OTL logfile created on: 24-1-2018 16:29:44 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Bureaublad 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.18837) Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 5,98 Gb Total Physical Memory | 3,41 Gb Available Physical Memory | 56,99% Memory free 11,95 Gb Paging File | 9,23 Gb Available in Paging File | 77,21% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 127,73 Gb Total Space | 59,00 Gb Free Space | 46,19% Space Free | Partition Type: NTFS Drive D: | 1648,80 Gb Total Space | 319,87 Gb Free Space | 19,40% Space Free | Partition Type: NTFS Drive J: | 1863,01 Gb Total Space | 0,01 Gb Free Space | 0,00% Space Free | Partition Type: NTFS Drive K: | 2794,51 Gb Total Space | 586,50 Gb Free Space | 20,99% Space Free | Partition Type: NTFS Computer Name: RAY-PC | User Name: Eigenaar | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2018-01-24 16:28:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Bureaublad\OTL.exe PRC - [2017-11-08 22:45:50 | 000,288,848 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe PRC - [2017-08-23 11:51:32 | 002,257,016 | ---- | M] (Adobe Systems, Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe PRC - [2016-10-08 17:04:14 | 002,138,272 | ---- | M] (AimerSoft) -- C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe PRC - [2015-12-13 22:48:02 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012-10-09 00:15:51 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Program Files\Tablet\Wacom\WacomHost.exe PRC - [2012-10-09 00:15:51 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Program Files\Tablet\Pen\WacomHost.exe PRC - [2012-02-24 17:04:26 | 001,638,704 | ---- | M] (M-Audio) -- C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe PRC - [2012-02-15 19:11:58 | 000,459,832 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe PRC - [2011-03-11 13:08:34 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011-03-11 13:08:32 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2016-10-08 17:03:00 | 001,506,304 | ---- | M] () -- C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\DAQExp.dll MOD - [2016-07-21 10:54:38 | 000,137,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSCreateVC.dll MOD - [2009-02-26 10:45:08 | 000,024,912 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\Wordcnvpxy.cnv [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2017-11-11 05:06:39 | 000,326,144 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security\Engine\22.11.2.7\NS.exe -- (NS) SRV:[b]64bit:[/b] - [2017-11-01 08:07:08 | 006,234,056 | ---- | M] (Malwarebytes) [On_Demand | Stopped] -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe -- (MBAMService) SRV:[b]64bit:[/b] - [2017-10-14 09:01:18 | 000,116,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:[b]64bit:[/b] - [2017-06-29 00:43:40 | 000,692,680 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\WTabletServicePro.exe -- (WTabletServicePro) SRV:[b]64bit:[/b] - [2016-08-22 17:19:43 | 001,386,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack) SRV:[b]64bit:[/b] - [2015-03-18 14:22:58 | 000,616,288 | ---- | M] (Copyright 2013 SAMSUNG) [Auto | Running] -- C:\Program Files\Samsung\Samsung Link\Samsung Link.exe -- (Samsung Link Service) SRV:[b]64bit:[/b] - [2015-03-07 23:21:52 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2014-08-19 20:12:17 | 000,656,664 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\WTabletServiceCon.exe -- (WTabletServiceCon) SRV:[b]64bit:[/b] - [2013-04-28 03:40:26 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2018-01-17 11:49:44 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2018-01-01 23:37:07 | 000,194,000 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2017-08-23 11:51:32 | 002,257,016 | ---- | M] (Adobe Systems, Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe -- (AGSService) SRV - [2017-04-21 13:53:36 | 000,107,656 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2015-12-13 22:48:02 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2015-07-21 08:57:26 | 003,996,664 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2015-03-30 13:54:56 | 000,009,216 | ---- | M] (Ellora Assets Corp.) [Disabled | Stopped] -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture) SRV - [2015-03-07 23:34:20 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2015-02-18 18:11:32 | 000,315,488 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2014-09-13 04:31:12 | 006,847,712 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv) SRV - [2014-08-14 11:32:04 | 001,263,424 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2012-02-24 17:04:26 | 001,638,704 | ---- | M] (M-Audio) [Auto | Running] -- C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe -- (MIDISPORTAudioDevMon) SRV - [2012-02-15 19:11:58 | 000,459,832 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2011-03-11 13:08:34 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2011-03-11 13:08:32 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Norton Security\NortonData\22.9.3.13\Definitions\SDSDefs\20170709.017\NAVEX15.SYS -- (NAVEX15) DRV:[b]64bit:[/b] - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Norton Security\NortonData\22.9.3.13\Definitions\SDSDefs\20170709.017\NAVENG.SYS -- (NAVENG) DRV:[b]64bit:[/b] - [2018-01-21 21:03:40 | 000,253,880 | ---- | M] (Malwarebytes) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV:[b]64bit:[/b] - [2017-11-18 05:58:03 | 000,102,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:[b]64bit:[/b] - [2017-11-11 00:31:25 | 000,566,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSx64\160B020.007\symnets.sys -- (SymNetS) DRV:[b]64bit:[/b] - [2017-11-11 00:31:06 | 001,938,584 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NSx64\160B020.007\symefasi64.sys -- (SymEFASI) DRV:[b]64bit:[/b] - [2017-11-11 00:29:34 | 000,309,984 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSx64\160B020.007\ironx64.sys -- (SymIRON) DRV:[b]64bit:[/b] - [2017-11-11 00:28:36 | 000,187,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSx64\160B020.007\ccsetx64.sys -- (ccSet_NS) DRV:[b]64bit:[/b] - [2017-11-11 00:28:12 | 000,812,696 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NSx64\160B020.007\srtsp64.sys -- (SRTSP) DRV:[b]64bit:[/b] - [2017-11-11 00:28:12 | 000,049,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSx64\160B020.007\srtspx64.sys -- (SRTSPX) DRV:[b]64bit:[/b] - [2017-10-14 05:38:50 | 001,056,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Security\NortonData\22.9.3.13\Definitions\IPSDefs\20180123.001\IDSvia64.sys -- (IDSVia64) DRV:[b]64bit:[/b] - [2017-10-11 13:58:00 | 001,872,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Security\NortonData\22.9.3.13\Definitions\BASHDefs\20180122.003\BHDrvx64.sys -- (BHDrvx64) DRV:[b]64bit:[/b] - [2017-08-08 10:06:04 | 000,082,640 | ---- | M] (Kemper GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kemper.sys -- (kemper) DRV:[b]64bit:[/b] - [2017-08-07 22:31:40 | 000,037,624 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TrueSight.sys -- (TrueSight) DRV:[b]64bit:[/b] - [2017-05-18 21:17:30 | 000,166,288 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:[b]64bit:[/b] - [2017-05-18 21:17:28 | 000,131,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:[b]64bit:[/b] - [2017-04-11 19:23:37 | 000,024,040 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter) DRV:[b]64bit:[/b] - [2016-06-15 01:53:44 | 000,026,200 | ---- | M] (SplitmediaLabs Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xspltspk.sys -- (XSplit_Dummy) DRV:[b]64bit:[/b] - [2016-03-01 04:55:36 | 000,104,976 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:[b]64bit:[/b] - [2015-07-21 08:57:18 | 000,248,648 | ---- | M] (Acronis International GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tib_mounter.sys -- (tib_mounter) DRV:[b]64bit:[/b] - [2015-07-21 08:57:16 | 001,058,632 | ---- | M] (Acronis International GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tib.sys -- (tib) DRV:[b]64bit:[/b] - [2015-03-11 20:56:03 | 000,296,736 | ---- | M] (Acronis International GmbH) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\file_tracker.sys -- (file_tracker) DRV:[b]64bit:[/b] - [2015-03-11 20:55:50 | 000,304,416 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:[b]64bit:[/b] - [2015-03-11 20:55:49 | 000,134,432 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv) DRV:[b]64bit:[/b] - [2015-03-07 23:24:53 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:[b]64bit:[/b] - [2015-03-07 23:11:51 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2015-03-07 23:06:31 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2015-03-07 23:06:31 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2014-08-06 19:15:50 | 000,102,200 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter) DRV:[b]64bit:[/b] - [2014-08-06 19:15:50 | 000,014,136 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf) DRV:[b]64bit:[/b] - [2014-04-08 09:20:36 | 000,227,456 | ---- | M] (Dexetek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DxVGrb.sys -- (DxVGrb) DRV:[b]64bit:[/b] - [2013-10-02 03:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2013-09-30 15:26:50 | 000,019,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio) DRV:[b]64bit:[/b] - [2013-09-30 15:26:48 | 000,012,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio) DRV:[b]64bit:[/b] - [2013-04-28 04:38:56 | 011,832,832 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b]64bit:[/b] - [2013-04-28 03:14:20 | 000,605,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b]64bit:[/b] - [2012-10-25 02:20:28 | 000,769,168 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2012-08-23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b]64bit:[/b] - [2012-08-23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2012-02-24 17:04:24 | 000,030,512 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioMIDISPORT_DFU.sys -- (MADFUMIDISPORT2010) DRV:[b]64bit:[/b] - [2012-02-24 17:04:18 | 000,201,008 | ---- | M] (M-Audio) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MAudioMIDISPORT.sys -- (MAUSBMIDISPORT) DRV:[b]64bit:[/b] - [2011-11-03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:[b]64bit:[/b] - [2011-08-17 09:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:[b]64bit:[/b] - [2011-08-17 09:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:[b]64bit:[/b] - [2011-08-17 09:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:[b]64bit:[/b] - [2011-08-17 09:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:[b]64bit:[/b] - [2011-08-10 22:20:26 | 000,091,864 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm) DRV:[b]64bit:[/b] - [2011-07-28 09:20:08 | 000,209,408 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:[b]64bit:[/b] - [2011-07-28 09:20:06 | 000,092,672 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:[b]64bit:[/b] - [2011-03-11 13:08:32 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2010-11-25 06:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:[b]64bit:[/b] - [2010-11-21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-14 01:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883) DRV:[b]64bit:[/b] - [2009-07-14 01:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc) DRV:[b]64bit:[/b] - [2009-07-14 01:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV) DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2018-01-04 00:28:11 | 000,507,984 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2018-01-04 00:28:11 | 000,152,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2004-04-01 16:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\pfc.sys -- (pfc) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:[b]64bit:[/b] - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,NewTabPageShow = 1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,NewTabPageShow = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 76 80 BA 8C 9E 46 D3 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error. IE - HKCU\..\SearchScopes,DefaultScope = {2f23ab71-4ac6-41f2-a955-ea576e553146} IE - HKCU\..\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE10 IE - HKCU\..\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = https://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=NL&ver=22.11.2.7&locale=nl_NL&guid=B20FC5C1-4E05-43A2-9777-FAD9B4D1D67E&doi=2016-09-01&gct=kwd&qsrc=2869 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.countryCode: "NL" FF - prefs.js..browser.search.region: "NL" FF - prefs.js..browser.startup.homepage: "https://www.google.nl/" FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll ( Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 58.0\extensions\\Components: C:\USERS\EIGENAAR\APPDATA\LOCAL\MOZILLA FIREFOX\COMPONENTS 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 58.0\extensions\\Plugins: C:\USERS\EIGENAAR\APPDATA\LOCAL\MOZILLA FIREFOX\PLUGINS [2015-03-11 13:54:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eigenaar\AppData\Roaming\mozilla\Extensions [2017-11-21 09:44:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eigenaar\AppData\Roaming\mozilla\SystemExtensionsDev [2018-01-21 23:32:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eigenaar\AppData\Roaming\mozilla\Firefox\Profiles\c5ysnbs8.default-1472642198637-1516555076000\browser-extension-data [2018-01-21 23:32:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eigenaar\AppData\Roaming\mozilla\Firefox\Profiles\c5ysnbs8.default-1472642198637-1516555076000\browser-extension-data\@translatenow [2018-01-21 23:24:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eigenaar\AppData\Roaming\mozilla\Firefox\Profiles\c5ysnbs8.default-1472642198637-1516555076000\browser-extension-data\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2018-01-24 16:28:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eigenaar\AppData\Roaming\mozilla\Firefox\Profiles\c5ysnbs8.default-1472642198637-1516555076000\browser-extension-data\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2018-01-21 23:30:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eigenaar\AppData\Roaming\mozilla\Firefox\Profiles\c5ysnbs8.default-1472642198637-1516555076000\browser-extension-data\jid1-i6dUGvCrz2WZu8@jetpack [2018-01-21 23:31:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eigenaar\AppData\Roaming\mozilla\Firefox\Profiles\c5ysnbs8.default-1472642198637-1516555076000\browser-extension-data\jid1-KKzOGWgsW3Ao4Q@jetpack [2018-01-24 16:28:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eigenaar\AppData\Roaming\mozilla\Firefox\Profiles\c5ysnbs8.default-1472642198637-1516555076000\browser-extension-data\jid1-MnnxcxisBPnSXQ@jetpack [2018-01-21 18:18:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eigenaar\AppData\Roaming\mozilla\Firefox\Profiles\c5ysnbs8.default-1472642198637-1516555076000\browser-extension-data\screenshots@mozilla.org [2018-01-23 21:08:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eigenaar\AppData\Roaming\mozilla\Firefox\Profiles\c5ysnbs8.default-1472642198637-1516555076000\extensions [2018-01-21 23:26:36 | 001,123,279 | ---- | M] () (No name found) -- C:\Users\Eigenaar\AppData\Roaming\mozilla\firefox\profiles\c5ysnbs8.default-1472642198637-1516555076000\extensions\2.0@disconnect.me.xpi [2018-01-21 23:32:29 | 000,019,308 | ---- | M] () (No name found) -- C:\Users\Eigenaar\AppData\Roaming\mozilla\firefox\profiles\c5ysnbs8.default-1472642198637-1516555076000\extensions\@translatenow.xpi [2018-01-21 23:30:04 | 000,089,314 | ---- | M] () (No name found) -- C:\Users\Eigenaar\AppData\Roaming\mozilla\firefox\profiles\c5ysnbs8.default-1472642198637-1516555076000\extensions\jid1-i6dUGvCrz2WZu8@jetpack.xpi [2018-01-21 23:31:49 | 000,180,863 | ---- | M] () (No name found) -- C:\Users\Eigenaar\AppData\Roaming\mozilla\firefox\profiles\c5ysnbs8.default-1472642198637-1516555076000\extensions\jid1-KKzOGWgsW3Ao4Q@jetpack.xpi [2018-01-23 21:08:35 | 000,907,006 | ---- | M] () (No name found) -- C:\Users\Eigenaar\AppData\Roaming\mozilla\firefox\profiles\c5ysnbs8.default-1472642198637-1516555076000\extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2018-01-21 23:33:02 | 000,067,127 | ---- | M] () (No name found) -- C:\Users\Eigenaar\AppData\Roaming\mozilla\firefox\profiles\c5ysnbs8.default-1472642198637-1516555076000\extensions\translator@zoli.bod.xpi [2018-01-21 23:24:20 | 000,556,634 | ---- | M] () (No name found) -- C:\Users\Eigenaar\AppData\Roaming\mozilla\firefox\profiles\c5ysnbs8.default-1472642198637-1516555076000\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-01-21 23:23:39 | 001,044,671 | ---- | M] () (No name found) -- C:\Users\Eigenaar\AppData\Roaming\mozilla\firefox\profiles\c5ysnbs8.default-1472642198637-1516555076000\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-01-02 00:26:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2011-08-11 11:18:12 | 000,128,960 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2011-08-10 22:16:34 | 000,096,192 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2011-08-11 11:18:30 | 000,092,096 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2011-08-11 11:18:08 | 000,022,976 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2011-08-11 11:19:38 | 000,436,136 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2011-08-10 22:16:34 | 000,024,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [color=#E56717]========== Chrome ==========[/color] CHR - plugin: Error reading preferences file CHR - Extension: No name found = C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\ CHR - Extension: No name found = C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\ CHR - Extension: No name found = C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\ CHR - Extension: No name found = C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\ CHR - Extension: No name found = C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe\2017.0.0.8_0\ CHR - Extension: No name found = C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\ CHR - Extension: No name found = C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\ CHR - Extension: No name found = C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\ CHR - Extension: No name found = C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif\1.0.5_0\ CHR - Extension: No name found = C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\ CHR - Extension: No name found = C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\ CHR - Extension: No name found = C:\Users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\ O1 HOSTS File: ([2018-01-24 14:06:08 | 000,000,035 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (Norton Identity Safety) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security\Engine\22.11.2.7\coIEPlg.dll (Symantec Corporation) O2 - BHO: (no name) - {451C804F-C205-4F03-B48E-537EC94937BF} - No CLSID value found. O2 - BHO: (Norton Identity Safety) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security\Engine32\22.11.2.7\coIEPlg.dll (Symantec Corporation) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.11.2.7\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.11.2.7\coIEPlg.dll (Symantec Corporation) O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.11.2.7\coIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.11.2.7\coIEPlg.dll (Symantec Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe (AimerSoft) O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O8:[b]64bit:[/b] - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found O8:[b]64bit:[/b] - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.251.229 89.101.251.228 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A16F021E-37B5-4249-B850-84B7BD664880}: DhcpNameServer = 89.101.251.229 89.101.251.228 O18:[b]64bit:[/b] - Protocol\Handler\ipp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\mso-offdap11 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\WSKVAllmytubechrome - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\WSKVAllmytubechrome - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\application/x-ica - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\ica - No CLSID value found O18:[b]64bit:[/b] - Protocol\Filter\text/xml - No CLSID value found O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\System32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2015-11-02 22:43:10 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2018-01-24 16:28:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Bureaublad\OTL.exe [2018-01-24 14:19:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Aimersoft [2018-01-24 14:19:22 | 000,000,000 | ---D | C] -- C:\Users\Eigenaar\AppData\Local\Aimersoft [2018-01-24 11:04:23 | 002,393,088 | ---- | C] (Farbar) -- D:\Bureaublad\FRST64.exe [2018-01-21 21:03:40 | 000,253,880 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys [2018-01-21 21:03:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes [2018-01-21 15:09:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group [2018-01-21 15:09:25 | 000,000,000 | ---D | C] -- C:\Users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2018-01-21 11:16:29 | 000,000,000 | ---D | C] -- C:\FRST [2018-01-21 10:16:16 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2018-01-21 00:17:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware [2018-01-19 14:53:56 | 000,000,000 | ---D | C] -- D:\Bureaublad\KEMPERSTICK [2018-01-19 11:07:03 | 000,000,000 | ---D | C] -- D:\MIJN DOCUMENTEN\Kemper Amps [2018-01-17 23:47:01 | 000,000,000 | ---D | C] -- C:\Users\Eigenaar\AppData\Local\SplitMediaLabs [2018-01-17 23:44:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SplitmediaLabs [2018-01-17 23:44:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SplitMediaLabs [2018-01-17 23:42:55 | 000,000,000 | ---D | C] -- C:\Users\Eigenaar\AppData\Roaming\SplitmediaLabs [2018-01-17 23:32:10 | 000,000,000 | ---D | C] -- D:\MIJN DOCUMENTEN\Freemake [2018-01-17 11:49:32 | 000,796,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2018-01-17 11:49:32 | 000,142,528 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2018-01-16 10:00:45 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom-tablet [2018-01-02 12:42:29 | 000,000,000 | ---D | C] -- C:\Users\Eigenaar\AppData\Local\Mozilla Firefox [2018-01-02 12:24:46 | 000,000,000 | ---D | C] -- D:\Bureaublad\Oude Firefox-gegevens [2018-01-02 10:22:59 | 000,000,000 | ---D | C] -- C:\Users\Eigenaar\.cache [2018-01-01 21:36:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Aimersoft [2018-01-01 21:34:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Keepvid [2017-12-25 16:45:00 | 007,761,408 | ---- | C] (Mathias Svensson) -- C:\Program Files (x86)\MultiCommander.exe [2017-12-25 16:41:38 | 000,317,952 | ---- | C] (MultiCommander) -- C:\Program Files (x86)\MCAdmin.exe [2017-12-25 16:41:24 | 000,821,248 | ---- | C] (Multi Commander) -- C:\Program Files (x86)\MultiUpdate.exe [2016-11-07 10:22:27 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Eigenaar\AppData\Roaming\pcouffin.sys [2015-05-12 23:19:49 | 000,084,618 | ---- | C] (Mathias Svensson) -- C:\Program Files (x86)\Uninstall MultiCommander.exe [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2018-01-24 16:28:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Bureaublad\OTL.exe [2018-01-24 15:35:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2018-01-24 14:27:07 | 000,029,120 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2018-01-24 14:27:07 | 000,029,120 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2018-01-24 14:22:41 | 001,594,066 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2018-01-24 14:22:41 | 000,702,258 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2018-01-24 14:22:41 | 000,625,566 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2018-01-24 14:22:41 | 000,137,952 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2018-01-24 14:22:41 | 000,109,532 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2018-01-24 14:18:18 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2018-01-24 14:18:00 | 000,067,584 | --S- | M] () -- C:\Windows\BootStat.dat [2018-01-24 14:17:55 | 518,131,711 | -HS- | M] () -- C:\hiberfil.sys [2018-01-24 14:06:08 | 000,000,035 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2018-01-24 13:58:39 | 000,274,537 | ---- | M] () -- D:\Bureaublad\na ooglidcorrectie.JPG [2018-01-24 11:04:24 | 002,393,088 | ---- | M] (Farbar) -- D:\Bureaublad\FRST64.exe [2018-01-21 21:03:40 | 000,253,880 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys [2018-01-21 00:48:57 | 009,508,914 | ---- | M] () -- D:\Bureaublad\videoplayback.webm [2018-01-21 00:28:31 | 041,381,321 | ---- | M] () -- D:\Bureaublad\Kemper Profiling Amp - New Delays Profiler OS v5.0.3 - part 1 [360p].mp4 [2018-01-20 11:33:49 | 047,478,577 | ---- | M] () -- D:\Bureaublad\savoy brown-all i can do is cry HQ [360p].mp4 [2018-01-17 11:49:32 | 000,796,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2018-01-17 11:49:32 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2018-01-15 12:47:19 | 000,084,618 | ---- | M] (Mathias Svensson) -- C:\Program Files (x86)\Uninstall MultiCommander.exe [2018-01-15 12:47:19 | 000,001,766 | ---- | M] () -- C:\Users\Eigenaar\Application Data\Microsoft\Internet Explorer\Quick Launch\MultiCommander (x64).lnk [2018-01-11 23:16:18 | 000,165,685 | ---- | M] () -- D:\Bureaublad\Schoonmaakdiensten 2018.jpg [2018-01-02 12:45:08 | 000,001,227 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2017-12-27 16:31:39 | 000,004,096 | ---- | M] () -- C:\Users\Eigenaar\AppData\Local\keyfile3.drm [2017-12-25 16:45:00 | 007,761,408 | ---- | M] (Mathias Svensson) -- C:\Program Files (x86)\MultiCommander.exe [2017-12-25 16:41:38 | 000,317,952 | ---- | M] (MultiCommander) -- C:\Program Files (x86)\MCAdmin.exe [2017-12-25 16:41:24 | 000,821,248 | ---- | M] (Multi Commander) -- C:\Program Files (x86)\MultiUpdate.exe [2017-12-25 16:41:16 | 000,424,448 | ---- | M] () -- C:\Program Files (x86)\MultiCrashReport.exe [color=#E56717]========== Files Created - No Company Name ==========[/color] [2018-01-24 13:58:39 | 000,274,537 | ---- | C] () -- D:\Bureaublad\na ooglidcorrectie.JPG [2018-01-21 21:03:28 | 000,077,432 | ---- | C] () -- C:\Windows\SysNative\drivers\mbae64.sys [2018-01-21 00:48:57 | 009,508,914 | ---- | C] () -- D:\Bureaublad\videoplayback.webm [2018-01-21 00:28:20 | 041,381,321 | ---- | C] () -- D:\Bureaublad\Kemper Profiling Amp - New Delays Profiler OS v5.0.3 - part 1 [360p].mp4 [2018-01-20 11:33:43 | 047,478,577 | ---- | C] () -- D:\Bureaublad\savoy brown-all i can do is cry HQ [360p].mp4 [2018-01-17 11:49:44 | 000,000,940 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2018-01-11 23:16:18 | 000,165,685 | ---- | C] () -- D:\Bureaublad\Schoonmaakdiensten 2018.jpg [2018-01-02 00:26:44 | 000,001,227 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2017-12-27 16:31:39 | 000,004,096 | ---- | C] () -- C:\Users\Eigenaar\AppData\Local\keyfile3.drm [2017-12-25 16:41:16 | 000,424,448 | ---- | C] () -- C:\Program Files (x86)\MultiCrashReport.exe [2017-11-07 17:32:42 | 000,006,831 | ---- | C] () -- C:\Users\Eigenaar\AppData\Local\recently-used.xbel [2017-11-04 18:02:58 | 001,161,216 | ---- | C] () -- C:\Program Files (x86)\MCIcons.dll [2017-08-10 06:48:38 | 000,518,144 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2016-11-13 09:32:23 | 000,000,052 | ---- | C] () -- C:\Users\Eigenaar\AppData\Roaming\GPACgpac_pl.m3u [2016-11-07 10:22:27 | 000,007,859 | ---- | C] () -- C:\Users\Eigenaar\AppData\Roaming\pcouffin.cat [2016-11-07 10:22:27 | 000,001,167 | ---- | C] () -- C:\Users\Eigenaar\AppData\Roaming\pcouffin.inf [2016-05-05 18:35:11 | 000,084,616 | ---- | C] () -- C:\Windows\StkUnist.exe [2016-03-06 14:18:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2016-03-06 14:18:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2016-03-06 14:18:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2016-03-06 14:18:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2016-03-06 14:18:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2015-12-15 14:04:02 | 000,007,626 | ---- | C] () -- C:\Users\Eigenaar\AppData\Local\Resmon.ResmonCfg [2015-03-15 10:08:23 | 000,050,688 | ---- | C] () -- C:\Users\Eigenaar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2017-08-15 16:29:44 | 014,182,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2017-08-15 16:10:54 | 012,880,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report >