Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Elize on zo 14-08-2016 at 18:07:26,24. Microsoft Windows 10 Home 10.0.10586 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Elize\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 14-8-2016 18:07:47 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\Origin Games deleted successfully C:\PROGRA~2\Panda Security deleted successfully C:\PROGRA~2\COMMON~1\McAfee deleted successfully C:\Program Files\Common Files\McAfee deleted successfully C:\PROGRA~3\1ce6085d-3363-1 deleted successfully C:\PROGRA~3\1ce6085d-7fe7-0 deleted successfully C:\PROGRA~3\50f4afc4-10a3-0 deleted successfully C:\PROGRA~3\50f4afc4-7b45-0 deleted successfully C:\PROGRA~3\ac27e0e2 deleted successfully C:\PROGRA~3\Comms deleted successfully C:\PROGRA~3\SoftwareDistribution deleted successfully C:\PROGRA~3\{07c8e162-512c-0} deleted successfully C:\PROGRA~3\{0c498e17-512c-1} deleted successfully C:\Users\Elize\AppData\Local\ActiveSync deleted successfully C:\Users\Elize\AppData\Local\NetworkTiles deleted successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-161117978-2925262177-180644262-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-161117978-2925262177-180644262-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-161117978-2925262177-180644262-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WtuSystemSupport deleted successfully ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "vProt"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] ==== Deleting Files \ Folders ====================== C:\ProgramData\Essentware deleted C:\ProgramData\AVG Web TuneUp deleted "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe" deleted "C:\Program Files (x86)\AVG Web TuneUp" deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ==== ====== C:\Users\Elize\AppData\Local\Temp ==== ====== Java Cache ===== ====== C:\WINDOWS\SysWOW64 ===== ====== C:\WINDOWS\SysWOW64\drivers ===== ====== C:\WINDOWS\Sysnative ===== ====== C:\WINDOWS\Sysnative\drivers ===== 2016-07-20 06:46:16 B6F34BE914F7CF7D8B7203AB6241AC8B 313088 ----a-w- C:\WINDOWS\Sysnative\drivers\avgwfpa.sys 2016-07-19 10:27:12 A1E22774E01EDB88EC9620EF017B3ABE 261888 ----a-w- C:\WINDOWS\Sysnative\drivers\avgmfx64.sys ====== C:\WINDOWS\Tasks ====== ====== C:\WINDOWS\Temp ====== ======= C:\Program Files ===== 2016-08-12 21:15:17 -------- d-----w- C:\Program Files\Reimage ======= C:\PROGRA~2 ===== 2016-08-13 10:15:39 -------- d-----w- C:\PROGRA~2\trend micro 2016-08-13 10:12:44 -------- d-----w- C:\PROGRA~2\Mozilla Maintenance Service 2016-08-04 21:07:22 -------- d-----w- C:\PROGRA~2\Google ======= C: ===== ====== C:\Users\Elize\AppData\Roaming ====== 2016-08-12 21:41:02 -------- d-----w- C:\Users\Elize\AppData\Local\Essentware 2016-08-12 21:29:13 -------- d-----w- C:\Users\Elize\AppData\Local\CEF 2016-08-04 21:07:20 -------- d-----w- C:\Users\Elize\AppData\Local\Google ====== C:\Users\Elize ====== 2016-08-13 10:35:20 DAAB3BCC6FA56354DECC22F4B9104F7F 339991 ----a-w- C:\Users\Elize\Desktop\RSIT-1.06.exe 2016-08-13 10:34:49 DAAB3BCC6FA56354DECC22F4B9104F7F 339991 ----a-w- C:\Users\Elize\Downloads\RSIT-1.06(1).exe 2016-08-13 10:15:13 DAAB3BCC6FA56354DECC22F4B9104F7F 339991 ----a-w- C:\Users\Elize\Downloads\RSIT-1.06.exe 2016-08-13 10:11:00 85314BD9E56C05372CB2CFA5BF7CAF1C 242216 ----a-w- C:\Users\Elize\Downloads\Firefox Setup Stub 48.0.exe 2016-08-12 21:51:52 -------- d-----w- C:\ProgramData\panda_url_filtering 2016-08-12 21:48:35 71CF4B286F3D39327298DF3B66C8904C 2342176 ----a-w- C:\Users\Elize\Downloads\PANDAFREEAV.exe 2016-08-12 21:38:33 350D904C80D7B735967995520FF80294 1430744 ----a-w- C:\Users\Elize\Downloads\PCKeeper Installer.exe 2016-08-12 21:26:45 E94B33328F987FD7A6E73624A19B72E7 6253640 ----a-w- C:\Users\Elize\Downloads\avast_free_antivirus_setup_online.exe 2016-08-12 21:15:20 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair 2016-08-12 20:44:02 F06FB41BFD2EF13A49447E4492C76CC7 603824 ----a-w- C:\Users\Elize\Downloads\ReimageRepair.exe 2016-08-04 21:07:13 C162162A47D610D2D2D9DB21E984B40C 987728 ----a-w- C:\Users\Elize\Downloads\ChromeSetup.exe ====== C: exe-files == 2016-08-13 10:45:38 03C893380DAF90499F15339580C2FC03 257192 ----a-w- C:\Windows\Temp\DPTF\esif_assist_64.exe 2016-08-13 10:35:20 DAAB3BCC6FA56354DECC22F4B9104F7F 339991 ----a-w- C:\Users\Elize\Desktop\RSIT-1.06.exe 2016-08-13 10:34:49 DAAB3BCC6FA56354DECC22F4B9104F7F 339991 ----a-w- C:\Users\Elize\Downloads\RSIT-1.06(1).exe 2016-08-13 10:15:40 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files (x86)\trend micro\Elize.exe 2016-08-13 10:15:13 DAAB3BCC6FA56354DECC22F4B9104F7F 339991 ----a-w- C:\Users\Elize\Downloads\RSIT-1.06.exe 2016-08-13 10:12:45 A1F659CA9FDA35A61101BED2BE8CD170 88670 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe 2016-08-13 10:12:44 C01441BA6F99890B7FF6CD0260B7750A 146888 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 2016-08-13 10:11:49 946E8C3705E54367A10DB76B0E3B19BA 1554424 ----a-w- C:\Users\Elize\AppData\Local\Google\Chrome\User Data\SwReporter\8.62.4\software_reporter_tool.exe 2016-08-13 10:11:00 85314BD9E56C05372CB2CFA5BF7CAF1C 242216 ----a-w- C:\Users\Elize\Downloads\Firefox Setup Stub 48.0.exe 2016-08-13 09:06:07 C99AD59FAC80FAA0266493AFD566D83A 78608 ----a-w- C:\ProgramData\Avg\Setup\av\avguirux.exe 2016-08-13 09:06:07 059AFB5B1037DCE5ADE6743FB12DBDE1 6107296 ----a-w- C:\ProgramData\Avg\Setup\av\avgmfapx.exe 2016-08-12 21:49:09 338293691A201EA3FFA834876C78DAB9 67654312 ----a-w- C:\Users\Elize\AppData\Local\Temp\{28B2D3DE-35F8-4BC7-9DD8-4AE5038BF36B}.exe 2016-08-12 21:48:35 71CF4B286F3D39327298DF3B66C8904C 2342176 ----a-w- C:\Users\Elize\Downloads\PANDAFREEAV.exe 2016-08-12 21:38:33 350D904C80D7B735967995520FF80294 1430744 ----a-w- C:\Users\Elize\Downloads\PCKeeper Installer.exe 2016-08-12 21:26:45 E94B33328F987FD7A6E73624A19B72E7 6253640 ----a-w- C:\Users\Elize\Downloads\avast_free_antivirus_setup_online.exe 2016-08-12 21:15:18 F06FB41BFD2EF13A49447E4492C76CC7 603824 ----a-w- C:\Program Files\Reimage\Reimage Repair\ReimageRepair.exe 2016-08-12 21:15:03 E1824144DE1705E15A4D2101C61844BB 13264096 ----a-w- C:\Users\Elize\AppData\Local\Temp\ReimagePackage.exe 2016-08-12 20:44:02 F06FB41BFD2EF13A49447E4492C76CC7 603824 ----a-w- C:\Users\Elize\Downloads\ReimageRepair.exe === C: other files == 2016-08-13 10:25:05 814AA02E02A54770CF06226A2AC68F50 2027433 ----a-w- C:\Users\Elize\AppData\Roaming\Mozilla\Firefox\Profiles\x27adgab.default\features\{169805af-09c3-428a-8af1-bbfee91331ca}\loop@mozilla.org.xpi 2016-08-13 10:25:05 42910AD54D5C1E030808FE0871BF87B1 781661 ----a-w- C:\Users\Elize\AppData\Roaming\Mozilla\Firefox\Profiles\x27adgab.default\features\{169805af-09c3-428a-8af1-bbfee91331ca}\firefox@getpocket.com.xpi 2016-08-13 10:25:05 21D3AEE8E1C0F87AAC15B3AFA26C1FB8 6351 ----a-w- C:\Users\Elize\AppData\Roaming\Mozilla\Firefox\Profiles\x27adgab.default\features\{169805af-09c3-428a-8af1-bbfee91331ca}\e10srollout@mozilla.org.xpi 2016-08-12 21:51:53 4A8697BB94C97EC09415E22199F2904D 188 ----a-w- C:\ProgramData\panda_url_filtering\white.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-161117978-2925262177-180644262-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "panda"="reg.exe delete HKCU\Software\AppDataLow\Software\panda /f" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AvgUi"="C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe /lps=fmw" "AVG_UI"="C:\Program Files (x86)\AVG\Av\avuirunnerx.exe C:\Program Files (x86)\AVG\Av\avgui.exe" "vProt"="C:\Program Files (x86)\AVG Web TuneUp\vprot.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "panda"="reg.exe delete HKCU\Software\AppDataLow\Software\panda /f" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s" ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\ByteFence" [C:\Program Files\ByteFence\ByteFence.exe] "C:\WINDOWS\SysNative\tasks\ByteFence Scan" [C:\Program Files\ByteFence\ByteFence.exe] "C:\WINDOWS\SysNative\tasks\DNSWAXHAW" [dnswaxhaw.exe] "C:\WINDOWS\SysNative\tasks\ElizeCadgesAffectionateV2" [rundll32.exe NarwalsCircumstantiations.dll,main 7 1] "C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{9AA64710-A759-4530-836B-39EEACEBB680}" [C:\Windows\system32\msfeedssync.exe] "C:\WINDOWS\SysNative\tasks\{B5DFC585-B7DB-28B8-C4AF-F4502595F640}" [C:\Windows\system32\regsvr32.exe] ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Elize\AppData\Roaming\Mozilla\Firefox\Profiles\x27adgab.default user_pref("browser.startup.homepage", "www.google.nl"); ==== Firefox Extensions ====================== ProfilePath: C:\Users\Elize\AppData\Roaming\Mozilla\Firefox\Profiles\x27adgab.default - AVG Web TuneUp - %ProfilePath%\extensions\avg@toolbar.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox - Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi ==== Firefox Plugins ====================== ==== Chromium Look ====================== HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions chfdnecihphmhljaaejmgoiahnihplgn - No path found[] Google Docs - Elize\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - Elize\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - Elize\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo AVG Web TuneUp - Elize\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn Google Docs Offline - Elize\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - Elize\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Elize\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Chrome Media Router - Elize\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== C:\zoek_backup content ====================== ==== EOF on zo 14-08-2016 at 18:11:21,71 ======================