Mededeling

**Juisterr** · 09-01-20, 08:38

Goede morgen,

Welke link werkt niet ?

**f.r.a.n.k** · 14-01-20, 08:37

De Farbar tool. Links klikken, enkel of dubbel, geeft een 404 error, zowel 32 als 64 bit versie.

Rechts klikken en run as admin dan verschijnt dit (zie foto)

**f.r.a.n.k** · 14-01-20, 08:49

**Juisterr** · 14-01-20, 12:09

klik op ignore

**f.r.a.n.k** · 15-01-20, 12:46

dan enkel een zwart DOS scherm met een cursor die pinkt, verder niks , geen start knop, geen scanner

**f.r.a.n.k** · 25-01-20, 10:14

Hallo?
De Farbar scan werkt niet of de link is kapot volgens mij.
Kan iemand fixen of nakijken?

**Juisterr** · 18-02-20, 08:17

Download de Farbar Recovery Scan Tool 32 of 64 bit van één van de onderstaande links

Hier staat een beschrijving hoe u kunt kijken of u een 32 of 64 bit versie van Windows heeft.

Farbar Recovery Scan Tool uitvoeren

Dubbelklik op FRST.exe om de tool te starten.
Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
Als het programma is geopend klik Yes (Ja) bij de disclaimer.
Druk vervolgens op de Scan knop, er zal nu eerst een back-up van het register worden gemaakt.
Wanneer de scan gereed is worden er twee logbestanden aangemaakt met de naam (FRST.txt) & (Addition.txt) op dezelfde plaats vanwaar de 'tool' is gestart.
Voeg beide logbestanden als bijlage toe aan het volgende bericht.

**f.r.a.n.k** · 24-02-20, 18:51

Nog es hetzelfde. 404 Not Found

**Juisterr** · 25-02-20, 15:01

Download OTL naar je Bureaublad

Dubbelklik op OTL.com om het programma te openen. Zorg ervoor dat all andere vensters gesloten zijn, en laat het programma ongestoord zijn werk doen.
Zet een vinkje bij Scan All Users.
Klik op de knop Quick Scan. Verander de instellingen van OTL niet, tenzij ik je hiervoor specifiek instructies geef. De scan zal niet heel erg lang duren.
- Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is. OTL.Txt en Extras.Txt. Deze bestanden zijn opgeslagen in dezelfde locatie als OTL.
- Kopieer (Bewerken->Alles selecteren, Bewerken->Kopiëren) en plak (Bewerken->Alles selecteren, Bewerken->Plakken) de inhoud van deze twee bestanden één voor één in je volgende bericht.

**f.r.a.n.k** · 26-02-20, 14:31

OLT scan uitgevoerd.

Eerst even dit. Onderstaand bericht naar Telenet en hun antwoord. Deze extra beveiligingstips gelezen maar nog niet uitgevoerd. Zelfde bericht ook gestuurd naar Base, ook van hen kreeg ik anti-phishing tips om nog uit te voeren.

Betreft: hacking/spionage/online stalking

Ik verdenk mijn buren ervan dat ze een manier hebben gevonden om spyware op mijn smartphone en pc te installeren.
Ze kunnen zien welke sites ik bezoek op m'n pc én smartphone, locaties van mobiel toestel zien, sms berichten meelezen, kunnen meeluisteren via de micro, en zelfs meekijken met de achterste camera (de voorste niet, die heb ik afgeplakt).

Op welke manier ze dat gedaan hebben weet ik niet. Wel zeker is dat mijn privacy ernstig geschonden word. Ik ben niet paranoia. Ze praten hun mond ver voorbij en ik geloof mijn oren wél. We zijn al lange tijd in een ruzie of een rare soort haat-liefde verhouding verwikkeld.

In december '19 heb ik dit gemeld aan de gegevensbeschermingsautoriteit in Brussel. Zij konden me niet helpen wegens niet bedrijfsgerelateerd. Ze raadden me aan om naar de politie te gaan. Heb ik gedaan vrijdag 31/1. Ze hebben mijn klacht genoteerd, voorlopig is het nog afwachten wat het resultaat is.

De privacyschending gebeurt dus vooral op m'n smartphone (merk HUAWEI, een bedrijf dat ook verdacht word van spionage), met Wi-Fi van Telenet. De SIM-kaart die erin zit komt van BASE.

Wat kan ik doen om het te doen stoppen?
Ik moet echt actie ondernemen, bewijs proberen vinden, en vraag daarvoor gespecialiseerde hulp. Want als ik niks doe word misschien ook mijn bankrekening leeggehaald.

za 3:04 p.m.
Gezien
Telenet
Hey Frankie. Goh, dat klinkt wel heel serieus zeg. Ik zou toch eens beginnen met het paswoord van je netwerk te veranderen. Ook kan je overwegen om Safespot te nemen. Hiermee kan je zelf heel je netwerk en al je apparaten beschermen. Je vindt er hier meer informatie over terug: http://bit.ly/347PYlj. Het laatste advies dat ik je nog kan geven is het onderzoek bij de politie af wachten.
Filip
za 4:32 p.m.
Hallo Filip, het is ook behoorlijk serieus, deze spy dinges is nog maar een deel vh probleem. Bedankt voor de tips en link.
ma 12:50 p.m

**f.r.a.n.k** · 26-02-20, 14:35

En hier de 2 OLT logs.

Zijn hier sporen of bewijzen van spyware in te vinden? (BELANGRIJK!)

OTL logfile created on: 26/02/2020 15:00:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.19596)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

1,97 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 76,17% Memory free
3,93 Gb Paging File | 3,16 Gb Available in Paging File | 80,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 88,01 Gb Free Space | 29,53% Space Free | Partition Type: NTFS

Computer Name: KIDS-PC | User Name: KIDS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2020/02/26 14:58:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.com
PRC - [2020/02/11 01:14:01 | 005,446,216 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
PRC - [2020/02/08 15:49:49 | 005,570,712 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
PRC - [2020/02/08 12:42:45 | 008,000,600 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe
PRC - [2020/02/08 12:42:45 | 000,029,272 | ---- | M] () -- C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
PRC - [2017/05/29 20:40:10 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2017/03/03 19:10:26 | 007,348,440 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2016/08/29 15:55:07 | 002,972,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 02:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe

========== Modules (No Company Name) ==========

MOD - [2020/02/11 01:14:01 | 003,125,128 | ---- | M] () -- C:\Program Files\Malwarebytes\Anti-Malware\QtANGLE.dll
MOD - [2020/02/08 12:42:45 | 000,442,968 | ---- | M] () -- C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
MOD - [2020/02/08 12:42:45 | 000,189,528 | ---- | M] () -- C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll
MOD - [2020/02/08 12:42:45 | 000,138,336 | ---- | M] () -- C:\Program Files\Lavasoft\Web Companion\Application\liblz4.dll
MOD - [2020/02/08 12:42:45 | 000,108,120 | ---- | M] () -- C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Events.dll
MOD - [2020/02/08 12:42:45 | 000,107,608 | ---- | M] () -- C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
MOD - [2020/02/08 12:42:45 | 000,087,128 | ---- | M] () -- C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
MOD - [2020/02/08 12:42:45 | 000,068,696 | ---- | M] () -- C:\Program Files\Lavasoft\Web Companion\Application\MozCompressor.dll
MOD - [2020/02/08 12:42:45 | 000,062,040 | ---- | M] () -- C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
MOD - [2020/02/08 12:42:45 | 000,023,640 | ---- | M] () -- C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Compression.dll
MOD - [2020/01/16 17:01:22 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\baeba07d679c64186da10d94e07653b0 \System.WorkflowServices.ni.dll
MOD - [2020/01/16 15:42:26 | 000,226,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4540d2764eeae15ed2fb9b6aeef7d91f \PresentationFramework.Classic.ni.dll
MOD - [2020/01/16 15:42:19 | 014,357,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9035f8a425d5081e125987f4b018e7f0 \PresentationFramework.ni.dll
MOD - [2020/01/16 15:42:05 | 012,260,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3d75ae3419a23cebd3fadfb67b3e12db\Pre sentationCore.ni.dll
MOD - [2020/01/16 15:41:55 | 003,358,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\02c69e21d72a00fbf7b717b4a4682d9a\WindowsB ase.ni.dll
MOD - [2020/01/15 15:28:15 | 010,824,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2bef38851483abae82f1172c1aaa604c\System.ni.dll
MOD - [2020/01/15 15:28:09 | 021,019,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\75b341f10c9579cbe1059d18f6f3b27b\mscorlib.ni .dll
MOD - [2019/07/11 16:13:26 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\90aa1fea68aaf4cbc9e944c33bf725f4 \System.ServiceModel.Web.ni.dll
MOD - [2019/07/10 02:27:45 | 001,090,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\428e48b9524bf09741eb25fe3875cecd \System.IdentityModel.ni.dll
MOD - [2019/07/10 02:27:44 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\3dfbba7cde935a8e49a4d49b9006c4a9 \System.Runtime.Serialization.ni.dll
MOD - [2019/07/10 02:27:41 | 017,496,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\881bcf4616a4cbafef3fe066a23988f9\ System.ServiceModel.ni.dll
MOD - [2019/07/10 02:27:24 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\68aa76137a27fd9c275dd6c05e478c3f\SMDiag nostics.ni.dll
MOD - [2019/05/15 13:05:53 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\d57f656331dc82ad5a83b9843c3e2484\Syst em.Xml.Linq.ni.dll
MOD - [2019/05/15 13:05:24 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\c4244e0e8998fbe57733e0cbec6563fc \System.ComponentModel.DataAnnotations.ni.dll
MOD - [2019/05/15 13:04:54 | 002,297,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3b259d3ceb1962e723584a04cfab357a\System.C ore.ni.dll
MOD - [2019/05/15 13:04:40 | 001,058,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\bda2113f273e7bf6eba84f3d0d1a66c3\Sy stem.Management.ni.dll
MOD - [2019/05/15 02:10:16 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6c5ffb1571d7ca0fabb930d0c77947e4 \System.ServiceProcess.ni.dll
MOD - [2019/05/15 02:10:08 | 011,935,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8c2e7f1fa8f0ef49a3ae977b5dddeae5\System.We b.ni.dll
MOD - [2019/05/15 02:10:02 | 000,777,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\21705e843038bb8e8b4c0d232364b068 \System.Runtime.Remoting.ni.dll
MOD - [2019/05/15 02:10:01 | 006,658,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\022128ba26e9262d96d2fd3645abcce3\System.D ata.ni.dll
MOD - [2019/05/15 02:09:38 | 012,437,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\91efd50cedcf22003233d52464c01816 \System.Windows.Forms.ni.dll
MOD - [2019/05/15 02:09:32 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8f5842a3d4d666059db685b319e3a5b3\Syste m.Drawing.ni.dll
MOD - [2019/05/15 02:09:27 | 005,469,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\992b101b45c1e2e5563fee65ab5fd691\System.Xm l.ni.dll
MOD - [2019/05/15 02:09:17 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\94fe1557aab4bc059482da7d99e97641 \System.Configuration.ni.dll
MOD - [2019/05/15 02:08:34 | 008,008,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\e10fc0c922927179f29b495cf47d62dc\System.ni.dll
MOD - [2019/05/15 02:08:20 | 011,516,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23349d393ecff063c3152fcf5229b2ab\mscorlib.ni .dll
MOD - [2017/04/06 14:05:04 | 002,975,744 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

========== Services (SafeList) ==========

SRV - [2020/02/22 15:57:03 | 000,223,432 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2020/02/21 21:06:38 | 000,963,568 | ---- | M] (Google LLC) [On_Demand | Stopped] -- C:\Program Files\Google\Chrome\Application\80.0.3987.122\elevation_service.exe -- (GoogleChromeElevationService)
SRV - [2020/02/08 15:49:49 | 005,570,712 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe -- (MBAMService)
SRV - [2020/02/08 13:00:44 | 000,335,416 | ---- | M] (Adobe) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2020/02/08 12:42:45 | 000,029,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe -- (WCAssistantService)
SRV - [2019/12/17 01:27:31 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2019/12/10 09:38:57 | 000,054,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wiarpc.dll -- (WiaRpc)
SRV - [2018/08/13 22:48:52 | 000,940,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\diagtrack.dll -- (DiagTrack)
SRV - [2018/01/01 03:00:09 | 001,004,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2016/08/26 12:26:34 | 000,339,968 | ---- | M] (Popcorn Time) [Disabled | Stopped] -- C:\Program Files\Popcorn Time\Updater.exe -- (Update service)
SRV - [2013/05/27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2007/06/25 20:17:04 | 000,537,840 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\System32\dlbkcoms.exe -- (dlbk_device)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - [2020/02/26 12:57:15 | 000,178,952 | ---- | M] (Malwarebytes) [File_System | Auto | Running] -- C:\Windows\System32\drivers\MbamChameleon.sys -- (MBAMChameleon)
DRV - [2020/02/26 12:57:12 | 000,213,912 | ---- | M] (Malwarebytes) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2018/11/19 03:05:06 | 000,015,360 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbccgpfilter.sys -- (ew_usbccgpfilter)
DRV - [2012/06/20 10:51:34 | 000,017,672 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - [2011/05/18 07:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/11/20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-541891432-2115559380-3082969310-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKU\S-1-5-21-541891432-2115559380-3082969310-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-BE
IE - HKU\S-1-5-21-541891432-2115559380-3082969310-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 46 68 C4 90 BB DC D2 01 [binary data]
IE - HKU\S-1-5-21-541891432-2115559380-3082969310-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 70 9A A3 D6 AD ED D2 01 [binary data]
IE - HKU\S-1-5-21-541891432-2115559380-3082969310-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKU\S-1-5-21-541891432-2115559380-3082969310-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-541891432-2115559380-3082969310-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.cohort: "nov17-1"
FF - prefs.js..browser.search.countryCode: "BE"
FF - prefs.js..browser.search.defaultenginename: "Bing Default Search"
FF - prefs.js..browser.search.hiddenOneOffs: "Bing,Amazon.com,DuckDuckGo,eBay,Twitter,Wikipedia (en)"
FF - prefs.js..browser.search.region: "BE"
FF - prefs.js..browser.search.selectedEngine: "Bing Default Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.be"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_321.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 73.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 73.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2018/05/29 14:33:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Extensions
[2017/11/26 18:26:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\SystemExtensionsDev
[2019/11/16 23:55:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\browser-extension-data
[2019/03/28 23:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\browser-extension-data\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2018/05/29 14:50:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\browser-extension-data\[email protected]
[2019/11/16 23:55:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\browser-extension-data\[email protected]
[2018/09/18 15:57:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\browser-extension-data\[email protected]
[2019/05/06 20:25:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\browser-extension-data\[email protected]
[2019/03/28 23:49:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\browser-extension-data\jid1-ZAdIEUB7XOzOJw@jetpack
[2020/02/15 16:19:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\extensions
[2019/04/02 02:31:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\storage\default\moz-extension+++1ed2d95a-bcf6-4e74-b33d-f772ac30ed8c^userContextId=4294967295
[2020/02/26 14:52:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\storage\default\moz-extension+++1ed2d95a-bcf6-4e74-b33d-f772ac30ed8c^userContextId=4294967295\idb
[2019/05/24 03:08:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\storage\default\moz-extension+++275669c6-b38f-4b99-bc33-9bf539869c60^userContextId=4294967295
[2020/02/24 22:44:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\storage\default\moz-extension+++275669c6-b38f-4b99-bc33-9bf539869c60^userContextId=4294967295\idb
[2019/11/01 13:32:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\storage\default\moz-extension+++32d12a65-1643-4f9d-af6a-3ede7e72845a
[2020/02/26 14:53:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\storage\default\moz-extension+++32d12a65-1643-4f9d-af6a-3ede7e72845a\idb
[2019/03/28 23:49:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\storage\default\moz-extension+++32d12a65-1643-4f9d-af6a-3ede7e72845a^userContextId=4294967295
[2020/02/26 14:58:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\storage\default\moz-extension+++32d12a65-1643-4f9d-af6a-3ede7e72845a^userContextId=4294967295\idb
[2019/03/28 23:49:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\storage\default\moz-extension+++57613682-622b-4d28-9fe0-2d4a7d9e4da6^userContextId=4294967295
[2020/02/26 14:54:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\storage\default\moz-extension+++57613682-622b-4d28-9fe0-2d4a7d9e4da6^userContextId=4294967295\idb
[2019/04/02 02:34:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\storage\default\moz-extension+++795af31c-1f4d-4773-b7eb-309e96d3e921^userContextId=4294967295
[2020/02/26 14:52:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\storage\default\moz-extension+++795af31c-1f4d-4773-b7eb-309e96d3e921^userContextId=4294967295\idb
[2020/01/10 07:32:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\storage\default\moz-extension+++b8c361f7-56dc-4108-9d40-ffdc78b81090^userContextId=4294967295
[2020/02/24 22:44:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\storage\default\moz-extension+++b8c361f7-56dc-4108-9d40-ffdc78b81090^userContextId=4294967295\idb
[2019/12/19 05:03:27 | 000,056,413 | ---- | M] () (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\extensions\[email protected]
[2019/12/14 02:05:50 | 000,660,855 | ---- | M] () (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\extensions\[email protected]
[2019/12/13 02:05:05 | 000,738,336 | ---- | M] () (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\extensions\[email protected]
[2020/02/15 16:19:51 | 001,968,172 | ---- | M] () (No name found) -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2020/02/08 12:52:51 | 000,001,046 | ---- | M] () -- C:\Users\KIDS\AppData\Roaming\Mozilla\Firefox\Profiles\zc2qu2kv.default-1524493364635\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\KIDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\
CHR - Extension: No name found = C:\Users\KIDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\
CHR - Extension: No name found = C:\Users\KIDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\KIDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\KIDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\
CHR - Extension: No name found = C:\Users\KIDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.9_0\
CHR - Extension: No name found = C:\Users\KIDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\
CHR - Extension: No name found = C:\Users\KIDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\
CHR - Extension: No name found = C:\Users\KIDS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\7919.1028.0.0_0\

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adblock Plus for IE Browser Helper Object) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Eyeo GmbH)
O4 - HKU\S-1-5-21-541891432-2115559380-3082969310-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-541891432-2115559380-3082969310-1000..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found
O4 - HKU\S-1-5-21-541891432-2115559380-3082969310-1000..\Run: [utweb] "C:\Users\KIDS\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED File not found
O4 - HKU\S-1-5-21-541891432-2115559380-3082969310-1000..\Run: [Web Companion] C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe (Lavasoft)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008

- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009

- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: localhost (

* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: webcompanion.com (

http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: localhost (

* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: webcompanion.com (

http in Trusted sites)
O15 - HKU\S-1-5-21-541891432-2115559380-3082969310-1000\..Trusted Domains: localhost (

* in Trusted sites)
O15 - HKU\S-1-5-21-541891432-2115559380-3082969310-1000\..Trusted Domains: webcompanion.com (

http in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.130.2 195.130.131.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBD7D39D-D3F6-4058-97E9-AEB4CD46494E}: DhcpNameServer = 195.130.130.2 195.130.131.2
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{29e5588e-9b53-11e7-aca5-7071bc1d425d}\Shell - "" = AutoRun
O33 - MountPoints2\{29e5588e-9b53-11e7-aca5-7071bc1d425d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{502a9a30-9747-11e9-84c7-7071bc1d425d}\Shell - "" = AutoRun
O33 - MountPoints2\{502a9a30-9747-11e9-84c7-7071bc1d425d}\Shell\AutoRun\command - "" = E:\HiSuiteDownLoader.exe
O33 - MountPoints2\{664dffed-fa66-11e8-a193-7071bc1d425d}\Shell - "" = AutoRun
O33 - MountPoints2\{664dffed-fa66-11e8-a193-7071bc1d425d}\Shell\AutoRun\command - "" = F:\HiSuiteDownLoader.exe
O33 - MountPoints2\{c77b07f3-f8a1-11e8-b8be-7071bc1d425d}\Shell - "" = AutoRun
O33 - MountPoints2\{c77b07f3-f8a1-11e8-b8be-7071bc1d425d}\Shell\AutoRun\command - "" = F:\HiSuiteDownLoader.exe
O33 - MountPoints2\{d9c5366a-981a-11e8-a11b-7071bc1d425d}\Shell - "" = AutoRun
O33 - MountPoints2\{d9c5366a-981a-11e8-a11b-7071bc1d425d}\Shell\AutoRun\command - "" = J:\HiSuiteDownLoader.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\HiSuiteDownLoader.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\HiSuiteDownLoader.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\HiSuiteDownLoader.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2020/02/26 12:57:15 | 000,178,952 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\MbamChameleon.sys
[2020/02/26 12:57:12 | 000,213,912 | ---- | C] (Malwarebytes) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2020/02/08 20:02:33 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2020/02/08 20:02:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2020/02/08 20:02:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
[2020/02/08 20:02:05 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2020/02/08 20:01:59 | 000,000,000 | ---D | C] -- C:\Users\KIDS\AppData\Roaming\NCH Software
[2020/02/08 19:09:08 | 000,000,000 | ---D | C] -- C:\Users\KIDS\AppData\Roaming\iZotope
[2020/02/08 19:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope
[2020/02/08 19:05:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VST3
[2020/02/08 19:05:09 | 000,000,000 | ---D | C] -- C:\Program Files\Steinberg
[2020/02/08 19:04:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Digidesign
[2020/02/08 19:04:52 | 000,000,000 | ---D | C] -- C:\Users\KIDS\Documents\iZotope
[2020/02/08 19:04:50 | 000,000,000 | ---D | C] -- C:\Program Files\iZotope
[2020/02/08 15:51:04 | 000,000,000 | ---D | C] -- C:\Users\KIDS\AppData\Local\cache
[2020/02/06 20:50:42 | 000,000,000 | ---D | C] -- C:\Users\KIDS\AppData\Roaming\Winamp
[2020/02/06 20:50:42 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp

========== Files - Modified Within 30 Days ==========

[2020/02/26 13:07:05 | 000,035,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2020/02/26 13:07:05 | 000,035,200 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2020/02/26 12:57:15 | 000,178,952 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\MbamChameleon.sys
[2020/02/26 12:57:12 | 000,213,912 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2020/02/26 12:57:03 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2020/02/26 12:56:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2020/02/26 12:56:54 | 1583,226,880 | -HS- | M] () -- C:\hiberfil.sys
[2020/02/11 01:14:01 | 000,129,056 | ---- | M] (Malwarebytes) -- C:\Windows\System32\drivers\mbae.sys
[2020/02/08 20:02:22 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Switch Sound File Converter.lnk
[2020/02/08 19:05:26 | 000,002,174 | ---- | M] () -- C:\Users\KIDS\Desktop\iZotope RX 5 Audio Editor.lnk
[2020/02/08 15:50:56 | 000,001,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2020/02/08 13:00:43 | 000,842,296 | ---- | M] (Adobe) -- C:\Windows\System32\FlashPlayerApp.exe
[2020/02/08 13:00:43 | 000,175,160 | ---- | M] (Adobe) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2020/02/06 20:50:50 | 000,000,961 | ---- | M] () -- C:\Users\KIDS\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2020/02/06 20:50:50 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk

========== Files Created - No Company Name ==========

[2020/02/08 20:02:21 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter.lnk
[2020/02/08 20:02:21 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Switch Sound File Converter.lnk
[2020/02/08 19:05:26 | 000,002,174 | ---- | C] () -- C:\Users\KIDS\Desktop\iZotope RX 5 Audio Editor.lnk
[2020/02/06 20:50:50 | 000,000,961 | ---- | C] () -- C:\Users\KIDS\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2020/02/06 20:50:50 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2018/03/23 10:15:25 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-KIDS-PC-Windows-7-Professional-(32-bit).dat
[2017/06/21 10:51:49 | 000,033,193 | ---- | C] () -- C:\Users\KIDS\AppData\Roaming\UserTile.png

========== ZeroAccess Check ==========

[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2019/05/25 00:59:03 | 012,880,384 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2020/02/08 18:51:02 | 000,000,000 | ---D | M] -- C:\Users\KIDS\AppData\Roaming\audacity
[2018/08/20 19:26:21 | 000,000,000 | ---D | M] -- C:\Users\KIDS\AppData\Roaming\Digiarty
[2020/02/08 19:09:08 | 000,000,000 | ---D | M] -- C:\Users\KIDS\AppData\Roaming\iZotope
[2018/07/27 15:57:25 | 000,000,000 | ---D | M] -- C:\Users\KIDS\AppData\Roaming\JAM Software
[2018/07/18 18:39:36 | 000,000,000 | ---D | M] -- C:\Users\KIDS\AppData\Roaming\Zona

========== Purity Check ==========

< End of report >

**f.r.a.n.k** · 26-02-20, 14:35

OTL Extras logfile created on: 26/02/2020 15:00:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.19596)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

1,97 Gb Total Physical Memory | 1,50 Gb Available Physical Memory | 76,17% Memory free
3,93 Gb Paging File | 3,16 Gb Available in Paging File | 80,25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297,99 Gb Total Space | 88,01 Gb Free Space | 29,53% Space Free | Partition Type: NTFS

Computer Name: KIDS-PC | User Name: KIDS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-541891432-2115559380-3082969310-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML-308046B0AF4A39CB] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Winamp SA)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Winamp SA)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Winamp SA)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{AD78F987-D857-4EB5-93D6-D1CFCF93E8A1}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"{B99ADA06-7F1B-45E0-97CF-111F9757A78F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D35FCAD1-99C5-4214-8E47-A2D7ACB638EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{3E04A8FE-AF37-400D-A6DE-B9CB1546DF29}" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"{3E94995A-CDD2-4D7D-BEE4-C4F57E50C4FF}" = protocol=6 | dir=in | app=c:\program files\popcorn time\updater.exe |
"{4F94DD98-0B48-4D4A-BFDE-A3984C4331DC}" = protocol=6 | dir=in | app=d:\fscommand\cksocketserver.exe |
"{6380092D-801C-49F7-B9FC-F81762D8003F}" = protocol=17 | dir=in | app=c:\windows\system32\dlbkcoms.exe |
"{6B15B975-263F-427D-B9BA-FD65E0BC9399}" = protocol=6 | dir=in | app=c:\windows\system32\dlbkcoms.exe |
"{832F2E58-1163-4B46-862D-6343FC7C97A1}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{9A998611-5007-4122-837E-91A4E977A28F}" = protocol=17 | dir=in | app=d:\fscommand\cksocketserver.exe |
"{B0CA75C4-4A9C-4E3E-AACE-BC9CCAE3DD5F}" = protocol=6 | dir=in | app=c:\program files\popcorn time\popcorntimedesktop.exe |
"{B5571575-2B1F-43D0-94BD-14988886E766}" = protocol=17 | dir=in | app=c:\program files\popcorn time\chromecast\node.exe |
"{BB545EDD-D00E-42A0-AC0E-0DD06D379BA5}" = protocol=17 | dir=in | app=c:\program files\popcorn time\updater.exe |
"{C7FEBCAB-A0D5-4849-A6D0-C5920B4C1435}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{DA549BE8-67AC-459E-9D26-D4661F0BBA3A}" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"{E04C5B82-B468-4965-99C3-F445AE315840}" = protocol=6 | dir=in | app=c:\program files\popcorn time\chromecast\node.exe |
"{E814BA0D-B771-487B-985A-E7EDBAA53688}" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"{F121907E-800F-4DD1-BE11-C133E7F0E9B1}" = protocol=17 | dir=in | app=c:\program files\popcorn time\popcorntimedesktop.exe |
"{FC768DE6-67A0-4503-86F4-FA77FD6C0C14}" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{0833E980-302F-4D19-8819-8F32A1A7AF5B}C:\program files\popcorn time\chromecast\node.exe" = protocol=6 | dir=in | app=c:\program files\popcorn time\chromecast\node.exe |
"TCP Query User{17D58C11-B4CA-40EB-8D5A-F52410658A1F}C:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"TCP Query User{586BD353-2C5D-4530-B656-1965C504647C}C:\program files\popcorn time\popcorntimedesktop.exe" = protocol=6 | dir=in | app=c:\program files\popcorn time\popcorntimedesktop.exe |
"TCP Query User{6D5D2BEA-BD90-4CD3-8C47-750A86C64AB0}C:\program files\soulseekqt\soulseekqt.exe" = protocol=6 | dir=in | app=c:\program files\soulseekqt\soulseekqt.exe |
"TCP Query User{D8748003-DB54-42EE-AAD8-3C41684C2376}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{35CF728C-C3A0-4A65-A891-E96504E4A640}C:\program files\soulseekqt\soulseekqt.exe" = protocol=17 | dir=in | app=c:\program files\soulseekqt\soulseekqt.exe |
"UDP Query User{66DD4EC7-DCE8-4717-8F27-E5F3B5D779F9}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{6EAF5B35-8EB0-43F8-9376-252B00E352B6}C:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe |
"UDP Query User{BD24CF59-2D80-4EF5-BE5B-1B4472385EEB}C:\program files\popcorn time\popcorntimedesktop.exe" = protocol=17 | dir=in | app=c:\program files\popcorn time\popcorntimedesktop.exe |
"UDP Query User{C4F8FAEA-26DC-49C3-B572-FE67E933E4B4}C:\program files\popcorn time\chromecast\node.exe" = protocol=17 | dir=in | app=c:\program files\popcorn time\chromecast\node.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1" = Malwarebytes version 4.0.4.49
"{41ad2668-77a4-4eaa-83d0-1bdda9e470d0}" = Web Companion
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6068A42A-C1CF-45F2-9859-5DB16287FE5D}" = msvcrt_installer
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{6467504D-EF07-4BF2-A42A-96D47C50BAFC}" = Adblock Plus voor IE (32-bit)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.8
"{9D524A1E-F2FC-444D-B12A-7592CEB56EB5}" = Google Earth Pro
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B29F8740-372B-312F-8EEE-18FF857CCBB8}" = Microsoft .NET Framework 4.8
"{BD46163A-0331-4A61-B65A-7B66D7C93F8E}" = vs2015_redist x86
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{c239cea1-d49e-4e16-8e87-8c055765f7ec}" = Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008
"{C6CDA568-CD91-3CA0-9EDE-DAD98A13D6E1}" = Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.10.25008
"{E6222D59-608C-3018-B86B-69BD241ACDE5}" = Microsoft Visual C++ 2017 x86 Additional Runtime - 14.10.25008
"{f4fef76c-1aa9-441c-af7e-d27f58d898d1}_is1" = BCUninstaller
"{FAF5F9DA-73F2-4BF3-8268-E45AAC42B533}" = iCloud
"7-Zip" = 7-Zip 19.00
"Adobe Flash Player NPAPI" = Adobe Flash Player 32 NPAPI
"CCleaner" = CCleaner
"CDex" = CDex - Digital Audio CD Extractor and Converter
"Google Chrome" = Google Chrome
"hp deskjet 5550 series" = hp deskjet 5550 series (Remove only)
"hp deskjet 5550 series_Driver" = hp deskjet 5550 series
"hp print screen utility" = hp print screen utility
"iZotope RX 5_is1" = iZotope RX 5
"Mozilla Firefox 73.0.1 (x86 en-US)" = Mozilla Firefox 73.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Popcorn Time_is1" = Popcorn Time
"Soulseek2" = SoulSeek 157 NS 13e
"Switch" = Switch Sound File Converter
"VLC media player" = VLC media player
"Winamp" = Winamp

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-541891432-2115559380-3082969310-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 18/07/2018 13:37:53 | Computer Name = KIDS-PC | Source = MsiInstaller | ID = 11310
Description =

Error - 18/07/2018 13:37:54 | Computer Name = KIDS-PC | Source = MsiInstaller | ID = 11310
Description =

Error - 18/07/2018 13:37:55 | Computer Name = KIDS-PC | Source = MsiInstaller | ID = 11310
Description =

Error - 18/07/2018 13:37:56 | Computer Name = KIDS-PC | Source = MsiInstaller | ID = 11310
Description =

Error - 21/07/2018 5:23:29 | Computer Name = KIDS-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 61.0.1.6759 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: ba0 Start
Time: 01d42061beff3a4c Termination Time: 2400 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id: 8dc70ed9-8cc7-11e8-9ce3-7071bc1d425d

Error - 21/07/2018 16:20:39 | Computer Name = KIDS-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 2.2.4.0, time stamp:
0x00000004 Faulting module name: ntdll.dll, version: 6.1.7601.24168, time stamp:
0x5b1aa758 Exception code: 0xc0000374 Fault offset: 0x000c3b93 Faulting process id:
0x760 Faulting application start time: 0x01d4212f68be9c86 Faulting application path:
C:\Program Files\VideoLAN\VLC\vlc.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 882dfacc-8d23-11e8-882e-7071bc1d425d

Error - 26/07/2018 11:04:18 | Computer Name = KIDS-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "E:\Windows\avastSS.scr".
Dependent
Assembly Avast.VC140.CRT,processorArchitecture="x86",publicKeyToken="fcc99ee6193ebbca",type="win32",version=" 14.0.23918.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/09/2018 14:38:49 | Computer Name = KIDS-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PopcornTimeDesktop.exe, version: 5.6.1.0,
time stamp: 0x5878b83a Faulting module name: ntdll.dll, version: 6.1.7601.24214,
time stamp: 0x5b626fd1 Exception code: 0xc0000374 Fault offset: 0x000c3b93 Faulting
process id: 0x714 Faulting application start time: 0x01d446d9fbc8be53 Faulting application
path: C:\Program Files\Popcorn Time\PopcornTimeDesktop.exe Faulting module path:
C:\Windows\SYSTEM32\ntdll.dll Report Id: 425cf2d9-b2cd-11e8-bf71-7071bc1d425d

Error - 14/09/2018 10:26:04 | Computer Name = KIDS-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 62.0.0.6816 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: fc4 Start
Time: 01d44c30ce43c1a3 Termination Time: 1580 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id:

Error - 17/09/2018 10:44:23 | Computer Name = KIDS-PC | Source = Application Hang | ID = 1002
Description = The program winamp.exe version 5.6.6.3512 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: fb4 Start
Time: 01d44e762d675c34 Termination Time: 15 Application Path: C:\Program Files\Winamp\winamp.exe

Report
Id: 21fd334d-ba88-11e8-bf7b-7071bc1d425d

[ Media Center Events ]
Error - 24/02/2020 7:42:21 | Computer Name = KIDS-PC | Source = MCUpdate | ID = 0
Description = 12:42:21 - Failed to retrieve MCEClientUX (Error: The underlying connection
was closed: An unexpected error occurred on a send.)

Error - 24/02/2020 7:42:28 | Computer Name = KIDS-PC | Source = MCUpdate | ID = 0
Description = 12:42:22 - Failed to retrieve Broadband (Error: The underlying connection
was closed: An unexpected error occurred on a send.)

Error - 25/02/2020 15:32:40 | Computer Name = KIDS-PC | Source = MCUpdate | ID = 0
Description = 20:32:40 - Failed to retrieve Directory (Error: The underlying connection
was closed: An unexpected error occurred on a send.)

Error - 25/02/2020 15:32:43 | Computer Name = KIDS-PC | Source = MCUpdate | ID = 0
Description = 20:32:43 - Failed to retrieve MCESpotlight (Error: The underlying
connection was closed: An unexpected error occurred on a send.)

Error - 25/02/2020 15:32:45 | Computer Name = KIDS-PC | Source = MCUpdate | ID = 0
Description = 20:32:44 - Failed to retrieve MCEClientUX (Error: The underlying connection
was closed: An unexpected error occurred on a send.)

Error - 25/02/2020 15:33:02 | Computer Name = KIDS-PC | Source = MCUpdate | ID = 0
Description = 20:32:45 - Failed to retrieve Broadband (Error: The underlying connection
was closed: An unexpected error occurred on a send.)

Error - 26/02/2020 8:00:11 | Computer Name = KIDS-PC | Source = MCUpdate | ID = 0
Description = 13:00:11 - Failed to retrieve Directory (Error: The underlying connection
was closed: An unexpected error occurred on a send.)

Error - 26/02/2020 8:00:14 | Computer Name = KIDS-PC | Source = MCUpdate | ID = 0
Description = 13:00:13 - Failed to retrieve MCESpotlight (Error: The underlying
connection was closed: An unexpected error occurred on a send.)

Error - 26/02/2020 8:00:16 | Computer Name = KIDS-PC | Source = MCUpdate | ID = 0
Description = 13:00:15 - Failed to retrieve MCEClientUX (Error: The underlying connection
was closed: An unexpected error occurred on a send.)

Error - 26/02/2020 8:00:16 | Computer Name = KIDS-PC | Source = MCUpdate | ID = 0
Description = 13:00:16 - Failed to retrieve Broadband (Error: The underlying connection
was closed: An unexpected error occurred on a send.)

[ System Events ]
Error - 15/02/2020 10:45:40 | Computer Name = KIDS-PC | Source = Service Control Manager | ID = 7043
Description = The Malwarebytes Service service did not shut down properly after
receiving a preshutdown control.

Error - 18/02/2020 6:05:44 | Computer Name = KIDS-PC | Source = WMPNetworkSvc | ID = 866300
Description = Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder)
encountered error '0x80004005'. Verify that the UPnPHost service is running and
that the UPnPHost component of Windows is installed properly.

Error - 18/02/2020 7:26:05 | Computer Name = KIDS-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068

Error - 18/02/2020 7:26:07 | Computer Name = KIDS-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
discache spldr Wanarpv6

Error - 18/02/2020 7:26:26 | Computer Name = KIDS-PC | Source = DCOM | ID = 10005
Description =

Error - 18/02/2020 7:26:48 | Computer Name = KIDS-PC | Source = DCOM | ID = 10005
Description =

Error - 18/02/2020 7:26:48 | Computer Name = KIDS-PC | Source = DCOM | ID = 10005
Description =

Error - 18/02/2020 7:26:51 | Computer Name = KIDS-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068

Error - 18/02/2020 13:37:44 | Computer Name = KIDS-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 18/02/2020 15:52:56 | Computer Name = KIDS-PC | Source = Service Control Manager | ID = 7043
Description = The Malwarebytes Service service did not shut down properly after
receiving a preshutdown control.

< End of report >

**f.r.a.n.k** · 26-02-20, 14:40

Smartphone spionage-apps: stalker-tools blootgelegd - c't

https://www.ct.nl/achtergrond/smartphone-spionage-apps-stalker/

Het gebruik van FlexiSpy en andere spionage apps is verboden, maar daar malen sommigen niet om. We leggen bloot hoe smartphone spionage-apps te werk gaan.

Spyware - Wikipedia

https://nl.m.wikipedia.org/wiki/Spyware

**Juisterr** · 27-02-20, 11:54

Schakel eerst de Antivirussoftware uit voordat je zoek.exe download of uitvoert.
Schakel je antivirus- en antispywareprogramma's tijdelijk uit, deze kunnen namelijk de werking van Zoek.exe nadelig beïnvloeden.
(hier en hier) kan je lezen hoe je dat doet.

Download Zoek.exe naar het bureaublad.
klik hier voor meer informatie over hoe zoek.exe te gebruiken)

Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kan je dat negeren, het is namelijk een onterechte waarschuwing.

Klik met je rechtermuisknop op Zoek.exe en kies voor de optie Als Administrator uitvoeren.
Kopieer nu onderstaande code en plak die in het grote invulvenster:
Note: Dit script is speciaal bedoeld voor deze Computer, gebruik dit dan ook niet op andere computers met een gelijkaardig probleem.
Code:
```
emptyfolderscheck;delete
firefoxlook; 
Chromelook; 
CHRdefaults;
iedefaults;
```
Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
Post het geopende logje in het volgende bericht bijlage.

Mededeling

veel vastlopers + link werkt niet

veel vastlopers + link werkt niet

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment