Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Chrome Go Save ads/extension keeps coming back.
Message
<blockquote data-quote="EllaUmbrella" data-source="post: 275682" data-attributes="member: 28896"><p>Hey thanks for your help here's the zoesk-results......</p><p></p><p></p><p></p><p></p><p>Zoek.exe v5.0.0.0 Updated 11-October-2014</p><p>Tool run by Gabriella on 11/10/2014 at 16:44:12.59.</p><p>Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86</p><p>Running in: Normal Mode Internet Access Detected</p><p>Launched: C:\Users\Gabriella\Downloads\zoek\zoek.exe [Scan all users] [Script inserted] </p><p></p><p>==== System Restore Info ======================</p><p></p><p>11/10/2014 16:47:20 Zoek.exe System Restore Point Created Succesfully.</p><p></p><p>==== Deleting CLSID Registry Keys ======================</p><p></p><p>HKEY_USERS\S-1-5-21-3961737634-467384737-2188165716-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully</p><p>HKEY_USERS\S-1-5-21-3961737634-467384737-2188165716-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully</p><p>HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully</p><p>HKEY_USERS\S-1-5-21-3961737634-467384737-2188165716-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully</p><p>HKEY_USERS\S-1-5-21-3961737634-467384737-2188165716-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} deleted successfully</p><p>HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully</p><p></p><p>==== Deleting CLSID Registry Values ======================</p><p></p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully</p><p></p><p>==== Deleting Services ======================</p><p></p><p>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LPTSystemUpdater deleted successfully</p><p>HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\LPTSystemUpdater deleted successfully</p><p></p><p>==== FireFox Fix ======================</p><p></p><p>ProfilePath: C:\Users\GABRIE~1\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default</p><p></p><p>user.js not found</p><p>---- Lines babsrc removed from prefs.js ----</p><p>user_pref("avg.install.userHPSettings", "<a href="http://www1.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=1B680015833766AC" target="_blank">http://www1.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=1B680015833766AC</a>");</p><p>---- Lines WebSearch removed from prefs.js ----</p><p>user_pref("browser.search.defaultenginename", "WebSearch");</p><p>user_pref("browser.search.defaultenginename,S", "WebSearch");</p><p>user_pref("browser.search.defaulturl", "<a href="http://websearch.allsearches.info/?pid=95&r=2014/10/06&hid=52674635958017532&lg=EN&cc=GB&unqvl=64&l=1&q=" target="_blank">http://websearch.allsearches.info/?pid=95&r=2014/10/06&hid=52674635958017532&lg=EN&cc=GB&unqvl=64&l=1&q=</a>");</p><p>user_pref("browser.search.order.1", "WebSearch");</p><p>user_pref("browser.search.order.1,S", "WebSearch");</p><p>user_pref("browser.search.selectedEngine,S", "WebSearch");</p><p>---- Lines delta removed from prefs.js ----</p><p>user_pref("avg.install.userSPSettings", "Delta Search");</p><p>---- Lines Web Search removed from prefs.js ----</p><p>user_pref("browser.search.defaultthis.engineName", "BitTorrentBar Customized Web Search");</p><p>user_pref("browser.search.selectedEngine", "Web Search");</p><p>---- Lines helperbar removed from prefs.js ----</p><p>user_pref("browser.startup.homepage", "<a href="http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6dnG4YA4YYZwVC3rJrAaqZ2A7GG3s2R-tVLzg" target="_blank">http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6dnG4YA4YYZwVC3rJrAaqZ2A7GG3s2R-tVLzg</a></p><p>user_pref("keyword.URL", "<a href="http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6dnG4YA4YYZwVC3rJrAaqZ2A7GG3s2R-tVLzg4YrJQMJX77kWk" target="_blank">http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6dnG4YA4YYZwVC3rJrAaqZ2A7GG3s2R-tVLzg4YrJQMJX77kWk</a></p><p>---- FireFox user.js and prefs.js backups ---- </p><p></p><p>prefs_102014_1710_.backup</p><p></p><p>==== Batch Command(s) Run By Tool======================</p><p></p><p></p><p>==== Deleting Files \ Folders ======================</p><p></p><p>C:\PROGRA~2\2308189059 deleted</p><p>C:\Program Files\Viewpoint deleted</p><p>C:\Program Files\SW_Booster deleted</p><p>C:\Program Files\Optimizer Pro deleted</p><p>C:\Program Files\MyFree Codec deleted</p><p>C:\Program Files\LPT deleted</p><p>C:\found.000 deleted</p><p>C:\found.001 deleted</p><p>C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Search.lnk deleted</p><p>C:\Users\Gabriella\AppData\Roaming\SkypEmoticons deleted</p><p>C:\Users\Gabriella\AppData\Roaming\Babylon deleted</p><p>C:\Users\Gabriella\AppData\Roaming\OpenCandy deleted</p><p>C:\PROGRA~2\ezsid.dat deleted</p><p>C:\PROGRA~2\Viewpoint deleted</p><p>C:\PROGRA~2\Tarma Installer deleted</p><p>C:\PROGRA~2\Babylon deleted</p><p>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec deleted</p><p>C:\Users\Gabriella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted</p><p>C:\Users\Gabriella\AppData\LocalLow\boost_interprocess deleted</p><p>C:\Users\Gabriella\AppData\LocalLow\BitTorrentBar deleted</p><p>C:\Users\Gabriella\AppData\LocalLow\PriceGong deleted</p><p>C:\Users\Gabriella\AppData\LocalLow\Conduit deleted</p><p>C:\Users\Gabriella\AppData\LocalLow\ConduitEngine deleted</p><p>C:\Windows\system32\config\systemprofile\Searches deleted</p><p>C:\Users\GABRIE~1\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\searchplugins\Web Search.xml deleted</p><p>C:\Users\GABRIE~1\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\searchplugins\WebSearch.xml deleted</p><p>C:\Users\GABRIE~1\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\Invalidprefs.js deleted</p><p>C:\Users\GABRIE~1\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\bProtector_extensions.rdf deleted</p><p>C:\Users\GABRIE~1\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\jetpack deleted</p><p>C:\Users\GABRIE~1\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\extensions\staged deleted</p><p>C:\Users\GABRIE~1\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\CT2790392 deleted</p><p>"C:\Windows\Installer\42336948.msi" deleted</p><p>"C:\PROGRA~2\7cd086c57b8f01cc\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}.20141008111228" deleted</p><p>"C:\PROGRA~2\7cd086c57b8f01cc\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}.20141008112410" deleted</p><p>"C:\PROGRA~2\7cd086c57b8f01cc\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}.20141008112546" deleted</p><p>"C:\PROGRA~2\7cd086c57b8f01cc\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}.20141008112547" deleted</p><p>"C:\PROGRA~2\7cd086c57b8f01cc\{87162843-2059-2054-7171-45775F2A6708}.20141008112546" deleted</p><p>"C:\PROGRA~2\7cd086c57b8f01cc\{87162843-2059-2054-7171-45775F2A6708}.20141008114912" deleted</p><p>"C:\PROGRA~2\7cd086c57b8f01cc\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20141006124305" deleted</p><p>"C:\PROGRA~2\7cd086c57b8f01cc\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20141006124356" deleted</p><p>"C:\PROGRA~2\7cd086c57b8f01cc\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20141008105812" deleted</p><p>"C:\PROGRA~2\7cd086c57b8f01cc\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20141008111142" deleted</p><p>"C:\PROGRA~2\7cd086c57b8f01cc\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20141008111228" deleted</p><p>"C:\PROGRA~2\7cd086c57b8f01cc\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20141008111229" deleted</p><p>"C:\PROGRA~2\7cd086c57b8f01cc" deleted</p><p>"C:\PROGRA~2\????0" not deleted</p><p>"C:\PROGRA~2\????0" not deleted</p><p>"C:\PROGRA~2\????0" not deleted</p><p>"C:\PROGRA~2\????0" not deleted</p><p></p><p>==== Firefox Extensions Registry ======================</p><p></p><p>[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]</p><p>"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5" [22/02/2012 16:08]</p><p></p><p>==== Firefox Extensions ======================</p><p></p><p>ProfilePath: C:\Users\GABRIE~1\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default</p><p>- British English Dictionary - C:\Users\Gabriella\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\extensions\<a href="mailto:en-GB@dictionaries.addons.mozilla.org">en-GB@dictionaries.addons.mozilla.org</a></p><p>- PhotoJacker: Photo Album Downloader for Facebook fka FacePAD - C:\Users\Gabriella\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\extensions\<a href="mailto:facepad@lazyrussian.com">facepad@lazyrussian.com</a></p><p>- Dizionario italiano - C:\Users\Gabriella\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\extensions\<a href="mailto:it-IT@dictionaries.addons.mozilla.org">it-IT@dictionaries.addons.mozilla.org</a></p><p>- AddThis - C:\Users\Gabriella\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}</p><p>- Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension</p><p>- DivX Plus Web Player HTML5 lt;videogt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5</p><p>- Undetermined - C:\Users\Gabriella\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\extensions\{8f0c664c-8178-7a5c-9f80-241a76ed918e}</p><p>- British English Dictionary - %ProfilePath%\extensions\<a href="mailto:en-GB@dictionaries.addons.mozilla.org">en-GB@dictionaries.addons.mozilla.org</a></p><p>- PhotoJacker: Photo Album Downloader for Facebook fka FacePAD - %ProfilePath%\extensions\<a href="mailto:facepad@lazyrussian.com">facepad@lazyrussian.com</a></p><p>- Dizionario italiano - %ProfilePath%\extensions\<a href="mailto:it-IT@dictionaries.addons.mozilla.org">it-IT@dictionaries.addons.mozilla.org</a></p><p>- AddThis - %ProfilePath%\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}</p><p>- InvisibleHand - %ProfilePath%\extensions\<a href="mailto:canitbecheaper@trafficbroker.co.uk.xpi">canitbecheaper@trafficbroker.co.uk.xpi</a></p><p>- YouTube to MP3 Button - %ProfilePath%\extensions\<a href="mailto:flvto@hotger.com.xpi">flvto@hotger.com.xpi</a></p><p>- Personas Plus - %ProfilePath%\extensions\<a href="mailto:personas@christopher.beard.xpi">personas@christopher.beard.xpi</a></p><p>- Quidco Cashback Reminder - %ProfilePath%\extensions\<a href="mailto:quidcotoolbar@quidco.com.xpi">quidcotoolbar@quidco.com.xpi</a></p><p>- New Tab Homepage - %ProfilePath%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi</p><p></p><p>AppDir: C:\Program Files\Mozilla Firefox</p><p>- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}</p><p>- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}</p><p>- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}</p><p>- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}</p><p></p><p>==== Firefox Plugins ======================</p><p></p><p>Profilepath: C:\Users\Gabriella\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default</p><p>DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash</p><p>5232105D125A448E99D8C905AB4713EE - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat</p><p>21536AF136F35D9E960B085C905C98FB - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat</p><p>893BF7D2261C56C24F813405D9D018E0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In</p><p>49CFBB2130C682FFDF2CEBEE9A2D556E - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector</p><p>6768C724599214E4F9ADD9F8FF5097EB - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U45</p><p>F1CD6E22E5AE5CEEB7712E546A5FC853 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.450.18</p><p>A66A630E101E7B5CF0946F34935660CC - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll - DivX Plus Web Player</p><p>B938C1AE3ADCE166190895685B0BEB0D - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll - DivX VOD Helper Plug-in</p><p>24E990B1E6D55428001843CF7217DD81 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox</p><p>AAA414455FE1AA87E424BDFCAE249B50 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live® Photo Gallery</p><p>AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation</p><p>8DA2ED6B04EA33F2EAE8BA883F903729 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight</p><p></p><p></p><p>==== Chromium Look ======================</p><p></p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions</p><p>lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[14/05/2013 13:27]</p><p>nbmafkdmkkckhggblphicnnhlgljnoje - C:\Program Files\TornTV.com\torn2_10.crx[]</p><p>nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[12/12/2011 14:13]</p><p></p><p>GoSSavve - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje</p><p>NeXtCoup - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp</p><p>WEbbinG - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo</p><p>GoSSavve - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje</p><p>NeXtCoup - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp</p><p>WEbbinG - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo</p><p>GoSSavve - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje</p><p>NeXtCoup - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp</p><p>WEbbinG - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo</p><p>GoSSavve - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje</p><p>NeXtCoup - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp</p><p>WEbbinG - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo</p><p>GoSSavve - Administrator\AppData\Local\Torch\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje</p><p>NeXtCoup - Administrator\AppData\Local\Torch\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp</p><p>WEbbinG - Administrator\AppData\Local\Torch\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo</p><p>GoSSavve - Gabriella\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje</p><p>NeXtCoup - Gabriella\AppData\Local\Chromatic Browser\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp</p><p>WEbbinG - Gabriella\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo</p><p>GoSSavve - Gabriella\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje</p><p>NeXtCoup - Gabriella\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp</p><p>WEbbinG - Gabriella\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo</p><p>Google Voice Search Hotword (Beta) - Gabriella\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn</p><p>Loupe Collage - Gabriella\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhaonknplhhecdgjpphnooeomecgipkc</p><p>HelloSign for Gmail - Gabriella\AppData\Local\Google\Chrome\User Data\Default\Extensions\dciflieigdmogpmamcgbigingaodhnil</p><p>GoSSavve - Gabriella\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje</p><p>PicMonkey - Gabriella\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm</p><p>NeXtCoup - Gabriella\AppData\Local\Google\Chrome\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp</p><p>WEbbinG - Gabriella\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo</p><p>Until AM for Chrome - Gabriella\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjafmkicbmhcbapadecadciafbkecofl</p><p>GoSSavve - Gabriella\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje</p><p>NeXtCoup - Gabriella\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp</p><p>WEbbinG - Gabriella\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo</p><p>GoSSavve - Gabriella\AppData\Local\Torch\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje</p><p>NeXtCoup - Gabriella\AppData\Local\Torch\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp</p><p>WEbbinG - Gabriella\AppData\Local\Torch\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo</p><p>GoSSavve - Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje</p><p>NeXtCoup - Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp</p><p>WEbbinG - Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo</p><p>GoSSavve - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje</p><p>NeXtCoup - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp</p><p>WEbbinG - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo</p><p>GoSSavve - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje</p><p>NeXtCoup - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp</p><p>WEbbinG - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo</p><p>GoSSavve - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje</p><p>NeXtCoup - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp</p><p>WEbbinG - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo</p><p>GoSSavve - Guest\AppData\Local\Torch\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje</p><p>NeXtCoup - Guest\AppData\Local\Torch\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp</p><p>WEbbinG - Guest\AppData\Local\Torch\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo</p><p></p><p>==== Chromium Startpages ======================</p><p></p><p>C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Preferences</p><p>"homepage": "<a href="https://www.google.co.uk/" target="_blank">https://www.google.co.uk/</a>",</p><p>"startup_urls": [ "<a href="https://www.google.co.uk/" target="_blank">https://www.google.co.uk/</a>" ],</p><p></p><p></p><p>==== Chromium Fix ======================</p><p></p><p>C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_<a href="http://www.superfish.com_0.localstorage" target="_blank">www.superfish.com_0.localstorage</a> deleted successfully</p><p>C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_<a href="http://www.superfish.com_0.localstorage-journal" target="_blank">www.superfish.com_0.localstorage-journal</a> deleted successfully</p><p>C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.allsearches.info_0.localstorage deleted successfully</p><p>C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.allsearches.info_0.localstorage-journal deleted successfully</p><p>C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_click.dealshark.com_0.localstorage deleted successfully</p><p>C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_click.dealshark.com_0.localstorage-journal deleted successfully</p><p>C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage deleted successfully</p><p>C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage-journal deleted successfully</p><p>C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully</p><p>C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully</p><p>C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully</p><p>C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully</p><p>C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully</p><p>C:\Users\Gabriella\AppData\Local\Chromatic Browser\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully</p><p>C:\Users\Gabriella\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully</p><p>C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully</p><p>C:\Users\Gabriella\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully</p><p>C:\Users\Gabriella\AppData\Local\Torch\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully</p><p>C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully</p><p>C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully</p><p>C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully</p><p>C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully</p><p>C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully</p><p>C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully</p><p>C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully</p><p>C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully</p><p>C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully</p><p>C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully</p><p>C:\Users\Gabriella\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully</p><p>C:\Users\Gabriella\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully</p><p>C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully</p><p>C:\Users\Gabriella\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully</p><p>C:\Users\Gabriella\AppData\Local\Torch\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully</p><p>C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully</p><p>C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully</p><p>C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully</p><p>C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully</p><p>C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully</p><p>C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully</p><p>C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully</p><p>C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully</p><p>C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully</p><p>C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully</p><p>C:\Users\Gabriella\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully</p><p>C:\Users\Gabriella\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully</p><p>C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully</p><p>C:\Users\Gabriella\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully</p><p>C:\Users\Gabriella\AppData\Local\Torch\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully</p><p>C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully</p><p>C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully</p><p>C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully</p><p>C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully</p><p>C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully</p><p></p><p>==== Set IE to Default ======================</p><p></p><p>Old Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>"Start Page"="<a href="http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6dnG4YA4YYZwVC3rJrAaqZ2A7GG3s2R-tVLzg4YrJQMJX77kWkLiPnBIIlDA0vXzfMUPdc7bnJ3t4kEGDbdwUSBo5q2P9GNnmtMiXkaWyjg5CEGOjcqA7-7FfmR7v-yql-StUANL-kZMB6R8nJsGrn3TMCU2tnJqUbe5ulOEuu4Fw" target="_blank">http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6dnG4YA4YYZwVC3rJrAaqZ2A7GG3s2R-tVLzg4YrJQMJX77kWkLiPnBIIlDA0vXzfMUPdc7bnJ3t4kEGDbdwUSBo5q2P9GNnmtMiXkaWyjg5CEGOjcqA7-7FfmR7v-yql-StUANL-kZMB6R8nJsGrn3TMCU2tnJqUbe5ulOEuu4Fw</a>,,"</p><p>"Default_Page_URL"="<a href="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb" target="_blank">http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb</a>"</p><p>"Search Page"="<a href="http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6dnG4YA4YYZwVC3rJrAaqZ2A7GG3s2R-tVLzg4YrJQMJX77kWkLiPnBIIlDA0vXzfMUPdc7bnJ3t4kIGi8GdLawjOfF5-PYQXlhrC1AHyZs9-jSPsALS4jMUlTAP9-J2ZozjBRq3Gur7xCWkNRc1dlbxmjDzwMUmjMjXX-5XzvugQ,,&q={searchTerms}" target="_blank">http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6dnG4YA4YYZwVC3rJrAaqZ2A7GG3s2R-tVLzg4YrJQMJX77kWkLiPnBIIlDA0vXzfMUPdc7bnJ3t4kIGi8GdLawjOfF5-PYQXlhrC1AHyZs9-jSPsALS4jMUlTAP9-J2ZozjBRq3Gur7xCWkNRc1dlbxmjDzwMUmjMjXX-5XzvugQ,,&q={searchTerms}</a>"</p><p>"Search Bar"="<a href="http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6dnG4YA4YYZwVC3rJrAaqZ2A7GG3s2R-tVLzg4YrJQMJX77kWkLiPnBIIlDA0vXzfMUPdc7bnJ3t4kIGi8GdLawjOfF5-PYQXlhrC1AHyZs9-jSPsALS4jMUlTAP9-J2ZozjBRq3Gur7xCWkNRc1dlbxmjDzwMUmjMjXX-5XzvugQ,,&q={searchTerms}" target="_blank">http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6dnG4YA4YYZwVC3rJrAaqZ2A7GG3s2R-tVLzg4YrJQMJX77kWkLiPnBIIlDA0vXzfMUPdc7bnJ3t4kIGi8GdLawjOfF5-PYQXlhrC1AHyZs9-jSPsALS4jMUlTAP9-J2ZozjBRq3Gur7xCWkNRc1dlbxmjDzwMUmjMjXX-5XzvugQ,,&q={searchTerms}</a>"</p><p>"Use Search Asst"="yes"</p><p>[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]</p><p>"Start Page"="<a href="http://websearch.allsearches.info/?pid=95&r=2014/10/06&hid=52674635958017532&lg=EN&cc=GB&unqvl=64" target="_blank">http://websearch.allsearches.info/?pid=95&r=2014/10/06&hid=52674635958017532&lg=EN&cc=GB&unqvl=64</a>"</p><p>"Default_Page_URL"="<a href="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb" target="_blank">http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb</a>"</p><p>[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]</p><p>"Default"="<a href="http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6dnG4YA4YYZwVC3rJrAaqZ2A7GG3s2R-tVLzg4YrJQMJX77kWkLiPnBIIlDA0vXzfMUPdc7bnJ3t4kIGi8GdLawjOfF5-PYQXlhrC1AHyZs9-jSPsALS4jMUlTAP9-J2ZozjBRq3Gur7xCWkNRc1dlbxmjDyLX45oEfpbNY9DQf0w,,&q={searchTerms}" target="_blank">http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6dnG4YA4YYZwVC3rJrAaqZ2A7GG3s2R-tVLzg4YrJQMJX77kWkLiPnBIIlDA0vXzfMUPdc7bnJ3t4kIGi8GdLawjOfF5-PYQXlhrC1AHyZs9-jSPsALS4jMUlTAP9-J2ZozjBRq3Gur7xCWkNRc1dlbxmjDyLX45oEfpbNY9DQf0w,,&q={searchTerms}</a>"</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]</p><p>"Default"="<a href="http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6dnG4YA4YYZwVC3rJrAaqZ2A7GG3s2R-tVLzg4YrJQMJX77kWkLiPnBIIlDA0vXzfMUPdc7bnJ3t4kIGi8GdLawjOfF5-PYQXlhrC1AHyZs9-jSPsALS4jMUlTAP9-J2ZozjBRq3Gur7xCWkNRc1dlbxmjDzwMUmjMjXX-5XzvugQ,,&q={searchTerms}" target="_blank">http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6dnG4YA4YYZwVC3rJrAaqZ2A7GG3s2R-tVLzg4YrJQMJX77kWkLiPnBIIlDA0vXzfMUPdc7bnJ3t4kIGi8GdLawjOfF5-PYQXlhrC1AHyZs9-jSPsALS4jMUlTAP9-J2ZozjBRq3Gur7xCWkNRc1dlbxmjDzwMUmjMjXX-5XzvugQ,,&q={searchTerms}</a>"</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]</p><p>"Default_Search_URL"="<a href="http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6dnG4YA4YYZwVC3rJrAaqZ2A7GG3s2R-tVLzg4YrJQMJX77kWkLiPnBIIlDA0vXzfMUPdc7bnJ3t4kIGi8GdLawjOfF5-PYQXlhrC1AHyZs9-jSPsALS4jMUlTAP9-J2ZozjBRq3Gur7xCWkNRc1dlbxmjDzwMUmjMjXX-5XzvugQ,,&q={searchTerms}" target="_blank">http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6dnG4YA4YYZwVC3rJrAaqZ2A7GG3s2R-tVLzg4YrJQMJX77kWkLiPnBIIlDA0vXzfMUPdc7bnJ3t4kIGi8GdLawjOfF5-PYQXlhrC1AHyZs9-jSPsALS4jMUlTAP9-J2ZozjBRq3Gur7xCWkNRc1dlbxmjDzwMUmjMjXX-5XzvugQ,,&q={searchTerms}</a>"</p><p>"SearchAssistant"="<a href="http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6dnG4YA4YYZwVC3rJrAaqZ2A7GG3s2R-tVLzg4YrJQMJX77kWkLiPnBIIlDA0vXzfMUPdc7bnJ3t4kIGi8GdLawjOfF5-PYQXlhrC1AHyZs9-jSPsALS4jMUlTAP9-J2ZozjBRq3Gur7xCWkNRc1dlbxmjDzwMUmjMjXX-5XzvugQ,,&q={searchTerms}" target="_blank">http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6dnG4YA4YYZwVC3rJrAaqZ2A7GG3s2R-tVLzg4YrJQMJX77kWkLiPnBIIlDA0vXzfMUPdc7bnJ3t4kIGi8GdLawjOfF5-PYQXlhrC1AHyZs9-jSPsALS4jMUlTAP9-J2ZozjBRq3Gur7xCWkNRc1dlbxmjDzwMUmjMjXX-5XzvugQ,,&q={searchTerms}</a>"</p><p>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]</p><p>"DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}"</p><p>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}] not found</p><p></p><p>New Values:</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]</p><p>"Search Page"="<a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>"</p><p>"Search Bar"="<a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>"</p><p>"Default_Page_URL"="<a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>"</p><p>"Start Page"="<a href="http://www.google.com" target="_blank">http://www.google.com</a>"</p><p>"Use Search Asst"="no"</p><p>[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]</p><p>"Start Page"="<a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>"</p><p>"Default_Page_URL"="<a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?LinkId=69157</a>"</p><p>[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]</p><p>"(Default)"="<a href="http://search.msn.com/results.asp?q=%s" target="_blank">http://search.msn.com/results.asp?q=%s</a>"</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]</p><p>"(Default)"="<a href="http://search.msn.com/results.asp?q=%s" target="_blank">http://search.msn.com/results.asp?q=%s</a>"</p><p>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]</p><p>"Default_Search_URL"="<a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?LinkId=54896</a>"</p><p>"SearchAssistant"="<a href="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" target="_blank">http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm</a>"</p><p>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]</p><p>"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"</p><p></p><p>==== All HKCU SearchScopes ======================</p><p></p><p>HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes</p><p>{012E1000-F331-11DB-8314-0800200C9A66} Google Url="<a href="http://www.google.com/search?q={searchTerms}" target="_blank">http://www.google.com/search?q={searchTerms}</a>"</p><p>{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="<a href="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" target="_blank">http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC</a>"</p><p></p><p>==== Deleting CLSID Registry Keys ======================</p><p></p><p>HKEY_USERS\S-1-5-21-3961737634-467384737-2188165716-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully</p><p>HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully</p><p></p><p>==== Deleting CLSID Registry Values ======================</p><p></p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully</p><p></p><p>==== shortcuts on All Users Desktop ======================</p><p></p><p>C:\Users\Public\Desktop\Freemake Video Converter.lnk - C:\Program Files\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe </p><p></p><p>==== shortcuts in Users Start Menu ======================</p><p></p><p>C:\Users\Gabriella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Gabriella\AppData\Roaming\Dropbox\bin\Dropbox.exe /home</p><p>C:\Users\Gabriella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Gabriella\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe </p><p>C:\Users\Gabriella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake\Uninstall\Uninstall Freemake Video Converter.lnk - C:\Program Files\Freemake\Freemake Video Converter\Uninstall\unins000.exe </p><p>C:\Users\Gabriella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Gabriella\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup</p><p></p><p>==== shortcuts in All Users Start Menu ======================</p><p></p><p>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}\SC_Reader.ico </p><p>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake\Freemake Video Converter.lnk - C:\Program Files\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe </p><p>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe </p><p>C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe </p><p></p><p>==== shortcuts in Quick Launch ======================</p><p></p><p>C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - </p><p>C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - </p><p>C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - </p><p>C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - </p><p>C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AIM 6.1.lnk - C:\Program Files\AIM6\aim6.exe /d locale=en-GB ee://aol/imApp</p><p>C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk - C:\Windows\Installer\{FA4C2D53-205F-4245-9717-F3761154824D}\SafariIco.exe </p><p>C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk - C:\Program Files\BitTorrent\BitTorrent.exe </p><p>C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chrome App Launcher.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe --show-app-list</p><p>C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk - C:\Program Files\Google\Chrome\Application\chrome.exe </p><p>C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe </p><p>C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe </p><p>C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mahjong Titans - Shortcut.lnk - </p><p>C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk - C:\Program Files\Samsung\Kies\KiesAgent.exe </p><p>C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - </p><p>C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - </p><p>C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1</p><p></p><p>==== Deleting Registry Keys ======================</p><p></p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A8640317F35F8964C8903A93AEB3506E deleted successfully</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje deleted successfully</p><p>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7130468A-F53F-4698-8C09-A339EA3B05E6} deleted successfully</p><p>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PS3 Media Server deleted successfully</p><p>HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine deleted successfully</p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A8640317F35F8964C8903A93AEB3506E deleted successfully</p><p>HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro deleted successfully</p><p></p><p>==== Empty IE Cache ======================</p><p></p><p>C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\Gabriella\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully</p><p>C:\Users\Gabriella\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\Gabriella\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully</p><p>C:\Users\Gabriella\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot</p><p>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot</p><p>C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot</p><p>C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot</p><p></p><p>==== Empty FireFox Cache ======================</p><p></p><p>C:\Users\Gabriella\AppData\Local\Mozilla\Firefox\Profiles\ve5k36hb.default\Cache emptied successfully</p><p>C:\Users\Gabriella\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\personas\cache emptied successfully</p><p></p><p>==== Empty Chrome Cache ======================</p><p></p><p>C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully</p><p></p><p>==== Empty All Flash Cache ======================</p><p></p><p>Flash Cache Emptied Successfully</p><p></p><p>==== Empty All Java Cache ======================</p><p></p><p>Java Cache cleared successfully</p><p></p><p>==== C:\zoek_backup content ======================</p><p></p><p>C:\zoek_backup (files=603 folders=2734 57800152 bytes)</p><p></p><p>==== Empty Temp Folders ======================</p><p></p><p>C:\Users\Default\AppData\Local\Temp emptied successfully</p><p>C:\Users\Default User\AppData\Local\Temp emptied successfully</p><p>C:\Users\Gabriella\AppData\Local\Temp will be emptied at reboot</p><p>C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully</p><p>C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully</p><p>C:\Windows\Temp will be emptied at reboot</p><p></p><p>==== After Reboot ======================</p><p></p><p>==== Empty Temp Folders ======================</p><p></p><p>C:\Windows\Temp successfully emptied</p><p>C:\Users\GABRIE~1\AppData\Local\Temp successfully emptied</p><p></p><p>==== Empty Recycle Bin ======================</p><p></p><p>C:\$RECYCLE.BIN successfully emptied</p><p></p><p>==== Deleting Files / Folders ======================</p><p></p><p>"C:\Users\Gabriella\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found</p><p>"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found</p><p>"C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found</p><p>"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found</p><p>"C:\PROGRA~2\????0" not deleted</p><p>"C:\PROGRA~2\????0" not deleted</p><p>"C:\PROGRA~2\????0" not deleted</p><p>"C:\PROGRA~2\????0" not deleted</p><p>"C:\PROGRA~2\????0" not deleted</p><p>"C:\PROGRA~2\????0" not deleted</p><p>"C:\PROGRA~2\????0" not deleted</p><p>"C:\PROGRA~2\????0" not deleted</p><p>"C:\PROGRA~2\????0" not deleted</p><p>"C:\PROGRA~2\????0" not deleted</p><p>"C:\PROGRA~2\????0" not deleted</p><p>"C:\PROGRA~2\????0" not deleted</p><p>"C:\PROGRA~2\????0" not deleted</p><p>"C:\PROGRA~2\????0" not deleted</p><p>"C:\PROGRA~2\????0" not deleted</p><p>"C:\PROGRA~2\????0" not deleted</p><p></p><p>==== EOF on 11/10/2014 at 17:24:28.70 ======================</p></blockquote><p></p>
[QUOTE="EllaUmbrella, post: 275682, member: 28896"] Hey thanks for your help here's the zoesk-results...... Zoek.exe v5.0.0.0 Updated 11-October-2014 Tool run by Gabriella on 11/10/2014 at 16:44:12.59. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Gabriella\Downloads\zoek\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 11/10/2014 16:47:20 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3961737634-467384737-2188165716-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31ad400d-1b06-4e33-a59a-90c2c140cba0} deleted successfully HKEY_USERS\S-1-5-21-3961737634-467384737-2188165716-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully HKEY_USERS\S-1-5-21-3961737634-467384737-2188165716-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully HKEY_USERS\S-1-5-21-3961737634-467384737-2188165716-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} deleted successfully HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LPTSystemUpdater deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\LPTSystemUpdater deleted successfully ==== FireFox Fix ====================== ProfilePath: C:\Users\GABRIE~1\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default user.js not found ---- Lines babsrc removed from prefs.js ---- user_pref("avg.install.userHPSettings", "[url]http://www1.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=1B680015833766AC[/url]"); ---- Lines WebSearch removed from prefs.js ---- user_pref("browser.search.defaultenginename", "WebSearch"); user_pref("browser.search.defaultenginename,S", "WebSearch"); user_pref("browser.search.defaulturl", "[url]http://websearch.allsearches.info/?pid=95&r=2014/10/06&hid=52674635958017532&lg=EN&cc=GB&unqvl=64&l=1&q=[/url]"); user_pref("browser.search.order.1", "WebSearch"); user_pref("browser.search.order.1,S", "WebSearch"); user_pref("browser.search.selectedEngine,S", "WebSearch"); ---- Lines delta removed from prefs.js ---- user_pref("avg.install.userSPSettings", "Delta Search"); ---- Lines Web Search removed from prefs.js ---- user_pref("browser.search.defaultthis.engineName", "BitTorrentBar Customized Web Search"); user_pref("browser.search.selectedEngine", "Web Search"); ---- Lines helperbar removed from prefs.js ---- user_pref("browser.startup.homepage", "[url]http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6dnG4YA4YYZwVC3rJrAaqZ2A7GG3s2R-tVLzg[/url] user_pref("keyword.URL", "[url]http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6dnG4YA4YYZwVC3rJrAaqZ2A7GG3s2R-tVLzg4YrJQMJX77kWk[/url] ---- FireFox user.js and prefs.js backups ---- prefs_102014_1710_.backup ==== Batch Command(s) Run By Tool====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\2308189059 deleted C:\Program Files\Viewpoint deleted C:\Program Files\SW_Booster deleted C:\Program Files\Optimizer Pro deleted C:\Program Files\MyFree Codec deleted C:\Program Files\LPT deleted C:\found.000 deleted C:\found.001 deleted C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Search.lnk deleted C:\Users\Gabriella\AppData\Roaming\SkypEmoticons deleted C:\Users\Gabriella\AppData\Roaming\Babylon deleted C:\Users\Gabriella\AppData\Roaming\OpenCandy deleted C:\PROGRA~2\ezsid.dat deleted C:\PROGRA~2\Viewpoint deleted C:\PROGRA~2\Tarma Installer deleted C:\PROGRA~2\Babylon deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec deleted C:\Users\Gabriella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Users\Gabriella\AppData\LocalLow\boost_interprocess deleted C:\Users\Gabriella\AppData\LocalLow\BitTorrentBar deleted C:\Users\Gabriella\AppData\LocalLow\PriceGong deleted C:\Users\Gabriella\AppData\LocalLow\Conduit deleted C:\Users\Gabriella\AppData\LocalLow\ConduitEngine deleted C:\Windows\system32\config\systemprofile\Searches deleted C:\Users\GABRIE~1\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\searchplugins\Web Search.xml deleted C:\Users\GABRIE~1\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\searchplugins\WebSearch.xml deleted C:\Users\GABRIE~1\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\Invalidprefs.js deleted C:\Users\GABRIE~1\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\bProtector_extensions.rdf deleted C:\Users\GABRIE~1\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\jetpack deleted C:\Users\GABRIE~1\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\extensions\staged deleted C:\Users\GABRIE~1\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\CT2790392 deleted "C:\Windows\Installer\42336948.msi" deleted "C:\PROGRA~2\7cd086c57b8f01cc\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}.20141008111228" deleted "C:\PROGRA~2\7cd086c57b8f01cc\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}.20141008112410" deleted "C:\PROGRA~2\7cd086c57b8f01cc\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}.20141008112546" deleted "C:\PROGRA~2\7cd086c57b8f01cc\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}.20141008112547" deleted "C:\PROGRA~2\7cd086c57b8f01cc\{87162843-2059-2054-7171-45775F2A6708}.20141008112546" deleted "C:\PROGRA~2\7cd086c57b8f01cc\{87162843-2059-2054-7171-45775F2A6708}.20141008114912" deleted "C:\PROGRA~2\7cd086c57b8f01cc\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20141006124305" deleted "C:\PROGRA~2\7cd086c57b8f01cc\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20141006124356" deleted "C:\PROGRA~2\7cd086c57b8f01cc\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20141008105812" deleted "C:\PROGRA~2\7cd086c57b8f01cc\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20141008111142" deleted "C:\PROGRA~2\7cd086c57b8f01cc\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20141008111228" deleted "C:\PROGRA~2\7cd086c57b8f01cc\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20141008111229" deleted "C:\PROGRA~2\7cd086c57b8f01cc" deleted "C:\PROGRA~2\????0" not deleted "C:\PROGRA~2\????0" not deleted "C:\PROGRA~2\????0" not deleted "C:\PROGRA~2\????0" not deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"="C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5" [22/02/2012 16:08] ==== Firefox Extensions ====================== ProfilePath: C:\Users\GABRIE~1\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default - British English Dictionary - C:\Users\Gabriella\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\extensions\[email]en-GB@dictionaries.addons.mozilla.org[/email] - PhotoJacker: Photo Album Downloader for Facebook fka FacePAD - C:\Users\Gabriella\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\extensions\[email]facepad@lazyrussian.com[/email] - Dizionario italiano - C:\Users\Gabriella\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\extensions\[email]it-IT@dictionaries.addons.mozilla.org[/email] - AddThis - C:\Users\Gabriella\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} - Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension - DivX Plus Web Player HTML5 lt;videogt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 - Undetermined - C:\Users\Gabriella\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\extensions\{8f0c664c-8178-7a5c-9f80-241a76ed918e} - British English Dictionary - %ProfilePath%\extensions\[email]en-GB@dictionaries.addons.mozilla.org[/email] - PhotoJacker: Photo Album Downloader for Facebook fka FacePAD - %ProfilePath%\extensions\[email]facepad@lazyrussian.com[/email] - Dizionario italiano - %ProfilePath%\extensions\[email]it-IT@dictionaries.addons.mozilla.org[/email] - AddThis - %ProfilePath%\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} - InvisibleHand - %ProfilePath%\extensions\[email]canitbecheaper@trafficbroker.co.uk.xpi[/email] - YouTube to MP3 Button - %ProfilePath%\extensions\[email]flvto@hotger.com.xpi[/email] - Personas Plus - %ProfilePath%\extensions\[email]personas@christopher.beard.xpi[/email] - Quidco Cashback Reminder - %ProfilePath%\extensions\[email]quidcotoolbar@quidco.com.xpi[/email] - New Tab Homepage - %ProfilePath%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi AppDir: C:\Program Files\Mozilla Firefox - Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Gabriella\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash 5232105D125A448E99D8C905AB4713EE - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat 21536AF136F35D9E960B085C905C98FB - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat 893BF7D2261C56C24F813405D9D018E0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In 49CFBB2130C682FFDF2CEBEE9A2D556E - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector 6768C724599214E4F9ADD9F8FF5097EB - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U45 F1CD6E22E5AE5CEEB7712E546A5FC853 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.450.18 A66A630E101E7B5CF0946F34935660CC - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll - DivX Plus Web Player B938C1AE3ADCE166190895685B0BEB0D - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll - DivX VOD Helper Plug-in 24E990B1E6D55428001843CF7217DD81 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox AAA414455FE1AA87E424BDFCAE249B50 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live® Photo Gallery AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation 8DA2ED6B04EA33F2EAE8BA883F903729 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[14/05/2013 13:27] nbmafkdmkkckhggblphicnnhlgljnoje - C:\Program Files\TornTV.com\torn2_10.crx[] nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[12/12/2011 14:13] GoSSavve - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje NeXtCoup - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp WEbbinG - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo GoSSavve - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje NeXtCoup - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp WEbbinG - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo GoSSavve - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje NeXtCoup - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp WEbbinG - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo GoSSavve - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje NeXtCoup - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp WEbbinG - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo GoSSavve - Administrator\AppData\Local\Torch\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje NeXtCoup - Administrator\AppData\Local\Torch\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp WEbbinG - Administrator\AppData\Local\Torch\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo GoSSavve - Gabriella\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje NeXtCoup - Gabriella\AppData\Local\Chromatic Browser\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp WEbbinG - Gabriella\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo GoSSavve - Gabriella\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje NeXtCoup - Gabriella\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp WEbbinG - Gabriella\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo Google Voice Search Hotword (Beta) - Gabriella\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn Loupe Collage - Gabriella\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhaonknplhhecdgjpphnooeomecgipkc HelloSign for Gmail - Gabriella\AppData\Local\Google\Chrome\User Data\Default\Extensions\dciflieigdmogpmamcgbigingaodhnil GoSSavve - Gabriella\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje PicMonkey - Gabriella\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm NeXtCoup - Gabriella\AppData\Local\Google\Chrome\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp WEbbinG - Gabriella\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo Until AM for Chrome - Gabriella\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjafmkicbmhcbapadecadciafbkecofl GoSSavve - Gabriella\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje NeXtCoup - Gabriella\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp WEbbinG - Gabriella\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo GoSSavve - Gabriella\AppData\Local\Torch\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje NeXtCoup - Gabriella\AppData\Local\Torch\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp WEbbinG - Gabriella\AppData\Local\Torch\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo GoSSavve - Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje NeXtCoup - Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp WEbbinG - Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo GoSSavve - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje NeXtCoup - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp WEbbinG - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo GoSSavve - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje NeXtCoup - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp WEbbinG - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo GoSSavve - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje NeXtCoup - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp WEbbinG - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo GoSSavve - Guest\AppData\Local\Torch\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje NeXtCoup - Guest\AppData\Local\Torch\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp WEbbinG - Guest\AppData\Local\Torch\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo ==== Chromium Startpages ====================== C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Preferences "homepage": "[url]https://www.google.co.uk/[/url]", "startup_urls": [ "[url]https://www.google.co.uk/[/url]" ], ==== Chromium Fix ====================== C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_[url="http://www.superfish.com_0.localstorage"]www.superfish.com_0.localstorage[/url] deleted successfully C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_[url="http://www.superfish.com_0.localstorage-journal"]www.superfish.com_0.localstorage-journal[/url] deleted successfully C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.allsearches.info_0.localstorage deleted successfully C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.allsearches.info_0.localstorage-journal deleted successfully C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_click.dealshark.com_0.localstorage deleted successfully C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_click.dealshark.com_0.localstorage-journal deleted successfully C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage deleted successfully C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage-journal deleted successfully C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully C:\Users\Gabriella\AppData\Local\Chromatic Browser\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully C:\Users\Gabriella\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully C:\Users\Gabriella\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully C:\Users\Gabriella\AppData\Local\Torch\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\giecognccmddmlbildplmbdnoebhfigp deleted successfully C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully C:\Users\Gabriella\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully C:\Users\Gabriella\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully C:\Users\Gabriella\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully C:\Users\Gabriella\AppData\Local\Torch\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\ehaehingmacdgfhmjfoihepbgiebdcje deleted successfully C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully C:\Users\Gabriella\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully C:\Users\Gabriella\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully C:\Users\Gabriella\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully C:\Users\Gabriella\AppData\Local\Torch\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\hmdaoeffdhjpahhleklekkklfcpikjmo deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="[url]http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6dnG4YA4YYZwVC3rJrAaqZ2A7GG3s2R-tVLzg4YrJQMJX77kWkLiPnBIIlDA0vXzfMUPdc7bnJ3t4kEGDbdwUSBo5q2P9GNnmtMiXkaWyjg5CEGOjcqA7-7FfmR7v-yql-StUANL-kZMB6R8nJsGrn3TMCU2tnJqUbe5ulOEuu4Fw[/url],," "Default_Page_URL"="[url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb[/url]" "Search Page"="[url]http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6dnG4YA4YYZwVC3rJrAaqZ2A7GG3s2R-tVLzg4YrJQMJX77kWkLiPnBIIlDA0vXzfMUPdc7bnJ3t4kIGi8GdLawjOfF5-PYQXlhrC1AHyZs9-jSPsALS4jMUlTAP9-J2ZozjBRq3Gur7xCWkNRc1dlbxmjDzwMUmjMjXX-5XzvugQ,,&q={searchTerms}[/url]" "Search Bar"="[url]http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6dnG4YA4YYZwVC3rJrAaqZ2A7GG3s2R-tVLzg4YrJQMJX77kWkLiPnBIIlDA0vXzfMUPdc7bnJ3t4kIGi8GdLawjOfF5-PYQXlhrC1AHyZs9-jSPsALS4jMUlTAP9-J2ZozjBRq3Gur7xCWkNRc1dlbxmjDzwMUmjMjXX-5XzvugQ,,&q={searchTerms}[/url]" "Use Search Asst"="yes" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="[url]http://websearch.allsearches.info/?pid=95&r=2014/10/06&hid=52674635958017532&lg=EN&cc=GB&unqvl=64[/url]" "Default_Page_URL"="[url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=83&bd=Pavilion&pf=cnnb[/url]" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="[url]http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6dnG4YA4YYZwVC3rJrAaqZ2A7GG3s2R-tVLzg4YrJQMJX77kWkLiPnBIIlDA0vXzfMUPdc7bnJ3t4kIGi8GdLawjOfF5-PYQXlhrC1AHyZs9-jSPsALS4jMUlTAP9-J2ZozjBRq3Gur7xCWkNRc1dlbxmjDyLX45oEfpbNY9DQf0w,,&q={searchTerms}[/url]" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="[url]http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6dnG4YA4YYZwVC3rJrAaqZ2A7GG3s2R-tVLzg4YrJQMJX77kWkLiPnBIIlDA0vXzfMUPdc7bnJ3t4kIGi8GdLawjOfF5-PYQXlhrC1AHyZs9-jSPsALS4jMUlTAP9-J2ZozjBRq3Gur7xCWkNRc1dlbxmjDzwMUmjMjXX-5XzvugQ,,&q={searchTerms}[/url]" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="[url]http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6dnG4YA4YYZwVC3rJrAaqZ2A7GG3s2R-tVLzg4YrJQMJX77kWkLiPnBIIlDA0vXzfMUPdc7bnJ3t4kIGi8GdLawjOfF5-PYQXlhrC1AHyZs9-jSPsALS4jMUlTAP9-J2ZozjBRq3Gur7xCWkNRc1dlbxmjDzwMUmjMjXX-5XzvugQ,,&q={searchTerms}[/url]" "SearchAssistant"="[url]http://feed.helperbar.com/?p=mKO_AwFzXIpYRbkHo3StMBGUhCtXlT7G1muS_BRDXuH_N6dnG4YA4YYZwVC3rJrAaqZ2A7GG3s2R-tVLzg4YrJQMJX77kWkLiPnBIIlDA0vXzfMUPdc7bnJ3t4kIGi8GdLawjOfF5-PYQXlhrC1AHyZs9-jSPsALS4jMUlTAP9-J2ZozjBRq3Gur7xCWkNRc1dlbxmjDzwMUmjMjXX-5XzvugQ,,&q={searchTerms}[/url]" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Search Page"="[url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]" "Search Bar"="[url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]" "Default_Page_URL"="[url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]" "Start Page"="[url]http://www.google.com[/url]" "Use Search Asst"="no" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="[url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]" "Default_Page_URL"="[url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="[url]http://search.msn.com/results.asp?q=%s[/url]" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="[url]http://search.msn.com/results.asp?q=%s[/url]" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="[url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]" "SearchAssistant"="[url]http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm[/url]" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="[url]http://www.google.com/search?q={searchTerms}[/url]" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="[url]http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC[/url]" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3961737634-467384737-2188165716-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Freemake Video Converter.lnk - C:\Program Files\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe ==== shortcuts in Users Start Menu ====================== C:\Users\Gabriella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Gabriella\AppData\Roaming\Dropbox\bin\Dropbox.exe /home C:\Users\Gabriella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Gabriella\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe C:\Users\Gabriella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake\Uninstall\Uninstall Freemake Video Converter.lnk - C:\Program Files\Freemake\Freemake Video Converter\Uninstall\unins000.exe C:\Users\Gabriella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Gabriella\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake\Freemake Video Converter.lnk - C:\Program Files\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AIM 6.1.lnk - C:\Program Files\AIM6\aim6.exe /d locale=en-GB ee://aol/imApp C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk - C:\Windows\Installer\{FA4C2D53-205F-4245-9717-F3761154824D}\SafariIco.exe C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk - C:\Program Files\BitTorrent\BitTorrent.exe C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chrome App Launcher.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe --show-app-list C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mahjong Titans - Shortcut.lnk - C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk - C:\Program Files\Samsung\Kies\KiesAgent.exe C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Gabriella\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A8640317F35F8964C8903A93AEB3506E deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7130468A-F53F-4698-8C09-A339EA3B05E6} deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PS3 Media Server deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\A8640317F35F8964C8903A93AEB3506E deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro deleted successfully ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gabriella\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Gabriella\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gabriella\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Gabriella\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\Users\Gabriella\AppData\Local\Mozilla\Firefox\Profiles\ve5k36hb.default\Cache emptied successfully C:\Users\Gabriella\AppData\Roaming\Mozilla\Firefox\Profiles\ve5k36hb.default\personas\cache emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Gabriella\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=603 folders=2734 57800152 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Gabriella\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\GABRIE~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Gabriella\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\PROGRA~2\????0" not deleted "C:\PROGRA~2\????0" not deleted "C:\PROGRA~2\????0" not deleted "C:\PROGRA~2\????0" not deleted "C:\PROGRA~2\????0" not deleted "C:\PROGRA~2\????0" not deleted "C:\PROGRA~2\????0" not deleted "C:\PROGRA~2\????0" not deleted "C:\PROGRA~2\????0" not deleted "C:\PROGRA~2\????0" not deleted "C:\PROGRA~2\????0" not deleted "C:\PROGRA~2\????0" not deleted "C:\PROGRA~2\????0" not deleted "C:\PROGRA~2\????0" not deleted "C:\PROGRA~2\????0" not deleted "C:\PROGRA~2\????0" not deleted ==== EOF on 11/10/2014 at 17:24:28.70 ====================== [/QUOTE]
Insert quotes…
Verification
Post reply
Top