Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Felicia on do 07-01-2016 at 17:31:01,00. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Rotteveel\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 7-1-2016 17:35:31 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Eusing Cleaner deleted successfully C:\PROGRA~2\Origin Games deleted successfully C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully C:\PROGRA~3\PCSettings deleted successfully C:\Users\Rotteveel\AppData\Roaming\Nico Mak Computing deleted successfully C:\Users\Rotteveel\AppData\Roaming\Opera Software deleted successfully C:\Users\Rotteveel\AppData\Roaming\Solvusoft deleted successfully C:\Users\Rotteveel\AppData\Local\CrashDumps deleted successfully C:\Users\Rotteveel\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Rotteveel\AppData\Local\EmieSiteList deleted successfully C:\Users\Rotteveel\AppData\Local\EmieUserList deleted successfully C:\Users\Rotteveel\AppData\Local\Opera Software deleted successfully C:\Users\Rotteveel\AppData\Local\Skype deleted successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\CrashDumps deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== Adobe Acrobat Reader DC - Nederlands Adobe AIR Adobe Refresh Manager Alcor Micro USB Card Reader Andy OS Auslogics DiskDefrag AuthenTec Fingerprint Driver BlueStacks App Player CCleaner Chromium Classic Shell D3DX10 De Sims 3T Film Accessoires De SimsT 3 De SimsT 3 70s, 80s en 90s Accessoires De SimsT 3 Ambities De SimsT 3 Beestenbende De SimsT 3 Bovennatuurlijk De SimsT 3 Buitenleven Accessoires De SimsT 3 Buurtleven Accessoires De SimsT 3 Diesel Accessoires De SimsT 3 Exotisch Eiland De SimsT 3 Jaargetijden De SimsT 3 Katy Perry Pakt uit De SimsT 3 Levensweg De SimsT 3 Luxe Accessoires De SimsT 3 Na Middernacht De SimsT 3 Showtime De SimsT 3 Slaap- en badkamer Accessoires De SimsT 3 Studententijd De SimsT 3 Supersnelle Accessoires De SimsT 3 Vooruit in de tijd De SimsT 3 Wereldavonturen Dependency Package Update Google Chrome Google Update Helper Intel(R) Control Center Intel(R) Management Engine Components Intel(R) Update Manager Intel© Trusted Connect Service Client Java 8 Update 65 Java Auto Updater Junk Mail filter update Lenovo Auto Scroll Utility Lenovo Dependency Package Lenovo Patch Utility Lenovo Patch Utility 64 bit Lenovo Power Management Driver Lenovo QuickControl Lenovo Solutions for Small Business Lenovo Solutions for Small Business Customizations Lenovo System Update Lenovo User Guide Lenovo Warranty Information Malwarebytes Anti-Malware versie 2.2.0.1024 Metric Collection SDK Microsoft Application Error Reporting Microsoft ASP.NET MVC 4 Runtime Microsoft Office Microsoft OneDrive Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 Microsoft WSE 3.0 Runtime Movie Maker MSVCRT MSVCRT_amd64 MSVCRT110 MSVCRT110_amd64 NVIDIA-configuratiescherm 359.06 NVIDIA GeForce Experience 2.7.4.10 NVIDIA GeForce Experience Service NVIDIA Grafisch stuurprogramma 359.06 NVIDIA Install Application NVIDIA LED Visualizer 1.0 NVIDIA Network Service NVIDIA Optimus Update 2.7.4.10 NVIDIA PhysX Systeem Software 9.15.0428 NVIDIA ShadowPlay 2.7.4.10 NVIDIA Update 2.7.4.10 NVIDIA Update Core NVIDIA Virtual Audio 1.2.31 On Screen Display OpenOffice 4.1.2 Origin Pakiet sterownik¢w systemu Windows - Lenovo 1.67.03.13 (08/27/2013 1.67.03.13) Photo Common Photo Gallery PhotoFiltre PhotoFiltre 7 Popcorn Time Realtek Ethernet Controller Driver Revo Uninstaller 1.95 SHIELD Streaming SHIELD Wireless Controller Driver SkypeT 7.17 Sophos Virus Removal Tool Speccy Synaptics Pointing Device Driver System Requirements Lab Detection TeamViewer 10 ThinkPad Hotkey Features Integration Setup Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 5.20 (64-bit) WinZip 19.0 ==== Running Processes ====================== C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe C:\Program Files (x86)\Popcorn Time\Updater.exe C:\Program Files (x86)\BlueStacks\HD-Service.exe C:\Program Files (x86)\BlueStacks\HD-Network.exe C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\BlueStacksGameManager\BlueStacks.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\BlueStacks\HD-Agent.exe C:\Program Files (x86)\BlueStacks\HD-Frontend.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Rotteveel\Downloads\zoek.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==== Deleting Services ====================== ==== Batch Command(s) Run By Tool====================== Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Eusing Cleaner not found C:\PROGRA~2\Origin Games not found C:\Users\Rotteveel\AppData\Roaming\XamarinAndroidPlayer deleted C:\Users\Rotteveel\.android deleted C:\Users\Public\Pokki deleted C:\Prefs.js deleted C:\install.exe deleted C:\Users\Rotteveel\AppData\Roaming\GoldenGate deleted C:\PROGRA~3\Package Cache deleted C:\Users\Default\AppData\Local\Pokki deleted C:\Users\Rotteveel\AppData\Local\node-webkit deleted C:\Windows\sysWoW64\config\systemprofile\AppData\Local\LavasoftTcpService deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\Rotteveel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url deleted C:\Windows\SysNative\roboot64.exe deleted C:\Windows\wininit.ini deleted C:\Windows\SysNative\config\systemprofile\Searches deleted "C:\Users\Rotteveel\AppData\Local\si" deleted ==== System Specs ====================== Windows: Windows Version 6.2 (Build 9200) Memory (RAM): 8085 MB CPU Info: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz CPU Speed: 2597,0 MHz Sound Card: Luidsprekers (High Definition A | Display Adapters: Intel(R) HD Graphics Family | Intel(R) HD Graphics Family | Intel(R) HD Graphics Family Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: Bluetooth-apparaat (Personal Area Network) | Microsoft Wi-Fi Direct Virtual Adapter | Realtek PCIe GBE Family Controller | Qualcomm Atheros AR956x Wireless Network Adapter CD / DVD Drives: 2x (D: | E: | ) D: HL-DT-STDVDRAM GUC0N | E: Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 911,2GB Hard Disks - Free: C: 723,0GB Manufacturer *: LENOVO BIOS Info: AT/AT COMPATIBLE | | LENOVO - 1 Time Zone: Centraal-Europa (standaardtijd) Motherboard *: LENOVO Lenovo G70-70 Country: Nederland Language: NLD ==== System Specs (Software) ====================== AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} Internet Explorer Version: 11.0.9600.18125 Google Chrome version: 47.0.2526.106 Adobe Reader version: 15.9.20077.160923 Sun Java version: 1.8.0_65 (32-bit) Sun Java version: 1.8.0_65 (64-bit) ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\ROTTEV~1\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== ====== C:\Windows\Sysnative\drivers ===== 2016-01-05 01:29:53 8C17F3795DAE9A0ECDE4B3A3B0740E5F 79064 ----a-w- C:\Windows\Sysnative\drivers\adwpyodb.sys 2015-12-12 22:45:29 B2E1A2E7911DF19A2A41156F16982ECC 11131184 ----a-w- C:\Windows\Sysnative\drivers\nvlddmkm.sys 2015-12-09 13:57:03 A7D51169CA28B0AA9B5DE2B7EFB5C3C9 145408 ----a-w- C:\Windows\Sysnative\drivers\rmcast.sys 2015-12-09 13:54:10 FC974B03C8B87455F44F734C8F31A3C8 37376 -c--a-w- C:\Windows\Sysnative\drivers\usbuhci.sys 2015-12-09 13:54:10 D25F0093A71FFB355160358DD70B0373 443224 -c--a-w- C:\Windows\Sysnative\drivers\usbport.sys 2015-12-09 13:54:10 CD81683F4553677B9BF5163A922153EB 462168 -c--a-w- C:\Windows\Sysnative\drivers\usbhub.sys 2015-12-09 13:54:10 BBFD17B6B954FC9FA02E62D604052069 92504 -c--a-w- C:\Windows\Sysnative\drivers\usbehci.sys 2015-12-09 13:54:10 A0F0484C97D6441ED6A75D7426ECCC9E 30208 -c--a-w- C:\Windows\Sysnative\drivers\usbohci.sys 2015-12-09 13:54:10 9A2B3A98D7982372CA36A823F673EFB8 27992 -c--a-w- C:\Windows\Sysnative\drivers\usbd.sys 2015-12-09 13:54:10 5C90D5379B53590FBB24BBAD4FA682EE 468824 -c--a-w- C:\Windows\Sysnative\drivers\USBHUB3.SYS ====== C:\Windows\Tasks ====== 2016-01-04 11:41:23 FDAAF1BEA736DB99EF77BF7C31235035 3260 ----a-w- C:\Windows\Sysnative\Tasks\Opera N Sunday 2016-01-04 11:41:21 1B35935717C59390F1B469089CDDC3D8 3260 ----a-w- C:\Windows\Sysnative\Tasks\Opera N Saturday 2015-12-23 01:56:54 6D3C5488C4AB75A5C1D30277316DE8AB 3102 ----a-w- C:\Windows\Sysnative\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2038612255-1388990000-560677430-1001 ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2016-01-07 00:48:53 -------- d-----w- C:\Program Files\trend micro 2015-12-23 01:59:03 -------- d-----w- C:\Program Files\Windows Live 2015-12-23 01:38:56 -------- d-----w- C:\Program Files\Lightworks ======= C:\PROGRA~2 ===== 2016-01-04 11:39:28 -------- d-----w- C:\PROGRA~2\Opera 2015-12-28 10:53:16 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype 2015-12-23 02:00:14 -------- d-----w- C:\PROGRA~2\Microsoft SQL Server Compact Edition 2015-12-23 01:58:45 -------- d-----w- C:\PROGRA~2\Windows Live 2015-12-23 01:55:08 -------- d-----w- C:\PROGRA~2\COMMON~1\Windows Live 2015-12-22 20:33:10 -------- d-----w- C:\PROGRA~2\BlueStacks ======= C: ===== ====== C:\Users\Rotteveel\AppData\Roaming ====== 2016-01-04 11:07:43 -------- d-----w- C:\Users\Rotteveel\AppData\Local\Genymobile 2015-12-23 01:56:18 -------- d-----w- C:\Users\Rotteveel\AppData\Local\Windows Live 2015-12-22 20:37:22 -------- d-----w- C:\Users\Rotteveel\AppData\Roaming\Mozilla 2015-12-22 20:24:44 -------- d-----w- C:\Users\Rotteveel\AppData\Local\Bluestacks ====== C:\Users\Rotteveel ====== 2016-01-07 00:47:40 8045ABB21A3BDD66A48E1ED5C0F0EF6A 1222144 ----a-w- C:\Users\Rotteveel\Downloads\RSITx64.exe 2016-01-07 00:40:41 C8F33B42E71E993EBED5F5D7A0368F6E 1749504 ----a-w- C:\Users\Rotteveel\Downloads\adwcleaner_5.028.exe 2016-01-04 22:54:48 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2016-01-04 12:57:17 -------- d-----w- C:\Users\Rotteveel\.VirtualBox 2015-12-28 10:53:21 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-12-23 02:00:35 -------- d-----r- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2015-12-23 01:56:54 -------- d-----r- C:\Users\Rotteveel\OneDrive 2015-12-23 01:56:43 -------- d-----w- C:\ProgramData\Microsoft OneDrive 2015-12-23 01:41:32 -------- d-----w- C:\Users\Rotteveel\.MCTranscodingSDK 2015-12-23 01:40:57 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks 2015-12-23 01:40:35 -------- d-----w- C:\ProgramData\Geevs 2015-12-23 01:40:17 -------- d-----w- C:\Users\Public\Documents\Lightworks 2015-12-22 20:36:45 -------- d-----w- C:\ProgramData\BlueStacksGameManager 2015-12-22 20:33:10 -------- d-----w- C:\ProgramData\BlueStacks ====== C: exe-files == 2016-01-07 00:49:01 C524EC0E1ABE995E60DEDB3DEA830BF8 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2038612255-1388990000-560677430-1001\$IXK12JR.exe 2016-01-07 00:48:53 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Felicia.exe 2016-01-04 11:03:10 55E2CD0B04BB20320FBA7977FA72BCBE 150403904 ----a-w- C:\$Recycle.Bin\S-1-5-21-2038612255-1388990000-560677430-1001\$RXK12JR.exe === C: other files == 2016-01-06 15:16:51 596A894B2FE82A7CC95E1A3C7683C978 531 ----a-w- C:\ProgramData\BlueStacks\UserData\TileData\000013\Launcher.vbs 2016-01-06 02:43:30 776EF74E18382D1C07A053EB0DB6A227 7899150 ----a-w- C:\Users\Rotteveel\Downloads\1168515.zip 2016-01-05 01:29:53 8C17F3795DAE9A0ECDE4B3A3B0740E5F 79064 ----a-w- C:\Windows\System32\drivers\adwpyodb.sys 2016-01-04 23:13:56 596A894B2FE82A7CC95E1A3C7683C978 531 ----a-w- C:\ProgramData\BlueStacks\UserData\TileData\000012\Launcher.vbs 2016-01-04 14:03:53 596A894B2FE82A7CC95E1A3C7683C978 531 ----a-w- C:\ProgramData\BlueStacks\UserData\TileData\000011\Launcher.vbs 2016-01-04 12:41:22 207B2F71186EA2BA4CC0344866A27168 546 ----a-w- C:\ProgramData\BlueStacks\UserData\TileData\000010\Launcher.vbs 2016-01-04 12:41:06 BFE773D9E21E08F1CCFD26081947AB0E 524 ----a-w- C:\ProgramData\BlueStacks\UserData\TileData\000009\Launcher.vbs ==== Orphaned Tasks deleted from Registry ====================== Lenovo\StartLenovoMessenger deleted Opera N deleted ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-2038612255-1388990000-560677430-1001\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "GoogleChromeAutoLaunch_3913EB01BF159354E0EB034B2595134E"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AmIcoSinglun64"="C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" "IMSS"="C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE -startup" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "BlueStacks Agent"="C:\Program Files (x86)\BlueStacks\HD-Agent.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "MEDIA"="C:\Users\Rotteveel\AppData\Local\Temp\in71125248\085F01E9_stp.EXE" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "GoogleChromeAutoLaunch_3913EB01BF159354E0EB034B2595134E"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LenovoOptMouseUpdate"="C:\Program Files\Lenovo\HOTKEY\extapsup.exe" "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "Classic Start Menu"="C:\Program Files\Classic Shell\ClassicStartMenu.exe -autorun" "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\BstHdAndroidSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\BstHdLogRotatorSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\BstHdUpdaterSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\cphs] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\GfExperienceService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IBMPMSVC] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Intel(R) Capability Licensing Service Interface] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Intel(R) Capability Licensing Service TCP IP Interface] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Intel(R) ME Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\intelsba] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\jhi_service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Lenovo System Agent Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Lenovo.VIRTSCRLSVC] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LMS] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MBAMService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NvNetworkService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NvStreamSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\nvsvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Origin Client Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\QuickControlMasterSvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\QuickControlService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SUService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TeamViewer] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TPHKLOAD] ==== Task Scheduler Jobs ====================== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [02-06-2015 12:26] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [02-06-2015 12:26] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\SysNative\tasks\AVFramework-TaskStartUserServer32-1S" ["C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe"] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Opera N Saturday" [C:\Program Files (x86)\Opera\launcher.exe] "C:\Windows\SysNative\tasks\Opera N Sunday" [C:\Program Files (x86)\Opera\launcher.exe] "C:\Windows\SysNative\tasks\Synaptics TouchPad Enhancements" ["C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{918859EA-8BA2-4CDC-BF1A-FBCF276F93F9}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\SysNative\tasks\Intel(R) Small Business Advantage\Start SBA" [net] "C:\Windows\SysNative\tasks\Lenovo\Dependency Package Auto Update" [C:\Program Files\Lenovo\iMController\AutoUpdate.exe] "C:\Windows\SysNative\tasks\Lenovo\Lenovo Customer Feedback Program" ["%ProgramFiles%\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe"] "C:\Windows\SysNative\tasks\Lenovo\Lenovo Customer Feedback Program 64" ["%ProgramFiles(x86)%\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe"] "C:\Windows\SysNative\tasks\TVT\TVSUUpdateTask" ["C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe"] ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 Norton Identity Safe - Rotteveel\AppData\Local\Chromium\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif Norton Security Toolbar - Rotteveel\AppData\Local\Chromium\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk Google Wallet - Rotteveel\AppData\Local\Chromium\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Google Drive - Rotteveel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Rotteveel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - Rotteveel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf AdBlock - Rotteveel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Pin It Button - Rotteveel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic TweetDeck by Twitter - Rotteveel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl Hello Melody NI - Rotteveel\AppData\Local\Google\Chrome\User Data\Default\Extensions\naingjackpbfaahcplilfjphfmoajppb Chrome Web Store Payments - Rotteveel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Rotteveel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Search Page"="http://www.bing.com/search?q={searchTerms}" "Search Bar"="http://www.bing.com/search?q={searchTerms}" "SearchAssistant"="http://www.bing.com/search?q={searchTerms}" "Use Search Asst"="yes" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://www.bing.com/search?q={searchTerms}" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "Default"="http://www.bing.com/search?q={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://www.bing.com/search?q={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://www.bing.com/search?q={searchTerms}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Use Search Asst"="no" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{65153595-6451-42D8-871A-293833DF2BB2}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-fd9a26fb&q={searchTerms} HKLM\SearchScopes\{fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} - No_Url_Value HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\ielnksrch - http://www.bing.com/search?q={searchTerms} HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value HKLM\Wow6432Node\SearchScopes\{65153595-6451-42D8-871A-293833DF2BB2} - http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LNJB HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms} HKCU\SearchScopes\{ielnksrch} - http://www.bing.com/search?q={searchTerms} ==== Reset Google Chrome ====================== C:\Users\Rotteveel\AppData\Local\Chromium\User Data\Default\Preferences was reset successfully C:\Users\Rotteveel\AppData\Local\Chromium\User Data\Default\Secure Preferences was reset successfully C:\Users\Rotteveel\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Rotteveel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Rotteveel\AppData\Local\Chromium\User Data\Default\Web Data was reset successfully C:\Users\Rotteveel\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Rotteveel\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll O4 - HKLM\..\Run: [AmIcoSinglun64] "C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_3913EB01BF159354E0EB034B2595134E] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.webcompanion.com O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Update service - Popcorn Time - C:\Program Files (x86)\Popcorn Time\Updater.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Rotteveel\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Rotteveel\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Rotteveel\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Rotteveel\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Rotteveel\AppData\Local\Chromium\User Data\Default\Cache emptied successfully C:\Users\Rotteveel\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=5648 folders=141 472223254 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Rotteveel\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\ROTTEV~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found ==== EOF on do 07-01-2016 at 18:18:15,28 ======================