Solved GoSave removal unsuccessful

Yodigity514

Yodigity514

New Member
Thread author
Oct 8, 2014
5
It seems like this is an individual thing so I will post my own thread.
I am pretty sure I have followed your instructions. I apologize if I am missing something. Thank you for your help.

After I open google chrome the extension GoSave is added. Even through I remove it, every time i restart chrome it is back and plagues my browser.

Thank you for your assistance.

Devin

Also, I was unable to upload the ZOEK results file. When I try to upload it here it says the file is empty?
here is the log.


Zoek.exe v5.0.0.0 Updated 07-October-2014
Tool run by Devin on Wed 10/08/2014 at 10:37:51.43.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Devin.Devin-PC\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

10/8/2014 10:38:57 AM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3937575631-2872971572-1390339850-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8434FD9E-6A0E-4558-BDB7-C3FE8BB4AA72} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\DEVIN~1.DEV\AppData\Roaming\Mozilla\Firefox\Profiles\3ci8b03b.default

---- Lines CT2504091 removed from prefs.js ----
user_pref("CT2504091..clientLogIsEnabled", false);
user_pref("CT2504091..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2504091..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2504091.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT2504091.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");
user_pref("CT2504091.BrowserCompStateIsOpen_129707804829376918", true);
user_pref("CT2504091.BrowserCompStateIsOpen_129990558296257215", true);
user_pref("CT2504091.BrowserCompStateIsOpen_1359634298000", true);
user_pref("CT2504091.BrowserCompStateIsOpen_1366636701000", true);
user_pref("CT2504091.BrowserCompStateIsOpen_1367226520000", true);
user_pref("CT2504091.CTID", "CT2504091");
user_pref("CT2504091.ConfigurationLastCheckTime", "Mon Nov 11 2013 08:32:22 GMT-0700 (Mountain Standard Time)");
user_pref("CT2504091.CurrentServerDate", "12-11-2013");
user_pref("CT2504091.DSInstall", false);
user_pref("CT2504091.DialogsAlignMode", "LTR");
user_pref("CT2504091.DialogsGetterLastCheckTime", "Mon Nov 11 2013 08:32:23 GMT-0700 (Mountain Standard Time)");
user_pref("CT2504091.DownloadReferralCookieData", "");
user_pref("CT2504091.EMailNotifierPollDate", "Wed Feb 22 2012 09:15:56 GMT-0700 (Mountain Standard Time)");
user_pref("CT2504091.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2504091.FeedLastCount129079840422964131", 0);
user_pref("CT2504091.FeedPollDate128891351169457140", "Wed Feb 22 2012 09:15:57 GMT-0700 (Mountain Standard Time)");
user_pref("CT2504091.FeedPollDate129079840422964131", "Wed Feb 22 2012 09:15:57 GMT-0700 (Mountain Standard Time)");
user_pref("CT2504091.FeedTTL128891351169457140", 40);
user_pref("CT2504091.FirstServerDate", "22-2-2012");
user_pref("CT2504091.FirstTime", "true");
user_pref("CT2504091.FirstTimeFF3", "true");
user_pref("CT2504091.FixPageNotFoundErrors", true);
user_pref("CT2504091.GroupingServerCheckInterval", 1440);
user_pref("CT2504091.GroupingServiceUrl", "http://grouping.services.conduit.com/");
user_pref("CT2504091.HPInstall", false);
user_pref("CT2504091.HasUserGlobalKeys", true);
user_pref("CT2504091.Initialize", true);
user_pref("CT2504091.InitializeCommonPrefs", true);
user_pref("CT2504091.InstallationAndCookieDataSentCount", 3);
user_pref("CT2504091.InstallationId", "ConduitNSISIntegration");
user_pref("CT2504091.InstallationType", "ConduitXPEIntegration");
user_pref("CT2504091.InstalledDate", "Wed Feb 22 2012 09:15:56 GMT-0700 (Mountain Standard Time)");
user_pref("CT2504091.IsGrouping", false);
user_pref("CT2504091.IsInitSetupIni", true);
user_pref("CT2504091.IsMulticommunity", false);
user_pref("CT2504091.IsOpenThankYouPage", false);
user_pref("CT2504091.IsOpenUninstallPage", false);
user_pref("CT2504091.LanguagePackLastCheckTime", "Mon Nov 11 2013 08:32:23 GMT-0700 (Mountain Standard Time)");
user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2504091.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");
user_pref("CT2504091.LastLogin_3.13.0.6", "Tue Jul 17 2012 21:47:03 GMT-0600 (Mountain Daylight Time)");
user_pref("CT2504091.LastLogin_3.14.1.0", "Tue Aug 21 2012 13:06:57 GMT-0600 (Mountain Daylight Time)");
user_pref("CT2504091.LastLogin_3.15.1.0", "Thu Nov 08 2012 02:43:50 GMT-0700 (Mountain Standard Time)");
user_pref("CT2504091.LastLogin_3.16.0.100", "Sun Feb 17 2013 10:51:13 GMT-0700 (Mountain Standard Time)");
user_pref("CT2504091.LastLogin_3.16.0.3", "Sat Jan 05 2013 11:55:20 GMT-0700 (Mountain Standard Time)");
user_pref("CT2504091.LastLogin_3.18.0.7", "Tue Jul 16 2013 09:35:12 GMT-0600 (Mountain Standard Time)");
user_pref("CT2504091.LastLogin_3.19.0.3", "Sun Sep 15 2013 12:07:43 GMT-0600 (Mountain Standard Time)");
user_pref("CT2504091.LastLogin_3.20.0.4", "Mon Nov 11 2013 20:32:22 GMT-0700 (Mountain Standard Time)");
user_pref("CT2504091.LastLogin_3.9.0.3", "Wed Feb 22 2012 09:15:58 GMT-0700 (Mountain Standard Time)");
user_pref("CT2504091.LatestVersion", "3.20.0.4");
user_pref("CT2504091.Locale", "en-us");
user_pref("CT2504091.MCDetectTooltipHeight", "83");
user_pref("CT2504091.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2504091.MCDetectTooltipWidth", "295");
user_pref("CT2504091.MyStuffEnabledAtInstallation", true);
user_pref("CT2504091.OriginalFirstVersion", "3.9.0.3");
user_pref("CT2504091.RestartDialogFirstTime", "false");
user_pref("CT2504091.RestartDialogShouldDisplay", "false");
user_pref("CT2504091.SearchAPILastCheckTime", "Mon Nov 11 2013 08:32:22 GMT-0700 (Mountain Standard Time)");
user_pref("CT2504091.SearchCaption", "Web Search");
user_pref("CT2504091.SearchFromAddressBarIsInit", true);
user_pref("CT2504091.SearchInNewTabEnabled", true);
user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
user_pref("CT2504091.SearchInNewTabLastCheckTime", "Sat Sep 14 2013 20:47:31 GMT-0600 (Mountain Standard Time)");
user_pref("CT2504091.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
user_pref("CT2504091.SearchInNewTabURLFromSearchAPI", "http://search.conduit.com/?ctid=CT2504091&octid=CT2504091&SearchSource=15&CUI=SB_CUI&SSPV=EB_SS
user_pref("CT2504091.SendProtectorDataViaLogin", true);
user_pref("CT2504091.ServiceMapLastCheckTime", "Mon Nov 11 2013 08:32:22 GMT-0700 (Mountain Standard Time)");
user_pref("CT2504091.SettingsLastCheckTime", "Mon Nov 11 2013 08:32:21 GMT-0700 (Mountain Standard Time)");
user_pref("CT2504091.SettingsLastUpdate", "1384160161");
user_pref("CT2504091.TBHomePageUrl", "http://search.conduit.com/?ctid=CT2504091&SearchSource=13");
user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Wed Feb 22 2012 09:15:56 GMT-0700 (Mountain Standard Time)");
user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1312887586");
user_pref("CT2504091.ToolbarShrinkedFromSetup", false);
user_pref("CT2504091.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityTool
user_pref("CT2504091.UserID", "UN07623608653483505");
user_pref("CT2504091.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT2504091.alertChannelId", "897164");
user_pref("CT2504091.autoDisableScopes", -1);
user_pref("CT2504091.backendstorage.cbfirsttime", "5765642046656220323220323031322030393A31363A303120474D542D3037303020284D6F756E7461696E205374616E646
user_pref("CT2504091.backendstorage.shoppingapp.gk.exipres", "4D6F6E2046656220323720323031322030393A31363A303020474D542D3037303020284D6F756E7461696E20
user_pref("CT2504091.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573");
user_pref("CT2504091.cbfirsttime.from_oldbar.enc", "V2VkIEZlYiAyMiAyMDEyIDA5OjE2OjAxIEdNVC0wNzAwIChNb3VudGFpbiBTdGFuZGFyZCBUaW1lKQ==");
user_pref("CT2504091.countryCode", "US");
user_pref("CT2504091.firstTimeDialogOpened", true);
user_pref("CT2504091.fixPageNotFoundErrorByUser", "TRUE");
user_pref("CT2504091.fixPageNotFoundErrorInHidden", "true");
user_pref("CT2504091.fullUserID", "UN07623608653483505.UP.2155");
user_pref("CT2504091.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.
user_pref("CT2504091.globalFirstTimeInfoLastCheckTime", "Wed Feb 22 2012 09:15:57 GMT-0700 (Mountain Standard Time)");
user_pref("CT2504091.homepageProtectorEnableByLogin", true);
user_pref("CT2504091.initDone", true);
user_pref("CT2504091.installId", "ConduitNSISIntegration");
user_pref("CT2504091.installType", "ConduitXPEIntegration");
user_pref("CT2504091.isAppTrackingManagerOn", true);
user_pref("CT2504091.isCheckedStartAsHidden", true);
user_pref("CT2504091.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2504091.isFirstTimeToolbarLoading", "false");
user_pref("CT2504091.isPerformedSmartBarTransition", "true");
user_pref("CT2504091.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT2504091.keyword", true);
user_pref("CT2504091.lastVersion", "10.33.0.517");
user_pref("CT2504091.missingMachineIdSent", "true");
user_pref("CT2504091.myStuffEnabled", "");
user_pref("CT2504091.myStuffPublihserMinWidth", 400);
user_pref("CT2504091.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SE...=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
user_pref("CT2504091.myStuffServiceUrl", "http://mystuff.conduit-services.com...ntId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUF
user_pref("CT2504091.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN
user_pref("CT2504091.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2504091.originalHomepage", "chrome://branding/locale/browserconfig.properties");
user_pref("CT2504091.originalSearchAddressUrl", "");
user_pref("CT2504091.originalSearchEngine", "chrome://browser-region/locale/region.properties");
user_pref("CT2504091.performedDomainChangesMigration", "true");
user_pref("CT2504091.revertSettingsEnabled", true);
user_pref("CT2504091.searchFromAddressBarEnabledByUser", "true");
user_pref("CT2504091.searchInNewTabEnabledByUser", "true");
user_pref("CT2504091.searchInNewTabEnabledInHidden", "true");
user_pref("CT2504091.searchProtectorDialogDelayInSec", 10);
user_pref("CT2504091.searchProtectorEnableByLogin", true);
user_pref("CT2504091.searchSuggestEnabledByUser", "true");
user_pref("CT2504091.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2504091.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2504091.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2504091\"}");
user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://VuzeRemote.OurToolbar.com//x
user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Vuze Remote \"}");
user_pref("CT2504091.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2504091.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
user_pref("CT2504091.serviceLayer_services_Configuration_lastUpdate", "1411671263957");
user_pref("CT2504091.serviceLayer_services_login_10.20.101.5_lastUpdate", "1384926145425");
user_pref("CT2504091.serviceLayer_services_login_10.22.5.510_lastUpdate", "1387027352576");
user_pref("CT2504091.serviceLayer_services_login_10.23.0.822_lastUpdate", "1397481161422");
user_pref("CT2504091.serviceLayer_services_login_10.29.0.520_lastUpdate", "1399511196336");
user_pref("CT2504091.serviceLayer_services_login_10.30.1.502_lastUpdate", "1401376636486");
user_pref("CT2504091.serviceLayer_services_login_10.31.2.501_lastUpdate", "1407735230784");
user_pref("CT2504091.serviceLayer_services_login_10.33.0.505_lastUpdate", "1408730664860");
user_pref("CT2504091.serviceLayer_services_login_10.33.0.517_lastUpdate", "1411671263454");
user_pref("CT2504091.serviceLayer_services_searchAPI_lastUpdate", "1411671263587");
user_pref("CT2504091.serviceLayer_services_serviceMap_lastUpdate", "1411671263561");
user_pref("CT2504091.serviceLayer_services_toolbarSettings_lastUpdate", "1411671263891");
user_pref("CT2504091.serviceLayer_services_translation_lastUpdate", "1411671263553");
user_pref("CT2504091.settingsINI", true);
user_pref("CT2504091.showToolbarPermission", "false");
user_pref("CT2504091.smartbar.CTID", "CT2504091");
user_pref("CT2504091.smartbar.Uninstall", "0");
user_pref("CT2504091.smartbar.toolbarName", "Vuze Remote ");
user_pref("CT2504091.testingCtid", "");
user_pref("CT2504091.toolbarAppMetaDataLastCheckTime", "Mon Nov 11 2013 08:32:23 GMT-0700 (Mountain Standard Time)");
user_pref("CT2504091.toolbarBornServerTime", "22-2-2012");
user_pref("CT2504091.toolbarContextMenuLastCheckTime", "Wed Feb 22 2012 09:15:58 GMT-0700 (Mountain Standard Time)");
user_pref("CT2504091.toolbarCurrentServerTime", "25-9-2014");
user_pref("CT2504091.toolbarLoginClientTime", "Sat Nov 16 2013 19:48:50 GMT-0700 (Mountain Standard Time)");
user_pref("CT2504091.upgradeFromOBVersion", true);
user_pref("CT2504091.usagesFlag", 2);
user_pref("CT2504091_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1411671262612,\"isWithState\":\"\",\"timeFromStar
user_pref("CommunityToolbar.ETag.http://Settings.toolbar.search.conduit.com/root/CT2504091/CT2504091", "\"528773ee8eca18389427ae807445805f3\"");
user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", "\"1367226812\"");
user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091", "\"52c3f1538cb4af4ada257fcbc6b15d49\"");
user_pref("CommunityToolbar.ToolbarsList", "CT2504091");
user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
user_pref("CommunityToolbar.ToolbarsList4", "CT2504091");
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2504091");
user_pref("Smartbar.ConduitHomepagesList", "http://search.conduit.com/?ctid=CT2504091&SearchSource=13");
user_pref("Smartbar.TBHomepagesList", "http://search.conduit.com/?ctid=CT2504091&SearchSource=13");
user_pref("Smartbar.keywordURLSelectedCTID", "CT2504091");
user_pref("smartbar.addressBarOwnerCTID", "CT2504091");
user_pref("smartbar.conduitSearchAddressUrlList", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=,http://search.conduit.co
user_pref("smartbar.searchAddressUrlList", "http://search.conduit.com/ResultsEx...chSource=2&q=,http://search.conduit.com/Resul
user_pref("valueApps.CT2504091.mam_gk_currentVersion", "312E31332E302E3137");
user_pref("valueApps.CT2504091.mam_gk_currentVersion.storedInFile", false);
user_pref("valueApps.CT2504091.mam_gk_globalKeysMigratedToLocalStorage", "31");
user_pref("valueApps.CT2504091.mam_gk_globalKeysMigratedToLocalStorage.storedInFile", false);
user_pref("valueApps.CT2504091.mam_gk_migrated_from_ls", "31");
user_pref("valueApps.CT2504091.mam_gk_migrated_from_ls.storedInFile", false);
user_pref("valueApps.CT2504091.mam_gk_userBornDate", "4E2F41");
user_pref("valueApps.CT2504091.mam_gk_userBornDate.storedInFile", false);
---- Lines conduit removed from prefs.js ----
user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/897164/892962/US", "\"0\"");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us", "m4Df43NZ+9lr21ZNdyYrjA==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us", "B8Px/Te74hi98N2hb9yOAQ==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us", "Dclc8oo4TTv7+mAkSlUSWg==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us", "cTVrc75U9YwdI74PAhUYFw==");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"d229fa25f6c9cc1:0\"");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:14f1\"");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:155b\"");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.100", "\"0343677cfb1cd1:15ff\"");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:0\"");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"0343677cfb1cd1:0\"");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19.0.3", "\"23c5489aa686ce1:0\"");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.20.0.4", "\"f414eeaa6bece1:0\"");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"801a319dd78ccc1:0\"");
user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=en-us", "\"65f4069dadaf84ecfb4b5a2c9fadda7e\"");
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Devin.Devin-PC\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3ci8b03b.default\\condu
user_pref("CommunityToolbar.notifications.clientsServerUrl", "http://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.servicesServerUrl", "http://alert.services.conduit.com");
user_pref("plugin.state.npconduitfirefoxplugin", 2);
user_pref("Smartbar.ConduitSearchEngineList", "Web Search");
---- Lines valueApps removed from prefs.js ----
user_pref("valueApps.storage.mam_gk_userId", "33613166313933322D323765372D343964612D383537302D363439343764336564323434");
---- Lines babylon removed from prefs.js ----
user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
---- Lines ask.com removed from prefs.js ----
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.order.1", "Ask.com");
---- Lines Web Search removed from prefs.js ----
user_pref("Smartbar.TBSearchEngineList", "Web Search");
---- Lines CommunityToolbar removed from prefs.js ----
user_pref("CommunityToolbar.globalUserId", "4c0c8fd6-571b-4fd1-86ee-64ea1eee76d4");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.9.0.3");
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Feb 22 2012 09:15:59 GMT-0700 (Mountain Standard Time)");
user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Feb 22 2012 09:16:07 GMT-0700 (Mountain Standard Time)");
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Feb 22 2012 09:15:58 GMT-0700 (Mountain Standard Time)");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "227b4962-f21b-48c9-aed2-7c7963642b5b");
user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
---- Lines smartbar removed from prefs.js ----
user_pref("smartbar.machineId", "XJAN9YPTIP90RUVL92VC13K+N6EDBE7P5OWZ2DTEJMNTERBXI2YM8YG4HKM0DUTSVWRJWGOK+QXNSBD3VS7HOQ");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
---- Lines extensions.m6hsKqGisCJj9krv removed from prefs.js ----
user_pref("extensions.m6hsKqGisCJj9krv.epoch", "1412864269");
user_pref("extensions.m6hsKqGisCJj9krv.url", "http://superie.org/sync2/?q=hfZ9ofV...0llrMCMlNhd9Fqda4rTnEqds7rdCMBzqUojw9rjaEqdaH
---- Lines extensions.zSIyu7bANO589d2x removed from prefs.js ----
user_pref("extensions.zSIyu7bANO589d2x.epoch", "1412479198");
user_pref("extensions.zSIyu7bANO589d2x.url", "http://jobfirstnet.info/sync2/?q=hf...49CNU0llrMCMlNhd9Fqda4rTnEqds8qjgMBzqUojw9rja
---- FireFox user.js and prefs.js backups ----

user_20141008_1047_.backup
prefs_20141008_1047_.backup

==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\YouttubeAdBlOcke deleted
C:\PROGRA~2\Yahoo! deleted
C:\user.js deleted
C:\install.exe deleted
C:\found.000 deleted
C:\Users\Devin.Devin-PC\AppData\Roaming\Babylon deleted
C:\PROGRA~3\Yahoo! deleted
C:\PROGRA~3\YouttubeAdBlOcke deleted
C:\PROGRA~3\InstallMate deleted
C:\Users\Devin.Devin-PC\AppData\Local\APN deleted
C:\Users\Devin.Devin-PC\AppData\Local\Babylon deleted
C:\Users\Devin.Devin-PC\AppData\Local\Conduit deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FamilySearch deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted
C:\Users\Devin.Devin-PC\Downloads\DownloadManagerSetup.exe deleted
C:\Users\Devin.Devin-PC\Downloads\couponprinter (1).exe deleted
C:\Users\Devin.Devin-PC\Downloads\couponprinter (2).exe deleted
C:\Users\Devin.Devin-PC\Downloads\couponprinter.exe deleted
C:\Users\Devin.Devin-PC\AppData\LocalLow\Yahoo! deleted
C:\Users\Devin.Devin-PC\AppData\LocalLow\Conduit deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion deleted
C:\Windows\wininit.ini deleted
C:\Users\DEVIN~1.DEV\AppData\Roaming\Mozilla\Firefox\Profiles\3ci8b03b.default\searchplugins\askcom.xml deleted
C:\Users\DEVIN~1.DEV\AppData\Roaming\Mozilla\Firefox\Profiles\3ci8b03b.default\searchplugins\bingp.xml deleted
C:\Users\DEVIN~1.DEV\AppData\Roaming\Mozilla\Firefox\Profiles\3ci8b03b.default\extensions\staged deleted
C:\Users\DEVIN~1.DEV\AppData\Roaming\Mozilla\Firefox\Profiles\3ci8b03b.default\extensions\vZ8M@B.org deleted
C:\Users\DEVIN~1.DEV\AppData\Roaming\Mozilla\Firefox\Profiles\3ci8b03b.default\conduitCommon deleted
C:\Users\DEVIN~1.DEV\AppData\Roaming\Mozilla\Firefox\Profiles\3ci8b03b.default\smartbar deleted
"C:\PROGRA~3\b059564029c40d70\{4820778D-AB0D-6D18-C316-52A6A0E1D507}.20140923222639" deleted
"C:\PROGRA~3\b059564029c40d70\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}.20140923222653" deleted
"C:\PROGRA~3\b059564029c40d70\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20140923222629" deleted
"C:\PROGRA~3\b059564029c40d70\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}.20140923222635" deleted
"C:\PROGRA~3\b059564029c40d70" deleted
"C:\Users\Devin.Devin-PC\AppData\Roaming\Amazon" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\DEVIN~1.DEV\AppData\Roaming\Mozilla\Firefox\Profiles\3ci8b03b.default
- Mask My IP - %ProfilePath%\extensions\support@mask-myip.com.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Devin.Devin-PC\AppData\Roaming\Mozilla\Firefox\Profiles\3ci8b03b.default
5CB01CF141E021DAAE96991A5BA57944 - C:\Users\Devin.Devin-PC\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
DD31F0C436E4F5E6FA9783FF8A80ADC1 - C:\Users\Devin.Devin-PC\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
87132527E2256CF6683A18C4EB34DD3B - C:\Windows\system32\Wat\npWatWeb.dll - Windows Activation Technologies


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[05/14/2013 01:27 PM]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apdfllckaahabafndbhieahigkjlhalf - C:\Users\DEVIN~1.DEV\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[]

GooSSaVe - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp
Auto Replay for YouTube - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb
GooSSaVe - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp
Auto Replay for YouTube - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb
GooSSaVe - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp
Auto Replay for YouTube - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb
GooSSaVe - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp
Auto Replay for YouTube - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb
GooSSaVe - Administrator\AppData\Local\Torch\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp
Auto Replay for YouTube - Administrator\AppData\Local\Torch\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb
GooSSaVe - Devin.Devin-PC\AppData\Local\Chromatic Browser\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp
Auto Replay for YouTube - Devin.Devin-PC\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb
GooSSaVe - Devin.Devin-PC\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp
Auto Replay for YouTube - Devin.Devin-PC\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb
GooSSaVe - Devin.Devin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp
Google Voice Search Hotword (Beta) - Devin.Devin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
GooSSaVe - Devin.Devin-PC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp
Auto Replay for YouTube - Devin.Devin-PC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb
GooSSaVe - Devin.Devin-PC\AppData\Local\Torch\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp
Auto Replay for YouTube - Devin.Devin-PC\AppData\Local\Torch\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb
GooSSaVe - Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp
Auto Replay for YouTube - Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb
GooSSaVe - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp
Auto Replay for YouTube - Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb
GooSSaVe - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp
Auto Replay for YouTube - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb
GooSSaVe - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp
Auto Replay for YouTube - Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb
GooSSaVe - Guest\AppData\Local\Torch\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp
Auto Replay for YouTube - Guest\AppData\Local\Torch\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb
GooSSaVe - HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp
Auto Replay for YouTube - HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb
GooSSaVe - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp
Auto Replay for YouTube - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb
GooSSaVe - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp
Auto Replay for YouTube - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb
GooSSaVe - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp
Auto Replay for YouTube - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb
GooSSaVe - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp
Auto Replay for YouTube - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb
GooSSaVe - UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp
Auto Replay for YouTube - UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb
GooSSaVe - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp
Auto Replay for YouTube - UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb
GooSSaVe - UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp
Auto Replay for YouTube - UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb
GooSSaVe - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp
Auto Replay for YouTube - UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb
GooSSaVe - UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp
Auto Replay for YouTube - UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb

==== Chromium Startpages ======================

C:\Users\Devin.Devin-PC\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com/",


==== Chromium Fix ======================

C:\Users\Devin.Devin-PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_click.dealshark.com_0.localstorage deleted successfully
C:\Users\Devin.Devin-PC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_click.dealshark.com_0.localstorage-journal deleted successfully
C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp deleted successfully
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp deleted successfully
C:\Users\Devin.Devin-PC\AppData\Local\Chromatic Browser\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp deleted successfully
C:\Users\Devin.Devin-PC\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp deleted successfully
C:\Users\Devin.Devin-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp deleted successfully
C:\Users\Devin.Devin-PC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp deleted successfully
C:\Users\Devin.Devin-PC\AppData\Local\Torch\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp deleted successfully
C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp deleted successfully
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp deleted successfully
C:\Users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp deleted successfully
C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp deleted successfully
C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp deleted successfully
C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp deleted successfully
C:\Users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\beimbgenkhpdedkhebpkbcljegcddnnp deleted successfully
C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb deleted successfully
C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb deleted successfully
C:\Users\Devin.Devin-PC\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb deleted successfully
C:\Users\Devin.Devin-PC\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb deleted successfully
C:\Users\Devin.Devin-PC\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb deleted successfully
C:\Users\Devin.Devin-PC\AppData\Local\Torch\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb deleted successfully
C:\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb deleted successfully
C:\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb deleted successfully
C:\Users\Guest\AppData\Local\Torch\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb deleted successfully
C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb deleted successfully
C:\Users\UpdatusUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb deleted successfully
C:\Users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb deleted successfully
C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb deleted successfully
C:\Users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb deleted successfully
C:\Users\UpdatusUser\AppData\Local\Torch\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?pc=UP97&ocid=UP97DHP"
"Default_Page_URL"="http://www.yahoo.com/?fr=fp-yie9"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.msn.com/?pc=UP97&ocid=UP97DHP"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{67A2568C-7A0A-4EED-AECC-B5405DE63B64} Google Url="http://www.google.com/search?source...ding}&oe={outputEncoding}&rlz=1I7ACGW_enUS437"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7"
{6F0A1FD8-2516-4A16-8C9E-A06B3BC197C4} Flickr Url="http://www.flickr.com/search/?q={searchTerms}"
{7AA5B450-28FA-4F09-B986-E9D5B1669DE2} Delicious Url="http://delicious.com/search?p={searchTerms}"
{F89EA517-629A-4A0D-BB2D-D3F8B26E2070} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC} deleted successfully

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyServer"="http=127.0.0.1:49187;https=127.0.0.1:49187"
"ProxyOverride"="<-loopback>"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA} deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Devin.Devin-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Devin.Devin-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Devin.Devin-PC\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Devin.Devin-PC\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Devin.Devin-PC\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Devin.Devin-PC\Documents\Devin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Devin.Devin-PC\Documents\Devin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Devin.Devin-PC\Documents\Devin\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Devin.Devin-PC\AppData\Local\Mozilla\Firefox\Profiles\3ci8b03b.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Devin.Devin-PC\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=401 folders=136 14862863 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Devin.Devin-PC\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\DEVIN~1.DEV\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied
 

Attachments

  • AdwCleaner[S2].txt
    811 bytes · Views: 46
  • FRST.txt
    43.7 KB · Views: 151
Yodigity514

Yodigity514

New Member
Thread author
Oct 8, 2014
5
HOLY CRAP IT WORKED! lol, I didn't even notice until after you asked. Zoek fixed the problem because I KNOW it was still there before I ran ZOEK. That's awesome! Thank you!
I don't even know what it is or what it did but it worked. Why didn't anything else work? What is Zoek? I must research!

Thanks again! The pic suits you, all it needed was a scare from eastwood.
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
FRST.gif
Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.
  • Right-click on
    FRST.gif
    icon and select
    RunAsAdmin.jpg
    Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
 
  • Like
Reactions: Yodigity514
Yodigity514

Yodigity514

New Member
Thread author
Oct 8, 2014
5
You know what, I re-installed firefox, vuze, and adobe and I think one of them added it. Even though I took my time and deselected the extra things they wanted me to install like Yahoo toolbar, yahoo homepage ect. One of them slipped by me I think.
I went back to my control panel and simply uninstalled the program "Rockettab".
Zoek did the job and I just let something slip by again. I am showing no signs of malware now.
Thanks again for your help. I was very impressed with how fast you responded. It is so awesome to know there are people like you out there to help. And I didn't even pay a cent. Thank you!!!
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself :)


Recommended reading:
icon_exclaim.gif
MUST READ - security tips:

icon_exclaim.gif
MUST READ - general maintenance:


The Importance of Software Updating:

In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running.

Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.



Recommended additional software:
icon_arrow.gif
TFC - to clean unneeded temporary files.
icon_arrow.gif
Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware.
icon_arrow.gif
Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
icon_arrow.gif
McShield - to prevent infections spread by removable media.
icon_arrow.gif
Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.
icon_arrow.gif
FiheHippo.com Update Checker - to keep your programs up-to-date.
icon_arrow.gif
Adblock - to surf the web without annoying ads!



Post-cleanup procedures:


Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the
    51a5ce45263de-delfix.png
    icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run and wait until the tool completes his work.
  • All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt)
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.



My help is free for everybody.
If you're happy with the help provided and/or wish to buy me a beer for the assistance you received, then you can consider a donation:
Thank you!​




Stay safe,
TwinHeadedEagle :)
 

Similar threads

Shadowkitt10
  • Locked
Browser Keeps Changing to Bing or Yahoo Despite Default Browser Being Different
Replies
5
Views
895
Windows Malware Removal Help & Support
nasdaq
nasdaq
Razza
    • Like
Question Intrusion prevention not working as expected
Replies
8
Views
812
Kaspersky
Razza
Razza
J
  • Locked
I need help with a Malware Spanish logs
Replies
2
Views
1,878
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top