Zoek.exe v5.0.0.0 Updated 06-November-2014 Tool run by Ans on za 08-11-2014 at 0:08:17,98. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Ans\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== System Restore Info ====================== 8-11-2014 0:18:44 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\Program Files\downlOadditkeep deleted successfully C:\PROGRA~2\ALM deleted successfully C:\PROGRA~2\downlOadditkeep deleted successfully C:\Users\Ans\AppData\Local\GGEmpire deleted successfully C:\Users\Ans\AppData\Local\Sparta deleted successfully C:\Users\Ans\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Running Processes ====================== C:\Windows\System32\smss.exe c:\PROGRA~1\AVG\AVG2015\avgrsx.exe C:\Program Files\AVG\AVG2015\avgcsrvx.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\nvvsvc.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Program Files\HitmanPro\hmpsched.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Anvisoft\Cloud System Booster\CSBSvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG2015\avgidsagent.exe C:\Program Files\AVG\AVG2015\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\AVG\AVG2015\avgnsx.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AVG\AVG2015\avgemcx.exe C:\Windows\system32\SearchIndexer.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Program Files\KeyScrambler\KeyScrambler.exe C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVG\AVG2015\avgui.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe C:\Windows\system32\ctfmon.exe C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Ans\Downloads\zoek.exe C:\Windows\system32\conhost.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\AVG\AVG2015\avgcfgex.exe C:\Windows\system32\conhost.exe C:\Program Files\PokerStars.EU\PokerStars.exe C:\Program Files\PokerStars.EU\gameutil2.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k LocalServicePeerNet ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: C:\Users\Ans\AppData\Roaming\Mozilla\Firefox\Profiles\1y8q50n0.default user.js not found ---- Lines astrmndasr removed from prefs.js ---- user_pref("extensions.astrmndasr.AL", 4); user_pref("extensions.astrmndasr.aflt", "ast_secureddownload_14_43_ch"); user_pref("extensions.astrmndasr.appId", "{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}"); user_pref("extensions.astrmndasr.cd", "2XzuyEtN2Y1L1QzutDtDtC0ByByBzy0EtCyC0AyEyE0CtAtAtN0D0Tzu0StCtDtByEtN1L2XzutAtFyDtFtCtFtCtN1L1CzutCyEtBzytDyD1V1 user_pref("extensions.astrmndasr.cr", "1763798590"); user_pref("extensions.astrmndasr.dfltLng", ""); user_pref("extensions.astrmndasr.dfltSrch", true); user_pref("extensions.astrmndasr.dnsErr", true); user_pref("extensions.astrmndasr.excTlbr", false); user_pref("extensions.astrmndasr.hmpg", true); user_pref("extensions.astrmndasr.id", "001B779E16A44C33"); user_pref("extensions.astrmndasr.instlDay", "16364"); user_pref("extensions.astrmndasr.instlRef", "142905_f"); user_pref("extensions.astrmndasr.prdct", "astrmndasr"); user_pref("extensions.astrmndasr.tlbrId", ""); user_pref("extensions.astrmndasr.vrsn", ""); user_pref("extensions.astrmndasr.vrsni", ""); user_pref("extensions.astrmndasr_i.newTab", true); user_pref("extensions.astrmndasr_i.smplGrp", "none"); user_pref("extensions.astrmndasr_i.vrsnTs", "2:20:36"); ---- Lines extensions.9tlI removed from prefs.js ---- user_pref("extensions.9tlI.epoch", "1411046958"); user_pref("extensions.9tlI.url", "http://getjpijs.info/sync2/?q=hfZ9oemRCzaMCyVUojC6qGhTB6lKDzt4ok4rtNtVh7n0rjnEpjw6rjaFrdr4tMFHhd9Fqda4rjCFrHs5rHkMDM ---- Lines extensions.QmH86mz removed from prefs.js ---- user_pref("extensions.QmH86mz.epoch", "1413062764"); user_pref("extensions.QmH86mz.url", "http://veteranted.info/sync2/?q=hfZ9oemVCchEAen0qHC6tMqLDe49CNU0jUEMCMlNhd9FqdwErdgFpjn9qdgMBzqUojw9rjaFrdsFrTk8q ---- Lines extensions.dDEw7Fx removed from prefs.js ---- user_pref("extensions.dDEw7Fx.epoch", "1410550337"); ---- FireFox user.js and prefs.js backups ---- prefs_08-11-2014_0040_.backup ==== Deleting Files \ Folders ====================== C:\Program Files\Enigma Software Group deleted C:\PROGRA~2\448d12b40037873f deleted C:\PROGRA~2\Package Cache deleted C:\Users\Ans\AppData\Local\cache deleted C:\Windows\system32\config\systemprofile\Searches deleted "C:\Windows\Installer\2909814.msi" deleted "C:\Windows\455F074C814E4520B69B5584BD90400C.TMP\WiseCustomCall.dll" deleted "C:\Windows\455F074C814E4520B69B5584BD90400C.TMP\WiseCustomCalla.dll" deleted "C:\Windows\455F074C814E4520B69B5584BD90400C.TMP\WiseCustomCalla17.dll" deleted "C:\Windows\455F074C814E4520B69B5584BD90400C.TMP\WiseCustomCalla18.dll" deleted "C:\Windows\455F074C814E4520B69B5584BD90400C.TMP\WiseCustomCalla18.exe" deleted "C:\Windows\455F074C814E4520B69B5584BD90400C.TMP\WiseCustomCalla19.dll" deleted "C:\Windows\455F074C814E4520B69B5584BD90400C.TMP\WiseCustomCalla2.dll" deleted "C:\Windows\455F074C814E4520B69B5584BD90400C.TMP\WiseCustomCalla20.dll" deleted "C:\Windows\455F074C814E4520B69B5584BD90400C.TMP\WiseCustomCalla22.dll" deleted "C:\Windows\455F074C814E4520B69B5584BD90400C.TMP\WiseCustomCalla22.exe" deleted "C:\Windows\455F074C814E4520B69B5584BD90400C.TMP\WiseData.ini" deleted "C:\Program Files\Anvisoft\Cloud System Booster\CSBSvc.exe" deleted "C:\Program Files\Anvisoft\Cloud System Booster\msvcp100.dll" deleted "C:\Program Files\Anvisoft\Cloud System Booster\msvcr100.dll" not deleted "C:\Program Files\Anvisoft\Cloud System Booster\QtCore4.dll" deleted "C:\Program Files\Anvisoft\Cloud System Booster\QtDeclarative4.dll" deleted "C:\Program Files\Anvisoft\Cloud System Booster\QtGui4.dll" deleted "C:\Program Files\Anvisoft\Cloud System Booster\QtNetwork4.dll" deleted "C:\Program Files\Anvisoft\Cloud System Booster\QtScript4.dll" deleted "C:\Program Files\Anvisoft\Cloud System Booster\QtSql4.dll" deleted "C:\Program Files\Anvisoft\Cloud System Booster\QtXmlPatterns4.dll" deleted "C:\Program Files\Anvisoft\Cloud System Booster\serviceRun.log" not deleted "C:\Program Files\Anvisoft\Cloud System Booster\sqldrivers\qsqlite4.dll" deleted "C:\Windows\455F074C814E4520B69B5584BD90400C.TMP" deleted "C:\Program Files\Anvisoft" not deleted "C:\Program Files\Anvisoft\Cloud System Booster" not deleted "C:\Program Files\Anvisoft\Cloud System Booster\sqldrivers" not deleted ==== System Specs ====================== Windows: Windows 7 Ultimate Edition Service Pack 1 (Build 7601) Memory (RAM): 2047 MB CPU Info: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz CPU Speed: 1322,6 MHz Sound Card: Speakers (High Definition Audio | Digital Audio (HDMI) (High Defi | Digital Audio (S/PDIF) (High De | Display Adapters: NVIDIA GeForce 8600M GS | NVIDIA GeForce 8600M GS | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1280 X 800 - 32 bit Network: Network Present Network Adapters: Intel(R) PRO/Wireless 3945ABG Network Connection | Broadcom NetLink (TM) Gigabit Ethernet CD / DVD Drives: 1x (E: | ) E: HL-DT-STDVDRAM GSA-T20N Ports: COM3 LPT Port NOT Present. Mouse: 16 Button Wheel Mouse Present Hard Disks: C: 203,5GB | D: 29,3GB Hard Disks - Free: C: 66,7GB | D: 28,3GB Manufacturer *: Acer BIOS Info: AT/AT COMPATIBLE | 08/15/07 | ACRSYS - 6040000 Time Zone: W. Europe Standard Time Motherboard *: Acer, Inc. Chapala Country: Nederland Language: NLD ==== System Specs (Software) ====================== Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated) Anti-Virus: AVG AntiVirus 2015 On-access scanning disabled (Outdated) Anti-Spyware: Microsoft Security Essentials disabled (Outdated) Anti-Spyware: Windows Defender disabled (Outdated) Anti-Spyware: AVG AntiVirus 2015 disabled (Outdated) Default Browser: Google Chrome 37.0.2062.102 Internet Explorer Version: 11.0.9600.17358 Mozilla Firefox version: 32.0.3 (x86 nl) Google Chrome version: 37.0.2062.102 Adobe Reader version: 11.0.9.29 Sun Java version: 1.8.0_25 (32-bit) Flash Player version: 15.0.0.152 ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\Ans\AppData\Local\Temp ==== 2014-10-25 21:05:23 E2ED43ADEB040E4BD5459A2E5A29497F 560024 ----a-w- C:\Users\Ans\AppData\Local\Temp\APNSetup.exe ====== Java Cache ===== 2014-10-25 21:06:38 5EF041C1F2402F3ADBD9DA46CF2146EA 5891889 ----a-w- C:\Users\Ans\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\38dbe81d-1de80b58 2014-11-02 20:51:57 5EF041C1F2402F3ADBD9DA46CF2146EA 5891889 ----a-w- C:\Users\Ans\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\38dbe81d-3a116d01 ====== C:\Windows\system32 ===== ====== C:\Windows\system32\drivers ===== 2014-10-15 09:39:08 CD9214A6AE17D188D17C3CF8CB9CC693 184320 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2014-10-15 09:39:07 6C5139E4283249518F7743D7043775B3 31232 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys 2014-10-15 09:38:18 344D1FA0438A967F1A2BAA42C86D6E19 593920 ----a-w- C:\Windows\System32\drivers\PEAuth.sys 2014-10-15 09:38:11 E499E422412EF37576092A52648DB2B4 50176 ----a-w- C:\Windows\System32\drivers\appid.sys 2014-10-10 14:13:58 5A22A7A67BFB67D3223B7A339FC97780 200984 ----a-w- C:\Windows\System32\drivers\avgtdix.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2014-11-07 19:25:31 -------- d-----w- C:\Program Files\trend micro 2014-11-06 20:24:19 -------- d-----w- C:\Program Files\Microsoft Silverlight 2014-11-05 03:01:41 -------- d-----w- C:\Program Files\AVG 2014-11-05 02:38:04 -------- d-----w- C:\Program Files\Anvisoft 2014-10-25 21:05:19 -------- d-----w- C:\Program Files\Common Files\Java 2014-10-23 15:43:28 -------- d-----w- C:\Program Files\HitmanPro 2014-10-20 23:34:34 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard 2014-10-17 00:28:39 -------- d-----w- C:\Program Files\InstantEyedropper ======= C: ===== ====== C:\Users\Ans\AppData\Roaming ====== 2014-11-05 03:11:56 -------- d-----w- C:\Users\Ans\AppData\Roaming\AVG2015 2014-11-05 03:11:26 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Roaming\AVG2015 2014-11-05 03:10:47 -------- d-----w- C:\Users\Ans\AppData\Roaming\TuneUp Software 2014-11-05 03:01:44 -------- d-----w- C:\Windows\system32\config\systemprofile\AppData\Local\Avg2015 2014-11-05 02:55:39 -------- d-----w- C:\Users\Ans\AppData\Local\Avg2015 2014-10-23 15:45:05 -------- d-----w- C:\Users\Ans\AppData\Local\ElevatedDiagnostics 2014-10-21 00:56:26 -------- d-s---w- C:\Users\TEMP\AppData\Roaming\Microsoft 2014-10-21 00:56:26 -------- d-----w- C:\Users\TEMP\AppData\Roaming\Media Center Programs 2014-10-21 00:56:26 -------- d-----w- C:\Users\TEMP\AppData\Local\Temp 2014-10-21 00:56:26 -------- d-----w- C:\Users\TEMP\AppData\Local\Microsoft 2014-10-21 00:56:26 -------- d-----r- C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-10-21 00:56:26 -------- d-----r- C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-21 00:21:01 -------- d-----w- C:\Users\Ans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoodGameEmpire 2014-10-21 00:21:01 -------- d-----w- C:\Users\Ans\AppData\Roaming\GoodGameEmpire 2014-10-19 19:34:16 5979E06FBDD5E69333BA4B338ED40702 33 ----a-w- C:\Users\Ans\AppData\Roaming\AdobeWLCMCache.dat ====== C:\Users\Ans ====== 2014-11-07 19:25:05 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Ans\Downloads\RSIT.exe 2014-11-07 18:53:36 12EFD5FA51597F188E5DB50BE20EE597 1375089 ----a-w- C:\Users\Ans\Downloads\AdwCleaner.exe 2014-11-06 20:24:26 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-11-06 20:22:35 729CDAB7188F18358F6610BEC517EF04 6958304 ----a-w- C:\Users\Ans\Downloads\Silverlight.exe 2014-11-05 03:10:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-11-05 03:02:22 -------- d-----w- C:\ProgramData\AVG2015 2014-11-05 02:55:40 -------- d--h--w- C:\ProgramData\Common Files 2014-11-05 02:38:08 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft 2014-11-05 02:35:52 8F4E5824E4A45B6F73F5676E99D3008E 16513448 ----a-w- C:\Users\Ans\Downloads\csbsetup.exe 2014-10-25 21:02:03 3A582BF6FD39DC6A52AAF316126B40BA 638888 ----a-w- C:\Users\Ans\Downloads\chromeinstall-8u25.exe 2014-10-21 00:56:26 -------- d--h--w- C:\Users\TEMP\AppData 2014-10-21 00:56:26 -------- d-----w- C:\Users\TEMP\Saved Games 2014-10-21 00:56:26 -------- d-----r- C:\Users\TEMP\Videos 2014-10-21 00:56:26 -------- d-----r- C:\Users\TEMP\Pictures 2014-10-21 00:56:26 -------- d-----r- C:\Users\TEMP\Music 2014-10-21 00:56:26 -------- d-----r- C:\Users\TEMP\Links 2014-10-21 00:56:26 -------- d-----r- C:\Users\TEMP\Favorites 2014-10-21 00:56:26 -------- d-----r- C:\Users\TEMP\Downloads 2014-10-21 00:56:26 -------- d-----r- C:\Users\TEMP\Documents 2014-10-21 00:56:26 -------- d-----r- C:\Users\TEMP\Desktop 2014-10-21 00:41:09 -------- d-----w- C:\ProgramData\HitmanPro 2014-10-21 00:40:41 -------- d-----w- C:\ProgramData\Hitman Pro ====== C: exe-files == 2014-11-05 02:05:20 8B61CC43CCF8546057B0C9565AD3C027 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-491756727-1097897781-2830869460-1001\$IK0VF1V.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-491756727-1097897781-2830869460-1001\Software\Microsoft\Windows\CurrentVersion\Run] "GoogleChromeAutoLaunch_F4B37DA373D4D8750A59BA83EBF95F0D"="C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window" "CloudSystemBooster"="C:\Program Files\Anvisoft\Cloud System Booster\CloudSystemBooster.exe /hide /autorun" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "KeyScrambler"="C:\Program Files\KeyScrambler\keyscrambler.exe /a" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime" "Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch" "AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "Adobe Creative Cloud"="C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true" "SwitchBoard"="C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" "AdobeCS6ServiceManager"="C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "AVG_UI"="C:\Program Files\AVG\AVG2015\avgui.exe /TRAYONLY" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "GoogleChromeAutoLaunch_F4B37DA373D4D8750A59BA83EBF95F0D"="C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window" "CloudSystemBooster"="C:\Program Files\Anvisoft\Cloud System Booster\CloudSystemBooster.exe /hide /autorun" ==== Startup Folders ====================== 2014-08-01 20:10:13 1193 ----a-w- C:\Users\Ans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [23-09-2014 20:04] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [17-07-2014 01:45] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [17-07-2014 01:45] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\AdobeAAMUpdater-1.0-Ans-PC-Ans" [C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Ans\AppData\Roaming\Mozilla\Firefox\Profiles\1y8q50n0.default - ColorZilla - %ProfilePath%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} - Firebug - %ProfilePath%\extensions\firebug@software.joehewitt.com.xpi AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Ans\AppData\Roaming\Mozilla\Firefox\Profiles\1y8q50n0.default E7006BB5611298DBDD03FE3519C19AC2 - C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U25 238F239EAEFF7E3E782913D599084E18 - C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.250.18 EC34DA8DB1BEB238C31DA80BBA7CD1C9 - C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll - AdobeAAMDetect 64C4ADE063A9C93D3BAE09922AD90C27 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat 446BCAE59E26321802E000FC3E0C390A - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash 5596E40701BE8A4AEC399F57DBCE289E - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.5 87FCE1D38F135B923EEC502825B5C7F6 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.5 5A2AF08FEF626D3825AA7923B0A9DFF5 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.5 B033D1486EAD65BE7857114DFAFD8429 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.5 DA632EC5CCC16F0B0FAC9BB21C10B2C3 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.5 FB5621842FDABF9F8359775573498FBC - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll - Google Update B5371D2C9017EEE216B5361D600B3543 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector 9CD7CD8FD07718851DD8081CDF8CA3E7 - C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll - AdobeExManDetect 528C34F569285E55CCB56A4A83E05352 - C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll - AdobeAAMDetect ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions aaaaaiabcopkplhgaedhbloeejhhankf - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx[] Google Docs - Ans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Ans\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Ans\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Last updated at time on date - Ans\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Google Search - Ans\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Wallet - Ans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Ans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Startpages ====================== C:\Users\Ans\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "http://www.search.ask.com/?gct=hp", "startup_urls": [ "https://www.google.nl/" ], ==== Chromium Fix ====================== C:\Users\Ans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully C:\Users\Ans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully C:\Users\Ans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_huizen.trovit.nl_0.localstorage deleted successfully C:\Users\Ans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_huizen.trovit.nl_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D2A425F405350054677A7A857BC02100 deleted successfully HKEY_LOCAL_MACHINE\Software\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5350-4500-76A7-A758B70C1200} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D2A425F405350054677A7A857BC02100 deleted successfully ==== HijackThis Entries ====================== O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [KeyScrambler] C:\Program Files\KeyScrambler\keyscrambler.exe /a O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2015\avgui.exe" /TRAYONLY O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_F4B37DA373D4D8750A59BA83EBF95F0D] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window O4 - HKCU\..\Run: [CloudSystemBooster] "C:\Program Files\Anvisoft\Cloud System Booster\CloudSystemBooster.exe" /hide /autorun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user') O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Anvi Cloud System Booster Speed Service (AnviCsbSvc) - Unknown owner - C:\Program Files\Anvisoft\Cloud System Booster\CSBSvc.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe ==== Empty IE Cache ====================== C:\Users\Ans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Ans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Ans\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Ans\AppData\Local\Mozilla\Firefox\Profiles\1y8q50n0.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Ans\AppData\Local\Google\Chrome\User Data\Default\Cache will be emptied at reboot ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=389 folders=73 69395791 bytes) ==== Empty Temp Folders ====================== C:\Users\Ans\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\TEMP\AppData\Local\Temp emptied successfully C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Ans\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied