Solved Chrome Go Save ads/extension keeps coming back.

[EllaUmbrella]

Hello,

I'm having a little trouble getting rid of the go save ads on google chrome. Wondering if someone can help me :]

Thanks!!

 

[TwinHeadedEagle]

Hello,



They call me TwinHeadedEagle around here, and I'll be working with you.



Before we start please read and note the following:

• At the top of your post, please click on the "Watch thread" button and make sure to check Watch this thread...and receive email notifications. This will send an email to you as soon as I reply to your topic, allowing me to solve your problem faster.
• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process. Please do not perform System Restore or any other restore.
• Instructions I give to you are very simple and made for complete beginner to follow. That's why you need to read through my instructions carefully and completely before executing them.
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• All tools we use here are completely clean and do not contain any malware. If your antivirus detects them as malicious, please disable your antivirus and then continue.
• If during the process you run across anything that is not in my instructions, please stop and ask. If any tool is running too much time (few hours), please stop and inform me.
• I visit forum several times at day, making sure to respond to everyone's topic as fast as possible. But bear in mind that I have private life like everyone and I cannot be here 24/7. So please be patient with me. Also, some infections require less, and some more time to be removed completely, so bear this in mind and be patient.
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. If you solved your problem yourself, set aside two minutes to let me know.
  
• Please attach all report using
  
  button below. Doing this, you make it easier for me to analyze and fix your problem.
  
• Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

  createsrpoint;
  autoclean;
  emptyalltemp;
  ipconfig /flushdns;b

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

 

[EllaUmbrella]

Hey thanks for your help here's the zoesk-results......




Zoek.exe v5.0.0.0 Updated 11-October-2014
Tool run by Gabriella on 11/10/2014 at 16:44:12.59.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Gabriella\Downloads\zoek\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

11/10/2014 16:47:20 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3961737634-467384737-2188165716-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully
HKEY_USERS\S-1-5-21-3961737634-467384737-2188165716-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully
HKEY_USERS\S-1-5-21-3961737634-467384737-2188165716-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully
HKEY_USERS\S-1-5-21-3961737634-467384737-2188165716-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LPTSystemUpdater deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\LPTSystemUpdater deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\GABRIE~1\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default

user.js not found
---- Lines babsrc removed from prefs.js ----
user_pref("avg.install.userHPSettings", "http://www1.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=1B680015833766AC");
---- Lines WebSearch removed from prefs.js ----
user_pref("browser.search.defaultenginename", "WebSearch");
user_pref("browser.search.defaultenginename,S", "WebSearch");
user_pref("browser.search.defaulturl", "http://websearch.allsearches.info/?...52674635958017532&lg=EN&cc=GB&unqvl=64&l=1&q=");
user_pref("browser.search.order.1", "WebSearch");
user_pref("browser.search.order.1,S", "WebSearch");
user_pref("browser.search.selectedEngine,S", "WebSearch");
---- Lines delta removed from prefs.js ----
user_pref("avg.install.userSPSettings", "Delta Search");
---- Lines Web Search removed from prefs.js ----
user_pref("browser.search.defaultthis.engineName", "BitTorrentBar Customized Web Search");
user_pref("browser.search.selectedEngine", "Web Search");
---- Lines helperbar removed from prefs.js ----
user_pref("browser.startup.homepage", "http://feed.helperbar.com/?p=mKO_Aw...BRDXuH_N6dnG4YA4YYZwVC3rJrAaqZ2A7GG3s2R-tVLzg
user_pref("keyword.URL", "http://feed.helperbar.com/?p=mKO_Aw...YA4YYZwVC3rJrAaqZ2A7GG3s2R-tVLzg4YrJQMJX77kWk
---- FireFox user.js and prefs.js backups ----

prefs_102014_1710_.backup

==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\2308189059 deleted
C:\Program Files\Viewpoint deleted
C:\Program Files\SW_Booster deleted
C:\Program Files\Optimizer Pro deleted
C:\Program Files\MyFree Codec deleted
C:\Program Files\LPT deleted
C:\found.000 deleted
C:\found.001 deleted
C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Search.lnk deleted
C:\Users\Gabriella\AppData\Roaming\SkypEmoticons deleted
C:\Users\Gabriella\AppData\Roaming\Babylon deleted
C:\Users\Gabriella\AppData\Roaming\OpenCandy deleted
C:\PROGRA~2\ezsid.dat deleted
C:\PROGRA~2\Viewpoint deleted
C:\PROGRA~2\Tarma Installer deleted
C:\PROGRA~2\Babylon deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec deleted
C:\Users\Gabriella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Gabriella\AppData\LocalLow\boost_interprocess deleted
C:\Users\Gabriella\AppData\LocalLow\BitTorrentBar deleted
C:\Users\Gabriella\AppData\LocalLow\PriceGong deleted
C:\Users\Gabriella\AppData\LocalLow\Conduit deleted
C:\Users\Gabriella\AppData\LocalLow\ConduitEngine deleted
C:\Windows\system32\config\systemprofile\Searches deleted
C:\Users\GABRIE~1\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\searchplugins\Web Search.xml deleted
C:\Users\GABRIE~1\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\searchplugins\WebSearch.xml deleted
C:\Users\GABRIE~1\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\Invalidprefs.js deleted
C:\Users\GABRIE~1\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\bProtector_extensions.rdf deleted
C:\Users\GABRIE~1\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\jetpack deleted
C:\Users\GABRIE~1\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\extensions\staged deleted
C:\Users\GABRIE~1\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\CT2790392 deleted
"C:\Windows\Installer\42336948.msi" deleted
"C:\PROGRA~2\7cd086c57b8f01cc\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}.20141008111228" deleted
"C:\PROGRA~2\7cd086c57b8f01cc\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}.20141008112410" deleted
"C:\PROGRA~2\7cd086c57b8f01cc\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}.20141008112546" deleted
"C:\PROGRA~2\7cd086c57b8f01cc\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}.20141008112547" deleted
"C:\PROGRA~2\7cd086c57b8f01cc\{87162843-2059-2054-7171-45775F2A6708}.20141008112546" deleted
"C:\PROGRA~2\7cd086c57b8f01cc\{87162843-2059-2054-7171-45775F2A6708}.20141008114912" deleted
"C:\PROGRA~2\7cd086c57b8f01cc\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20141006124305" deleted
"C:\PROGRA~2\7cd086c57b8f01cc\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20141006124356" deleted
"C:\PROGRA~2\7cd086c57b8f01cc\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20141008105812" deleted
"C:\PROGRA~2\7cd086c57b8f01cc\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20141008111142" deleted
"C:\PROGRA~2\7cd086c57b8f01cc\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20141008111228" deleted
"C:\PROGRA~2\7cd086c57b8f01cc\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20141008111229" deleted
"C:\PROGRA~2\7cd086c57b8f01cc" deleted
"C:\PROGRA~2\????0" not deleted
"C:\PROGRA~2\????0" not deleted
"C:\PROGRA~2\????0" not deleted
"C:\PROGRA~2\????0" not deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5" [22/02/2012 16:08]

==== Firefox Extensions ======================

ProfilePath: C:\Users\GABRIE~1\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default
- British English Dictionary - C:\Users\Gabriella\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\extensions\en-GB@dictionaries.addons.mozilla.org
- PhotoJacker: Photo Album Downloader for Facebook fka FacePAD - C:\Users\Gabriella\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\extensions\facepad@lazyrussian.com
- Dizionario italiano - C:\Users\Gabriella\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\extensions\it-IT@dictionaries.addons.mozilla.org
- AddThis - C:\Users\Gabriella\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
- Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
- DivX Plus Web Player HTML5 lt;videogt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
- Undetermined - C:\Users\Gabriella\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\extensions\{8f0c664c-8178-7a5c-9f80-241a76ed918e}
- British English Dictionary - %ProfilePath%\extensions\en-GB@dictionaries.addons.mozilla.org
- PhotoJacker: Photo Album Downloader for Facebook fka FacePAD - %ProfilePath%\extensions\facepad@lazyrussian.com
- Dizionario italiano - %ProfilePath%\extensions\it-IT@dictionaries.addons.mozilla.org
- AddThis - %ProfilePath%\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
- InvisibleHand - %ProfilePath%\extensions\canitbecheaper@trafficbroker.co.uk.xpi
- YouTube to MP3 Button - %ProfilePath%\extensions\flvto@hotger.com.xpi
- Personas Plus - %ProfilePath%\extensions\personas@christopher.beard.xpi
- Quidco Cashback Reminder - %ProfilePath%\extensions\quidcotoolbar@quidco.com.xpi
- New Tab Homepage - %ProfilePath%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Gabriella\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default
DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash
5232105D125A448E99D8C905AB4713EE - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
21536AF136F35D9E960B085C905C98FB - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat
893BF7D2261C56C24F813405D9D018E0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In
49CFBB2130C682FFDF2CEBEE9A2D556E - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
6768C724599214E4F9ADD9F8FF5097EB - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U45
F1CD6E22E5AE5CEEB7712E546A5FC853 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.450.18
A66A630E101E7B5CF0946F34935660CC - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll - DivX Plus Web Player
B938C1AE3ADCE166190895685B0BEB0D - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll - DivX VOD Helper Plug-in
24E990B1E6D55428001843CF7217DD81 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox
AAA414455FE1AA87E424BDFCAE249B50 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live® Photo Gallery
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
8DA2ED6B04EA33F2EAE8BA883F903729 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[14/05/2013 13:27]
nbmafkdmkkckhggblphicnnhlgljnoje - C:\Program Files\TornTV.com\torn2_10.crx[]
nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[12/12/2011 14:13]

GoSSavve - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje
NeXtCoup - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp
WEbbinG - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo
GoSSavve - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje
NeXtCoup - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp
WEbbinG - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo
GoSSavve - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje
NeXtCoup - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp
WEbbinG - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo
GoSSavve - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje
NeXtCoup - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp
WEbbinG - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo
GoSSavve - Administrator\AppData\Local\Torch\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje
NeXtCoup - Administrator\AppData\Local\Torch\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp
WEbbinG - Administrator\AppData\Local\Torch\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo
GoSSavve - Gabriella\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje
NeXtCoup - Gabriella\AppData\Local\Chromatic Browser\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp
WEbbinG - Gabriella\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo
GoSSavve - Gabriella\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje
NeXtCoup - Gabriella\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp
WEbbinG - Gabriella\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo
Google Voice Search Hotword (Beta) - Gabriella\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
Loupe Collage - Gabriella\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhaonknplhhecdgjpphnooeomecgipkc
HelloSign for Gmail - Gabriella\AppData\Local\Google\Chrome\User Data\Default\Extensions\dciflieigdmogpmamcgbigingaodhnil
GoSSavve - Gabriella\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje
PicMonkey - Gabriella\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm
NeXtCoup - Gabriella\AppData\Local\Google\Chrome\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp
WEbbinG - Gabriella\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo
Until AM for Chrome - Gabriella\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjafmkicbmhcbapadecadciafbkecofl
GoSSavve - Gabriella\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje
NeXtCoup - Gabriella\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp
WEbbinG - Gabriella\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo
GoSSavve - Gabriella\AppData\Local\Torch\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje
NeXtCoup - Gabriella\AppData\Local\Torch\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp
WEbbinG - Gabriella\AppData\Local\Torch\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo
GoSSavve - Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje
NeXtCoup - Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp
WEbbinG - Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo
GoSSavve - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje
NeXtCoup - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp
WEbbinG - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo
GoSSavve - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje
NeXtCoup - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp
WEbbinG - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo
GoSSavve - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje
NeXtCoup - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp
WEbbinG - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo
GoSSavve - Guest\AppData\Local\Torch\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje
NeXtCoup - Guest\AppData\Local\Torch\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp
WEbbinG - Guest\AppData\Local\Torch\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo

==== Chromium Startpages ======================

C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "https://www.google.co.uk/",
"startup_urls": [ "https://www.google.co.uk/" ],


==== Chromium Fix ======================

C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully
C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.allsearches.info_0.localstorage deleted successfully
C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.allsearches.info_0.localstorage-journal deleted successfully
C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_click.dealshark.com_0.localstorage deleted successfully
C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_click.dealshark.com_0.localstorage-journal deleted successfully
C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage deleted successfully
C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage-journal deleted successfully
C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully
C:\Users\Gabriella\AppData\Local\Chromatic Browser\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully
C:\Users\Gabriella\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully
C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully
C:\Users\Gabriella\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully
C:\Users\Gabriella\AppData\Local\Torch\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully
C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully
C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully
C:\Users\Gabriella\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully
C:\Users\Gabriella\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully
C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully
C:\Users\Gabriella\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully
C:\Users\Gabriella\AppData\Local\Torch\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully
C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully
C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully
C:\Users\Gabriella\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully
C:\Users\Gabriella\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully
C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully
C:\Users\Gabriella\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully
C:\Users\Gabriella\AppData\Local\Torch\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully
C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://feed.helperbar.com/?p=mKO_Aw...l-StUANL-kZMB6R8nJsGrn3TMCU2tnJqUbe5ulOEuu4Fw,,"
"Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb"
"Search Page"="http://feed.helperbar.com/?p=mKO_Aw...c1dlbxmjDzwMUmjMjXX-5XzvugQ,,&q={searchTerms}"
"Search Bar"="http://feed.helperbar.com/?p=mKO_Aw...c1dlbxmjDzwMUmjMjXX-5XzvugQ,,&q={searchTerms}"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://websearch.allsearches.info/?pid=95&r=2014/10/06&hid=52674635958017532&lg=EN&cc=GB&unqvl=64"
"Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://feed.helperbar.com/?p=mKO_Aw...c1dlbxmjDyLX45oEfpbNY9DQf0w,,&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="http://feed.helperbar.com/?p=mKO_Aw...c1dlbxmjDzwMUmjMjXX-5XzvugQ,,&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://feed.helperbar.com/?p=mKO_Aw...c1dlbxmjDzwMUmjMjXX-5XzvugQ,,&q={searchTerms}"
"SearchAssistant"="http://feed.helperbar.com/?p=mKO_Aw...c1dlbxmjDzwMUmjMjXX-5XzvugQ,,&q={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3961737634-467384737-2188165716-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Freemake Video Converter.lnk - C:\Program Files\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Gabriella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Gabriella\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Gabriella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Gabriella\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
C:\Users\Gabriella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake\Uninstall\Uninstall Freemake Video Converter.lnk - C:\Program Files\Freemake\Freemake Video Converter\Uninstall\unins000.exe
C:\Users\Gabriella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Gabriella\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake\Freemake Video Converter.lnk - C:\Program Files\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AIM 6.1.lnk - C:\Program Files\AIM6\aim6.exe /d locale=en-GB ee://aol/imApp
C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk - C:\Windows\Installer\{FA4C2D53-205F-4245-9717-F3761154824D}\SafariIco.exe
C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk - C:\Program Files\BitTorrent\BitTorrent.exe
C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chrome App Launcher.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe --show-app-list
C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe
C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mahjong Titans - Shortcut.lnk -
C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk - C:\Program Files\Samsung\Kies\KiesAgent.exe
C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A8640317F35F8964C8903A93AEB3506E deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7130468A-F53F-4698-8C09-A339EA3B05E6} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PS3 Media Server deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A8640317F35F8964C8903A93AEB3506E deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gabriella\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Gabriella\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gabriella\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gabriella\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Gabriella\AppData\Local\Mozilla\Firefox\Profiles\ve5k36hb.default\Cache emptied successfully
C:\Users\Gabriella\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\personas\cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=603 folders=2734 57800152 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Gabriella\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\GABRIE~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Gabriella\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\PROGRA~2\????0" not deleted
"C:\PROGRA~2\????0" not deleted
"C:\PROGRA~2\????0" not deleted
"C:\PROGRA~2\????0" not deleted
"C:\PROGRA~2\????0" not deleted
"C:\PROGRA~2\????0" not deleted
"C:\PROGRA~2\????0" not deleted
"C:\PROGRA~2\????0" not deleted
"C:\PROGRA~2\????0" not deleted
"C:\PROGRA~2\????0" not deleted
"C:\PROGRA~2\????0" not deleted
"C:\PROGRA~2\????0" not deleted
"C:\PROGRA~2\????0" not deleted
"C:\PROGRA~2\????0" not deleted
"C:\PROGRA~2\????0" not deleted
"C:\PROGRA~2\????0" not deleted

==== EOF on 11/10/2014 at 17:24:28.70 ======================

 

[EllaUmbrella]

This seems to have got rid of them! Thanks again :]

 

[TwinHeadedEagle]

Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself

Recommended reading:
​

MUST READ - security tips:

• Computer Security - a short guide to staying safer online.
• Simple and easy ways to keep your computer safe and secure on the Internet

MUST READ - general maintenance:

• What to do if your Computer is running slowly?

The Importance of Software Updating:
​

In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.​

Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.

• How to configure and use Automatic Updates in Windows
• How to update Java
• How to update Adobe Reader

Recommended additional software:
​

TFC - to clean unneeded temporary files.

Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.

Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.

McShield - to prevent infections spread by removable media.

Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.

FiheHippo.com Update Checker - to keep your programs up-to-date.

Adblock - to surf the web without annoying ads!

Post-cleanup procedures:​

Download DelFix by Xplode and save it to your desktop.

• Run the tool by right click on the
  
  icon and Run as administrator option.
• Make sure that these ones are checked:
  • Remove disinfection tools
  • Purge system restore
  • Reset system settings
• Push Run and wait until the tool completes his work.
• All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

My help is free for everybody.
If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation:
Thank you!​

Stay safe,
TwinHeadedEagle