Zoek.exe v5.0.0.1 Updated 27-09-2015 Tool run by Kris on za 30/04/2016 at 14:55:35,09. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64 Running in: Normal Mode No Internet Access Detected Launched: C:\Users\Kris\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 30/04/2016 15:04:21 Zoek.exe System Restore Point Created Successfully. ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\DropboxCopyHook {FBC9D74C-AF55-4309-9FB2-C426E071637F} C:\Users\Kris\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Empty Folders Check ====================== C:\PROGRA~2\Epson deleted successfully C:\PROGRA~2\COMMON~1\Sony Shared deleted successfully C:\Program Files\log deleted successfully C:\Program Files\trend micro deleted successfully C:\Program Files\Common Files\Sony Shared deleted successfully C:\PROGRA~3\Avg deleted successfully C:\PROGRA~3\HPQLOG deleted successfully C:\PROGRA~3\Logitech deleted successfully C:\PROGRA~3\Oracle deleted successfully C:\Users\Kris\AppData\Roaming\EasternGraphics deleted successfully C:\Users\Kris\AppData\Roaming\TP deleted successfully C:\Users\Kris\AppData\Roaming\WinPatrol deleted successfully C:\Users\Kris\AppData\Local\CrashDumps deleted successfully C:\Users\Kris\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Kris\AppData\Local\EmieSiteList deleted successfully C:\Users\Kris\AppData\Local\EmieUserList deleted successfully C:\Users\Kris\AppData\Local\HP MediaSmart Video deleted successfully C:\Users\Kris\AppData\Local\PackageAware deleted successfully C:\Users\Kris\AppData\Local\PDFC deleted successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\CrashDumps deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe C:\Program Files (x86)\PDF Complete\pdfsvc.exe C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe C:\Program Files (x86)\Simple Malware Protector\SimpleMalwareProtector.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files (x86)\MAG Softwrx, Inc\Timeless Time and Expense Windows 3.0\TimelessTimeAndExpense.exe C:\Users\Kris\AppData\Roaming\Spotify\SpotifyWebHelper.exe C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe C:\ARKEY\AQCStart.exe C:\Program Files (x86)\McAfee\Common Framework\McTray.exe C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Users\Kris\Desktop\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe ==== Services(whitelist) ====================== Powered by [url=http://www.antimalwarehelp.be/EDev/]E Dev[/url] R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe R2 - [AdobeUpdateService] - AdobeUpdateService - c:\program files (x86)\common files\adobe\adobe desktop common\elevationmanager\adobeupdateservice.exe R2 - [AESTFilters] - Andrea ST Filters Service - c:\program files\idt\wdm\aestsr64.exe R2 - [AGSService] - Adobe Genuine Software Integrity Service - c:\program files (x86)\common files\adobe\adobegcclient\agsservice.exe R2 - [Apple Mobile Device Service] - Apple Mobile Device Service - c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe R2 - [Bonjour Service] - Bonjour-service - c:\program files\bonjour\mdnsresponder.exe R2 - [CalendarSynchService] - CalendarSynchService - c:\program files (x86)\hewlett-packard\touchsmart\calendar\service\gcalservice.exe R2 - [ClickToRunSvc] - Microsoft Office ClickToRun Service - c:\program files\microsoft office 15\clientx64\officeclicktorun.exe R2 - [cvhsvc] - Client Virtualization Handler - c:\program files (x86)\common files\microsoft shared\virtualization handler\cvhsvc.exe R2 - [DpHost] - Authentication Service - c:\program files\hewlett-packard\hp protecttools security manager\bin\dphostw.exe R2 - [DTSRVC] - Portrait Displays Display Tune Service - c:\program files (x86)\common files\portrait displays\shared\dtsrvc.exe R2 - [HP Support Assistant Service] - HP Support Assistant Service - c:\program files (x86)\hewlett-packard\hp support framework\hpsa_service.exe R2 - [HPClientSvc] - HP Client Services - c:\program files\hewlett-packard\hp client services\hpclientservices.exe R2 - [IconMan_R] - IconMan_R - c:\program files (x86)\realtek\realtek pcie card reader\riconman.exe R2 - [jhi_service] - Intel(R) Identity Protection Technology Host Interface Service - c:\program files (x86)\intel\services\ipt\jhi_service.exe R2 - [LMS] - Intel(R) Management and Security Application Local Management Service - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe R2 - [MBAMScheduler] - MBAMScheduler - c:\program files (x86)\malwarebytes anti-malware\mbamscheduler.exe R2 - [MBAMService] - MBAMService - c:\program files (x86)\malwarebytes anti-malware\mbamservice.exe R2 - [McAfee Endpoint Encryption Agent] - McAfee Endpoint Encryption Agent - c:\program files\hewlett-packard\drive encryption\eeagent\mfeepehost.exe R2 - [McAfeeFramework] - McAfee Framework Service - c:\program files (x86)\mcafee\common framework\frameworkservice.exe R2 - [McShield] - McAfee McShield - c:\program files\common files\mcafee\systemcore\\mcshield.exe R2 - [McTaskManager] - McAfee Task Manager - c:\program files (x86)\mcafee\virusscan enterprise\vstskmgr.exe R2 - [mfevtp] - McAfee Validation Trust Protection Service - c:\windows\system32\mfevtps.exe R2 - [pdfcDispatcher] - PDF Document Manager - c:\program files (x86)\pdf complete\pdfsvc.exe R2 - [PdiService] - Portrait Displays SDK Service - c:\program files (x86)\common files\portrait displays\drivers\pdisrvc.exe R2 - [sftlist] - Application Virtualization Client - c:\program files (x86)\microsoft application virtualization client\sftlist.exe R2 - [STacSV] - Audio Service - c:\program files\idt\wdm\stacsv64.exe R2 - [uArcCapture] - ArcCapture - c:\windows\syswow64\arcvcaprender\uarccapture.exe R2 - [UNS] - Intel(R) Management and Security Application User Notification Service - c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe R2 - [WDBackup] - WD Backup - c:\program files (x86)\western digital\wd smartware\wdbackupengine.exe R2 - [WDDriveService] - WD Drive Manager - c:\program files (x86)\western digital\wd drive manager\wddriveservice.exe R2 - [WDRulesService] - WD Rules - c:\program files (x86)\western digital\wd smartware\wdrulesengine.exe R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe R3 - [sftvsa] - Application Virtualization Service Agent - c:\program files (x86)\microsoft application virtualization client\sftvsa.exe R3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe S3 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe S3 - [FLCDLOCK] - HP ProtectTools Device Locking / Auditing - c:\windows\syswow64\flcdlock.exe S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe S3 - [GamesAppIntegrationService] - GamesAppIntegrationService - c:\program files (x86)\wildtangent games\app\gamesappintegrationservice.exe S3 - [GamesAppService] - GamesAppService - c:\program files (x86)\wildtangent games\app\gamesappservice.exe S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe S3 - [hpqwmiex] - HP Software Framework Service - c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe S3 - [iPod Service] - iPod-service - c:\program files\ipod\bin\ipodservice.exe S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe S3 - [odserv] - Microsoft Office Diagnostics Service - c:\program files (x86)\common files\microsoft shared\office12\odserv.exe S3 - [ose] - Office Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe S3 - [WatAdminSvc] - Windows Activation Technologies-service - c:\windows\system32\wat\watadminsvc.exe S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Epson not found C:\PROGRA~2\Microsoft Touch Pack for Windows 7 deleted C:\Users\Kris\AppData\Roaming\DriverCure deleted C:\PROGRA~3\InstallMate deleted C:\PROGRA~3\{0D9D262D-4BA2-4BC3-9CD3-4D1A9AE63E18} deleted C:\PROGRA~3\{18165758-115C-4DC0-9EC2-FF89F725767F} deleted C:\PROGRA~3\{9E00B65F-AE64-48AB-96A6-E042ECD1D858} deleted C:\PROGRA~3\Package Cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services deleted C:\Windows\SysNative\config\systemprofile\Searches deleted "C:\Users\Kris\AppData\Roaming\JP2K CS6-voorkeuren" deleted ==== System Specs ====================== Operating System: Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 64-bits Manufacturer: Hewlett-Packard - Model: HP TouchSmart 7320 Lavaca-B EU L6 PC Install Date: 7/08/2012 9:59:54 Last Boot: 30/04/2016 12:26:32 Processor: Intel(R) Core(TM) i5-2400S CPU @ 2.50GHz Number of Processors: 4 Work Station Bootmode: Normal boot Total RAM: 4000 MB (free 1378 MB - 34) Computername: KRIS-HP Domain: WORKGROUP User: Kris (Administrator account) Local Disk: C:\ - NTFS - 444 GB (free 154 GB) Local Disk: D:\ - NTFS - 20 GB (free 2 GB) CD \ DVD Drive: E:\ Removable Disk: F:\ - FAT32 - 3 GB (free 2 GB) Network Drive: H:\ - CSC-CACHE - 444 GB (free 154 GB) Network Drive: I:\ - CSC-CACHE - 444 GB (free 154 GB) Local Disk: Q:\ - - GB (free GB) Bootdevice: \Device\HarddiskVolume1 Windows update: Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== Anti-Virus: McAfee VirusScan Enterprise On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: McAfee VirusScan Enterprise Antispyware Module disabled (Outdated) Internet Explorer Version: 11.0.9600.18282 Adobe Reader version: 11.0.14.16 Sun Java version: 1.7.0_71 (32-bit) Flash Player version: 19.0.0.245 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Kris\AppData\Local\Temp ==== 2016-04-28 17:18:56 25B3907F2577FD6B363BFBACB5A74B68 617536 ----a-w- C:\Users\Kris\AppData\Local\Temp\HPSFUpdater.exe 2016-04-26 20:39:42 BB5E72831A19C35DD2A63157019F9042 417928 ----a-w- C:\Users\Kris\AppData\Local\Temp\TeamViewer\uninstall.exe 2016-04-26 20:39:35 FBC76FB8AC96C179E4D0BC806B850748 230672 ----a-w- C:\Users\Kris\AppData\Local\Temp\TeamViewer\tv_w32_2016-04-27-20-40-21.exe 2016-04-26 20:39:35 F40858B6B5F3427377300AC72D19F8F1 6456592 ----a-w- C:\Users\Kris\AppData\Local\Temp\TeamViewer\TeamViewer_Desktop.exe 2016-04-26 20:39:35 E1AA8782104ECE1F6D2AC393865FE0B9 231184 ----a-w- C:\Users\Kris\AppData\Local\Temp\TeamViewer\tv_w32.exe 2016-04-26 20:39:35 D49C23DB12620E88ADA024E9ACE511C2 629520 ----a-w- C:\Users\Kris\AppData\Local\Temp\TeamViewer\Teamviewer_resource_nl_2016-04-26-22-39-51.dll 2016-04-26 20:39:35 D49C23DB12620E88ADA024E9ACE511C2 629520 ----a-w- C:\Users\Kris\AppData\Local\Temp\TeamViewer\TeamViewer_Resource_nl.dll 2016-04-26 20:39:35 C87327650D34E3B6EF724C35C3727DFE 264976 ----a-w- C:\Users\Kris\AppData\Local\Temp\TeamViewer\tv_x64.exe 2016-04-26 20:39:35 AE99C48BDE60639433757E0126243770 274704 ----a-w- C:\Users\Kris\AppData\Local\Temp\TeamViewer\tv_x64.dll 2016-04-26 20:39:35 A72A1CFF44CF1037B8B53877BA8CF71C 5575440 ----a-w- C:\Users\Kris\AppData\Local\Temp\TeamViewer\TeamViewer_Service.exe 2016-04-26 20:39:35 621E9C452BA8F38F4E6758DC14E82FAF 250640 ----a-w- C:\Users\Kris\AppData\Local\Temp\TeamViewer\tv_w32.dll 2016-04-26 20:39:35 6117139656C0B01DB5C0364F64644B06 248592 ----a-w- C:\Users\Kris\AppData\Local\Temp\TeamViewer\tv_w32_2016-04-27-20-40-21.dll 2016-04-26 20:39:35 6117139656C0B01DB5C0364F64644B06 248592 ----a-w- C:\Users\Kris\AppData\Local\Temp\TeamViewer\tv_w32_2016-04-26-22-40-15.dll 2016-04-26 20:39:35 491FCF06D539E45EB27C5299ED490DCF 272656 ----a-w- C:\Users\Kris\AppData\Local\Temp\TeamViewer\tv_x64_2016-04-27-20-40-21.dll 2016-04-26 20:39:35 40F0FE266B0785EA2208A30A586CAD98 347408 ----a-w- C:\Users\Kris\AppData\Local\Temp\TeamViewer\Teamviewer_resource_nl_2016-04-27-20-40-21.dll 2016-04-26 20:39:35 40F0FE266B0785EA2208A30A586CAD98 347408 ----a-w- C:\Users\Kris\AppData\Local\Temp\TeamViewer\Teamviewer_resource_nl_2016-04-26-22-40-15.dll 2016-04-26 20:39:35 2FB0CF0CB5E25197D317AFCC5C65DB58 3998992 ----a-w- C:\Users\Kris\AppData\Local\Temp\TeamViewer\Teamviewer_StaticRes_2016-04-27-20-40-21.dll 2016-04-26 20:39:35 2FB0CF0CB5E25197D317AFCC5C65DB58 3998992 ----a-w- C:\Users\Kris\AppData\Local\Temp\TeamViewer\Teamviewer_StaticRes_2016-04-26-22-40-15.dll 2016-04-26 20:39:35 24B9BA271BC87C8B9FC05A688923652F 263952 ----a-w- C:\Users\Kris\AppData\Local\Temp\TeamViewer\tv_x64_2016-04-27-20-40-21.exe 2016-04-26 20:39:35 1EEC83CCBF92237403EA26EA3B3486A6 43490576 ----a-w- C:\Users\Kris\AppData\Local\Temp\TeamViewer\Teamviewer_StaticRes_2016-04-27-20-36-09.dll 2016-04-26 20:39:35 1EEC83CCBF92237403EA26EA3B3486A6 43490576 ----a-w- C:\Users\Kris\AppData\Local\Temp\TeamViewer\TeamViewer_StaticRes.dll 2016-04-26 20:39:34 29BCCE77AB58A333099D86E27ED8A1BD 17264400 ----a-w- C:\Users\Kris\AppData\Local\Temp\TeamViewer\TeamViewer_2016-04-27-20-36-09.exe 2016-04-26 20:39:34 29BCCE77AB58A333099D86E27ED8A1BD 17264400 ----a-w- C:\Users\Kris\AppData\Local\Temp\TeamViewer\TeamViewer_2016-04-26-22-39-51.exe 2016-04-26 20:39:34 0A19FC76181BFFE86ADD75739F29D05E 13057296 ----a-w- C:\Users\Kris\AppData\Local\Temp\TeamViewer\TeamViewer_2016-04-27-20-40-21.exe 2016-04-26 20:39:34 0A19FC76181BFFE86ADD75739F29D05E 13057296 ----a-w- C:\Users\Kris\AppData\Local\Temp\TeamViewer\TeamViewer_2016-04-27-20-35-29.exe 2016-04-26 20:39:34 0A19FC76181BFFE86ADD75739F29D05E 13057296 ----a-w- C:\Users\Kris\AppData\Local\Temp\TeamViewer\TeamViewer_2016-04-26-22-40-15.exe 2016-04-26 20:39:34 0A19FC76181BFFE86ADD75739F29D05E 13057296 ----a-w- C:\Users\Kris\AppData\Local\Temp\TeamViewer\TeamViewer_2016-04-26-22-39-59.exe 2016-04-26 20:39:34 0A19FC76181BFFE86ADD75739F29D05E 13057296 ----a-w- C:\Users\Kris\AppData\Local\Temp\TeamViewer\TeamViewer_2016-04-26-22-39-40.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2016-04-27 17:01:18 6F6528F63846C7ACE201D20C14F0A438 26296 ----a-w- C:\Windows\Sysnative\smpnative64.exe 2016-04-26 20:12:10 FA52FFA74A1C37D325AEC4BE54DA83E1 370712 ----a-w- C:\Windows\Sysnative\FNTCACHE.DAT ====== C:\Windows\Sysnative\drivers ===== 2016-04-27 16:57:25 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys 2016-04-27 16:56:58 1239597BAB7EED2BB16D035AF87E65D9 140672 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys 2016-04-27 16:56:57 78BFF5425E044086E74E78650A359FBB 27008 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys 2016-04-27 16:56:57 452ACB7A9914398D9E18CCCFFCF92208 64896 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys 2016-04-13 01:51:17 FB4397DDCC732DB6A7B33B747C7EB708 154344 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2016-04-13 01:51:17 B6C2FA7F5E5BC1A488A57C6344D29D64 95464 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2016-04-13 01:51:17 ACEC16415275E1AD6F7983EF472810E3 159744 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys 2016-04-13 01:51:16 0F276F2F2018296FABC7BD2BCCAAB40B 291328 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys 2016-04-13 01:51:15 A9FB80B0BBA6F765F4E691B7AD4963A7 62464 ----a-w- C:\Windows\Sysnative\drivers\appid.sys 2016-04-13 01:51:15 1D4B7972375052F5B7877A6FD9BE33A0 129536 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys 2016-04-13 01:50:57 616387BBD83372220B09DE95F4E67BBC 73664 ----a-w- C:\Windows\Sysnative\drivers\disk.sys ====== C:\Windows\Tasks ====== 2016-04-27 17:01:59 371A0177DB0CA2060FFE29D40FFDDA24 3116 ----a-w- C:\Windows\Sysnative\Tasks\Simple Malware Protector_startup ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2016-04-26 07:01:36 -------- d-----w- C:\Program Files\Recuva ======= C:\PROGRA~2 ===== 2016-04-27 17:01:20 -------- d-----w- C:\PROGRA~2\Simple Malware Protector ======= C: ===== ====== C:\Users\Kris\AppData\Roaming ====== 2016-04-27 18:47:57 5762536D73BA31CE257BA5C66A01484C 197624 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat 2016-04-27 17:01:31 -------- d-----w- C:\Users\Kris\AppData\Roaming\Simple Star 2016-04-26 20:14:27 F6E4370097F38F7D5B771F665E08A596 90528 ----a-w- C:\Users\Kris\AppData\Local\GDIPFONTCACHEV1.DAT 2016-04-25 14:19:40 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistRepub 2016-04-25 14:19:39 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistPub 2016-04-24 17:55:41 -------- d-----w- C:\Users\Kris\AppData\Roaming\SMPV9 2016-04-24 15:11:21 -------- d-----w- C:\Users\Kris\AppData\Roaming\AVG 2016-04-24 15:08:35 -------- d-----w- C:\Users\Kris\AppData\Roaming\TuneUp Software 2016-04-24 14:57:18 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg 2016-04-24 14:54:33 -------- d-----w- C:\Users\Kris\AppData\Local\AvgSetupLog 2016-04-24 14:54:33 -------- d-----w- C:\Users\Kris\AppData\Local\Avg 2016-04-12 06:45:11 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Kris\AppData\Roaming\15f2375c-55fd-4800-ba03-1d5254210285.storage 2016-04-06 05:27:14 -------- d-----w- C:\Users\NULL\AppData\Local\Hewlett-Packard ====== C:\Users\Kris ====== 2016-04-27 17:01:23 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simple Malware Protector 2016-04-26 20:40:05 FC9E99A1FF6B14749C9DB45A2ECC2E87 5504104 ----a-w- C:\Users\Kris\Downloads\TeamViewerQS_nl-idcupd24ay.exe 2016-04-26 17:15:00 63C481C830F62D824A92527E81D5B20C 147456 ----a-w- C:\Users\Kris\voor alle zekerheid.tmw3 2016-04-26 17:14:59 0B1D2D08D1253F62872E1B86A565D090 25300992 ----a-w- C:\Users\Kris\voor alle zekerheid.tmd3 2016-04-24 17:55:10 -------- d-----w- C:\ProgramData\Simple Star 2016-04-24 14:56:12 -------- d--h--w- C:\ProgramData\Common Files 2016-04-06 05:27:14 -------- d-----w- C:\Users\NULL\AppData ====== C: exe-files == === C: other files == 2016-04-30 12:23:47 640183BE272CE9FEC42486A95AD5DA83 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-1310964170-2799977048-1063552207-1001\$I3BCG62.zip 2016-04-28 10:53:08 D4ECC56EC5D304ECB19F4B772AC883DC 20190 ----a-w- C:\ProgramData\Simple Star\Simple Malware Protector\updates\2644update.zip 2016-04-27 19:11:13 ACC5D094E59759B515BA762E5BD28463 1218912 ----a-w- C:\Users\Kris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W9JKVLI9\CoinVaultDecryptor.zip 2016-04-27 17:02:15 D774EBEB87046ED4C4922B069DA6B6C0 1485 ----a-w- C:\ProgramData\Simple Star\Simple Malware Protector\updates\2641update.zip 2016-04-27 17:02:15 CEFC274DBFE94849B31C9079B0410FD7 507681 ----a-w- C:\ProgramData\Simple Star\Simple Malware Protector\updates\2642update.zip 2016-04-27 17:02:15 5C5DD96B5F1B1EFCC601D214F049B703 1488 ----a-w- C:\ProgramData\Simple Star\Simple Malware Protector\updates\2643update.zip 2016-04-27 17:02:15 33334FEAE3AC0AC8A0EB7216AEF38E0A 61207 ----a-w- C:\ProgramData\Simple Star\Simple Malware Protector\updates\2639update.zip 2016-04-27 17:02:15 1BDD1B6447B5BAF2867D1CBB78B305E8 132981 ----a-w- C:\ProgramData\Simple Star\Simple Malware Protector\updates\2640update.zip 2016-04-27 17:02:13 702401AB34F590ADF0CE5A0FDEB70F65 5061475 ----a-w- C:\ProgramData\Simple Star\Simple Malware Protector\updates\2638mupdate.zip 2016-04-27 17:02:00 F6C9AE08D057B2E2E415DC21E6ADC641 34764852 ----a-w- C:\ProgramData\Simple Star\Simple Malware Protector\updates\2561completedatabase.zip 2016-04-27 16:57:25 78488AF2AB2111D67B3C4044707A519B 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2016-04-27 16:56:58 1239597BAB7EED2BB16D035AF87E65D9 140672 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2016-04-27 16:56:57 78BFF5425E044086E74E78650A359FBB 27008 ----a-w- C:\Windows\System32\drivers\mbam.sys 2016-04-27 16:56:57 452ACB7A9914398D9E18CCCFFCF92208 64896 ----a-w- C:\Windows\System32\drivers\mwac.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-1310964170-2799977048-1063552207-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Timeless Time & Expense"="C:\Program Files (x86)\MAG Softwrx, Inc\Timeless Time and Expense Windows 3.0\TimelessTimeAndExpense.exe" "Spotify Web Helper"="C:\Users\Kris\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "McAfeeUpdaterUI"="C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe /StartedFromRunKey" "AQCStart"="C:\ARKEY\AQCStart.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Timeless Time & Expense"="C:\Program Files (x86)\MAG Softwrx, Inc\Timeless Time and Expense Windows 3.0\TimelessTimeAndExpense.exe" "Spotify Web Helper"="C:\Users\Kris\AppData\Roaming\Spotify\SpotifyWebHelper.exe" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [30/08/2015 02:00] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [30/08/2015 02:00] C:\Windows\tasks\HPCeeScheduleForKris.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [15/07/2011 13:43] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Kris-HP-Kris" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\HPCeeScheduleForKris" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe] "C:\Windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe] "C:\Windows\SysNative\tasks\RMCreator" [C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe] "C:\Windows\SysNative\tasks\Simple Malware Protector_startup" [C:\Program Files (x86)\Simple Malware Protector\SimpleMalwareProtector.exe] "C:\Windows\SysNative\tasks\Sync Algemene Map" ["C:\Program Files\FreeFileSync\FreeFileSync.exe"] "C:\Windows\SysNative\tasks\Sync Uitgevoerde Werken" ["C:\Program Files\FreeFileSync\FreeFileSync.exe"] "C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] "C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Folders in C:\PROGRA~3 0-6 Months Old ====================== 2016-03-01 13:28:51 -------- d-----w- C:\PROGRA~3\Pervasive Software 2016-04-24 14:56:12 -------- d--h--w- C:\PROGRA~3\Common Files 2016-04-24 14:59:20 -------- d-----w- C:\PROGRA~3\MFAData 2016-04-24 17:55:10 -------- d-----w- C:\PROGRA~3\Simple Star 2016-04-27 16:56:57 -------- d-----w- C:\PROGRA~3\Malwarebytes ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{D19CA586-DD6C-4a0a-96F8-14644F340D60}"="C:\Program Files (x86)\Common Files\McAfee\SystemCore" [07/08/2012 10:18] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{5E3EEC5A-EDFF-48A0-A32B-EE89C48E6110}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {5E3EEC5A-EDFF-48A0-A32B-EE89C48E6110} Google Url="http://www.google.be/search?hl=nl&q={searchTerms}&sourceid=ie8&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}" {D944BB61-2E34-4DBF-A683-47E505C587DC} Unknown Url="Not_Found" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} deleted successfully HKEY_USERS\S-1-5-21-1310964170-2799977048-1063552207-1001\Software\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [AQCStart] "C:\ARKEY\AQCStart.exe" O4 - HKCU\..\Run: [Timeless Time & Expense] C:\Program Files (x86)\MAG Softwrx, Inc\Timeless Time and Expense Windows 3.0\TimelessTimeAndExpense.exe O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Kris\AppData\Roaming\Spotify\SpotifyWebHelper.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} (20-20 3D Viewer for IKEA) - http://kitchenplanner.ikea.com/BE/Core/Player/2020PlayerAX_IKEA_Win32.cab O16 - DPF: {761B175E-FFD8-42C0-88A6-ECB24C336DDD} (VersionMgr Class) - https://proximus.anywhereconference.com/plugins/IE/ANWShare.cab?6,5,0,10 O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing) O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CalendarSynchService - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Company - c:\Windows\SysWOW64\flcdlock.exe O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: McAfee Endpoint Encryption Agent - Unknown owner - C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: WD Backup (WDBackup) - Western Digital - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe O23 - Service: WD Drive Manager (WDDriveService) - Western Digital - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe O23 - Service: WD Rules (WDRulesService) - Western Digital - C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe O23 - Service: Wise Boot Assistant (WiseBootAssistant) - WiseCleaner.com - C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Kris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Kris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=528 folders=195 454106505 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Kris\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Kris\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on za 30/04/2016 at 17:51:29,45 ======================