Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC very slow, disk usage at 100%


  • This topic is locked This topic is locked
33 replies to this topic

#1 Jis000

Jis000

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:39 PM

Posted 26 March 2017 - 10:50 AM

Hello,

 

A month ago our most used PC became extremely slow when booting and during normal use. Since I'm not the person who uses the pc the most, I can't tell exactly when this happened. 

The Disk usage is constantly at 100%, with Explorer.exe ,Chrome.exe and my AVprogram absorbing the biggest amount of %.

 

First, the computer had several other issues (CPU at 100%, being even slower than it is right now). Someone already gave me support, but it seems that what's causing the pc to be this slow, hasn't been found yet. See the topic I started before:  https://www.bleepingcomputer.com/forums/t/641946/pc-very-slow-cpu-at-100-and-several-useraccounts-cant-login-to-microsoft/

 

The pc specifications:

Dell Inspiron 3847, bought april 2014

Originally Windows 8.1, upgraded to Windows 10 at its release in 2015.

Windows 10 Home

Processor: Intel ® Pentium ® CPU G3220 @ 3.00GHz  3.00 GHz

RAM: 4,00 GB

Hard drive size: 1 TB

64 bits operating system, x64 Processor

 

In the help topic I was ordered to run Security Check, Farbar Service Scanner, MiniToolBox, Malwarebytes, Malwarebytes Anti-Rootkit and Rkill. The logs from those scans are documented in the topic.

The support continued by using several other applications to clear out the pc. I used Temp File Cleaner, AdwCleaner, Junk Removal Tool and Sophos Free Virus Removal Tool posted all the created logs again. 

After all this, I updated Flash Player and Java. The person who guided me through the fixing process, stated that my computer would now be clean. I ran DelFix and downloaded Secunia PSI. 

 

The CPU went down to 39%, but the pc still hangs when trying to open applications such as Outlook or Chrome. Also booting taking really long. The funny thing is: now that the CPU is down, the disk usage keeps ticking the 100%! When looking at which applications cause this high percentage, it shows the antivirus program and windows explorer...

 

I was adviced to start at step 6 in the "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help". I downloaded and ran FRST. It automatically ran in my native language (Dutch), so the logs are Dutch as well. Hope this isn't a problem. Otherwise some assistance in how to run it in English would be helpfull  :blush: 

The FRST-log is shown below, the Addition.txt is attached. 

 

Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 15-03-2017
Gestart door Paul (Beheerder) op STUDEERKAMER (26-03-2017 17:17:35)
Gestart vanaf C:\Users\Paul\Downloads
Geladen Profielen: Paul (Beschikbare Profielen: Paul & Jolanda)
Platform: Windows 10 Home Versie 1607 (X64) Taal: Nederlands (Nederland)
Internet Explorer Versie 11 (Standaardbrowser: Chrome)
Boot Modus: Normal
 
==================== Processen (gefilterd) =================
 
(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Scan Utility\SETEVENT.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
Kon geen toegng krijgen tot proces -> AdwCleaner.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
() C:\Program Files (x86) (x86)\Dell V310-V510 Series\dleamon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Antivirus\avgui.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Register (gefilterd) ====================
 
(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [410616 2017-03-14] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239672 2017-02-27] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM-x32\...\Run: [dleamon.exe] => C:\Program Files (x86) (x86)\Dell V310-V510 Series\dleamon.exe [771432 2012-11-27] ()
HKLM-x32\...\Run: [EzPrint] => C:\Program Files (x86) (x86)\Dell V310-V510 Series\ezprint.exe [140648 2012-11-27] ()
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239672 2017-02-27] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1314432 2016-03-11] (CANON INC.)
HKLM-x32\...\Run: [AVGUI.exe] => C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe [254776 2017-03-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795672 2014-08-12] (CyberLink Corp.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [144696 2017-02-14] (Check Point Software Technologies Ltd.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-17] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Geen bestand
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2017-03-24]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (Geen bestand)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Monitor 3.lnk [2014-11-29]
ShortcutTarget: Device Monitor 3.lnk -> C:\Program Files (x86)\PIXELA\Everio MediaBrowser 3\MBCameraMonitor.exe (PIXELA CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2017-03-24]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Jisca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnk [2017-02-23]
ShortcutTarget: Verzenden naar OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Jolanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnk [2014-04-27]
ShortcutTarget: Verzenden naar OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnk [2015-03-02]
ShortcutTarget: Verzenden naar OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (gefilterd) ====================
 
(Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)
 
Hosts: Er zijn meer dan één item in Hosts. Zie Hosts deel van Addition.txt
Tcpip\Parameters: [DhcpNameServer] 84.116.46.20 84.116.46.21
Tcpip\..\Interfaces\{4558738f-7ef6-4f11-b324-a5e5e1d883fa}: [DhcpNameServer] 84.116.46.20 84.116.46.21
Tcpip\..\Interfaces\{6881a0f3-7cb9-4b37-a332-29361ad3dd53}: [DhcpNameServer] 84.116.46.20 84.116.46.21
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2247412043-1571970562-1656724458-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.nl/
HKU\S-1-5-21-2247412043-1571970562-1656724458-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\S-1-5-21-2247412043-1571970562-1656724458-1001 -> DefaultScope {2CECB6C0-11C1-4587-B881-14B5286E8CBB} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-03-24] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2017-01-31] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-24] (Oracle Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-24] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-24] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxps://files.pcpitstop.com/cab/pcmatic.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\14oorxbv.default [2017-03-26]
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\14oorxbv.default -> Beveiligd zoeken
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\14oorxbv.default -> Beveiligd zoeken
FF Homepage: Mozilla\Firefox\Profiles\14oorxbv.default -> google.nl
FF Extension: (2020 3D Viewer for IKEA) - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\14oorxbv.default\Extensions\2020Player_IKEA@2020Technologies.com [2017-03-06]
FF Extension: (AVG SafePrice) - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\14oorxbv.default\Extensions\sp@avg.com.xpi [2016-11-15]
FF Extension: (Geen Naam) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [niet gevonden]
FF SearchPlugin: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\14oorxbv.default\searchplugins\McSiteAdvisor.xml [2016-03-20]
FF HKU\S-1-5-21-2247412043-1571970562-1656724458-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => niet gevonden
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-24] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-24] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-24] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2016-04-14] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-24] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-02-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default [2017-03-26]
CHR Extension: (Google Drive) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-18]
CHR Extension: (YouTube) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-18]
CHR Extension: (AdBlock) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-03-13]
CHR Extension: (AVG SafePrice) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2016-12-31]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-18]
CHR Extension: (Chrome Media Router) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-25]
CHR HKU\S-1-5-21-2247412043-1571970562-1656724458-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [okmhneofinpilciglijihehjpaegledb] - <geen Path/update_url>
 
==================== Services (gefilterd) ====================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
R2 AVG Antivirus; C:\Program Files (x86)\AVG\Antivirus\AVGSvc.exe [263720 2017-03-12] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files (x86)\AVG\Antivirus\x64\aswidsagenta.exe [7197976 2017-03-12] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1257384 2017-02-27] (AVG Technologies CZ, s.r.o.)
R2 CIJSRegister; C:\Program Files (x86)\Canon\IJ Scan Utility\SETEVENT.exe [144464 2015-02-19] (CANON INC.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2017-01-17] (Microsoft Corporation)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382456 2017-03-14] (Intel Corporation)
S4 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [Bestand niet getekend]
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2123240 2017-03-24] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184688 2017-03-24] (Electronic Arts)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-03-26] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [837848 2016-02-02] (Secunia)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [32728 2017-03-20] (Dell Inc.)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4076744 2017-02-14] (Check Point Software Technologies Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2016-11-01] (Check Point Software Technologies, Ltd.)
R2 ZoneAlarm ICM Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe [1037624 2017-02-14] (Check Point Software Technologies Ltd.)
S2 0265821490351525mcinstcleanup; C:\Users\Paul\AppData\Local\Temp\026582~1.EXE -cleanup -nolog [X] <==== AANDACHT
S2 DellDataVault; "C:\Program Files\Dell\DellDataVault\DellDataVault.exe"  [X]
 
===================== Drivers (gefilterd) ======================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4599728 2017-02-22] (Qualcomm Atheros Communications, Inc.)
R1 avgbdisk; C:\WINDOWS\system32\drivers\avgbdiska.sys [166136 2017-03-12] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\system32\drivers\avgbidsdrivera.sys [311592 2017-03-12] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\system32\drivers\avgbidsha.sys [192096 2017-03-12] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\system32\drivers\avgbloga.sys [336920 2017-03-12] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\system32\drivers\avgbuniva.sys [50848 2017-03-12] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\system32\drivers\avgHwid.sys [39288 2017-03-12] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\system32\drivers\avgMonFlt.sys [127584 2017-03-12] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\system32\drivers\avgRdr2.sys [101624 2017-03-12] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\system32\drivers\avgRvrt.sys [76688 2017-03-12] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\system32\drivers\avgSnx.sys [994592 2017-03-12] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\system32\drivers\avgSP.sys [549912 2017-03-12] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\system32\drivers\avgStm.sys [163512 2017-03-12] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\system32\drivers\avgVmm.sys [338576 2017-03-12] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-08-29] (CyberLink)
S3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-31] (Dell Computer Corporation)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [23312 2015-01-31] (Dell Computer Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 DigiartyVirtualCDBus; C:\WINDOWS\System32\drivers\DigiartyVirtualCDBus.sys [276256 2016-07-04] (Digiarty Software, Inc.)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R4 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896752 2016-12-15] (Realtek                                            )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
R1 Vsdatant; C:\WINDOWS\System32\drivers\vsdatant.sys [461240 2017-03-24] (Check Point Software Technologies Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-08-12] (CyberLink Corp.)
U3 iswSvc; geen ImagePath
R3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (gefilterd) ===================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
 
==================== Een Maand Aangemaakt bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)
 
2017-03-26 17:17 - 2017-03-26 17:19 - 00024521 _____ C:\Users\Paul\Downloads\FRST.txt
2017-03-26 17:17 - 2017-03-26 17:17 - 00000000 ____D C:\FRST
2017-03-26 17:16 - 2017-03-26 17:17 - 02424832 _____ (Farbar) C:\Users\Paul\Downloads\FRST64.exe
2017-03-24 19:05 - 2017-03-24 19:05 - 00000000 ____D C:\SQLServer2016Media
2017-03-24 19:03 - 2017-03-24 19:03 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2017-03-24 17:35 - 2017-03-24 17:35 - 00000000 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts
2017-03-24 17:34 - 2017-03-24 17:34 - 00439596 _____ C:\WINDOWS\system32\Drivers\vsconfig.xml
2017-03-24 17:33 - 2017-03-24 17:33 - 00000778 _____ C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2017-03-24 17:33 - 2017-03-24 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2017-03-24 17:33 - 2017-03-24 17:33 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2017-03-24 17:32 - 2017-03-24 17:32 - 05956712 _____ (Check Point Software Technologies Ltd.) C:\Users\Paul\Downloads\zafwSetupWeb_150_653_17211.exe
2017-03-24 17:32 - 2017-03-24 17:32 - 00000000 ____D C:\ProgramData\CheckPoint
2017-03-24 17:24 - 2017-03-24 17:24 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Paul\Downloads\rkill.exe
2017-03-24 15:12 - 2017-03-24 15:12 - 00003560 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2017-03-24 13:04 - 2017-03-24 13:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 14
2017-03-24 13:04 - 2017-03-24 13:04 - 00000000 ____D C:\ProgramData\PDVD
2017-03-24 13:04 - 2017-03-24 13:04 - 00000000 ____D C:\Program Files (x86)\NSIS Uninstall Information
2017-03-24 12:57 - 2017-03-24 12:57 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2017-03-24 12:57 - 2017-03-24 12:57 - 00000000 ____D C:\ProgramData\install_clap
2017-03-24 12:45 - 2017-03-24 12:45 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Origin
2017-03-24 12:41 - 2017-03-24 12:41 - 00000000 ____D C:\Users\Paul\.QtWebEngineProcess
2017-03-24 12:41 - 2017-03-24 12:41 - 00000000 ____D C:\Users\Paul\.Origin
2017-03-24 12:40 - 2017-03-24 12:41 - 00000000 ____D C:\Users\Paul\AppData\Local\Origin
2017-03-24 12:39 - 2017-03-24 13:35 - 00000000 ____D C:\Users\Paul\Documents\My Filehippo Downloads
2017-03-24 12:37 - 2017-03-24 12:37 - 00002083 _____ C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileHippo App Manager.lnk
2017-03-24 12:36 - 2017-03-24 12:36 - 02190552 _____ C:\Users\Paul\Downloads\appmanagersetup_2.0_b4_292.exe
2017-03-24 12:33 - 2017-03-24 12:33 - 00001148 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2017-03-24 12:33 - 2017-03-24 12:33 - 00000000 ____D C:\Program Files (x86)\Secunia
2017-03-24 12:29 - 2017-03-24 12:29 - 00001557 _____ C:\Users\Paul\Desktop\Junk Removal Tool (elke vrijdag!).lnk
2017-03-24 12:29 - 2017-03-24 12:29 - 00000000 ____D C:\Program Files (x86)\Junk Removal Tool
2017-03-24 12:24 - 2017-03-24 12:25 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2017-03-24 12:21 - 2017-03-24 12:25 - 00001549 _____ C:\Users\Paul\Desktop\AdwCleaner (elke vrijdag!).lnk
2017-03-24 12:20 - 2017-03-24 18:42 - 00000000 ____D C:\AdwCleaner
2017-03-24 12:17 - 2017-03-24 12:32 - 04002104 _____ (Secunia) C:\Users\Paul\Downloads\PSISetup.exe
2017-03-24 12:17 - 2017-03-24 12:29 - 00448512 _____ (OldTimer Tools) C:\Users\Paul\Desktop\Temp File Cleaner (elke vrijdag!).exe
2017-03-24 12:14 - 2017-03-24 12:14 - 00003648 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-03-24 12:12 - 2017-03-24 12:14 - 00000966 _____ C:\DelFix.txt
2017-03-24 12:12 - 2017-03-24 12:12 - 00000000 ____D C:\WINDOWS\ERUNT
2017-03-24 12:10 - 2017-03-24 12:10 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Oracle
2017-03-24 12:06 - 2017-03-24 12:06 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-03-24 12:06 - 2017-03-24 12:06 - 00000000 ____D C:\Program Files\Java
2017-03-24 11:51 - 2017-03-24 11:52 - 56427072 _____ (Oracle Corporation) C:\Users\Paul\Downloads\jre-8u121-windows-i586.exe
2017-03-24 11:50 - 2017-03-24 12:05 - 64153152 _____ (Oracle Corporation) C:\Users\Paul\Downloads\jre-8u121-windows-x64.exe
2017-03-24 11:50 - 2017-03-24 11:50 - 00004692 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-03-23 15:39 - 2017-03-23 15:39 - 00000000 ____D C:\ProgramData\Sophos
2017-03-23 15:36 - 2017-03-23 15:38 - 164921736 _____ (Sophos Limited) C:\Users\Paul\Downloads\Sophos Virus Removal Tool.exe
2017-03-14 15:38 - 2017-03-24 17:20 - 00000000 ____D C:\Users\Paul\Desktop\Programma's en logbestanden voor Forumhulp
2017-03-14 14:46 - 2017-03-14 14:46 - 00000000 ____D C:\ProgramData\PC-Doctor, Inc
2017-03-14 14:02 - 2017-03-14 15:21 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-03-14 14:01 - 2017-03-14 14:01 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-03-14 13:19 - 2017-03-24 18:44 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-14 13:19 - 2017-03-14 13:19 - 00001914 _____ C:\Users\Paul\Desktop\Malwarebytes (1x in 2 weken).lnk
2017-03-14 13:19 - 2017-03-14 13:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-14 13:19 - 2017-02-24 07:23 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-14 13:18 - 2017-03-14 13:18 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-14 13:01 - 2017-03-14 13:01 - 00000148 _____ C:\Users\Paul\Desktop\PC very slow, CPU at 100% and several useraccounts -can't login to microsoft- - Am I infected- What do I do-.url
2017-03-14 00:22 - 2017-03-14 00:22 - 40213960 _____ (Intel Corporation) C:\WINDOWS\system32\igdumdim64.dll
2017-03-14 00:22 - 2017-03-14 00:22 - 33775616 _____ (Intel Corporation) C:\WINDOWS\system32\igd11dxva64.dll
2017-03-14 00:22 - 2017-03-14 00:22 - 15630704 _____ (Intel Corporation) C:\WINDOWS\system32\igc64.dll
2017-03-14 00:22 - 2017-03-14 00:22 - 13607808 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igc32.dll
2017-03-14 00:22 - 2017-03-14 00:22 - 04316136 _____ (Intel Corporation) C:\WINDOWS\system32\igd12umd64.dll
2017-03-14 00:22 - 2017-03-14 00:22 - 04284872 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd12umd32.dll
2017-03-14 00:22 - 2017-03-14 00:22 - 02422512 _____ (Intel Corporation) C:\WINDOWS\system32\igdmd64.dll
2017-03-14 00:22 - 2017-03-14 00:22 - 01883368 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdmd32.dll
2017-03-14 00:22 - 2017-03-14 00:22 - 01841096 _____ (Intel Corporation) C:\WINDOWS\system32\iglhsip64.dll
2017-03-14 00:22 - 2017-03-14 00:22 - 01838400 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhsip32.dll
2017-03-14 00:22 - 2017-03-14 00:22 - 00323744 _____ (Intel Corporation) C:\WINDOWS\system32\igd10idpp64.dll
2017-03-14 00:22 - 2017-03-14 00:22 - 00308496 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10idpp32.dll
2017-03-14 00:22 - 2017-03-14 00:22 - 00253024 _____ (Intel Corporation) C:\WINDOWS\system32\iglhcp64.dll
2017-03-14 00:22 - 2017-03-14 00:22 - 00233928 _____ (Intel Corporation) C:\WINDOWS\system32\igdde64.dll
2017-03-14 00:22 - 2017-03-14 00:22 - 00215864 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhcp32.dll
2017-03-14 00:22 - 2017-03-14 00:22 - 00194344 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmrt64.dll
2017-03-14 00:22 - 2017-03-14 00:22 - 00193320 _____ (Intel Corporation) C:\WINDOWS\system32\igfx11cmrt64.dll
2017-03-14 00:22 - 2017-03-14 00:22 - 00192160 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdde32.dll
2017-03-14 00:22 - 2017-03-14 00:22 - 00170376 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmrt32.dll
2017-03-14 00:22 - 2017-03-14 00:22 - 00170376 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfx11cmrt32.dll
2017-03-14 00:22 - 2017-03-14 00:22 - 00064568 _____ (Intel Corporation) C:\WINDOWS\system32\igfxexps.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 29110288 _____ (Intel Corporation) C:\WINDOWS\system32\common_clang64.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 19870224 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\common_clang32.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 11750928 _____ (Intel Corporation) C:\WINDOWS\system32\ig75icd64.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 08740880 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ig75icd32.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 05697552 _____ (Intel Corporation) C:\WINDOWS\system32\igdmcl64.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 05271568 _____ (Intel Corporation) C:\WINDOWS\system32\GfxResources.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 04937240 _____ (Intel Corporation) C:\WINDOWS\system32\igdrcl64.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 04372496 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdrcl32.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 03980304 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdmcl32.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 01599504 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmjit64.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 01187344 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmjit32.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 01035768 _____ C:\WINDOWS\system32\igfxSDK.exe
2017-03-14 00:20 - 2017-03-14 00:20 - 00976880 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv4_0.exe
2017-03-14 00:20 - 2017-03-14 00:20 - 00973304 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv2_0.exe
2017-03-14 00:20 - 2017-03-14 00:20 - 00713752 _____ (Intel Corporation) C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 00545272 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUMS64.exe
2017-03-14 00:20 - 2017-03-14 00:20 - 00475640 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUIEx.exe
2017-03-14 00:20 - 2017-03-14 00:20 - 00457208 _____ (Intel Corporation) C:\WINDOWS\system32\IntelCpHDCPSvc.exe
2017-03-14 00:20 - 2017-03-14 00:20 - 00448016 _____ (Intel Corporation) C:\WINDOWS\system32\igdbcl64.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 00424984 _____ (Intel Corporation) C:\WINDOWS\system32\IntelOpenCL64.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 00398864 _____ (Intel Corporation) C:\WINDOWS\system32\igfxOSP.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 00397328 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdbcl32.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 00358896 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMCComp64.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 00327184 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelOpenCL32.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 00310264 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe
2017-03-14 00:20 - 2017-03-14 00:20 - 00282128 _____ C:\WINDOWS\system32\igfxCPL.cpl
2017-03-14 00:20 - 2017-03-14 00:20 - 00274960 _____ (Intel Corporation) C:\WINDOWS\system32\igdfcl64.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 00263704 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDTCM.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 00245752 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
2017-03-14 00:20 - 2017-03-14 00:20 - 00241144 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyApp.exe
2017-03-14 00:20 - 2017-03-14 00:20 - 00240632 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyAppv2_0.exe
2017-03-14 00:20 - 2017-03-14 00:20 - 00234000 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdfcl32.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 00201744 _____ (Intel Corporation) C:\WINDOWS\system32\igdail64.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 00183800 _____ (Intel Corporation) C:\WINDOWS\system32\difx64.exe
2017-03-14 00:20 - 2017-03-14 00:20 - 00182800 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdail32.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 00120336 _____ ( ) C:\WINDOWS\system32\igfxSDKLibv2_0.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 00112656 _____ (Khronos Group) C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 00112144 _____ C:\WINDOWS\system32\igfxCUIServicePS.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 00109584 _____ ( ) C:\WINDOWS\system32\igfxSDKLib.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 00108560 _____ (Khronos Group) C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 00103952 _____ ( ) C:\WINDOWS\system32\igfxDHLibv2_0.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 00093200 _____ ( ) C:\WINDOWS\system32\igfxDHLib.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 00061456 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxexps32.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 00037912 _____ ( ) C:\WINDOWS\system32\igfxDILib.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 00037904 _____ ( ) C:\WINDOWS\system32\igfxDILibv2_0.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 00036368 _____ ( ) C:\WINDOWS\system32\igfxEMLibv2_0.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 00036368 _____ ( ) C:\WINDOWS\system32\igfxEMLib.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 00031248 _____ ( ) C:\WINDOWS\system32\igfxLHMLibv2_0.dll
2017-03-14 00:20 - 2017-03-14 00:20 - 00031248 _____ ( ) C:\WINDOWS\system32\igfxLHMLib.dll
2017-03-13 16:09 - 2017-03-13 16:11 - 00000000 ____D C:\Users\TEMP.STUDEERKAMER\AppData\Local\CrashDumps
2017-03-13 16:02 - 2017-03-13 16:02 - 00000000 ____D C:\Users\TEMP.STUDEERKAMER\AppData\Roaming\AVG
2017-03-13 15:56 - 2017-03-13 15:56 - 00000000 ____D C:\Users\TEMP.STUDEERKAMER\AppData\Local\MicrosoftEdge
2017-03-13 15:55 - 2017-03-13 15:55 - 00002469 _____ C:\Users\TEMP.STUDEERKAMER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-03-13 15:55 - 2017-03-13 15:55 - 00000000 ___RD C:\Users\TEMP.STUDEERKAMER\OneDrive
2017-03-13 15:51 - 2017-03-13 15:52 - 00000000 ____D C:\Users\TEMP.STUDEERKAMER.000\AppData\Local\ConnectedDevicesPlatform
2017-03-13 15:51 - 2017-03-13 15:52 - 00000000 ____D C:\Users\TEMP.STUDEERKAMER.000
2017-03-13 15:51 - 2017-03-13 15:51 - 00000000 ____D C:\Users\TEMP.STUDEERKAMER\AppData\Roaming\Intel Corporation
2017-03-13 15:50 - 2017-03-13 15:55 - 00000000 ____D C:\Users\TEMP.STUDEERKAMER
2017-03-13 15:50 - 2017-03-13 15:52 - 00000000 ____D C:\Users\TEMP.STUDEERKAMER\AppData\Local\Packages
2017-03-13 15:50 - 2017-03-13 15:51 - 00000000 ____D C:\Users\TEMP.STUDEERKAMER\AppData\Local\ConnectedDevicesPlatform
2017-03-13 15:50 - 2017-03-13 15:50 - 00000020 ___SH C:\Users\TEMP.STUDEERKAMER\ntuser.ini
2017-03-13 15:50 - 2017-03-13 15:50 - 00000000 _SHDL C:\Users\TEMP.STUDEERKAMER\Sjablonen
2017-03-13 15:50 - 2017-03-13 15:50 - 00000000 _SHDL C:\Users\TEMP.STUDEERKAMER\Netwerkprinteromgeving
2017-03-13 15:50 - 2017-03-13 15:50 - 00000000 _SHDL C:\Users\TEMP.STUDEERKAMER\Mijn documenten
2017-03-13 15:50 - 2017-03-13 15:50 - 00000000 _SHDL C:\Users\TEMP.STUDEERKAMER\Menu Start
2017-03-13 15:50 - 2017-03-13 15:50 - 00000000 _SHDL C:\Users\TEMP.STUDEERKAMER\Documents\Mijn video's
2017-03-13 15:50 - 2017-03-13 15:50 - 00000000 _SHDL C:\Users\TEMP.STUDEERKAMER\Documents\Mijn muziek
2017-03-13 15:50 - 2017-03-13 15:50 - 00000000 _SHDL C:\Users\TEMP.STUDEERKAMER\Documents\Mijn afbeeldingen
2017-03-13 15:50 - 2017-03-13 15:50 - 00000000 _SHDL C:\Users\TEMP.STUDEERKAMER\AppData\Roaming\Microsoft\Windows\Start Menu\Programma's
2017-03-13 15:50 - 2017-03-13 15:50 - 00000000 _SHDL C:\Users\TEMP.STUDEERKAMER\AppData\Local\Geschiedenis
2017-03-13 15:50 - 2017-03-13 15:50 - 00000000 ____D C:\Users\TEMP.STUDEERKAMER\AppData\Local\VirtualStore
2017-03-13 15:50 - 2017-03-13 15:50 - 00000000 ____D C:\Users\TEMP.STUDEERKAMER\AppData\Local\TileDataLayer
2017-03-13 15:50 - 2017-03-13 15:50 - 00000000 ____D C:\Users\TEMP.STUDEERKAMER\AppData\Local\Google
2017-03-13 15:50 - 2017-03-13 15:50 - 00000000 ____D C:\Users\TEMP.STUDEERKAMER\AppData\Local\CEF
2017-03-13 15:50 - 2016-08-21 19:01 - 00000000 ____D C:\Users\TEMP.STUDEERKAMER\AppData\Roaming\TuneUp Software
2017-03-13 15:50 - 2016-08-21 19:01 - 00000000 ____D C:\Users\TEMP.STUDEERKAMER\AppData\Local\AVG
2017-03-13 15:50 - 2014-04-02 07:47 - 00000143 _____ C:\Users\TEMP.STUDEERKAMER\Desktop\eBay.url
2017-03-13 15:49 - 2017-03-13 15:50 - 00000000 ____D C:\Users\TEMP\AppData\Local\ConnectedDevicesPlatform
2017-03-13 15:49 - 2017-03-13 15:50 - 00000000 ____D C:\Users\TEMP
2017-03-13 13:43 - 2017-03-13 13:43 - 00000000 ____D C:\Users\Paul\AppData\Local\Microsoft_Corporation
2017-03-12 18:24 - 2017-03-12 18:24 - 00000000 ____D C:\Users\Paul\AppData\Roaming\AVG
2017-03-12 17:58 - 2017-03-12 17:58 - 00004008 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2017-03-12 17:57 - 2017-03-12 17:59 - 00549912 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgsp.sys
2017-03-12 17:57 - 2017-03-12 17:55 - 00338576 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2017-03-12 17:57 - 2017-03-12 17:55 - 00163512 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2017-03-12 17:57 - 2017-03-12 17:55 - 00127584 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2017-03-12 17:57 - 2017-03-12 17:55 - 00101624 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2017-03-12 17:57 - 2017-03-12 17:55 - 00076688 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2017-03-12 17:57 - 2017-03-12 17:55 - 00039288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
2017-03-12 17:57 - 2017-03-12 17:54 - 00994592 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2017-03-12 17:57 - 2017-03-12 17:53 - 00336920 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbloga.sys
2017-03-12 17:57 - 2017-03-12 17:53 - 00311592 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdrivera.sys
2017-03-12 17:57 - 2017-03-12 17:53 - 00192096 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsha.sys
2017-03-12 17:57 - 2017-03-12 17:53 - 00166136 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiska.sys
2017-03-12 17:57 - 2017-03-12 17:53 - 00050848 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniva.sys
2017-03-12 17:55 - 2017-03-12 17:55 - 00399392 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2017-03-12 17:48 - 2017-03-12 17:48 - 00000955 _____ C:\Users\Public\Desktop\AVG.lnk
2017-03-12 17:36 - 2017-03-12 18:01 - 00000000 ____D C:\Users\Paul\AppData\Local\AvgSetupLog
2017-03-12 16:48 - 2017-03-12 16:48 - 00000000 ____D C:\Users\Paul\AppData\Local\AdAwareDesktop
2017-03-12 16:45 - 2017-03-12 16:45 - 00000000 ____D C:\Users\Paul\AppData\Local\AdAwareUpdater
2017-03-12 16:45 - 2017-03-12 16:45 - 00000000 ____D C:\Program Files\Common Files\adaware
2017-03-11 21:27 - 2017-03-11 21:27 - 00006758 _____ C:\Users\Paul\Documents\AdwCleaner log 11-3-2017.txt
2017-03-11 18:15 - 2017-03-11 18:15 - 00000000 ____D C:\Users\Paul\Documents\Dell Downloads
2017-03-11 16:26 - 2017-03-11 16:26 - 00000000 ____D C:\Users\Paul\AppData\LocalLow\PCDr
2017-03-11 16:09 - 2017-03-11 20:08 - 00000000 ____D C:\Users\Paul\AppData\Local\Deployment
2017-03-11 16:09 - 2017-03-11 16:09 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2017-03-08 21:57 - 2017-03-08 21:57 - 00090053 _____ C:\Users\Paul\Downloads\Aangiftebriefinkomstenbelasting2016.pdf
2017-03-08 21:22 - 2017-03-08 21:22 - 00108050 _____ C:\Users\Paul\Downloads\Jaaroverzichten-263832708-2016.pdf
2017-03-08 21:01 - 2017-03-08 21:02 - 00000000 ____D C:\Users\Ilja\AppData\Roaming\Canon
2017-03-08 21:01 - 2017-03-08 21:01 - 00581751 _____ C:\Users\Ilja\Documents\IMG_20170308_0001.pdf
2017-03-07 21:37 - 2017-03-07 21:37 - 00421620 _____ C:\Users\Jisca\Downloads\meatloaf.zip
2017-03-07 21:35 - 2017-03-07 21:35 - 00043015 _____ C:\Users\Jisca\Downloads\night_wind_sent.zip
2017-03-07 21:33 - 2017-03-07 21:33 - 00577856 _____ C:\Users\Jisca\Downloads\gloss_and_bloom.zip
2017-03-07 21:33 - 2017-03-07 21:33 - 00184332 _____ C:\Users\Jisca\Downloads\lie_to_me.zip
2017-03-07 16:54 - 2017-03-07 16:54 - 00000000 ____D C:\UWT
2017-03-07 15:08 - 2017-03-07 15:08 - 00000020 ___SH C:\Users\PCPitstopSVC\ntuser.ini
2017-03-07 15:08 - 2017-03-07 15:08 - 00000000 _SHDL C:\Users\PCPitstopSVC\Sjablonen
2017-03-07 15:08 - 2017-03-07 15:08 - 00000000 _SHDL C:\Users\PCPitstopSVC\Netwerkprinteromgeving
2017-03-07 15:08 - 2017-03-07 15:08 - 00000000 _SHDL C:\Users\PCPitstopSVC\Mijn documenten
2017-03-07 15:08 - 2017-03-07 15:08 - 00000000 _SHDL C:\Users\PCPitstopSVC\Menu Start
2017-03-07 15:08 - 2017-03-07 15:08 - 00000000 _SHDL C:\Users\PCPitstopSVC\Documents\Mijn video's
2017-03-07 15:08 - 2017-03-07 15:08 - 00000000 _SHDL C:\Users\PCPitstopSVC\Documents\Mijn muziek
2017-03-07 15:08 - 2017-03-07 15:08 - 00000000 _SHDL C:\Users\PCPitstopSVC\Documents\Mijn afbeeldingen
2017-03-07 15:08 - 2017-03-07 15:08 - 00000000 _SHDL C:\Users\PCPitstopSVC\AppData\Roaming\Microsoft\Windows\Start Menu\Programma's
2017-03-07 15:08 - 2017-03-07 15:08 - 00000000 _SHDL C:\Users\PCPitstopSVC\AppData\Local\Geschiedenis
2017-03-07 15:08 - 2017-03-07 15:08 - 00000000 ____D C:\Users\PCPitstopSVC\AppData\Local\AVG
2017-03-07 15:08 - 2017-03-07 15:08 - 00000000 ____D C:\Users\PCPitstopSVC
2017-03-07 15:08 - 2016-11-14 21:48 - 00000000 ____D C:\Users\PCPitstopSVC\AppData\Local\Google
2017-03-07 15:08 - 2016-08-21 19:01 - 00000000 ____D C:\Users\PCPitstopSVC\AppData\Roaming\TuneUp Software
2017-03-07 15:08 - 2014-04-02 07:47 - 00000143 _____ C:\Users\PCPitstopSVC\Desktop\eBay.url
2017-03-07 14:41 - 2017-03-07 14:41 - 00000000 ____D C:\Users\Jisca\AppData\Local\CrashDumps
2017-03-07 14:35 - 2017-03-07 16:59 - 00000000 ____D C:\Program Files (x86)\PCPitstop
2017-03-07 14:35 - 2017-03-07 16:43 - 00000000 ____D C:\ProgramData\PCPitstop
2017-03-07 14:35 - 2017-03-07 14:35 - 06087288 _____ (PC Pitstop LLC ) C:\Users\Jisca\Downloads\pcmatic-setup-0008 (1).exe
2017-03-07 14:34 - 2017-03-07 14:35 - 06087288 _____ (PC Pitstop LLC ) C:\Users\Jisca\Downloads\pcmatic-setup-0008.exe
2017-03-07 14:22 - 2017-03-07 14:32 - 00007602 _____ C:\Users\Jisca\AppData\Local\Resmon.ResmonCfg
2017-03-07 14:22 - 2017-03-07 14:22 - 00000319 _____ C:\Users\Jisca\Downloads\kill-searchui.zip
2017-03-06 17:47 - 2017-03-06 17:47 - 00070344 _____ C:\Users\Paul\Downloads\Ontvangstbevestiging_Aangifte_inkomstenbelasting_2016_06-03-2017_16.47u.pdf
2017-03-02 12:54 - 2017-03-02 12:54 - 00200605 _____ C:\Users\Jolanda\Downloads\ParnasSys - Leerlinganalyse - Per toetsserie (02-03-2017 11-54-01).pdf
2017-03-02 12:50 - 2017-03-02 12:50 - 00060777 _____ C:\Users\Jolanda\Downloads\ParnasSys - Inspectiekaart - Inspectie (02-03-2017 11-50-42).pdf
2017-03-01 13:51 - 2017-03-01 13:51 - 00306625 _____ C:\Users\Jolanda\Downloads\bizhubC36416071214040.pdf
2017-02-27 08:58 - 2017-02-27 08:58 - 00728688 _____ C:\Users\Jolanda\Downloads\Pdo Rhona Voortman scan (1).pdf
2017-02-27 08:51 - 2017-02-27 08:51 - 00728688 _____ C:\Users\Jolanda\Downloads\Pdo Rhona Voortman scan.pdf
2017-02-26 14:42 - 2017-02-26 14:42 - 00123249 _____ C:\Users\Jolanda\Downloads\1617-07Vlindertuin-032.pdf
2017-02-26 14:40 - 2017-02-26 14:40 - 00177884 _____ C:\Users\Jolanda\Downloads\aanvraag arr rv.pdf
 
==================== Een Maand Gewijzigd bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)
 
2017-03-26 17:10 - 2016-08-21 18:48 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-26 17:10 - 2015-10-11 17:28 - 00000000 __SHD C:\Users\Paul\IntelGraphicsProfiles
2017-03-25 19:24 - 2016-08-21 18:46 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-25 18:14 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-25 18:14 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-25 18:14 - 2014-04-09 17:08 - 00000000 ____D C:\Users\Paul\AppData\Local\Packages
2017-03-25 18:11 - 2016-09-20 14:23 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-03-25 11:43 - 2014-07-06 12:55 - 00000000 ____D C:\Users\Public\Documents\CyberLink
2017-03-24 18:34 - 2016-03-12 16:51 - 00002370 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-24 18:34 - 2016-03-12 16:51 - 00002358 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-24 18:33 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-03-24 18:33 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-03-24 18:33 - 2016-03-12 18:16 - 00000000 ____D C:\Users\Paul\AppData\Local\Google
2017-03-24 17:35 - 2017-02-14 06:17 - 00461240 _____ (Check Point Software Technologies Ltd.) C:\WINDOWS\system32\Drivers\vsdatant.sys
2017-03-24 17:35 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2017-03-24 13:04 - 2015-08-23 14:25 - 00000000 ____D C:\Users\Paul\AppData\Local\CyberLink
2017-03-24 13:04 - 2014-04-02 07:36 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-03-24 13:04 - 2014-04-02 07:36 - 00000000 ____D C:\ProgramData\CyberLink
2017-03-24 13:03 - 2014-04-02 07:36 - 00000000 ____D C:\Program Files (x86)\CyberLink
2017-03-24 12:56 - 2014-06-22 18:54 - 00000000 ____D C:\ProgramData\Origin
2017-03-24 12:45 - 2017-01-06 17:49 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-24 12:45 - 2014-06-22 18:54 - 00000000 ____D C:\Program Files (x86)\Origin
2017-03-24 12:41 - 2016-08-21 18:51 - 00000000 ____D C:\Users\Paul
2017-03-24 12:06 - 2015-03-08 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-03-24 12:03 - 2016-08-21 19:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-24 12:02 - 2016-07-16 08:04 - 01572864 _____ C:\WINDOWS\system32\config\BBI
2017-03-24 12:01 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-03-24 11:57 - 2016-03-12 18:34 - 00000000 ____D C:\Users\Paul\AppData\Local\MicrosoftEdge
2017-03-24 11:54 - 2015-03-08 15:38 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-03-24 11:54 - 2015-03-08 15:38 - 00000000 ____D C:\ProgramData\Oracle
2017-03-24 11:54 - 2015-03-08 15:38 - 00000000 ____D C:\Program Files (x86)\Java
2017-03-24 11:51 - 2014-04-09 20:39 - 00000000 ____D C:\Users\Paul\AppData\Local\Adobe
2017-03-24 11:50 - 2016-08-21 19:16 - 00004496 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-03-24 11:43 - 2016-08-19 11:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-03-23 15:13 - 2014-04-18 16:49 - 00000000 ____D C:\Users\Paul\AppData\Local\CrashDumps
2017-03-23 14:35 - 2015-02-12 17:31 - 00000000 ____D C:\ProgramData\SupportAssistAgent
2017-03-21 19:17 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-21 19:15 - 2016-02-17 20:21 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-03-21 19:13 - 2015-10-12 07:56 - 00000000 __SHD C:\Users\Jolanda\IntelGraphicsProfiles
2017-03-16 20:56 - 2014-04-09 18:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-16 20:55 - 2016-11-30 12:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-16 20:52 - 2016-11-20 10:19 - 00000000 ____D C:\Users\Jolanda\AppData\LocalLow\Mozilla
2017-03-16 20:52 - 2015-07-02 19:36 - 00000000 ____D C:\Users\Jolanda\AppData\Roaming\AVG
2017-03-14 15:16 - 2016-08-21 18:48 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-03-14 14:02 - 2014-11-06 19:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-14 13:03 - 2016-08-21 18:51 - 00000000 ____D C:\Users\Jolanda
2017-03-14 13:03 - 2016-08-21 18:51 - 00000000 ____D C:\Users\Jisca
2017-03-14 13:03 - 2016-08-21 18:51 - 00000000 ____D C:\Users\Ilja
2017-03-14 12:58 - 2016-11-19 19:52 - 00000000 ____D C:\Users\Paul\AppData\LocalLow\Mozilla
2017-03-14 00:22 - 2016-05-27 15:53 - 39246776 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdumdim32.dll
2017-03-14 00:22 - 2016-05-27 15:53 - 35131648 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd11dxva32.dll
2017-03-14 00:22 - 2016-05-27 15:53 - 15982784 _____ (Intel Corporation) C:\WINDOWS\system32\igd10iumd64.dll
2017-03-14 00:22 - 2016-05-27 15:53 - 12798456 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10iumd32.dll
2017-03-14 00:22 - 2016-05-27 15:53 - 06763136 _____ (Intel Corporation) C:\WINDOWS\system32\igdusc64.dll
2017-03-14 00:22 - 2016-05-27 15:53 - 05193384 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdusc32.dll
2017-03-14 00:20 - 2016-08-21 18:48 - 00112656 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-03-14 00:20 - 2016-08-21 18:48 - 00108560 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-03-14 00:20 - 2016-05-27 15:50 - 07974904 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd64.sys
2017-03-14 00:20 - 2016-05-27 15:50 - 02150936 _____ (Intel Corporation) C:\WINDOWS\system32\igfxLHM.dll
2017-03-14 00:20 - 2016-05-27 15:50 - 00765456 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDH.dll
2017-03-14 00:20 - 2016-05-27 15:50 - 00410616 _____ C:\WINDOWS\system32\igfxTray.exe
2017-03-14 00:20 - 2016-05-27 15:50 - 00407568 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDI.dll
2017-03-14 00:20 - 2016-05-27 15:50 - 00382456 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCUIService.exe
2017-03-14 00:20 - 2016-05-27 15:50 - 00363512 _____ (Intel Corporation) C:\WINDOWS\system32\igfxEM.exe
2017-03-14 00:20 - 2016-05-27 15:50 - 00277496 _____ (Intel Corporation) C:\WINDOWS\system32\igfxHK.exe
2017-03-13 16:10 - 2015-10-13 14:32 - 00000000 __SHD C:\Users\Ilja\IntelGraphicsProfiles
2017-03-13 15:51 - 2015-10-12 18:19 - 00000000 __SHD C:\Users\Jisca\IntelGraphicsProfiles
2017-03-13 15:51 - 2014-04-09 16:55 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-12 22:00 - 2016-07-16 08:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-03-12 21:52 - 2015-05-07 22:17 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-03-12 18:28 - 2015-06-30 17:02 - 00000000 ____D C:\ProgramData\AVG
2017-03-12 18:20 - 2016-07-16 13:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-03-12 18:20 - 2015-06-12 11:20 - 00000000 ____D C:\Program Files\Common Files\AV
2017-03-12 18:20 - 2015-05-31 11:18 - 00000000 ____D C:\Users\Paul\AppData\Local\Avg
2017-03-12 18:14 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-12 17:50 - 2014-04-09 17:15 - 00000000 ____D C:\Program Files (x86)\AVG
2017-03-12 16:47 - 2015-08-13 18:06 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-03-11 21:28 - 2014-04-12 17:18 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-03-11 21:25 - 2016-08-21 18:46 - 00270944 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-03-11 20:08 - 2014-04-29 11:14 - 00000000 ____D C:\Users\Paul\AppData\Local\ElevatedDiagnostics
2017-03-11 18:42 - 2014-04-02 07:45 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-03-11 18:41 - 2016-08-21 18:48 - 00000000 ____D C:\Program Files\Intel
2017-03-11 16:24 - 2014-04-02 07:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-03-11 16:23 - 2014-04-02 07:47 - 00000000 ____D C:\ProgramData\PCDr
2017-03-11 16:22 - 2016-08-22 16:35 - 00000000 ____D C:\Program Files\Dell
2017-03-11 16:11 - 2014-04-02 07:59 - 00000000 ____D C:\ProgramData\Dell
2017-03-09 14:56 - 2014-04-13 13:41 - 00000000 ____D C:\Users\Jolanda\Documents\recepten
2017-03-07 21:58 - 2016-08-19 12:05 - 00000000 ___RD C:\Users\Jisca\Google Drive
2017-03-07 19:02 - 2014-05-10 18:00 - 00007605 _____ C:\Users\Paul\AppData\Local\resmon.resmoncfg
2017-03-07 16:54 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SystemApps
2017-03-07 15:14 - 2014-04-09 17:28 - 00000000 ____D C:\Users\Jisca\AppData\Local\Packages
2017-03-07 14:37 - 2016-07-16 13:47 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-03-06 17:58 - 2017-01-06 17:49 - 00000000 ____D C:\ProgramData\Google
2017-03-06 17:58 - 2016-03-12 16:50 - 00000000 ____D C:\Users\Jisca\AppData\Local\Google
2017-03-06 13:58 - 2014-04-09 19:56 - 00000000 ____D C:\Users\Jolanda\AppData\Local\Packages
2017-03-05 13:22 - 2014-04-20 20:15 - 00000000 ____D C:\Users\Jolanda\Documents\Outlook-bestanden
2017-03-04 18:54 - 2017-01-04 22:22 - 00000000 ____D C:\Users\Ilja\AppData\LocalLow\Mozilla
2017-03-04 18:49 - 2014-04-10 17:29 - 00000000 ____D C:\Users\Ilja\AppData\Local\Packages
2017-03-04 15:33 - 2016-08-21 17:31 - 00000000 ____D C:\Users\Jisca\AppData\Roaming\Canon
2017-03-01 19:19 - 2014-04-13 16:58 - 00079837 _____ C:\Users\Paul\Documents\Sollicitatieoverzicht Paul van Rooijen 2011.xlsx
2017-03-01 02:14 - 2016-07-13 17:47 - 00617368 _____ (Qualcomm Atheros) C:\WINDOWS\system32\Drivers\btfilter.sys
2017-02-28 20:58 - 2014-04-02 07:50 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-02-28 13:04 - 2017-02-21 14:11 - 00000000 ____D C:\Users\Jolanda\Documents\conditie
 
==================== Bestanden in de root van sommige mappen =======
 
2014-05-10 18:00 - 2017-03-07 19:02 - 0007605 _____ () C:\Users\Paul\AppData\Local\resmon.resmoncfg
2014-05-25 12:30 - 2014-05-25 12:30 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2016-03-06 12:26 - 2016-08-21 13:17 - 0019872 _____ () C:\ProgramData\Coinstaller.log
2014-04-25 14:44 - 2017-03-26 17:16 - 0942380 _____ () C:\ProgramData\dlea.log
2014-04-29 11:10 - 2016-04-18 17:06 - 0002363 _____ () C:\ProgramData\dleaDiagnostics.log
2014-04-09 18:25 - 2016-07-21 09:39 - 1083942 _____ () C:\ProgramData\dleaJSW.log
2014-04-09 17:11 - 2017-03-26 17:17 - 4136142 _____ () C:\ProgramData\dleascan.log
2016-08-21 18:48 - 2016-08-21 18:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-04-25 14:44 - 2014-04-25 14:44 - 0000252 _____ () C:\ProgramData\FastPics.log
2014-05-25 12:30 - 2014-05-25 12:30 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2014-04-25 14:41 - 2014-04-25 14:41 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
2014-04-02 07:39 - 2014-04-02 07:40 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-04-02 07:36 - 2014-04-02 07:37 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-04-02 07:37 - 2014-04-02 07:38 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-04-02 07:38 - 2014-04-02 07:39 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-04-02 07:36 - 2014-04-02 07:36 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Bestanden om te verplaatsen of verwijderen:
====================
C:\Users\Paul\DeletePrintJobs.cmd
 
 
==================== Bamital & volsnap ======================
 
(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)
 
C:\WINDOWS\system32\winlogon.exe => Bestand is getekend
C:\WINDOWS\system32\wininit.exe => Bestand is getekend
C:\WINDOWS\explorer.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\explorer.exe => Bestand is getekend
C:\WINDOWS\system32\svchost.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\svchost.exe => Bestand is getekend
C:\WINDOWS\system32\services.exe => Bestand is getekend
C:\WINDOWS\system32\User32.dll => Bestand is getekend
C:\WINDOWS\SysWOW64\User32.dll => Bestand is getekend
C:\WINDOWS\system32\userinit.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\userinit.exe => Bestand is getekend
C:\WINDOWS\system32\rpcss.dll => Bestand is getekend
C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend
C:\WINDOWS\SysWOW64\dnsapi.dll => Bestand is getekend
C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend
 
LastRegBack: 2017-03-24 15:17
 
==================== Eind van FRST.txt ============================
 
I hope someone can help me fixing the problem with this computer! 
Thanks in advance for your time and help!
 
Jis000
 
Attached File  Addition.txt   48.36KB   2 downloads

 


Edited by Jis000, 27 March 2017 - 09:52 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:39 PM

Posted 27 March 2017 - 01:18 PM

Greetings Jis000 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Which browser(s) is affected?

Please right click on the FRST icon, select Rename, and rename it to FRSTenglish or FRST64english depending on which version you are using. Then do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2017-03-24]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (Geen bestand)
SearchScopes: HKU\S-1-5-21-2247412043-1571970562-1656724458-1001 -> DefaultScope {2CECB6C0-11C1-4587-B881-14B5286E8CBB} URL = 
FF Extension: (Geen Naam) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [niet gevonden]
FF SearchPlugin: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\14oorxbv.default\searchplugins\McSiteAdvisor.xml [2016-03-20]
FF HKU\S-1-5-21-2247412043-1571970562-1656724458-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => niet gevonden
 C:\ProgramData\McAfee Security Scan
CHR HKLM-x32\...\Chrome\Extension: [okmhneofinpilciglijihehjpaegledb] - <geen Path/update_url>
 S2 0265821490351525mcinstcleanup; C:\Users\Paul\AppData\Local\Temp\026582~1.EXE -cleanup -nolog [X] <==== AANDACHT
R4 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
Task: {4B1EDC36-2879-4AA6-B119-7684BA555E29} - System32\Tasks\{BCAF6772-CBA0-4F24-8458-5CA78D2AC964} => pcalua.exe -a C:\Users\Jolanda\Downloads\R246283.exe -d C:\Users\Jolanda\Downloads
Task: {7566C713-9546-4724-9DBB-5C49B4E85967} - System32\Tasks\{46BBA792-A7A5-4AD1-AE3E-A66E3CEB6583} => pcalua.exe -a E:\Setup.EXE -d E:\
Task: {AAA4A1F3-0AA0-4A23-BD2D-A32AD5BDD804} - System32\Tasks\{FE6B5435-6FB2-4988-8F61-C0F5A301128A} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {DF37409E-45F1-4200-ABA3-C24647E519A8} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {E27F5C26-5297-4D91-9239-9C83D99C6C46} - System32\Tasks\{0288B05B-8512-4BCF-A3FC-6218F3508F75} => pcalua.exe -a "C:\Program Files\Dell V310-V510 Series\Install\x64\instgui.exe" -d "C:\Program Files\Dell V310-V510 Series\Install\x64" -c /u MODEL="V310 Series" PRODUCT_CODE="44431D1"
AlternateDataStreams: C:\ProgramData:gs5sys [5376]
AlternateDataStreams: C:\Users\All Users:gs5sys [5376]
AlternateDataStreams: C:\Users\Jisca:gs5sys [4608]
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys [5376]
AlternateDataStreams: C:\ProgramData\Sjablonen:gs5sys [2560]
AlternateDataStreams: C:\ProgramData\Temp:04BC9A2C [140]
AlternateDataStreams: C:\ProgramData\Temp:14B00291 [145]
AlternateDataStreams: C:\ProgramData\Temp:2163E78C [121]
AlternateDataStreams: C:\ProgramData\Temp:28561FD4 [127]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:CBAF0C30 [141]
AlternateDataStreams: C:\Users\Ilja\Cookies:gs5sys [3074]
AlternateDataStreams: C:\Users\Ilja\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Ilja\AppData\Local\Geschiedenis:gs5sys [3074]
AlternateDataStreams: C:\Users\Ilja\Documents\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Jisca\Application Data:gs5sys [4864]
AlternateDataStreams: C:\Users\Jisca\Cookies:gs5sys [7680]
AlternateDataStreams: C:\Users\Jisca\Local Settings:gs5sys [4864]
AlternateDataStreams: C:\Users\Jisca\Sjablonen:gs5sys [4864]
AlternateDataStreams: C:\Users\Jisca\Desktop\desktop.ini:gs5sys [6656]
AlternateDataStreams: C:\Users\Jisca\AppData\Local:gs5sys [4864]
AlternateDataStreams: C:\Users\Jisca\AppData\Roaming:gs5sys [4864]
AlternateDataStreams: C:\Users\Jisca\AppData\Local\Application Data:gs5sys [4864]
AlternateDataStreams: C:\Users\Jisca\AppData\Local\Geschiedenis:gs5sys [6912]
AlternateDataStreams: C:\Users\Jisca\Documents\desktop.ini:gs5sys [6656]
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Which browser(s)?
  • Fixlog
  • Update on computer performance

Edited by Oh My!, 27 March 2017 - 03:04 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Jis000

Jis000
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:39 PM

Posted 28 March 2017 - 06:33 AM

Hi Gary,

 

Thanks for your reply! My name is Jisca, so feel free to call me by name :)

 

By browsers I suppose you mean webbrowsers?? The computer uses Google Chrome, and it basically hangs everytime you start it. Loading webpages takes ages and sometimes it responds slowly (i.e. opening a new tab doesn't go fluently, but after klicking the new tab opens slowly after at least 30 seconds). Other than that, windows explorer crashes randomly when trying to open several folders. Here too, the response time is long, so that you almost want to klick several times in order to make files/folders open quicker (which, as I know, doesn't help but only creates more problems, since the computer starts running a file several times). This is very annoying. I'm not the main user of this computer, the person who does use it, doesn't know much about computing, so that's why I asked for help. I also don't know exactly when this behaviour occured and what specific action caused it (main user says he didn't do anything out of the ordinary). 

 

I hope I gave the information you needed, if I misinterpreted something, please let me know!

 

This is the Fixlog from FRST:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Paul (28-03-2017 13:11:40) Run:1
Running from C:\Users\Paul\Desktop
Loaded Profiles: Paul (Available Profiles: Paul & Jisca & Jolanda)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk [2017-03-24]
ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (Geen bestand)
SearchScopes: HKU\S-1-5-21-2247412043-1571970562-1656724458-1001 -> DefaultScope {2CECB6C0-11C1-4587-B881-14B5286E8CBB} URL = 
FF Extension: (Geen Naam) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [niet gevonden]
FF SearchPlugin: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\14oorxbv.default\searchplugins\McSiteAdvisor.xml [2016-03-20]
FF HKU\S-1-5-21-2247412043-1571970562-1656724458-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => niet gevonden
 C:\ProgramData\McAfee Security Scan
CHR HKLM-x32\...\Chrome\Extension: [okmhneofinpilciglijihehjpaegledb] - <geen Path/update_url>
 S2 0265821490351525mcinstcleanup; C:\Users\Paul\AppData\Local\Temp\026582~1.EXE -cleanup -nolog [X] <==== AANDACHT
R4 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
Task: {4B1EDC36-2879-4AA6-B119-7684BA555E29} - System32\Tasks\{BCAF6772-CBA0-4F24-8458-5CA78D2AC964} => pcalua.exe -a C:\Users\Jolanda\Downloads\R246283.exe -d C:\Users\Jolanda\Downloads
Task: {7566C713-9546-4724-9DBB-5C49B4E85967} - System32\Tasks\{46BBA792-A7A5-4AD1-AE3E-A66E3CEB6583} => pcalua.exe -a E:\Setup.EXE -d E:\
Task: {AAA4A1F3-0AA0-4A23-BD2D-A32AD5BDD804} - System32\Tasks\{FE6B5435-6FB2-4988-8F61-C0F5A301128A} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {DF37409E-45F1-4200-ABA3-C24647E519A8} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {E27F5C26-5297-4D91-9239-9C83D99C6C46} - System32\Tasks\{0288B05B-8512-4BCF-A3FC-6218F3508F75} => pcalua.exe -a "C:\Program Files\Dell V310-V510 Series\Install\x64\instgui.exe" -d "C:\Program Files\Dell V310-V510 Series\Install\x64" -c /u MODEL="V310 Series" PRODUCT_CODE="44431D1"
AlternateDataStreams: C:\ProgramData:gs5sys [5376]
AlternateDataStreams: C:\Users\All Users:gs5sys [5376]
AlternateDataStreams: C:\Users\Jisca:gs5sys [4608]
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys [5376]
AlternateDataStreams: C:\ProgramData\Sjablonen:gs5sys [2560]
AlternateDataStreams: C:\ProgramData\Temp:04BC9A2C [140]
AlternateDataStreams: C:\ProgramData\Temp:14B00291 [145]
AlternateDataStreams: C:\ProgramData\Temp:2163E78C [121]
AlternateDataStreams: C:\ProgramData\Temp:28561FD4 [127]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:CBAF0C30 [141]
AlternateDataStreams: C:\Users\Ilja\Cookies:gs5sys [3074]
AlternateDataStreams: C:\Users\Ilja\Desktop\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Ilja\AppData\Local\Geschiedenis:gs5sys [3074]
AlternateDataStreams: C:\Users\Ilja\Documents\desktop.ini:gs5sys [3074]
AlternateDataStreams: C:\Users\Jisca\Application Data:gs5sys [4864]
AlternateDataStreams: C:\Users\Jisca\Cookies:gs5sys [7680]
AlternateDataStreams: C:\Users\Jisca\Local Settings:gs5sys [4864]
AlternateDataStreams: C:\Users\Jisca\Sjablonen:gs5sys [4864]
AlternateDataStreams: C:\Users\Jisca\Desktop\desktop.ini:gs5sys [6656]
AlternateDataStreams: C:\Users\Jisca\AppData\Local:gs5sys [4864]
AlternateDataStreams: C:\Users\Jisca\AppData\Roaming:gs5sys [4864]
AlternateDataStreams: C:\Users\Jisca\AppData\Local\Application Data:gs5sys [4864]
AlternateDataStreams: C:\Users\Jisca\AppData\Local\Geschiedenis:gs5sys [6912]
AlternateDataStreams: C:\Users\Jisca\Documents\desktop.ini:gs5sys [6656]
emptytemp:
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk => moved successfully
ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (Geen bestand) => not found.
HKU\S-1-5-21-2247412043-1571970562-1656724458-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi => path removed successfully
C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\14oorxbv.default\searchplugins\McSiteAdvisor.xml => moved successfully
HKU\S-1-5-21-2247412043-1571970562-1656724458-1001\Software\Mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8} => value removed successfully
"C:\ProgramData\McAfee Security Scan" => not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\okmhneofinpilciglijihehjpaegledb => key removed successfully
HKLM\System\CurrentControlSet\Services\0265821490351525mcinstcleanup => key removed successfully
0265821490351525mcinstcleanup => service removed successfully
mfesapsn => Unable to stop service.
HKLM\System\CurrentControlSet\Services\mfesapsn => key removed successfully
mfesapsn => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4B1EDC36-2879-4AA6-B119-7684BA555E29} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4B1EDC36-2879-4AA6-B119-7684BA555E29} => key removed successfully
C:\WINDOWS\System32\Tasks\{BCAF6772-CBA0-4F24-8458-5CA78D2AC964} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BCAF6772-CBA0-4F24-8458-5CA78D2AC964} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7566C713-9546-4724-9DBB-5C49B4E85967} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7566C713-9546-4724-9DBB-5C49B4E85967} => key removed successfully
C:\WINDOWS\System32\Tasks\{46BBA792-A7A5-4AD1-AE3E-A66E3CEB6583} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{46BBA792-A7A5-4AD1-AE3E-A66E3CEB6583} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AAA4A1F3-0AA0-4A23-BD2D-A32AD5BDD804} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAA4A1F3-0AA0-4A23-BD2D-A32AD5BDD804} => key removed successfully
C:\WINDOWS\System32\Tasks\{FE6B5435-6FB2-4988-8F61-C0F5A301128A} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FE6B5435-6FB2-4988-8F61-C0F5A301128A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{DF37409E-45F1-4200-ABA3-C24647E519A8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF37409E-45F1-4200-ABA3-C24647E519A8} => key removed successfully
C:\WINDOWS\System32\Tasks\AVG EUpdate Task => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG EUpdate Task => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E27F5C26-5297-4D91-9239-9C83D99C6C46} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E27F5C26-5297-4D91-9239-9C83D99C6C46} => key removed successfully
C:\WINDOWS\System32\Tasks\{0288B05B-8512-4BCF-A3FC-6218F3508F75} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0288B05B-8512-4BCF-A3FC-6218F3508F75} => key removed successfully
C:\ProgramData => ":gs5sys" ADS removed successfully.
"C:\Users\All Users" => ":gs5sys" ADS not found.
C:\Users\Jisca => ":gs5sys" ADS removed successfully.
"C:\ProgramData\Application Data" => ":gs5sys" ADS not found.
C:\ProgramData\Sjablonen => ":gs5sys" ADS removed successfully.
C:\ProgramData\Temp => ":04BC9A2C" ADS removed successfully.
C:\ProgramData\Temp => ":14B00291" ADS removed successfully.
C:\ProgramData\Temp => ":2163E78C" ADS removed successfully.
C:\ProgramData\Temp => ":28561FD4" ADS removed successfully.
C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully.
C:\ProgramData\Temp => ":CBAF0C30" ADS removed successfully.
C:\Users\Ilja\Cookies => ":gs5sys" ADS removed successfully.
C:\Users\Ilja\Desktop\desktop.ini => ":gs5sys" ADS removed successfully.
C:\Users\Ilja\AppData\Local\Geschiedenis => ":gs5sys" ADS removed successfully.
C:\Users\Ilja\Documents\desktop.ini => ":gs5sys" ADS removed successfully.
C:\Users\Jisca\Application Data => ":gs5sys" ADS removed successfully.
C:\Users\Jisca\Cookies => ":gs5sys" ADS removed successfully.
C:\Users\Jisca\Local Settings => ":gs5sys" ADS removed successfully.
C:\Users\Jisca\Sjablonen => ":gs5sys" ADS removed successfully.
C:\Users\Jisca\Desktop\desktop.ini => ":gs5sys" ADS removed successfully.
"C:\Users\Jisca\AppData\Local" => ":gs5sys" ADS not found.
"C:\Users\Jisca\AppData\Roaming" => ":gs5sys" ADS not found.
"C:\Users\Jisca\AppData\Local\Application Data" => ":gs5sys" ADS not found.
C:\Users\Jisca\AppData\Local\Geschiedenis => ":gs5sys" ADS removed successfully.
C:\Users\Jisca\Documents\desktop.ini => ":gs5sys" ADS removed successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 47269 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 60992052 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 700224 B
Edge => 1360147 B
Chrome => 362292655 B
Firefox => 9475375 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 22783 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 904625 B
NetworkService => 16362 B
Paul => 53942364 B
Jisca => 69589643 B
Jolanda => 5634656 B
Ilja => 1543417 B
PCPitstopSVC => 22783 B
 
RecycleBin => 185333658 B
EmptyTemp: => 717 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 13:18:46 ====
 
 
 
I appreciate your help, looking forward to your respond!
 


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:39 PM

Posted 28 March 2017 - 07:26 AM

Hi Jisca.

I am assuming the symptoms you described continue after the latest steps. Is that correct?

Can you use Internet Explorer and tell me if you have the same web browser issue. Hit Windows + r at the same time. Type iexplore and hit Enter and the browser should launch.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Jis000

Jis000
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:39 PM

Posted 28 March 2017 - 09:28 AM

Hi Gary,

 

Indeed, these symptoms continued after everything I've tried so far. 

 

I tried using Internet Explorer, this runs pretty smoothly. Opening different tabs and running several webpages goes well, unlike using Chrome. The Disk usage isn't at 100% while using IE. In fact, both CPU and Disk Usage are around 5%, while Memory Usage is 75%. I don't know if this means the problem is solved somehow, or that there might be a bug somewhere. 



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:39 PM

Posted 28 March 2017 - 10:19 AM

Thank you for the information.

Please do this.

===================================================

Resetting Google Chrome to Original Defaults

--------------------
  • Launch Chrome then review this page before following these steps to review what changes will take place
  • In the address bar type chrome://settings and press Enter
  • Click Show advanced settings... located at the bottom of the page
  • Under the Reset settings section click Reset settings
  • Uncheck Help make Google Chrome better by reporting the current settings if you don' t want to provide that information
  • Click Reset
  • Restart Chrome and check the performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Jis000

Jis000
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:39 PM

Posted 29 March 2017 - 04:09 AM

Hi Gary,

 

The speed of the webbrowser (responding and loading) has become better, but now the Disk usage is back to 98%.

Though, while writing this reply, it changes from 98% to 5% and back. The process that absorbes a lot MB's is "microsoft compatibility telemetry", but sometimes it just disappears out of the list. 

While that process runs, I can see the CPU, Memory and Disk usage creep up. 

Another 'absorber' is a process called 'System'. I opened the properties and the name changed to 'ntoskml.exe'.

I hope I'm not making this any more complicated by just dropping all this random info on you, but I absolutely don't know where else the problem could be (or if it actually IS a problem; I'm a bit paranoid, I guess).



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:39 PM

Posted 29 March 2017 - 02:15 PM

Let's check a setting. Please do this.

===================================================

Exporting a Registry Key From the Run Box

--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Copy and paste the following into the Run box and press Enter

regedit /e "%userprofile%\desktop\look.txt" "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection"

  • A look.txt document will be placed on your desktop
  • Copy and past the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Look.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Jis000

Jis000
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:39 PM

Posted 30 March 2017 - 06:51 AM

This is the content from the Look.txt document:

 

 
Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection]


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:39 PM

Posted 30 March 2017 - 01:57 PM

Thank you. Please do this.

===================================================

Farbar's Recovery Scan Tool Registry Search

--------------------
  • Launch FRST
  • Copy/paste the following in the Search Field
DiagTrack
  • Click Search Registry button
  • When completed click OK and a Searchreg.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Searchreg report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Jis000

Jis000
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:39 PM

Posted 31 March 2017 - 04:43 AM

This is the logfile from the Search through the registry by FRST:

 

Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Paul (31-03-2017 11:41:47)
Running from C:\Users\Paul\Desktop
Boot Mode: Normal
 
================== Search Registry: "DiagTrack" ===========
 
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.14393.0_none_cd675b431d9f4255]
"f!diagtrack.dll"="3"
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_10.0.14393.351_none_d9bc1db2a4e2c262]
"f!diagtrack.dll"="1"
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-u..ry-client.resources_31bf3856ad364e35_10.0.14393.0_nl-nl_ac5095b8e233feef]
"f!diagtrack.dll.mui"="1"
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\10.0.14393.693 (rs1_release.161220-1747)\ComponentFamilies\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_none_d2b06db35caac462]
"f256!diagtrack.dll"="0x41004400580076004E0066005A005300430078003300770035005A006E0049006F004700310042005900380055006C00640072007A0067006C003200760033004B00620052004E0037004E00780051005A00690063003D002100310030002E0030002E00310034003300390033002E0033003500310023004E005100610053007600750046006B007A0074004800670076005200700078003000620079005100310062006200670073004B00580052007900320059007A0030005200580046006A002F00690067006D00350049003D002100310030002E0030002E00310034003300390033002E00390035003300230069007A0068006B005800780039004B006A0033004C0066004700440063002B0033004E004F0043006A0064002B004E00540069007000410062006B004C006D005600500049006300440042007000650074006D0045003D002100310030002E0030002E00310034003300390033002E0030002300"
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\VersionedIndex\10.0.14393.693 (rs1_release.161220-1747)\ComponentFamilies\amd64_microsoft-windows-u..ry-client.resources_31bf3856ad364e35_nl-nl_e7a2a4eb2a615a18]
"f256!diagtrack.dll.mui"="0x78004B00710067006300720077005200420073006C0041006B004700470075006300450036005100360063004B00320072006300730067004C0071004B0034003400300038007A0035006B004700540036002B006B003D002100310030002E0030002E00310034003300390033002E0030002300"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack]
"DiagTrackAuthorization"="47"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack]
"DiagTrackStatus"="3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{56dc463b-97e8-4b59-e836-ab7c9bb96301}]
""="Microsoft-Windows-Diagtrack"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{56dc463b-97e8-4b59-e836-ab7c9bb96301}]
"ResourceFileName"="%SystemRoot%\system32\diagtrack.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{56dc463b-97e8-4b59-e836-ab7c9bb96301}]
"MessageFileName"="%SystemRoot%\system32\diagtrack.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{6489b27f-7c43-5886-1d00-0a61bb2a375b}]
"ResourceFileName"="%SystemRoot%\system32\diagtrack.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{6489b27f-7c43-5886-1d00-0a61bb2a375b}]
"MessageFileName"="%SystemRoot%\system32\diagtrack.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"utcsvc"="DiagTrack"
 
====== End of Search ======


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:39 PM

Posted 31 March 2017 - 09:38 AM

Thank you.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
StartRegedit:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack]
"DiagTrackAuthorization"=dword:00000000
EndRegedit:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Computer performance?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Jis000

Jis000
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:39 PM

Posted 31 March 2017 - 10:13 AM

Hi Gary,

 

Thanks for the support so far!

 

This is the Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Paul (31-03-2017 17:03:25) Run:2
Running from C:\Users\Paul\Desktop
Loaded Profiles: Paul (Available Profiles: Paul & Jisca & Jolanda & Ilja)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
StartRegedit:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack]
"DiagTrackAuthorization"=dword:00000000
EndRegedit:
*****************
 
 
====> Registry
 
==== End of Fixlog 17:03:26 ====
 
Performance is better, the computer runs more smoothly. Both CPU and Disk usage are minimal. Memory usage is around 60%. Using windows Explorer goes fluently now. I hope that this is it :) 
Thanks! 


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,045 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:39 PM

Posted 31 March 2017 - 12:16 PM

Excellent. A couple of final scans please.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Jis000

Jis000
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:39 PM

Posted 01 April 2017 - 07:52 AM

Alright, here are both the logfiles. First, the ESET Log:

 

C:\Users\Paul\Downloads\zafwSetupWeb_150_653_17211.exe a variant of Win32/FusionCore.L potentially unwanted application deleted

 

And this is the log from Security Check:

 

Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
Windows Defender   
AVG Antivirus      
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Secunia PSI (3.0.0.11005)   
 Java 8 Update 121  
 Java version 32-bit out of Date! 
 Adobe Flash Player 25.0.0.127  
 Google Chrome (57.0.2987.133) 
 Google Chrome (SetupMetrics...) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 AVG Antivirus AVGUI.exe  
 Windows Defender MSASCuiL.exe   
 CheckPoint ZoneAlarm vsmon.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
I booted the computer this morning, and to my surpise was the disk usage back to 99%! I also noticed that the loading of the user account took longer than last time, and that the response time of applications was longer again.
Could it be useful if I send you a screenshot of the task manager, so that you can see which processes are absorbing the disk usage?
 
To me it seems like it's almost some kind of loop... The first time booting after running scans, everything is okay, but the second time when booting, it starts all over again!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users