Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Dejonckheere on do 09/07/2015 at 22:33:03,20. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Dejonckheere\Desktop\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2015-07-04-090437.log 151363 bytes C:\zoek-results2015-07-04-094910.log 212785 bytes C:\zoek-results2015-07-05-103859.log 28441 bytes ==== Empty Folders Check ====================== C:\Program Files\Enigma Software Group deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Acer\Registration\GregHSRW.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe C:\Program Files (x86)\PDF Architect\HelperService.exe C:\Program Files (x86)\PDF Architect\ConversionService.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Users\Dejonckheere\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe C:\Program Files (x86)\Bouwsoft\UseSocketService.exe C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe C:\Program Files (x86)\Bouwsoft\usesocketservice.exe C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtAvAC.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosHdpProc.exe C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Users\Dejonckheere\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\DEJONC~1\AppData\Roaming\Mozilla\Firefox\Profiles\c76oz5mc.default-1402688203822 ---- FireFox user.js and prefs.js backups ---- user_20150907_2252_.backup prefs_20150907_2252_.backup ProfilePath: C:\Users\DEJONC~1\AppData\Roaming\Mozilla\Firefox\Profiles\jiusomk8.default-1386499530459 ---- FireFox user.js and prefs.js backups ---- user_20150907_2252_.backup prefs_20150907_2252_.backup ProfilePath: C:\Users\DEJONC~1\AppData\Roaming\Mozilla\Firefox\Profiles\y48hc4sg.default-1425317072247 ---- FireFox user.js and prefs.js backups ---- user_20150907_2252_.backup prefs_20150907_2252_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=- ==== Deleting Files \ Folders ====================== C:\Users\Dejonckheere\AppData\Roaming\Mozilla\Firefox\Profiles\y48hc4sg.default-1425317072247\extensions\adremoveext@adremoveext.net not found C:\Users\Dejonckheere\AppData\Roaming\Mozilla\Firefox\Profiles\y48hc4sg.default-1425317072247\extensions\iobitascsurfingprotection@iobit.com not found C:\ProgramData\LolliScan not found C:\Users\Dejonckheere\AppData\Roaming\Mozilla\Firefox\Profiles\y48hc4sg.default-1425317072247\extensions\adremoveext@adremoveext.net not found C:\Users\Dejonckheere\AppData\Roaming\Mozilla\Firefox\Profiles\y48hc4sg.default-1425317072247\extensions\iobitascsurfingprotection@iobit.com not found C:\Users\Dejonckheere\AppData\Local\CrashRpt deleted "C:\Windows\SysNative\tasks\Game_Booster_AutoUpdate" deleted "C:\Windows\SysNative\tasks\SmartDefrag4_Startup" deleted "C:\Windows\SysNative\tasks\SmartDefrag4_Update" deleted "C:\Windows\SysNative\tasks\SpyHunter4Startup" deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 3957 MB CPU Info: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz CPU Speed: 2309.9 MHz Sound Card: Luidsprekers (Realtek High Defi | Realtek Digital Output (Realtek | Display Adapters: AMD Mobility Radeon HD 5000 Series | AMD Mobility Radeon HD 5000 Series | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Microsoft Virtual WiFi Miniport Adapter | Qualcomm Atheros AR5B93 Wireless Network Adapter | Broadcom NetLink (TM) Gigabit Ethernet CD / DVD Drives: 1x (D: | ) D: HL-DT-STDVDRAM GT30N Ports: COM3 | COM13 | COM14 | COM15 | COM16 | COM17 | COM18 | COM19 | COM20 | COM21 | COM22 | COM10 LPT Port NOT Present. Mouse: 16 Button Wheel Mouse Present Hard Disks: C: 584.4GB Hard Disks - Free: C: 409.9GB Manufacturer *: Phoenix Technologies LTD BIOS Info: AT/AT COMPATIBLE | 12/25/09 | ACRSYS - 6040000 Time Zone: Romance (standaardtijd) Motherboard *: Acer Aspire 7740 Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Spyware: Windows Defender disabled (Outdated) Internet Explorer Version: 11.0.9600.17843 Adobe Reader version: 11.0.04.63 Flash Player version: 16.0.0.305 Shockwave Player version: 12.1.6r156 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\DEJONC~1\AppData\Local\Temp ==== 2015-07-09 18:51:56 D9348DB92AB4E5B94F005F0F651DE2B1 43008 ----a-w- C:\Users\Dejonckheere\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6rnbnd.dll 2015-07-07 20:24:22 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Dejonckheere\AppData\Local\Temp\bf6fd61c534be1a700920553a3061423BSMain.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2015-06-25 21:01:29 F4AFDB5ABEA0C9079E8193E24D1DB21D 1174528 ----a-w- C:\Windows\SysWOW64\crypt32.dll 2015-06-25 21:01:29 D864C283FFD7C080FDC25FD4C798FF8D 103936 ----a-w- C:\Windows\SysWOW64\cryptnet.dll 2015-06-25 21:01:29 588D52C2D0E60EE71FD5A64407865B10 179200 ----a-w- C:\Windows\SysWOW64\wintrust.dll 2015-06-25 21:01:29 33F67BBCC3C0499D3F3382473114CFA8 143872 ----a-w- C:\Windows\SysWOW64\cryptsvc.dll 2015-06-25 20:59:37 F26680AF396F89F7ABFDA1D1D6B62011 285696 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2015-06-25 20:59:37 DB254D50B4527C2821C537E0587B44E8 12829696 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2015-06-25 20:59:37 975421AC32F9F6E27A58F75DAB4B5871 19607040 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2015-06-25 20:59:37 8C8B8C78C0CCD5D36ABCB115B0B581E1 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2015-06-25 20:59:37 6B7210618D7E2CE0404ECF748701253A 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2015-06-25 20:59:37 2DED8A99E45053C42DD21D6937D3960C 689152 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2015-06-25 20:59:37 1A628C1F5470F0AF21E37E425026F27A 478208 ----a-w- C:\Windows\SysWOW64\ieui.dll 2015-06-25 20:59:37 17B0852D8202A872C3E6D01B518B6A4E 418304 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2015-06-25 20:59:36 FB5C9234E4BF6BDAF4A954763A4582BA 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll 2015-06-25 20:59:36 EF853EA2A6A7BD891CCF31B0C2915352 341504 ----a-w- C:\Windows\SysWOW64\html.iec 2015-06-25 20:59:36 E4EB138060BAE0DBAB1A3B71A3141FE7 1950720 ----a-w- C:\Windows\SysWOW64\wininet.dll 2015-06-25 20:59:36 E21AE910DF0C5CB7D46D8FA17A4567DE 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2015-06-25 20:59:36 C93AE4D14AEF5169791B35D97AE7C9FC 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2015-06-25 20:59:36 C27C8CACEBC712BE2AD791715E9734EC 664064 ----a-w- C:\Windows\SysWOW64\jscript.dll 2015-06-25 20:59:36 B6D8148C1C697A7BF04EE0FE82408B6A 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2015-06-25 20:59:36 9F6066005D8B8620598085C7499E9B70 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2015-06-25 20:59:36 96837E5864777688477AF6DE2332C06D 503808 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2015-06-25 20:59:36 927E38A35E4DFC4E294BD130BAA6F759 2278912 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2015-06-25 20:59:36 8C3A03295F56D1FFB51D9D05DA42B12D 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2015-06-25 20:59:36 85E21CCF38166E0D6DE2E42D9D3823BD 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2015-06-25 20:59:36 81C1182A9EE7AC4D21187811DE66A7D0 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2015-06-25 20:59:36 7DBCBB1647B7CD71E2039C1B50A12717 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2015-06-25 20:59:36 7C9F8DB66A56306C5BBE97F9FC0F01EF 342736 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2015-06-25 20:59:36 5C06EE62F06E990E9521EA80B8D4D4B8 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2015-06-25 20:59:36 53E9614ADFA6A40A452BA014CEF6F261 1309696 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2015-06-25 20:59:36 4ABEEF30EA5B9F4718312DCB60B6C9BC 2052608 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2015-06-25 20:59:36 3FD7E6DB5D81FE400DB4D81D278596E6 4305920 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2015-06-25 20:59:36 185490A6C3BEDAC5EF547314F68AB07B 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-06-25 20:56:38 58788565442368B0615DDAF1D452B843 530432 ----a-w- C:\Windows\SysWOW64\comctl32.dll 2015-06-25 20:54:07 DA27A4EA7B7C77FAFDB3F94D83E310C1 12625408 ----a-w- C:\Windows\SysWOW64\wmploc.DLL 2015-06-25 20:54:07 A98E8F79C738CAF23C152DBCABD978FE 11411456 ----a-w- C:\Windows\SysWOW64\wmp.dll 2015-06-25 20:54:07 605E9B2CFA3445ED7716D0B345EE21EC 8192 ----a-w- C:\Windows\SysWOW64\spwmp.dll 2015-06-25 20:54:07 2401379E0610D15FAB78A4B1646F5B8D 4096 ----a-w- C:\Windows\SysWOW64\msdxm.ocx 2015-06-25 20:54:07 2401379E0610D15FAB78A4B1646F5B8D 4096 ----a-w- C:\Windows\SysWOW64\dxmasf.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2015-06-25 21:02:32 53405CDA694982E5C6A0E9454AC1D407 493504 ----a-w- C:\Windows\Sysnative\mcupdate_GenuineIntel.dll 2015-06-25 21:01:29 C5752F5CE47B6B00F914AE91087C0CB4 229376 ----a-w- C:\Windows\Sysnative\wintrust.dll 2015-06-25 21:01:29 7EE0A3B9E904AF4744E4D8F00CB5CA32 140288 ----a-w- C:\Windows\Sysnative\cryptnet.dll 2015-06-25 21:01:29 7BC3E861F7E8EB543A630090FAE779E0 188416 ----a-w- C:\Windows\Sysnative\cryptsvc.dll 2015-06-25 21:01:29 71187FA11F58012C188453877E16EB8B 1480192 ----a-w- C:\Windows\Sysnative\crypt32.dll 2015-06-25 20:59:37 AE5A2843B4A2E1E558B9EE13EF62CCE5 14404096 ----a-w- C:\Windows\Sysnative\ieframe.dll 2015-06-25 20:59:37 ACD6FE6C82B93813F023FC01A51CB940 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2015-06-25 20:59:37 8909A24DA8B5C426CF6595BA843B6CC5 490496 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2015-06-25 20:59:37 86FDFEA67833DB261EC01A777594EDCF 316928 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2015-06-25 20:59:37 35622F5A652C4E16774234DCA0026E74 633856 ----a-w- C:\Windows\Sysnative\ieui.dll 2015-06-25 20:59:37 083BCA14FCE290D682D8DAC9372CBF23 801280 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2015-06-25 20:59:36 FF84182188CA8F0DC28CFED06C9B7816 2125824 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2015-06-25 20:59:36 D202078FBA3A77B85D39669EE4110DE2 389840 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2015-06-25 20:59:36 CFA52E2FE8E623042A1EEF96EB1B9481 6026240 ----a-w- C:\Windows\Sysnative\jscript9.dll 2015-06-25 20:59:36 AFF5C12099B87FA645F8867701729894 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2015-06-25 20:59:36 A29BAFC1543F9D2234AFFFEA9BCE76C8 24917504 ----a-w- C:\Windows\Sysnative\mshtml.dll 2015-06-25 20:59:36 9E2B8C0601E3D460F78F0233B509CE4F 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll 2015-06-25 20:59:36 9DB8E01D5A546FAFCACE95489E351186 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2015-06-25 20:59:36 83781DF625A4448B39410D7FA2BDC48D 816640 ----a-w- C:\Windows\Sysnative\jscript.dll 2015-06-25 20:59:36 7F8F9AE03D1BA4354671E05F07A40F1A 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2015-06-25 20:59:36 73509D13542A90E260F45D1D6D4100A8 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2015-06-25 20:59:36 70D24021ED327CE7FFA9DEE327BB4C6B 720384 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2015-06-25 20:59:36 6E295C7364DAEB151CC0E98434B6AC92 2885632 ----a-w- C:\Windows\Sysnative\iertutil.dll 2015-06-25 20:59:36 6ABFC5736EC920C4436F32111F5CBCEE 1545728 ----a-w- C:\Windows\Sysnative\urlmon.dll 2015-06-25 20:59:36 5F8EE9311ECF078CD9426874FFAD660C 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll 2015-06-25 20:59:36 57DFACB53ED16190EF732E2430B39741 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2015-06-25 20:59:36 4BD747AAF01C480901B3E777EC48826B 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2015-06-25 20:59:36 4A5A84B457C72E79A64AE4036EC6BB0E 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2015-06-25 20:59:36 417F80E4AFBA1AA9EBBD618F1C6D9165 2426880 ----a-w- C:\Windows\Sysnative\wininet.dll 2015-06-25 20:59:36 3C3E159F284F51D55DB59C3D0B843979 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2015-06-25 20:59:36 3854BFE1C0F14872C94501421CC40813 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2015-06-25 20:59:36 36F3718E67F442F54AB4A39DCDD8FD19 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2015-06-25 20:59:36 33B5F1A727FACDEA7CDA0E35FFAADDCF 584192 ----a-w- C:\Windows\Sysnative\vbscript.dll 2015-06-25 20:59:36 2BC2D3A41BB755487FD55C09938F00BC 417792 ----a-w- C:\Windows\Sysnative\html.iec 2015-06-25 20:59:36 16091938F6CDBCCCBA1CBE24600121BC 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2015-06-25 20:59:36 0EDA3219FA027A486AA11269355AB279 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2015-06-25 20:59:36 06A8CE6C3AE6B7916F026B0EFDDCAAA5 199680 ----a-w- C:\Windows\Sysnative\msrating.dll 2015-06-25 20:56:38 51F89CE2D0FEC66070354504E6C4C3E4 633856 ----a-w- C:\Windows\Sysnative\comctl32.dll 2015-06-25 20:55:42 1EE2DBA5AD2E5EB618C7FB187C2CFDF4 3206144 ----a-w- C:\Windows\Sysnative\win32k.sys 2015-06-25 20:54:07 9D80A82B0BB77AC3EF6A87FA0C534E20 14635008 ----a-w- C:\Windows\Sysnative\wmp.dll 2015-06-25 20:54:07 834FD7C31EA16D59CC3B2DC60F2F2620 9728 ----a-w- C:\Windows\Sysnative\spwmp.dll 2015-06-25 20:54:07 51ECEE70F33601310DDEF3EEE39550D3 12625920 ----a-w- C:\Windows\Sysnative\wmploc.DLL 2015-06-25 20:54:07 1A8C5D4BE449E4A9D8667A341E535E22 5120 ----a-w- C:\Windows\Sysnative\msdxm.ocx 2015-06-25 20:54:07 1A8C5D4BE449E4A9D8667A341E535E22 5120 ----a-w- C:\Windows\Sysnative\dxmasf.dll ====== C:\Windows\Sysnative\drivers ===== 2015-06-25 16:03:52 F0F9FB46B79AD902BB317493C44C6F53 69568 ----a-w- C:\Windows\Sysnative\drivers\TosRfSnd.sys 2015-06-25 16:01:27 ED38B8924DE8C806A2A1C12C4F61E9CF 94720 ----a-w- C:\Windows\Sysnative\drivers\AtihdW76.sys 2015-06-25 15:58:10 D63E2B47D1BCB63CCCEF8F591CEDAEE5 4464344 ----a-w- C:\Windows\Sysnative\drivers\RTKVHD64.sys 2015-06-25 15:58:09 0CDDEA5B4E709CB32715C0B630D7F888 2048372 ----a-w- C:\Windows\Sysnative\drivers\RTAIODAT.DAT 2015-06-17 05:29:49 BF69D973523D539A35807946C6DA7E16 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2015-06-17 05:29:49 272C27711C8AA6E7815EE33F8ACA9C66 155584 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2015-06-17 05:24:58 36E0DDD19038C92B7C7709BFA03F813F 69888 ----a-w- C:\Windows\Sysnative\drivers\stream.sys ====== C:\Windows\Tasks ====== 2015-06-18 19:10:54 D526860A88E6DAB77D787081693ECBD6 1052 ----a-w- C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1676756398-211950510-2368295547-1001UA.job 2015-06-18 19:10:54 C46AAF3D962CA0C876000F856DC32FF5 4036 ----a-w- C:\Windows\Sysnative\Tasks\DropboxUpdateTaskUserS-1-5-21-1676756398-211950510-2368295547-1001UA 2015-06-18 19:10:53 9898A0B9C91636D026880673C725A289 1000 ----a-w- C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1676756398-211950510-2368295547-1001Core.job 2015-06-18 19:10:53 64BC659E9AEEA524E1ACAF90B4D15E55 3640 ----a-w- C:\Windows\Sysnative\Tasks\DropboxUpdateTaskUserS-1-5-21-1676756398-211950510-2368295547-1001Core ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2015-07-03 15:54:39 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== ======= C: ===== ====== C:\Users\Dejonckheere\AppData\Roaming ====== 2015-07-04 09:41:46 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp 2015-07-04 09:41:46 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2015-07-04 09:41:46 -------- d-----w- C:\Users\TEMP\AppData\Local\Temp 2015-07-04 09:41:46 -------- d-----w- C:\Users\postgres\AppData\Local\Temp 2015-07-04 09:41:46 -------- d-----w- C:\Users\postgres.DEJONCKHEERE-PC\AppData\Local\Temp 2015-07-04 09:41:46 -------- d-----w- C:\Users\POSTGR~1.DEJ\AppData\Local\Temp 2015-07-04 09:41:46 -------- d-----w- C:\Users\Dejonckheere\AppData\Local\Temp 2015-07-04 09:41:46 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2015-07-04 09:41:46 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2015-06-18 19:12:07 -------- d-----w- C:\Users\Dejonckheere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-06-18 19:10:39 -------- d-----w- C:\Users\Dejonckheere\AppData\Local\Dropbox ====== C:\Users\Dejonckheere ====== 2015-06-18 19:10:39 -------- d-----w- C:\ProgramData\Dropbox ====== C: exe-files == 2015-07-07 20:24:22 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Dejonckheere\AppData\Local\Temp\bf6fd61c534be1a700920553a3061423BSMain.exe 2015-07-03 15:54:40 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Dejonckheere.exe === C: other files == 2015-07-08 20:55:20 C39DFF8E77BF79370AF709BC10280337 13475828 ----a-w- C:\Users\Dejonckheere\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55YUGDD0\wetransfer-7e2eb7.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1676756398-211950510-2368295547-1006\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-1676756398-211950510-2368295547-1006\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" "ScrSav"="C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acer ePower Management] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Acer ePower Management" "hkey"="HKLM" "command"="C:\\Program Files\\Acer\\Acer ePower Management\\ePowerTray.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BackupManagerTray] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BackupManagerTray" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\NewTech Infosystems\\Acer Backup Manager\\BackupManagerTray.exe\" -h -k" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BrStsMon00] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BrStsMon00" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\Browny02\\Brother\\BrStMonW.exe /AUTORUN" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ControlCenter4] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ControlCenter4" "hkey"="HKLM" "command"="C:\\Program Files (x86)\\ControlCenter4\\BrCcBoot.exe /autorun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EgisTecLiveUpdate] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="EgisTecLiveUpdate" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\EgisTec Egis Software Update\\EgisUpdate.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Steam" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Steam\\Steam.exe\" -silent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Dejonckheere^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Bouwsoft Beheer.lnk] "item"="Bouwsoft Beheer" "path"="C:\\Users\\Dejonckheere\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Bouwsoft Beheer.lnk" "backup"="C:\\Windows\\pss\\Bouwsoft Beheer.lnk.Startup" "backupExtension"=".Startup" "command"="C:\\PROGRA~2\\Bouwsoft\\Tools\\WERKST~1\\beheer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Akamai] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WMPNetworkSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WPCSvc] ==== Startup Folders ====================== 2015-05-12 05:11:31 1122 ----a-w- C:\Users\Dejonckheere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2015-06-26 18:29:34 1028 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-1676756398-211950510-2368295547-1001Core.job --a------ C:\Users\Dejonckheere\AppData\Local\Dropbox\Update\DropboxUpdate.exe [18/06/2015 21:10] C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-1676756398-211950510-2368295547-1001UA.job --a------ C:\Users\Dejonckheere\AppData\Local\Dropbox\Update\DropboxUpdate.exe [18/06/2015 21:10] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-1676756398-211950510-2368295547-1001Core" [C:\Users\Dejonckheere\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-1676756398-211950510-2368295547-1001UA" [C:\Users\Dejonckheere\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\SysNative\tasks\Uninstaller_SkipUac_Administrator" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe] "C:\Windows\SysNative\tasks\Uninstaller_SkipUac_Dejonckheere" [C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\DEJONC~1\AppData\Roaming\Mozilla\Firefox\Profiles\y48hc4sg.default-1425317072247 user_pref("browser.startup.homepage", "www.ddejonckheere.be"); ==== Firefox Extensions ====================== ProfilePath: C:\Users\DEJONC~1\AppData\Roaming\Mozilla\Firefox\Profiles\y48hc4sg.default-1425317072247 - Undetermined - C:\Users\Dejonckheere\AppData\Roaming\Mozilla\Firefox\Profiles\y48hc4sg.default-1425317072247\extensions\adremoveext@adremoveext.net - Undetermined - C:\Users\Dejonckheere\AppData\Roaming\Mozilla\Firefox\Profiles\y48hc4sg.default-1425317072247\extensions\iobitascsurfingprotection@iobit.com ==== Firefox Plugins ====================== Profilepath: C:\Users\Dejonckheere\AppData\Roaming\Mozilla\Firefox\Profiles\y48hc4sg.default-1425317072247 AD76B0F3348914E133455E52743C839D - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll - Shockwave for Director / Shockwave for Director 4390CCD3790F8D9C427C0C29590C62D7 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash C62322C77D1AAB77B1CF1130FCC3673A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions hbcennhacfaagdopikcegfcobcadeocj - No path found[] icdlfehblmklkikfigmjhbmmpmkmpooj - No path found[] mhkaekfpcppmmioggniknbnbdbcigpkk - No path found[] pfndaklgolladniicklehhancnlgocpp - No path found[] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.be/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0191A6B0-1154-4C22-9182-23A95BBE92D9}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0191A6B0-1154-4C22-9182-23A95BBE92D9} Google Url="http://www.google.com/search?q={searchTerms}" ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1676756398-211950510-2368295547-1006\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres') O4 - HKUS\S-1-5-21-1676756398-211950510-2368295547-1006\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres') O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe -update activex (User 'Default user') O4 - Startup: Dropbox.lnk = C:\Users\Dejonckheere\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: linkscanner - (no CLSID) - (no file) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: @%systemroot%\system32\CISVC.EXE,-1 (CISVC) - Unknown owner - C:\Windows\system32\CISVC.EXE (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe O23 - Service: NitroPDFReaderDriverCreatorReadSpool3 (NitroReaderDriverReadSpool3) - Nitro PDF Software - C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\HelperService.exe O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\ConversionService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: postgresql-8.4 - PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: UseSocketService - Use It Group NV - C:\Program Files (x86)\Bouwsoft\UseSocketService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Dejonckheere\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Dejonckheere\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\postgres.DEJONCKHEERE-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\POSTGR~1.DEJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1174 folders=172 449611819 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Dejonckheere\AppData\Local\Temp will be emptied at reboot C:\Users\postgres\AppData\Local\Temp emptied successfully C:\Users\postgres.DEJONCKHEERE-PC\AppData\Local\Temp emptied successfully C:\Users\TEMP\AppData\Local\Temp emptied successfully C:\Users\POSTGR~1.DEJ\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\DEJONC~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on do 09/07/2015 at 22:58:21,18 ======================