Zoek.exe v5.0.0.0 Updated 19-09-2015 Tool run by User on za 19/09/2015 at 19:21:22,43. Microsoft Windows 8.1 6.3.9600 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\User\Desktop\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2015-08-24-143513.log 71882 bytes C:\zoek-results2015-08-25-065057.log 36655 bytes C:\zoek-results2015-09-16-120955.log 38260 bytes C:\zoek-results2015-09-18-181149.log 44797 bytes ==== Folders Found ====================== 2015-08-25 07:24:12 2015-08-25 07:24:12 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\ExtTag 2015-08-25 07:24:12 2015-08-25 07:24:12 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\ExtTags 2015-08-23 15:49:39 2015-08-23 15:49:39 -------- dc----w- C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_ExtTag.exe_73d7b545cec651cdfab62d1af0651ef6262a24b_570cccfa_03a01e2c 2015-08-25 07:03:46 2015-08-25 07:03:46 -------- dc----w- C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_ExtTag.exe_73d7b545cec651cdfab62d1af0651ef6262a24b_570cccfa_03ac4e35 2015-08-24 14:47:50 2015-08-24 14:47:50 -------- dc----w- C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_ExtTag.exe_73d7b545cec651cdfab62d1af0651ef6262a24b_570cccfa_03b41ce4 2015-08-17 18:11:09 2015-08-17 18:11:09 -------- dc----w- C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_ExtTag.exe_cff93feccbc3abb6f1fcdf4cc1a636c31443205a_570cccfa_0397017d 2015-08-23 15:49:39 2015-08-23 15:49:39 -------- dc----w- C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_ExtTag.exe_cff93feccbc3abb6f1fcdf4cc1a636c31443205a_570cccfa_03a01ef7 2015-08-22 15:58:27 2015-08-22 15:58:27 -------- dc----w- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ExtTag.exe_73d7b545cec651cdfab62d1af0651ef6262a24b_570cccfa_cab_1727a349 2015-08-24 14:12:20 2015-08-24 14:12:20 -------- dc----w- C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_ExtTag.exe_cff93feccbc3abb6f1fcdf4cc1a636c31443205a_570cccfa_cab_10916349 2015-08-23 15:49:39 2015-08-23 15:49:39 -------- dc----w- C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_ExtTag.exe_73d7b545cec651cdfab62d1af0651ef6262a24b_570cccfa_03a01e2c 2015-08-25 07:03:46 2015-08-25 07:03:46 -------- dc----w- C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_ExtTag.exe_73d7b545cec651cdfab62d1af0651ef6262a24b_570cccfa_03ac4e35 2015-08-24 14:47:50 2015-08-24 14:47:50 -------- dc----w- C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_ExtTag.exe_73d7b545cec651cdfab62d1af0651ef6262a24b_570cccfa_03b41ce4 2015-08-17 18:11:09 2015-08-17 18:11:09 -------- dc----w- C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_ExtTag.exe_cff93feccbc3abb6f1fcdf4cc1a636c31443205a_570cccfa_0397017d 2015-08-23 15:49:39 2015-08-23 15:49:39 -------- dc----w- C:\Users\All Users\Microsoft\Windows\WER\ReportArchive\AppCrash_ExtTag.exe_cff93feccbc3abb6f1fcdf4cc1a636c31443205a_570cccfa_03a01ef7 2015-08-22 15:58:27 2015-08-22 15:58:27 -------- dc----w- C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_ExtTag.exe_73d7b545cec651cdfab62d1af0651ef6262a24b_570cccfa_cab_1727a349 2015-08-24 14:12:20 2015-08-24 14:12:20 -------- dc----w- C:\Users\All Users\Microsoft\Windows\WER\ReportQueue\AppCrash_ExtTag.exe_cff93feccbc3abb6f1fcdf4cc1a636c31443205a_570cccfa_cab_10916349 2015-07-22 17:01:01 2015-07-22 17:01:02 -------- d-----w- C:\Program Files\McAfee Security Scan 2014-12-05 19:03:56 2014-12-05 19:03:56 -------- d-----w- C:\ProgramData\McAfee 2014-12-05 19:03:56 2015-07-22 17:01:01 -------- d-----w- C:\ProgramData\McAfee Security Scan 2015-07-22 17:01:03 2015-07-22 17:01:04 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2014-12-05 19:03:56 2014-12-05 19:03:56 -------- d-----w- C:\Users\All Users\McAfee 2014-12-05 19:03:56 2015-07-22 17:01:01 -------- d-----w- C:\Users\All Users\McAfee Security Scan 2015-07-22 17:01:03 2015-07-22 17:01:04 -------- d-----w- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 1601-01-01 00:00:00 1601-01-01 00:00:00 -------- d-----w- C:\Windows\System32\config\systemprofile\AppData\Roaming\McAfee 2015-08-24 14:28:50 2015-08-24 14:28:50 -------- d---a-w- C:\zoek_backup\C_PROGRA~2_globalUpdate 2015-08-24 14:28:55 2015-08-24 14:28:55 -------- d---a-w- C:\zoek_backup\C_Users_User_AppData_Local_globalUpdate ==== Files Found ====================== --- C:\AdwCleaner\Quarantine\C\ProgramData\ExtTag\ExtTag.exe.config.vir --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File type: ----a-w- File size: 267 Created time: 2015-07-09 13:34:18 Modified time: 2015-07-09 13:34:18 MD5: BB9039522F1150215BE90A40C64CA7B8 SHA1: A62CD175DB9B5BF47ED73735488D2418D49E71F6 --- C:\AdwCleaner\Quarantine\C\ProgramData\ExtTag\ExtTag.exe.vir --- Company: File Description: AgentMainService File Version: 1.0.0.0 Product Name: AgentMainService Copyright: Copyright © 2015 Original Filename: AgentMainService.exe File type: ----a-w- File size: 36864 Created time: 2015-07-16 11:17:06 Modified time: 2015-07-16 11:17:06 MD5: FDE289355FD5F993AF3253FB85F6E8DD SHA1: B984CD139025B6EEC44E9598BAC98AD4DC857C1B --- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashDumps\ExtTag.exe.1620.dmp --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File type: ----a-w- File size: 12388002 Created time: 2015-08-23 15:33:16 Modified time: 2015-08-23 15:33:16 MD5: 51C3663F77020103EAC186349F629C16 SHA1: 51C0893AC2915D579A17A253DE449DBF52E5984F --- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ExtTag.exe.log --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File type: ----a-w- File size: 2633 Created time: 2015-08-11 16:15:16 Modified time: 2015-08-25 06:50:09 MD5: F46EA9235F062F28FBD273C5EA5462E8 SHA1: FF8B722FC992C8DA45AD5D8FD9004EF0A743A1BB --- C:\Program Files\McAfee Security Scan\3.11.149\McAfee.ico --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File type: ----a-w- File size: 25214 Created time: 2014-10-27 22:55:04 Modified time: 2014-10-27 22:55:04 MD5: D8AFC23629E8FC7AB3B9506D9D88A9E3 SHA1: 055A466A244EDC84F739F15FAFB48F7ED131FDDC --- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\McAfee Security Scan Plus.lnk --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File type: ----a-w- File size: 1968 Created time: 2015-07-22 17:01:03 Modified time: 2015-07-22 17:01:03 MD5: C443FAC1D91D9E439A03258732E78D5F SHA1: 19D1D981232B496B8C5C13C99B73D0DC5DF385A2 --- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\McAfee Security Scan Plus.lnk --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File type: ----a-w- File size: 1968 Created time: 2015-07-22 17:01:03 Modified time: 2015-07-22 17:01:03 MD5: C443FAC1D91D9E439A03258732E78D5F SHA1: 19D1D981232B496B8C5C13C99B73D0DC5DF385A2 --- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File type: ----a-w- File size: 1950 Created time: 2014-12-05 19:03:56 Modified time: 2015-07-22 17:01:03 MD5: 95C302E91C8298A39FB1C6DEADAA7D6A SHA1: 033C4479FDEFA82EEE610631C4173AA5FCB3D631 --- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Startup_McAfee Security Scan Plus.lnk.vir --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File type: ----a-w- File size: 1950 Created time: 2015-08-24 14:29:11 Modified time: 2015-07-22 17:01:04 MD5: 3B9BEB0A28C546A3AD1E099D49D7F1E2 SHA1: 534E919E30F1792DFEED6F9863ABBB03E67CF534 --- C:\zoek_backup\C_PROGRA~2_globalUpdate\Update\1.3.25.0\globalupdate.exe --- Company: globalUpdate File Description: globalUpdate Update File Version: 1.3.25.0 Product Name: globalUpdate Update Copyright: Copyright 2007-2010 globalupdate Original Filename: globalupdate.exe File type: ----a-w- File size: 68608 Created time: 2015-08-24 14:28:50 Modified time: 2015-07-23 15:58:19 MD5: 3C14AAE26EA06BADAC98520773772CEB SHA1: DD4605E26B48B7C231DBEBA5E8FAA91F33D21B2B --- C:\zoek_backup\C_PROGRA~2_globalUpdate\Update\1.3.25.0\globalupdateBroker.exe --- Company: globalUpdate File Description: globalUpdate Update File Version: 1.3.25.0 Product Name: globalUpdate Update Copyright: Copyright 2014 Original Filename: goopdate.dll File type: ----a-w- File size: 46080 Created time: 2015-08-24 14:28:50 Modified time: 2015-07-23 15:58:19 MD5: 6419BCBF0B2569AACF4023942EADFCB8 SHA1: 08976B0143D7A77694D2B3014053542C42F4774E --- C:\zoek_backup\C_PROGRA~2_globalUpdate\Update\1.3.25.0\globalupdateCrashHandler.exe --- Company: globalUpdate File Description: globalUpdate Update File Version: 1.3.25.0 Product Name: globalUpdate Update Copyright: Copyright 2007-2010 globalupdate Original Filename: globalupdate.exe File type: ----a-w- File size: 68608 Created time: 2015-08-24 14:28:50 Modified time: 2015-07-23 15:58:19 MD5: 3C14AAE26EA06BADAC98520773772CEB SHA1: DD4605E26B48B7C231DBEBA5E8FAA91F33D21B2B --- C:\zoek_backup\C_PROGRA~2_globalUpdate\Update\1.3.25.0\globalupdateHelper.msi --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File type: ----a-w- File size: 32768 Created time: 2015-08-24 14:28:50 Modified time: 2015-07-23 15:58:19 MD5: F3E0BCAC0A50EA3B7571407A7DA325C7 SHA1: 55F7C7E58F733C45AEA93384466D685BF67816BE --- C:\zoek_backup\C_PROGRA~2_globalUpdate\Update\1.3.25.0\globalupdateOnDemand.exe --- Company: globalUpdate File Description: globalUpdate Update File Version: 1.3.25.0 Product Name: globalUpdate Update Copyright: Copyright 2014 Original Filename: goopdate.dll File type: ----a-w- File size: 46080 Created time: 2015-08-24 14:28:50 Modified time: 2015-07-23 15:58:19 MD5: 8DF6560ADF608ECDCE5CAF299062A135 SHA1: FE3BD67B77BB38A3110091D17DE69012FAAD4FA6 --- C:\zoek_backup\C_PROGRA~2_globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll --- Company: globalUpdate File Description: globalUpdate Update File Version: 1.3.25.0 Product Name: globalUpdate Update Copyright: Copyright 2014 Original Filename: npglobalupdateUpdate4.dll File type: ----a-w- File size: 220672 Created time: 2015-08-24 14:28:50 Modified time: 2015-07-23 15:58:19 MD5: 11D5F1271739DD416DF5FDB058C351FA SHA1: 5C0FD3193392351AFA28F7831A56A095C7293E23 ==== Registry Search Results for "ExtTag" ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ExtTag_RASAPI32] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ExtTag_RASMANCS] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ExtTag] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ExtTag] "ApName"="ExtTag" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ExtTag] "Params"="Distributer=APSFRec ApName=ExtTag ChannelId=888 Drp=true DeviceId=53692121-d765-713f-7eae-2034d12cfd3d BarcodeId=50045888" [HKEY_LOCAL_MACHINE\SOFTWARE\mtExtTag] [HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\ExtTag.exe] [HKEY_USERS\S-1-5-21-12827342-197674329-4274748872-1001\Environment] "SNF"="C:\\ProgramData\\ExtTags\\snp.sc" [HKEY_USERS\S-1-5-18\Software\Microsoft\.NETFramework\SQM\Apps\ExtTag.exe] ==== Registry Search Results for "MCAFEE" ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\mcafeeupdater] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66F54008-1EE3-43A7-95FD-C0D821EE1EFF}\1.0\0\win32] @="C:\\Program Files\\McAfee Security Scan\\3.11.149\\McCHSvc.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{66F54008-1EE3-43A7-95FD-C0D821EE1EFF}\1.0\HELPDIR] @="C:\\Program Files\\McAfee Security Scan\\3.11.149" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{66F54008-1EE3-43A7-95FD-C0D821EE1EFF}\1.0\0\win32] @="C:\\Program Files\\McAfee Security Scan\\3.11.149\\McCHSvc.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{66F54008-1EE3-43A7-95FD-C0D821EE1EFF}\1.0\HELPDIR] @="C:\\Program Files\\McAfee Security Scan\\3.11.149" [HKEY_USERS\S-1-5-21-12827342-197674329-4274748872-1001\Software\MCAFEE] [HKEY_USERS\S-1-5-21-12827342-197674329-4274748872-1001\Software\MCAFEE\MSC] [HKEY_USERS\S-1-5-21-12827342-197674329-4274748872-1001\Software\MCAFEE\MSC\SETTINGS] [HKEY_USERS\S-1-5-21-12827342-197674329-4274748872-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\\Program Files\\McAfee Security Scan\\3.11.149\\McUICnt.exe"=hex:53,41,43,\ [HKEY_USERS\S-1-5-21-12827342-197674329-4274748872-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\\Program Files\\McAfee Security Scan\\3.11.149\\McUICnt.exe.FriendlyAppName"="McAfee" [HKEY_USERS\S-1-5-21-12827342-197674329-4274748872-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\\Program Files\\McAfee Security Scan\\3.11.149\\McUICnt.exe.ApplicationCompany"="McAfee, Inc." [HKEY_USERS\S-1-5-21-12827342-197674329-4274748872-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\\Program Files\\McAfee Security Scan\\3.11.149\\McUICnt.exe.FriendlyAppName"="McAfee" [HKEY_USERS\S-1-5-21-12827342-197674329-4274748872-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\\Program Files\\McAfee Security Scan\\3.11.149\\McUICnt.exe.ApplicationCompany"="McAfee, Inc." ==== Registry Search Results for "globalupdate" ====================== No instances of string "globalupdate" found. ==== C:\zoek_backup content ====================== C:\zoek_backup (files=2012 folders=308 155649533 bytes) ==== EOF on za 19/09/2015 at 19:22:57,09 ======================