Zoek.exe v5.0.0.0 Updated 28-08-2014 Tool run by OpenWindows on vr 29-08-2014 at 20:33:47,79. Microsoft Windows 7 Enterprise 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\OpenWindows\Downloads\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2014-08-28-165459.log 61139 bytes ==== Empty Folders Check ====================== C:\PROGRA~2\Oracle deleted successfully C:\PROGRA~2\Validity deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B0A27B68-5C4A-724D-8A15-B2FBCD3B2732} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Program Files\IDT\WDM\STacSV.exe C:\Windows\system32\Hpservice.exe C:\Windows\system32\vcsFPService.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\IDT\WDM\aestsrv.exe C:\Program Files\LSI SoftModem\agrsmsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\BlueStacks\HD-LogRotatorService.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\system32\taskhost.exe C:\Program Files\Malwarebytes Anti-Malware\mbam.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\TeamViewer\Version8\TeamViewer.exe C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\BlueStacks\HD-Agent.exe C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Users\OpenWindows\AppData\Roaming\Spotify\spotify.exe C:\Users\OpenWindows\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files\SMART Technologies\Education Software\Aware.exe C:\Program Files\Microsoft Office 15\root\office15\lync.exe C:\Users\OpenWindows\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\TeamViewer\Version8\tv_w32.exe C:\Program Files\SMART Technologies\Education Software\Marker.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Users\OpenWindows\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\OpenWindows\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\OpenWindows\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\OpenWindows\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Users\OpenWindows\AppData\Roaming\Spotify\Data\SpotifyHelper.exe C:\Windows\system32\DllHost.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Windows\system32\wuauclt.exe C:\Users\OpenWindows\Downloads\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet ==== Deleting Services ====================== ==== System Specs ====================== Windows: Windows 7 Enterprise Edition Service Pack 1 (Build 7601) Memory (RAM): 3015 MB CPU Info: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz CPU Speed: 2491,1 MHz Sound Card: Luidsprekers / HP (2- IDT High | Communicatie koptelefoons (2- I | Display Adapters: Intel(R) HD Graphics Family | Intel(R) HD Graphics Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Algemeen PnP-beeldscherm | Screen Resolution: 1366 X 768 - 32 bit Network: Network Present Network Adapters: Intel(R) Centrino(R) Advanced-N 6205 #2 | Intel(R) 82579V Gigabit Network Connection CD / DVD Drives: 1x (D: | ) D: hp DVDRAM GT50N Ports: COM1 LPT1 Mouse: 5 Button Wheel Mouse Present Hard Disks: C: 189,7GB | E: 102,9GB | F: 5,2GB Hard Disks - Free: C: 131,2GB | E: 102,8GB | F: 2,3GB Manufacturer *: Hewlett-Packard BIOS Info: AT/AT COMPATIBLE | 09/14/11 | HPQOEM - f Time Zone: West-Europa (standaardtijd) Motherboard *: Hewlett-Packard 1619 Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: Microsoft Security Essentials disabled (Outdated) Default Browser: Google Chrome 36.0.1985.143 Internet Explorer Version: 11.0.9600.17239 Google Chrome version: 36.0.1985.143 Adobe Reader version: 10.1.9.22 Sun Java version: 1.7.0_67 (32-bit) Flash Player version: 14.0.0.145 Shockwave Player version: 11.6.3r633 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\OPENWI~1\AppData\Local\Temp ==== 2014-08-29 18:29:54 2CB9E77DBE264277AA11E296DCD204A9 43008 ----a-w- C:\Users\OpenWindows\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpum573z.dll ====== Java Cache ===== 2014-08-29 18:32:47 E8C80BF60938EE72EE77AB866EA40E2B 282048 ----a-w- C:\Users\OpenWindows\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\7e60542d-717673c2 2014-08-29 18:32:44 0B23B3044AE9E02DCE26DB4D5E007252 848 ----a-w- C:\Users\OpenWindows\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\31b19ba-135cb73f 2014-08-29 18:32:45 0B23B3044AE9E02DCE26DB4D5E007252 848 ----a-w- C:\Users\OpenWindows\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2bbaaf87-528ec39d 2014-08-29 18:32:46 629E131D3D6A9907672E2C33F572F382 445 ----a-w- C:\Users\OpenWindows\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2bbaaf87-e2e4c8970372d2fb4193a7ef29d16f6c3f08527947fcb9208b3a0e48820369fd-6.0.lap 2014-08-28 23:09:21 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\OpenWindows\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-7641cf79 ====== C:\Windows\system32 ===== 2014-08-29 18:31:52 07EF2978A5BC36720378F95566697FD8 272808 ----a-w- C:\Windows\System32\javaws.exe 2014-08-29 18:31:36 49E203776C2ACB289385168A9058EE9E 96680 ----a-w- C:\Windows\System32\WindowsAccessBridge.dll 2014-08-29 18:31:36 3BDEB17FE6390BFF1BF3A2D964DE8E48 175528 ----a-w- C:\Windows\System32\javaw.exe 2014-08-29 18:31:36 11FD45A41DF45298686ED39062AABE2A 175528 ----a-w- C:\Windows\System32\java.exe 2014-08-24 20:23:23 459E257F8915D44B23ACB46211FD45D0 45536 ----a-w- C:\Windows\System32\wups2.dll 2014-08-24 20:23:23 072678E0D68E9C3A7960328671134C7B 54240 ----a-w- C:\Windows\System32\wuauclt.exe 2014-08-24 20:23:22 EC6E2DB67695966DF22CF5EBEFC1D305 2425856 ----a-w- C:\Windows\System32\wucltux.dll 2014-08-24 20:23:22 D9B0134913E5EF007AF82A418C503322 1973728 ----a-w- C:\Windows\System32\wuaueng.dll 2014-08-24 20:23:11 867148EBF47E7E7E7B21C07B4A981929 581600 ----a-w- C:\Windows\System32\wuapi.dll 2014-08-24 20:23:11 372218B80DEF827063049EBEE76B7501 92672 ----a-w- C:\Windows\System32\wudriver.dll 2014-08-24 20:23:11 255F0417EC31C71585824269522EC8E9 36320 ----a-w- C:\Windows\System32\wups.dll 2014-08-24 20:23:05 5AA2CAD923E9E647276A61387E83DDD0 179656 ----a-w- C:\Windows\System32\wuwebv.dll 2014-08-24 20:23:04 F419D738BD2AE58D9DF2F9FEB5F43842 33792 ----a-w- C:\Windows\System32\wuapp.exe 2014-08-19 07:35:47 AF6655214DEBB2C8446DE843A02AAEBA 99480 ----a-w- C:\Windows\System32\infocardapi.dll 2014-08-19 07:35:43 370FC4421ADE62FC89AC93B345570388 8856 ----a-w- C:\Windows\System32\icardres.dll 2014-08-19 07:35:33 8D466B36076BCD7997838C0DDB69764C 619672 ----a-w- C:\Windows\System32\icardagt.exe 2014-08-19 07:35:27 28A8B99DE70F376B18709E6B07D6A352 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe ====== C:\Windows\system32\drivers ===== 2014-08-25 09:13:13 12E71DA845D76665B56753AD149E32B3 110296 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-08-25 09:12:53 BD27D97297934FD4217A37FD28A7ABC7 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-08-25 09:12:53 8683C1B450F4B3872839308D836E0F92 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-08-25 09:12:53 1AA835E8A0B8EDF3D676B4ED4BF5EF07 74456 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-08-14 20:36:39 3583A5A8CC2E682BFFBD4630D0FEC08B 730048 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2014-08-14 20:36:39 0EC652D17AB4607745FB4E6958E8FAB6 219072 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys ====== C:\Windows\Tasks ====== 2014-08-19 19:20:26 B9080348400ED35C8DA20821EE5F9E5A 5098 ----a-w- C:\Windows\system32\Tasks\Microsoft Office 15 Sync Maintenance for OpenWindows-PC-OpenWindows OpenWindows-PC ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-08-29 18:32:07 -------- d-----w- C:\Program Files\Common Files\Java 2014-08-27 17:41:38 -------- d-----w- C:\Program Files\trend micro ======= C: ===== ====== C:\Users\OpenWindows\AppData\Roaming ====== 2014-08-29 18:33:01 -------- d-----w- C:\Users\OpenWindows\AppData\Roaming\Oracle 2014-08-28 16:50:11 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp 2014-08-28 16:50:11 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp 2014-08-28 16:50:11 -------- d-----w- C:\Users\extra\AppData\Local\Temp 2014-08-28 16:50:11 -------- d-----w- C:\Users\Default\AppData\Local\Temp 2014-08-28 16:50:11 -------- d-----w- C:\Users\Default User\AppData\Local\Temp 2014-08-28 16:50:10 -------- d-----w- C:\Users\OpenWindows\AppData\Local\Temp 2014-08-19 19:16:25 -------- d-----w- C:\Users\OpenWindows\AppData\Local\Torch 2014-08-19 19:16:25 -------- d-----w- C:\Users\OpenWindows\AppData\Local\Chromatic Browser 2014-08-19 19:16:25 -------- d-----w- C:\Users\HomeGroupUser$\AppData\Local\Torch 2014-08-19 19:16:25 -------- d-----w- C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser 2014-08-19 19:16:25 -------- d-----w- C:\Users\Gast\AppData\Local\Torch 2014-08-19 19:16:25 -------- d-----w- C:\Users\Gast\AppData\Local\Chromatic Browser 2014-08-19 19:16:25 -------- d-----w- C:\Users\extra\AppData\Local\Torch 2014-08-19 19:16:25 -------- d-----w- C:\Users\extra\AppData\Local\Chromatic Browser 2014-08-19 19:16:25 -------- d-----w- C:\Users\Administrator\AppData\Local\Torch 2014-08-19 19:16:25 -------- d-----w- C:\Users\Administrator\AppData\Local\Chromatic Browser 2014-08-19 19:16:24 -------- d-----w- C:\Users\OpenWindows\AppData\Local\Comodo 2014-08-19 19:16:24 -------- d-----w- C:\Users\HomeGroupUser$\AppData\Local\Google 2014-08-19 19:16:24 -------- d-----w- C:\Users\HomeGroupUser$\AppData\Local\Comodo 2014-08-19 19:16:24 -------- d-----w- C:\Users\Gast\AppData\Local\Google 2014-08-19 19:16:24 -------- d-----w- C:\Users\Gast\AppData\Local\Comodo 2014-08-19 19:16:24 -------- d-----w- C:\Users\extra\AppData\Local\Google 2014-08-19 19:16:24 -------- d-----w- C:\Users\extra\AppData\Local\Comodo 2014-08-19 19:16:24 -------- d-----w- C:\Users\Administrator\AppData\Local\Comodo 2014-08-19 19:16:23 -------- d-----w- C:\Users\Administrator\AppData\Local\Google ====== C:\Users\OpenWindows ====== 2014-08-29 18:31:36 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-08-29 18:19:05 068014C9EACAD27DD8BC8CAF6BDECB06 918440 ----a-w- C:\Users\OpenWindows\Documents\JavaSetup7u67.com 2014-08-27 17:40:51 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\OpenWindows\Downloads\RSIT.exe 2014-08-25 09:11:46 E90BF9E1562F40140161573B79CD5720 17292760 ----a-w- C:\Users\OpenWindows\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-19 19:16:27 6471C52810B8A50B8C7897FBE5F0E2D1 398 --sha-r- C:\ProgramData\ntuser.pol 2014-08-19 19:16:24 -------- d-----w- C:\Users\HomeGroupUser$\AppData 2014-08-19 19:16:24 -------- d-----w- C:\Users\Gast\AppData 2014-08-19 19:16:23 -------- d-----w- C:\Users\Administrator\AppData ====== C: exe-files == 2014-08-29 18:31:52 07EF2978A5BC36720378F95566697FD8 272808 ----a-w- C:\Windows\System32\javaws.exe 2014-08-29 18:31:36 3BDEB17FE6390BFF1BF3A2D964DE8E48 175528 ----a-w- C:\Windows\System32\javaw.exe 2014-08-29 18:31:36 11FD45A41DF45298686ED39062AABE2A 175528 ----a-w- C:\Windows\System32\java.exe 2014-08-29 18:31:26 A6B7A388547C4CDF4D8F2AF55D79AC85 145832 ----a-w- C:\Program Files\Java\jre7\bin\unpack200.exe 2014-08-29 18:31:26 8B986C008892DB58928BC72483ADF7B9 16808 ----a-w- C:\Program Files\Java\jre7\bin\tnameserv.exe 2014-08-29 18:31:24 F67D9621616CB31217A497FEDE4913F5 16296 ----a-w- C:\Program Files\Java\jre7\bin\pack200.exe 2014-08-29 18:31:24 EC4C47AADE6606AFCDEAB28E29654ECE 75688 ----a-w- C:\Program Files\Java\jre7\bin\jp2launcher.exe 2014-08-29 18:31:24 CEEFA72555A8FAD52C29BA17AE3E6DEF 16296 ----a-w- C:\Program Files\Java\jre7\bin\servertool.exe 2014-08-29 18:31:24 C3F55C9B02A22EC0B345E20AE9AE9B71 16296 ----a-w- C:\Program Files\Java\jre7\bin\klist.exe 2014-08-29 18:31:24 BF918C9473D64BBD53C22C47045883F5 182696 ----a-w- C:\Program Files\Java\jre7\bin\jqs.exe 2014-08-29 18:31:24 A788E5ED0454307CBCFB95CC33E5F717 16808 ----a-w- C:\Program Files\Java\jre7\bin\orbd.exe 2014-08-29 18:31:24 7ED5C21F9F29B5278FFF39718C667235 16296 ----a-w- C:\Program Files\Java\jre7\bin\ktab.exe 2014-08-29 18:31:24 7DC9A0127F850997B4CFD9923C680D7D 16296 ----a-w- C:\Program Files\Java\jre7\bin\keytool.exe 2014-08-29 18:31:24 7BDCC29DDFBB355761A018A74D4A1E8C 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmiregistry.exe 2014-08-29 18:31:24 7A17013ABD895DFBD61A5AF9996D0E5E 50088 ----a-w- C:\Program Files\Java\jre7\bin\ssvagent.exe 2014-08-29 18:31:24 48442596BFEB26E56898A0E4D2596A95 16296 ----a-w- C:\Program Files\Java\jre7\bin\policytool.exe 2014-08-29 18:31:24 34CEC403ED594B55D55DED61A3A53DAF 16296 ----a-w- C:\Program Files\Java\jre7\bin\rmid.exe 2014-08-29 18:31:24 0371CFD6228F89B5B9E20F67807987FE 16296 ----a-w- C:\Program Files\Java\jre7\bin\kinit.exe 2014-08-29 18:31:23 F69D8BDC202973592D710BC913D01919 48040 ----a-w- C:\Program Files\Java\jre7\bin\jabswitch.exe 2014-08-29 18:31:23 C8883F91C31CAC40890AC8B668E05F61 16296 ----a-w- C:\Program Files\Java\jre7\bin\java-rmi.exe 2014-08-29 18:31:23 8B657BA869AE7D3C6A29792C986E0DD5 68008 ----a-w- C:\Program Files\Java\jre7\bin\javacpl.exe 2014-08-29 18:31:23 3BDEB17FE6390BFF1BF3A2D964DE8E48 175528 ----a-w- C:\Program Files\Java\jre7\bin\javaw.exe 2014-08-29 18:31:23 11FD45A41DF45298686ED39062AABE2A 175528 ----a-w- C:\Program Files\Java\jre7\bin\java.exe 2014-08-29 18:31:23 07EF2978A5BC36720378F95566697FD8 272808 ----a-w- C:\Program Files\Java\jre7\bin\javaws.exe 2014-08-29 06:53:29 F3FB31D65AB7A568755E567F6C96F72D 842448 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DW20.EXE 2014-08-29 06:53:29 57D6258A397472FB775A4EBCC34AD804 550584 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\MSOSQM.EXE 2014-08-29 06:53:28 5D033FD42AEEDF2694295B267F28538F 280232 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\msoia.exe 2014-08-29 06:53:25 998CE2CE1292CC58AF786DB842BD4561 705184 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\DCF\SPREADSHEETCOMPARE.EXE 2014-08-29 06:53:21 AE41EF6C152BE960EAF8C92223BEAA06 79592 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE 2014-08-29 06:53:20 D5C775DBE5AD42530F48CB0A270A9B45 49848 ----a-w- C:\Program Files\Microsoft Office 15\root\flattener\Flattener.exe 2014-08-29 06:53:18 E8E3518A752004AF04B9BE7BCB1B8420 207008 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\MSOXMLED.EXE 2014-08-29 06:53:17 8539AA0CF39764B796959634EB2BE858 5532368 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CMigrate.exe 2014-08-29 06:53:16 94C2D7135ED56A82D7A421B505838FC6 9597104 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\PDFREFLOW.EXE 2014-08-29 06:53:14 F0D7F46D13D296BFB0D1B30F9D757037 873640 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\protocolhandler.exe 2014-08-29 06:53:14 72ECCF99AC76B470A1FB523F06295415 474336 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\DWTRIG20.EXE 2014-08-29 06:53:12 1A46825F604C22732FC882D06A70D473 150704 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\FLTLDR.EXE 2014-08-29 06:52:56 4F88B937C9C562C5F957A3495815B0CE 1076432 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe 2014-08-29 06:52:50 DE04FC6E222DDC51D04AD6BB4592954A 228536 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\CLVIEW.EXE 2014-08-29 06:52:50 6BB54F315CB980DE281DB7D4F392D297 497848 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\MSOUC.EXE 2014-08-29 06:52:49 FCA3E61A4AE185EC00213D8CA55AA666 4522680 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\GRAPH.EXE 2014-08-29 06:52:49 EEE48A7B4C43AFF0E7C54F1E0EE311C2 569584 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\ORGCHART.EXE 2014-08-29 06:52:49 E9281B71BB74C4D3CCF12B8FB140446B 480976 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\SELFCERT.EXE 2014-08-29 06:52:49 8D4AEC178A5C121D42AF14A59772577E 449208 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE 2014-08-29 06:52:49 85C3F3CAE9739F8930016A589916CCDA 21930144 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\excelcnv.exe 2014-08-29 06:52:49 762CCDB877509BDAA29C38A5B9080311 517352 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\IEContentService.exe 2014-08-29 06:52:49 4C3B97A5E937EA214096F4DF33D34FE3 700064 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\MSQRY32.EXE 2014-08-29 06:52:48 C5937DC7EFFEA569E7CD26A63DF547CF 6484128 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\lynchtmlconv.exe 2014-08-29 06:52:48 A13A19674B2149DB2016F1118CF6E075 1296072 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\OcPubMgr.exe 2014-08-29 06:52:48 4E010F20D5290F092ECAD7ECEA450DC9 33440 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\AppSharingHookController.exe 2014-08-29 06:52:47 44641D87A2705EA03D27E01A9D179723 665240 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\UcMapi.exe 2014-08-29 06:52:47 020A73C52D446814998572D467DCADD9 528584 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\VPREVIEW.EXE 2014-08-29 06:52:09 878841B7459A8DA3FDBB303A01B09690 590536 ----a-w- C:\Program Files\Microsoft Office 15\root\Integration\Integrator.exe 2014-08-29 06:51:40 D6BD7FE03B1EC8187953B14AD5B146C6 18999456 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\lync.exe 2014-08-29 06:51:40 898843E6DEEF149613CBB217E85E6243 1783968 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\INFOPATH.EXE 2014-08-29 06:51:39 F558D932D4550A96DDDA8C7A9890CF51 8596664 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE 2014-08-29 06:51:38 6098179B617AA2D39DDB699C47F4329F 18944160 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE 2014-08-29 06:51:36 92701E8B8026521C4554200D031E23EB 1746080 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\ONENOTE.EXE 2014-08-29 06:51:35 0C674EDA843458CC76046AC82E293BDF 15518368 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\MSACCESS.EXE 2014-08-29 06:51:29 CA7EB396E5D8618855A87C1E51072E7B 1923224 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE 2014-08-29 06:51:26 AD45B49D72FB602DE4BF12B91ABA7ED8 25698968 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE 2014-08-29 06:51:26 3616FB46CEEC8FA32AC7DE8890FCA6F8 10749088 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\MSPUB.EXE 2014-08-29 06:51:21 8FE47065C6F470D6C85D5F3C2F7B0853 991904 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\FIRSTRUN.EXE 2014-08-28 23:09:25 47AE73AC905ECF3F23E1840C3E127E28 1080472 ----a-w- C:\Program Files\Microsoft Office 15\ClientX86\appvcleaner.exe 2014-08-27 17:41:39 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\OpenWindows.exe 2014-08-27 17:40:51 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\OpenWindows\Downloads\RSIT.exe 2014-08-25 09:11:46 E90BF9E1562F40140161573B79CD5720 17292760 ----a-w- C:\Users\OpenWindows\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-24 20:23:23 072678E0D68E9C3A7960328671134C7B 54240 ----a-w- C:\Windows\System32\wuauclt.exe 2014-08-24 20:23:04 F419D738BD2AE58D9DF2F9FEB5F43842 33792 ----a-w- C:\Windows\System32\wuapp.exe === C: other files == 2014-08-29 18:31:26 F3EABF8A2AF5C0D8BAE022EE6C17FD91 18650 ----a-w- C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip 2014-08-29 18:19:05 068014C9EACAD27DD8BC8CAF6BDECB06 918440 ----a-w- C:\Users\OpenWindows\Documents\JavaSetup7u67.com 2014-08-29 18:15:16 068014C9EACAD27DD8BC8CAF6BDECB06 918440 ----a-w- C:\Users\OpenWindows\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XYXIG4YF\JavaSetup7u67.com 2014-08-25 09:13:13 12E71DA845D76665B56753AD149E32B3 110296 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-08-25 09:12:53 BD27D97297934FD4217A37FD28A7ABC7 51928 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-08-25 09:12:53 8683C1B450F4B3872839308D836E0F92 23256 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-08-25 09:12:53 1AA835E8A0B8EDF3D676B4ED4BF5EF07 74456 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-509793778-43246264-1051348300-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Unified Remote v2"="C:\Program Files\Unified Remote\RemoteServer.exe" "iCloudServices"="C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe" "ApplePhotoStreams"="C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" "OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" "Spotify"="C:\Users\OpenWindows\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart" "Spotify Web Helper"="C:\Users\OpenWindows\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "Lync"="C:\Program Files\Microsoft Office 15\root\office15\lync.exe /fromrunkey" "GoogleChromeAutoLaunch_FEB39095124CC424563DDD4941CB0C2E"="C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Broadcom Wireless Manager UI"="C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe" "QLBController"="C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe /start" "IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "SMART Board Service"="C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe" "SMART Board Tools"="C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe" "HPQuickWebProxy"="C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "BlueStacks Agent"="C:\Program Files\BlueStacks\HD-Agent.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " "SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Unified Remote v2"="C:\Program Files\Unified Remote\RemoteServer.exe" "iCloudServices"="C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe" "ApplePhotoStreams"="C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" "OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" "Spotify"="C:\Users\OpenWindows\AppData\Roaming\Spotify\Spotify.exe /uri spotify:autostart" "Spotify Web Helper"="C:\Users\OpenWindows\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" "Lync"="C:\Program Files\Microsoft Office 15\root\office15\lync.exe /fromrunkey" "GoogleChromeAutoLaunch_FEB39095124CC424563DDD4941CB0C2E"="C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window" ==== Startup Folders ====================== 2013-01-31 14:10:57 1061 ----a-w- C:\Users\OpenWindows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2014-05-12 09:11:16 1154 ----a-w- C:\Users\OpenWindows\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\Apple Diagnostics" [C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Chrome Look ====================== Angry Birds - OpenWindows\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj Google Docs - OpenWindows\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - OpenWindows\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - OpenWindows\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - OpenWindows\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Cut the Rope - OpenWindows\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbadlndcminbkfojhlimnkgaackjmdo Google Wallet - OpenWindows\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - OpenWindows\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" ==== HijackThis Entries ====================== O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll O2 - BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\Education Software\Win32\NotebookPlugin.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe O4 - HKLM\..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe /start O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [SMART Board Service] "C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe" O4 - HKLM\..\Run: [SMART Board Tools] "C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe" O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files\BlueStacks\HD-Agent.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Unified Remote v2] C:\Program Files\Unified Remote\RemoteServer.exe O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKCU\..\Run: [Spotify] "C:\Users\OpenWindows\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\OpenWindows\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [Lync] "C:\Program Files\Microsoft Office 15\root\office15\lync.exe" /fromrunkey O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_FEB39095124CC424563DDD4941CB0C2E] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Dropbox.lnk = OpenWindows\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Startup: Verzenden naar OneNote.lnk = C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Service.exe O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-LogRotatorService.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: Google Update-service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Broadcom Corporation - C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE ==== Empty IE Cache ====================== C:\Users\extra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\OpenWindows\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\OpenWindows\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\OpenWindows\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=277 folders=108 9053284 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\extra\AppData\Local\Temp emptied successfully C:\Users\OpenWindows\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\OPENWI~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on vr 29-08-2014 at 20:50:24,79 ======================