frequent and disturbing thing is when I'm working with my Outlook.com email inbox or inside specific e-mails and the Chrome screen freezes 15-30 secs time and time again (same problem for any other browser).

     

    BEFORE THE FIX: In Windows it’s been freezing in the same way, for example I open "This Computer" and it takes 15-30 secs before it actually opens. In the meantime I can do other things like open Chrome and browse... but my Desktop may or may not be frozen. Sometimes more freezing, sometimes less. Sometimes error messages appear. Earlier today before the fix I took a screenshot, because it sometimes gives an error message in Outlook.com

     

    Outlook_Error.jpg

     

    How old is the PC?  Did it come with Windows 8 or did you upgrade from an earlier version?

     

    Could your PC be so old that the SSD is an IDE rather than a SATA?  I tried to use Speedfan to read an IDE drive and it can't do it. 

     

    I bought this ASUS EeeBook X205TA in the summer of 2015, so I guess it can't be its age, maybe the fact that it's a budget laptop weighs in. Windows 8 from the start, never upgraded.

     

    Still a lot HD space has been used, more than what I was used to on the laptop before this one.

    Attached Files


    Edited by DutchCoastWest, 17 February 2017 - 04:47 PM.

    • 0

    #12
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    The HKEY_USERS\S-1-5-21-1556124094-4218111898-1118812907-1001\Software\APN PIP is a leftover from the ask toolbar.  We can remove it with a fixlist.

     

    I had a typo in the last list so it wasn't able to read the text files so hopefully that will work this time.

     

    Download the fixlist and run FRST and hit FIX.  Post the fixlog.

    Since it is not really crashing just taking a while it could be something like wmi or it could be something uglier like the hard drive failing.  I had an SSD fail and things took forever to work.  Yours is such a small drive it might not even be a real SSD but instead just a micro SD or something similar.  I wish I could find something to talk to it.  I found a list of tools which might work but if they just read SMART that's not going to work.

    http://mashtips.com/...-monitor-tools/

     

     

    If you right click on the clock and select Task Manager and once it starts hit the minimize icon in the top right it will put a box icon down near the clock.  As the CPU gets busier the box will fill with green.  If the box is all green then that means that some process is eating all of the CPU time and when that happens you will get a long delay before something else happens.  If that's what you are seeing then I would start by searching for 

     

    services.msc

     

    hit Enter

     

    Scroll down to

     

    Windows Management Instrumentation

     

    and right click on it and select Properties then Stop the service.  

    See if that stops the slowdowns.  Start it back up.  If WMI's the problem we can fix that.

     

    You can put

    wondershare

    in the search box in Frst and then hit Search Registry.  It will find all of them for us and then we can use another fixlist.

     

     


    • 0

    #13
    DutchCoastWest

    DutchCoastWest

      Member

    • Topic Starter
    • Member
    • PipPip
    • 21 posts
    Fixlist / FRST / Addition: Done, see the three .txts
     
    HD Tools: Most don't recognize the HD, but SSDREADY runs & CRYSTALDISKMARK recognizes the drive (see screens).
     
    ssdready.jpg
     
    crystaldiskmark.jpg
     
    I also added a screenshot of WINDIRSTAT a program I tried to do self-help with some time ago. I don't know how to work with it, maybe you do?
     
    It's been recently used in this topic I see: http://www.geekstogo...ing-disk-space/
     
    windirstat.jpg
     
    WMI: Yes the little box filled up and was 'stuck' when my Outlook.com was freezing and giving an error just now. Turned it all off.
     
    Problem remained, it started freezing again this time the box wasn't filled up. Turned WMI on again.
     
    I guess this rules out WMI as a problem maker?
     
    Wondershare: Done, see searchreg.txt

    Attached Files


    Edited by DutchCoastWest, 18 February 2017 - 05:34 AM.

    • 0

    #14
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    Uninstall all of the HD test programs except CrystalDiskMark.  Delete the downloads and empty the recycle bin.  You don't have much space so need to conserve it.

     

    To use CrystalDiskMark you just start it (right click and Run As Admin) and then click on All.  It will change to STOP.  Wait until it changes back to All.  You should get something like this:

     

     

    You can either take a screenshot of it or do:

     

    File, Save, to your desktop, OK.  It will create a file that looks like this:  CDM_2017021874158.txt

     

    You can copy and paste or attach it.

     

    -----------------------------------------------------------------------
    CrystalDiskMark 5.2.1 x64 © 2007-2017 hiyohiyo
                               Crystal Dew World : http://crystalmark.info/
    -----------------------------------------------------------------------
    * MB/s = 1,000,000 bytes/s [SATA/600 = 600,000,000 bytes/s]
    * KB = 1000 bytes, KiB = 1024 bytes
     
       Sequential Read (Q= 32,T= 1) :   544.488 MB/s
      Sequential Write (Q= 32,T= 1) :   490.542 MB/s
      Random Read 4KiB (Q= 32,T= 1) :   288.257 MB/s [ 70375.2 IOPS]
     Random Write 4KiB (Q= 32,T= 1) :   242.329 MB/s [ 59162.4 IOPS]
             Sequential Read (T= 1) :   489.485 MB/s
            Sequential Write (T= 1) :   454.098 MB/s
       Random Read 4KiB (Q= 1,T= 1) :    27.504 MB/s [  6714.8 IOPS]
      Random Write 4KiB (Q= 1,T= 1) :    91.452 MB/s [ 22327.1 IOPS]
     
      Test : 1024 MiB [C: 20.1% (89.7/447.1 GiB)] (x5)  [Interval=5 sec]
      Date : 2017/02/18 7:40:00
        OS : Windows 7 Ultimate SP1 [6.1 Build 7601] (x64)
      
     
    To use WinDirStat:  Right click and Run As Admin.
    (Select drive if more than one)
    Then once it finshes scanning turn off the treemap as it is just too confusing to use:  Options, uncheck Treemap.
    That will give you just a list of folders:
     
    Now click on the + in front of the biggest  user of the hard drive.  In my case its
     
    Users.  In your case it's ontwikkelingen.  Then keep hitting the + in front of the biggest sub user.  Keep going to until you either decide that this is something you don't want to mess with or you get down to simple files.  In my case, Tom Tom (my GPS) is the biggest user.  If I wanted to remove it I would just uninstall it then rather than use WinDirStat to remove it.  You can remove files and even folders with windirstat by just right clicking and selecting one of the two Deletes.  This is dangerous if you don't know what you are doing so be very careful.
     
    ontwikkelingen may be something important.  Don't know but if you hit the + a few times it may be clearer what it is. 
     
    I don't have time today to make a fixlist to remove all of the Wondershare registry entries.  Have to go to some party my wife wants to attend. 
     
     
     
     

    • 0

    #15
    DutchCoastWest

    DutchCoastWest

      Member

    • Topic Starter
    • Member
    • PipPip
    • 21 posts

    Hope you both have a good time at the party. I appreciate all the follow up steps you help me through in trying to solve these issues.

     

     

    HD TOOLS: Uninstalled those.

     

     

    CRYSTAL DISK MARK:

     

    crystaldiskmark1.jpg

     

     

    WINDIRSTAT:

     

    You can remove files and even folders with windirstat by just right clicking and selecting one of the two Deletes.  This is dangerous if you don't know what you are doing so be very careful.
     
    Yea I stayed away from that naturally.
     
    ontwikkelingen may be something important. 
     
    That's a big folder with work / media etc. created over a long time span. I know everything in there. It 'traveled' with me on a USB stick.
     
    I was thinking that there may be standard folders/files within Windows or another main folder that you guys are familiar with and are known to cause problems such as disk space being eaten etc.
     
    Furthermore, I wouldn't know what to do with it by myself.

    Edited by DutchCoastWest, 18 February 2017 - 05:46 PM.

    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP