pc bogged down with possible explorer.exe leak, multiple dllhost.exe's too
- Thread starter Jere
- Start date
- Apr 24, 2014
- 3,395
Method 1 seems to uninstall to an older version, it says I'm currently at version 9. Method 2 claims that it can't find "Microsoft-Windows-InternetExplorer-*11.*.mum"
I continue to run the exe for IE 11 and it still says a newer version of IE is installed.
I continue to run the exe for IE 11 and it still says a newer version of IE is installed.
- Apr 24, 2014
- 3,395
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
- Right-click on
icon and select
Run as Administrator to start the tool.
- Wait patiently until the main console will appear, it may take a minute or two.
- In the main box please paste in the following script:
Code:emptyfolderscheck;delete Quickscan; autoclean; iedefaults; emptyclsid; ipconfig /flushdns;b - Make sure that Scan All Users option is checked.
- Push Run Script and wait patiently. The scan may take a couple of minutes.
- When the scan completes, a zoek-results logfile should open in notepad.
- If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
I appreciate all the assistance you've offered already 
Zoek.exe v5.0.0.0 Updated 10-November-2014
Tool run by XXX on Tue 11/11/2014 at 13:59:50.03.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\XXX\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
11/11/2014 2:00:51 PM Zoek.exe System Restore Point Created Succesfully.
==== Empty Folders Check ======================
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Users\XXX\AppData\Roaming\suabcsds deleted successfully
C:\Users\XXX\AppData\Roaming\PhrozenSoft deleted successfully
C:\Users\XXX\AppData\Roaming\TP deleted successfully
C:\Users\XXX\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\XXX\AppData\Local\PDFC deleted successfully
C:\Users\XXX\AppData\Local\PDFC deleted successfully
C:\Users\XXX\AppData\Local\PackageAware deleted successfully
C:\Users\XXX\AppData\Local\PDFC deleted successfully
C:\Users\XXX\AppData\Local\VirtualStore deleted successfully
C:\Users\XXX\AppData\Local\Windows Live Writer deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1123215231-4068954221-3286361982-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_USERS\S-1-5-21-1123215231-4068954221-3286361982-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_USERS\S-1-5-21-1123215231-4068954221-3286361982-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_USERS\S-1-5-21-1123215231-4068954221-3286361982-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_USERS\S-1-5-21-1123215231-4068954221-3286361982-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\avg@toolbar deleted successfully
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.1.9 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater18.1.9 deleted successfully
==== Batch Command(s) Run By Tool======================
C:\Windows\system32\appdata deleted
==== Deleting Files \ Folders ======================
C:\Windows\syswow64\appdata deleted
C:\PROGRA~2\Coupons deleted
C:\PROGRA~2\CMS-1500 Software _02-12 - Trial Version deleted
C:\PROGRA~2\AVG Security Toolbar deleted
C:\PROGRA~2\Yahoo! deleted
C:\Users\XXX\AppData\Local\AVG Secure Search deleted
C:\Users\XXX\AppData\Local\AVG Secure Search deleted
C:\Users\XXX\AppData\Local\AVG Secure Search deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy deleted
C:\Users\XXX\AppData\LocalLow\AVG Secure Search deleted
C:\Users\XXX\AppData\LocalLow\AVG Secure Search deleted
C:\Users\XXX\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
"C:\PROGRA~2\AVG Secure Search\TBAPI.dll" deleted
"C:\PROGRA~2\AVG Secure Search\vprot.exe" deleted
"C:\PROGRA~2\AVG Secure Search\TBAPI.dll" deleted
"C:\PROGRA~2\AVG Secure Search\vprot.exe" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\18.1.9\avgdttbx.dll" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\18.1.9\SiteSafety.dll" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll" deleted
"C:\PROGRA~2\AVG Secure Search" not deleted
"C:\PROGRA~2\AVG Secure Search" not deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\18.1.9" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\18.1.9" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.1.9" deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2014-11-07 22:01:01 FBCCF14D504B7B2DBCB5A5BDA75BD93B 26 ----a-w- C:\Windows\Zone.Identifier
====== C:\Users\DANORR~1\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-11-10 14:54:51 0C9988BDA3CEC3C421B773982C5E2EC6 5703168 ----a-w- C:\Windows\SysWOW64\mstscax.dll
2014-11-08 11:10:38 AB5EFB103DB01C1912C9D2F545EA5621 17920 ----a-w- C:\Windows\SysWOW64\wksprtPS.dll
2014-11-08 11:10:38 8DEEE20D8D30E9B0FBDCA31E58A027BD 53248 ----a-w- C:\Windows\SysWOW64\tsgqec.dll
2014-11-08 11:10:38 4676AAA9DDF52A50C829FEDB4EA81E54 1068544 ----a-w- C:\Windows\SysWOW64\mstsc.exe
2014-11-08 11:10:38 2EFB1279E7BEA7D12D9F4D6508D27880 50176 ----a-w- C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-11-08 11:10:37 5E676B296B762E211D83B87635F2C330 855552 ----a-w- C:\Windows\SysWOW64\rdvidcrl.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-11-10 14:54:50 6DD73E4E947DB3B0608321AE13210D94 6584320 ----a-w- C:\Windows\Sysnative\mstscax.dll
2014-11-08 11:10:49 DDED7C5558B3AE09F568945281A9A6D1 44544 ----a-w- C:\Windows\Sysnative\TsUsbGDCoInstaller.dll
2014-11-08 11:10:40 FEC6178962DFF33074D39CA907971405 12800 ----a-w- C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyExtension.dll
2014-11-08 11:10:40 108C257D765AAD2E6EC46557DA0B02BD 13824 ----a-w- C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyControl.exe
2014-11-08 11:10:38 7BD2E6E2458A5B95F8341244C7FC7DD4 18944 ----a-w- C:\Windows\Sysnative\wksprtPS.dll
2014-11-08 11:10:38 79EE5ECB4BE89343E4CF1E48F7769F59 420864 ----a-w- C:\Windows\Sysnative\wksprt.exe
2014-11-08 11:10:38 5289A00E2D21BB3A7D6761646543ED5C 62976 ----a-w- C:\Windows\Sysnative\tsgqec.dll
2014-11-08 11:10:38 149A388C17F04AD1F99B477A43BE1A9F 56832 ----a-w- C:\Windows\Sysnative\MsRdpWebAccess.dll
2014-11-08 11:10:38 0D2C2FAC4F29B5868D39B7267058CFEF 83968 ----a-w- C:\Windows\Sysnative\TSWbPrxy.exe
2014-11-08 11:10:37 A4420969E5AB94856E5C0C02E6099D3F 1057280 ----a-w- C:\Windows\Sysnative\rdvidcrl.dll
2014-11-08 11:10:37 8E75B1112C374EBDF18FD640DA2F0655 1147392 ----a-w- C:\Windows\Sysnative\mstsc.exe
====== C:\Windows\Sysnative\drivers =====
2014-11-08 11:10:40 E9981ECE8D894CEF7038FD1D040EB426 56832 ----a-w- C:\Windows\Sysnative\drivers\TsUsbFlt.sys
2014-11-07 13:37:47 17D683EEA9FFD741A1ED8731ABBC23D1 131800 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-11-07 13:30:35 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
2014-11-07 13:30:35 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2014-11-07 13:30:35 3540DDFAC8A076B983F86EB2A79D8FBD 96472 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
====== C:\Windows\Tasks ======
2014-11-08 11:16:10 F90FE1A584C5FD092E23A2562942AA81 3198 ----a-w- C:\Windows\Sysnative\Tasks\HPCeeScheduleForXXX
2014-11-08 11:16:10 39D226E5AFE57520BD3A54BC1B0E66D6 340 ----a-w- C:\Windows\Tasks\HPCeeScheduleForXXX.job
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-11-11 11:26:26 -------- d-----w- C:\PROGRA~2\MCShield
======= C: =====
====== C:\Users\XXX\AppData\Roaming ======
2014-11-11 14:29:11 F53906CB84CF415964EE7D1EF202D1D5 95 ----a-w- C:\Users\XXX\AppData\Local\fusioncache.dat
2014-11-11 14:29:10 -------- d-----w- C:\Users\XXX\AppData\Local\ApplicationHistory
2014-11-11 12:03:39 -------- d-sh--w- C:\Users\XXX\AppData\Locallow\EmieUserList
2014-11-11 12:03:38 -------- d-sh--w- C:\Users\XXX\AppData\Locallow\EmieSiteList
2014-11-11 12:02:59 -------- d-sh--w- C:\Users\XXX\AppData\Local\EmieUserList
2014-11-11 12:02:57 -------- d-sh--w- C:\Users\XXX\AppData\Local\EmieSiteList
2014-11-07 22:12:14 42609CF481C0586E454009265C64FC93 109784 ----a-w- C:\Windows\SysNative\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-07 20:19:03 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Uktgmedia
2014-11-07 19:59:24 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Odwtics
2014-11-07 19:48:47 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Temp
2014-11-07 15:49:22 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Roaming\Adobe
2014-11-07 15:48:18 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp
2014-11-07 13:30:05 -------- d-----w- C:\Users\XXX\AppData\Local\Programs
2014-11-07 13:01:53 -------- d-----w- C:\Users\XXX\AppData\Local\CrashDumps
2014-11-07 12:59:10 -------- d-----w- C:\Users\XXX\AppData\Roaming\AVG2014
2014-11-07 12:59:07 -------- d-----w- C:\Users\XXX\AppData\Local\Avg2014
2014-10-31 21:21:09 61DAAB11CD28CDB4707658FDBB33FBC7 455376 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat
====== C:\Users\XXX ======
2014-11-11 18:40:07 839A1A4D5043D694CD324C33937E00AE 55915216 ----a-w- C:\Users\XXX\Downloads\IE11-Windows6.1-x64-en-us.exe
2014-11-11 18:17:21 839A1A4D5043D694CD324C33937E00AE 55915216 ----a-w- C:\Users\XXX\Desktop\IE11-Windows6.1-x64-en-us.exe
2014-11-11 11:26:29 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2014-11-11 11:26:26 -------- d-----w- C:\ProgramData\MCShield
2014-11-11 11:24:55 6E44C49039E696991D2DB54B5C81E2F5 2856736 ----a-w- C:\Users\XXX\Downloads\MCShield-Setup.exe
2014-11-07 19:48:46 -------- d-----r- C:\Windows\SysNative\config\systemprofile\Favorites
2014-11-07 15:47:26 -------- d-----r- C:\Windows\SysNative\config\systemprofile\Desktop
2014-11-07 13:28:59 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\XXX\Downloads\mbam-setup-2.0.3.1025.exe
====== C: exe-files ==
2014-11-11 18:40:07 839A1A4D5043D694CD324C33937E00AE 55915216 ----a-w- C:\Users\XXX\Downloads\IE11-Windows6.1-x64-en-us.exe
2014-11-11 18:17:21 839A1A4D5043D694CD324C33937E00AE 55915216 ----a-w- C:\Users\XXX\Desktop\IE11-Windows6.1-x64-en-us.exe
2014-11-11 11:26:28 6E44C49039E696991D2DB54B5C81E2F5 2856736 ----a-w- C:\ProgramData\MCShield\MCShield-Setup.exe
2014-11-11 11:24:55 6E44C49039E696991D2DB54B5C81E2F5 2856736 ----a-w- C:\Users\XXX\Downloads\MCShield-Setup.exe
2014-11-10 16:55:58 C68AA07C443FB26A44E17A6649EE1D3C 821560 ----a-w- C:\fixing\mbar\Plugins\fixdamage.exe
2014-11-10 16:55:58 3CADE61FCDF50CC17ECB7664220E31DC 54072 ----a-w- C:\fixing\mbar\mbamdor.exe
2014-11-10 16:55:58 0A4EC663BF58FB4290674679FD075F58 1211192 ----a-w- C:\fixing\mbar\mbar.exe
2014-11-08 11:10:40 108C257D765AAD2E6EC46557DA0B02BD 13824 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2014-11-08 11:10:38 79EE5ECB4BE89343E4CF1E48F7769F59 420864 ----a-w- C:\Windows\System32\wksprt.exe
2014-11-08 11:10:38 4676AAA9DDF52A50C829FEDB4EA81E54 1068544 ----a-w- C:\Windows\SysWOW64\mstsc.exe
2014-11-08 11:10:38 0D2C2FAC4F29B5868D39B7267058CFEF 83968 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2014-11-08 11:10:37 8E75B1112C374EBDF18FD640DA2F0655 1147392 ----a-w- C:\Windows\System32\mstsc.exe
2014-11-07 21:57:46 22EB0E99FB7217A4253D774C0AB56181 2115072 ----a-w- C:\fixing\FRST-OlderVersion\FRST64.exe
2014-11-07 21:57:46 02D817FF481EB12FE0CC34363809C05B 2116096 ----a-w- C:\fixing\FRST64.exe
2014-11-07 21:14:50 2AD9820E4B17E78110A6AA06BF5C1CE2 4184008 ----a-w- C:\fixing\tdsskiller.exe
2014-11-07 13:28:59 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\XXX\Downloads\mbam-setup-2.0.3.1025.exe
=== C: other files ==
2014-11-08 11:10:40 E9981ECE8D894CEF7038FD1D040EB426 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2014-11-07 13:37:47 17D683EEA9FFD741A1ED8731ABBC23D1 131800 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-07 13:30:35 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-07 13:30:35 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-07 13:30:35 3540DDFAC8A076B983F86EB2A79D8FBD 96472 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-1123215231-4068954221-3286361982-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler"
[HKEY_USERS\S-1-5-21-1123215231-4068954221-3286361982-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
"MCShield Monitor"="C:\Program Files (x86)\MCShield\mcshieldrtm.exe"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
"PDF Complete"="C:\Program Files (x86)\PDF Complete\pdfsty.exe"
"vProt"="C:\Program Files (x86)\AVG Secure Search\vprot.exe"
"IndexSearch"="C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
"PaperPort PTD"="C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
"PPort12reminder"="C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe -r C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
"PDFHook"="C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe"
"PDF5 Registry Controller"="C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe"
"ControlCenter4"="C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun"
"BrStsMon00"="C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN"
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
"MCShield Monitor"="C:\Program Files (x86)\MCShield\mcshieldrtm.exe"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
==== Startup Folders ======================
2014-02-24 15:28:26 1343 ----a-w- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/24/2014 11:05 AM]
C:\Windows\tasks\AutoKMS.job --a------ C:\Windows\AutoKMS.exe []
C:\Windows\tasks\AutoKMSDaily.job --a------ C:\Windows\AutoKMS.exe []
C:\Windows\tasks\G2MUpdateTask-S-1-5-21-1123215231-4068954221-3286361982-1000.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05/09/2012 08:31 AM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05/09/2012 08:31 AM]
C:\Windows\tasks\HPCeeScheduleForXXX.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [07/15/2011 07:43 AM]
C:\Windows\tasks\HPCeeScheduleForXXX-HP$.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [07/15/2011 07:43 AM]
C:\Windows\tasks\HPCeeScheduleForXXX.job --a------ C:\Program Files (x86)\Hewlett-PaC:kard\HP C:eement\HPC:EE.exe []
==== Other Scheduled Tasks ======================
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\AutoKMS" [C:\Windows\AutoKMS.exe]
"C:\Windows\SysNative\tasks\AutoKMSDaily" [C:\Windows\AutoKMS.exe]
"C:\Windows\SysNative\tasks\G2MUpdateTask-S-1-5-21-1123215231-4068954221-3286361982-1000" [C:\Program Files (x86)\Citrix\GoToMeeting\1767\g2mupdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForXXX" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForXXX" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForXXX-HP$" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\Registration" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe"]
"C:\Windows\SysNative\tasks\RMCreator" [C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{60326862-DC72-4EEC-B3CF-EDBC2FB92AA6}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{7EA6F56D-853F-426B-99F0-E6D73F754B49}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{A8981AB8-2E73-4DA8-B2A3-4C8C9B68C9BD}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{D4C3CF85-E49F-4163-A602-33CFDD400B5E}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{D82C0DE5-AEE2-4167-A85D-8D4EF53C0045}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\14.2.0.1\avg.crx[]
ocjnghepkaobiilbdiaojacipiikijij - C:\Users\XXX\AppData\Roaming\AVG Rewards for Chrome\AVG Rewards.crx[09/23/2012 08:13 AM]
Google Wallet - XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
AVG Rewards - XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocjnghepkaobiilbdiaojacipiikijij
Google Slides - XXX\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - XXX\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - XXX\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - XXX\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - XXX\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - XXX\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - XXX\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Wallet - XXX\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
AVG Rewards - XXX\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ocjnghepkaobiilbdiaojacipiikijij
Gmail - XXX\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AVG Security Toolbar - XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Google Wallet - XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
AVG Rewards - XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocjnghepkaobiilbdiaojacipiikijij
Gmail - XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Wallet - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
AVG Rewards - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocjnghepkaobiilbdiaojacipiikijij
Gmail - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chromium Fix ======================
C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.avg.com_0.localstorage deleted successfully
C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.avg.com_0.localstorage-journal deleted successfully
C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully
C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage deleted successfully
C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage deleted successfully
C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1123215231-4068954221-3286361982-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-1123215231-4068954221-3286361982-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-1123215231-4068954221-3286361982-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-1123215231-4068954221-3286361982-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-1123215231-4068954221-3286361982-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.3 deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\XXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\XXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\XXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=731 folders=295 241931695 bytes)
==== Empty Temp Folders ======================
C:\Users\XXX\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\XXX\AppData\Local\Temp emptied successfully
C:\Users\XXX\AppData\Local\Temp emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\DANORR~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\PROGRA~2\AVG Secure Search" not found
"C:\PROGRA~2\AVG Secure Search" not found
==== EOF on Tue 11/11/2014 at 14:32:54.05 ======================
Zoek.exe v5.0.0.0 Updated 10-November-2014
Tool run by XXX on Tue 11/11/2014 at 13:59:50.03.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\XXX\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
11/11/2014 2:00:51 PM Zoek.exe System Restore Point Created Succesfully.
==== Empty Folders Check ======================
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\Users\XXX\AppData\Roaming\suabcsds deleted successfully
C:\Users\XXX\AppData\Roaming\PhrozenSoft deleted successfully
C:\Users\XXX\AppData\Roaming\TP deleted successfully
C:\Users\XXX\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\XXX\AppData\Local\PDFC deleted successfully
C:\Users\XXX\AppData\Local\PDFC deleted successfully
C:\Users\XXX\AppData\Local\PackageAware deleted successfully
C:\Users\XXX\AppData\Local\PDFC deleted successfully
C:\Users\XXX\AppData\Local\VirtualStore deleted successfully
C:\Users\XXX\AppData\Local\Windows Live Writer deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1123215231-4068954221-3286361982-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_USERS\S-1-5-21-1123215231-4068954221-3286361982-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_USERS\S-1-5-21-1123215231-4068954221-3286361982-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_USERS\S-1-5-21-1123215231-4068954221-3286361982-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_USERS\S-1-5-21-1123215231-4068954221-3286361982-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\avg@toolbar deleted successfully
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.1.9 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater18.1.9 deleted successfully
==== Batch Command(s) Run By Tool======================
C:\Windows\system32\appdata deleted
==== Deleting Files \ Folders ======================
C:\Windows\syswow64\appdata deleted
C:\PROGRA~2\Coupons deleted
C:\PROGRA~2\CMS-1500 Software _02-12 - Trial Version deleted
C:\PROGRA~2\AVG Security Toolbar deleted
C:\PROGRA~2\Yahoo! deleted
C:\Users\XXX\AppData\Local\AVG Secure Search deleted
C:\Users\XXX\AppData\Local\AVG Secure Search deleted
C:\Users\XXX\AppData\Local\AVG Secure Search deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy deleted
C:\Users\XXX\AppData\LocalLow\AVG Secure Search deleted
C:\Users\XXX\AppData\LocalLow\AVG Secure Search deleted
C:\Users\XXX\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
"C:\PROGRA~2\AVG Secure Search\TBAPI.dll" deleted
"C:\PROGRA~2\AVG Secure Search\vprot.exe" deleted
"C:\PROGRA~2\AVG Secure Search\TBAPI.dll" deleted
"C:\PROGRA~2\AVG Secure Search\vprot.exe" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\18.1.9\avgdttbx.dll" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\18.1.9\SiteSafety.dll" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll" deleted
"C:\PROGRA~2\AVG Secure Search" not deleted
"C:\PROGRA~2\AVG Secure Search" not deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\DNTInstaller\18.1.9" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\SiteSafetyInstaller\18.1.9" deleted
"C:\PROGRA~2\COMMON~1\AVG Secure Search\vToolbarUpdater\18.1.9" deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2014-11-07 22:01:01 FBCCF14D504B7B2DBCB5A5BDA75BD93B 26 ----a-w- C:\Windows\Zone.Identifier
====== C:\Users\DANORR~1\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-11-10 14:54:51 0C9988BDA3CEC3C421B773982C5E2EC6 5703168 ----a-w- C:\Windows\SysWOW64\mstscax.dll
2014-11-08 11:10:38 AB5EFB103DB01C1912C9D2F545EA5621 17920 ----a-w- C:\Windows\SysWOW64\wksprtPS.dll
2014-11-08 11:10:38 8DEEE20D8D30E9B0FBDCA31E58A027BD 53248 ----a-w- C:\Windows\SysWOW64\tsgqec.dll
2014-11-08 11:10:38 4676AAA9DDF52A50C829FEDB4EA81E54 1068544 ----a-w- C:\Windows\SysWOW64\mstsc.exe
2014-11-08 11:10:38 2EFB1279E7BEA7D12D9F4D6508D27880 50176 ----a-w- C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-11-08 11:10:37 5E676B296B762E211D83B87635F2C330 855552 ----a-w- C:\Windows\SysWOW64\rdvidcrl.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-11-10 14:54:50 6DD73E4E947DB3B0608321AE13210D94 6584320 ----a-w- C:\Windows\Sysnative\mstscax.dll
2014-11-08 11:10:49 DDED7C5558B3AE09F568945281A9A6D1 44544 ----a-w- C:\Windows\Sysnative\TsUsbGDCoInstaller.dll
2014-11-08 11:10:40 FEC6178962DFF33074D39CA907971405 12800 ----a-w- C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyExtension.dll
2014-11-08 11:10:40 108C257D765AAD2E6EC46557DA0B02BD 13824 ----a-w- C:\Windows\Sysnative\TsUsbRedirectionGroupPolicyControl.exe
2014-11-08 11:10:38 7BD2E6E2458A5B95F8341244C7FC7DD4 18944 ----a-w- C:\Windows\Sysnative\wksprtPS.dll
2014-11-08 11:10:38 79EE5ECB4BE89343E4CF1E48F7769F59 420864 ----a-w- C:\Windows\Sysnative\wksprt.exe
2014-11-08 11:10:38 5289A00E2D21BB3A7D6761646543ED5C 62976 ----a-w- C:\Windows\Sysnative\tsgqec.dll
2014-11-08 11:10:38 149A388C17F04AD1F99B477A43BE1A9F 56832 ----a-w- C:\Windows\Sysnative\MsRdpWebAccess.dll
2014-11-08 11:10:38 0D2C2FAC4F29B5868D39B7267058CFEF 83968 ----a-w- C:\Windows\Sysnative\TSWbPrxy.exe
2014-11-08 11:10:37 A4420969E5AB94856E5C0C02E6099D3F 1057280 ----a-w- C:\Windows\Sysnative\rdvidcrl.dll
2014-11-08 11:10:37 8E75B1112C374EBDF18FD640DA2F0655 1147392 ----a-w- C:\Windows\Sysnative\mstsc.exe
====== C:\Windows\Sysnative\drivers =====
2014-11-08 11:10:40 E9981ECE8D894CEF7038FD1D040EB426 56832 ----a-w- C:\Windows\Sysnative\drivers\TsUsbFlt.sys
2014-11-07 13:37:47 17D683EEA9FFD741A1ED8731ABBC23D1 131800 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-11-07 13:30:35 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
2014-11-07 13:30:35 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2014-11-07 13:30:35 3540DDFAC8A076B983F86EB2A79D8FBD 96472 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
====== C:\Windows\Tasks ======
2014-11-08 11:16:10 F90FE1A584C5FD092E23A2562942AA81 3198 ----a-w- C:\Windows\Sysnative\Tasks\HPCeeScheduleForXXX
2014-11-08 11:16:10 39D226E5AFE57520BD3A54BC1B0E66D6 340 ----a-w- C:\Windows\Tasks\HPCeeScheduleForXXX.job
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-11-11 11:26:26 -------- d-----w- C:\PROGRA~2\MCShield
======= C: =====
====== C:\Users\XXX\AppData\Roaming ======
2014-11-11 14:29:11 F53906CB84CF415964EE7D1EF202D1D5 95 ----a-w- C:\Users\XXX\AppData\Local\fusioncache.dat
2014-11-11 14:29:10 -------- d-----w- C:\Users\XXX\AppData\Local\ApplicationHistory
2014-11-11 12:03:39 -------- d-sh--w- C:\Users\XXX\AppData\Locallow\EmieUserList
2014-11-11 12:03:38 -------- d-sh--w- C:\Users\XXX\AppData\Locallow\EmieSiteList
2014-11-11 12:02:59 -------- d-sh--w- C:\Users\XXX\AppData\Local\EmieUserList
2014-11-11 12:02:57 -------- d-sh--w- C:\Users\XXX\AppData\Local\EmieSiteList
2014-11-07 22:12:14 42609CF481C0586E454009265C64FC93 109784 ----a-w- C:\Windows\SysNative\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-07 20:19:03 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Uktgmedia
2014-11-07 19:59:24 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Odwtics
2014-11-07 19:48:47 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Local\Temp
2014-11-07 15:49:22 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Roaming\Adobe
2014-11-07 15:48:18 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp
2014-11-07 13:30:05 -------- d-----w- C:\Users\XXX\AppData\Local\Programs
2014-11-07 13:01:53 -------- d-----w- C:\Users\XXX\AppData\Local\CrashDumps
2014-11-07 12:59:10 -------- d-----w- C:\Users\XXX\AppData\Roaming\AVG2014
2014-11-07 12:59:07 -------- d-----w- C:\Users\XXX\AppData\Local\Avg2014
2014-10-31 21:21:09 61DAAB11CD28CDB4707658FDBB33FBC7 455376 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat
====== C:\Users\XXX ======
2014-11-11 18:40:07 839A1A4D5043D694CD324C33937E00AE 55915216 ----a-w- C:\Users\XXX\Downloads\IE11-Windows6.1-x64-en-us.exe
2014-11-11 18:17:21 839A1A4D5043D694CD324C33937E00AE 55915216 ----a-w- C:\Users\XXX\Desktop\IE11-Windows6.1-x64-en-us.exe
2014-11-11 11:26:29 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCShield
2014-11-11 11:26:26 -------- d-----w- C:\ProgramData\MCShield
2014-11-11 11:24:55 6E44C49039E696991D2DB54B5C81E2F5 2856736 ----a-w- C:\Users\XXX\Downloads\MCShield-Setup.exe
2014-11-07 19:48:46 -------- d-----r- C:\Windows\SysNative\config\systemprofile\Favorites
2014-11-07 15:47:26 -------- d-----r- C:\Windows\SysNative\config\systemprofile\Desktop
2014-11-07 13:28:59 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\XXX\Downloads\mbam-setup-2.0.3.1025.exe
====== C: exe-files ==
2014-11-11 18:40:07 839A1A4D5043D694CD324C33937E00AE 55915216 ----a-w- C:\Users\XXX\Downloads\IE11-Windows6.1-x64-en-us.exe
2014-11-11 18:17:21 839A1A4D5043D694CD324C33937E00AE 55915216 ----a-w- C:\Users\XXX\Desktop\IE11-Windows6.1-x64-en-us.exe
2014-11-11 11:26:28 6E44C49039E696991D2DB54B5C81E2F5 2856736 ----a-w- C:\ProgramData\MCShield\MCShield-Setup.exe
2014-11-11 11:24:55 6E44C49039E696991D2DB54B5C81E2F5 2856736 ----a-w- C:\Users\XXX\Downloads\MCShield-Setup.exe
2014-11-10 16:55:58 C68AA07C443FB26A44E17A6649EE1D3C 821560 ----a-w- C:\fixing\mbar\Plugins\fixdamage.exe
2014-11-10 16:55:58 3CADE61FCDF50CC17ECB7664220E31DC 54072 ----a-w- C:\fixing\mbar\mbamdor.exe
2014-11-10 16:55:58 0A4EC663BF58FB4290674679FD075F58 1211192 ----a-w- C:\fixing\mbar\mbar.exe
2014-11-08 11:10:40 108C257D765AAD2E6EC46557DA0B02BD 13824 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2014-11-08 11:10:38 79EE5ECB4BE89343E4CF1E48F7769F59 420864 ----a-w- C:\Windows\System32\wksprt.exe
2014-11-08 11:10:38 4676AAA9DDF52A50C829FEDB4EA81E54 1068544 ----a-w- C:\Windows\SysWOW64\mstsc.exe
2014-11-08 11:10:38 0D2C2FAC4F29B5868D39B7267058CFEF 83968 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2014-11-08 11:10:37 8E75B1112C374EBDF18FD640DA2F0655 1147392 ----a-w- C:\Windows\System32\mstsc.exe
2014-11-07 21:57:46 22EB0E99FB7217A4253D774C0AB56181 2115072 ----a-w- C:\fixing\FRST-OlderVersion\FRST64.exe
2014-11-07 21:57:46 02D817FF481EB12FE0CC34363809C05B 2116096 ----a-w- C:\fixing\FRST64.exe
2014-11-07 21:14:50 2AD9820E4B17E78110A6AA06BF5C1CE2 4184008 ----a-w- C:\fixing\tdsskiller.exe
2014-11-07 13:28:59 33398D340008A0577507FCA7FD443622 19828376 ----a-w- C:\Users\XXX\Downloads\mbam-setup-2.0.3.1025.exe
=== C: other files ==
2014-11-08 11:10:40 E9981ECE8D894CEF7038FD1D040EB426 56832 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
2014-11-07 13:37:47 17D683EEA9FFD741A1ED8731ABBC23D1 131800 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-07 13:30:35 95EF63A7827D4E3A229CBBCB42619E93 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-11-07 13:30:35 5C3669B71657F22E67A1D4BD49D2CBE7 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-11-07 13:30:35 3540DDFAC8A076B983F86EB2A79D8FBD 96472 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-1123215231-4068954221-3286361982-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler"
[HKEY_USERS\S-1-5-21-1123215231-4068954221-3286361982-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
"MCShield Monitor"="C:\Program Files (x86)\MCShield\mcshieldrtm.exe"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"
"PDF Complete"="C:\Program Files (x86)\PDF Complete\pdfsty.exe"
"vProt"="C:\Program Files (x86)\AVG Secure Search\vprot.exe"
"IndexSearch"="C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
"PaperPort PTD"="C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
"PPort12reminder"="C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe -r C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
"PDFHook"="C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe"
"PDF5 Registry Controller"="C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe"
"ControlCenter4"="C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun"
"BrStsMon00"="C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN"
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2014\avgui.exe /TRAYONLY"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
"MCShield Monitor"="C:\Program Files (x86)\MCShield\mcshieldrtm.exe"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Reader Speed Launcher"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
==== Startup Folders ======================
2014-02-24 15:28:26 1343 ----a-w- C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/24/2014 11:05 AM]
C:\Windows\tasks\AutoKMS.job --a------ C:\Windows\AutoKMS.exe []
C:\Windows\tasks\AutoKMSDaily.job --a------ C:\Windows\AutoKMS.exe []
C:\Windows\tasks\G2MUpdateTask-S-1-5-21-1123215231-4068954221-3286361982-1000.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05/09/2012 08:31 AM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05/09/2012 08:31 AM]
C:\Windows\tasks\HPCeeScheduleForXXX.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [07/15/2011 07:43 AM]
C:\Windows\tasks\HPCeeScheduleForXXX-HP$.job --a------ C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [07/15/2011 07:43 AM]
C:\Windows\tasks\HPCeeScheduleForXXX.job --a------ C:\Program Files (x86)\Hewlett-PaC:kard\HP C:eement\HPC:EE.exe []
==== Other Scheduled Tasks ======================
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\AutoKMS" [C:\Windows\AutoKMS.exe]
"C:\Windows\SysNative\tasks\AutoKMSDaily" [C:\Windows\AutoKMS.exe]
"C:\Windows\SysNative\tasks\G2MUpdateTask-S-1-5-21-1123215231-4068954221-3286361982-1000" [C:\Program Files (x86)\Citrix\GoToMeeting\1767\g2mupdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForXXX" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForXXX" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForXXX-HP$" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\Registration" ["C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe"]
"C:\Windows\SysNative\tasks\RMCreator" [C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{60326862-DC72-4EEC-B3CF-EDBC2FB92AA6}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{7EA6F56D-853F-426B-99F0-E6D73F754B49}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{A8981AB8-2E73-4DA8-B2A3-4C8C9B68C9BD}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{D4C3CF85-E49F-4163-A602-33CFDD400B5E}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{D82C0DE5-AEE2-4167-A85D-8D4EF53C0045}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\14.2.0.1\avg.crx[]
ocjnghepkaobiilbdiaojacipiikijij - C:\Users\XXX\AppData\Roaming\AVG Rewards for Chrome\AVG Rewards.crx[09/23/2012 08:13 AM]
Google Wallet - XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
AVG Rewards - XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocjnghepkaobiilbdiaojacipiikijij
Google Slides - XXX\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - XXX\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - XXX\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - XXX\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - XXX\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - XXX\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - XXX\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Wallet - XXX\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
AVG Rewards - XXX\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ocjnghepkaobiilbdiaojacipiikijij
Gmail - XXX\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AVG Security Toolbar - XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Google Wallet - XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
AVG Rewards - XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocjnghepkaobiilbdiaojacipiikijij
Gmail - XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Slides - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Wallet - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
AVG Rewards - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocjnghepkaobiilbdiaojacipiikijij
Gmail - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chromium Fix ======================
C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.avg.com_0.localstorage deleted successfully
C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.avg.com_0.localstorage-journal deleted successfully
C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully
C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage deleted successfully
C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage deleted successfully
C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage-journal deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1123215231-4068954221-3286361982-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-1123215231-4068954221-3286361982-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-1123215231-4068954221-3286361982-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-1123215231-4068954221-3286361982-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-1123215231-4068954221-3286361982-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.3 deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\XXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\XXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\XXX\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully
C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=731 folders=295 241931695 bytes)
==== Empty Temp Folders ======================
C:\Users\XXX\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\XXX\AppData\Local\Temp emptied successfully
C:\Users\XXX\AppData\Local\Temp emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\DANORR~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\PROGRA~2\AVG Secure Search" not found
"C:\PROGRA~2\AVG Secure Search" not found
==== EOF on Tue 11/11/2014 at 14:32:54.05 ======================
Last edited:
Sorry to double post, but reattemtped to install IE11; installer still says a newer version of IE is installed.
- Apr 24, 2014
- 3,395
Sorry, the system is clean, seek help elsewhere
Download DelFix by Xplode and save it to your desktop.
Tool deletes old system restore points and create a fresh system restore point after cleaning.
Download DelFix by Xplode and save it to your desktop.
- Run the tool by right click on the
icon and Run as administrator option.
- Make sure that these ones are checked:
- Remove disinfection tools
- Purge system restore
- Reset system settings
- Push Run and wait until the tool completes his work.
- All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)
Tool deletes old system restore points and create a fresh system restore point after cleaning.
Similar threads
