Removing Tuvaro and other unknown malware
- Thread starter Craig W
- Start date
- Mar 8, 2013
- 22,627
- Mar 8, 2013
- 22,627
First, go to Control Panel and uninstall following:
- BrowserSafeguard with RocketTab
- Highlightly
- iWebar
- VO Package
Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Open FRST, and click Fix. Attach me that report after it is finished.
- BrowserSafeguard with RocketTab
- Highlightly
- iWebar
- VO Package
***** NEXT *****
Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Open FRST, and click Fix. Attach me that report after it is finished.
Please don't hate me...but I just discovered that the user account that is named Admin doesn't actually have administrator privileges. The other two accounts both do.
Please advise which step from the above you want me to go back to and start again...
Please advise which step from the above you want me to go back to and start again...
- Mar 8, 2013
- 22,627
- Mar 8, 2013
- 22,627
Please download zoek.zip or zoek.rar by smeenk (
) from here or here and save it to your Desktop.
Unpack the archive...
Unpack the archive...
- Close any open browsers
- Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
- Double click on zoek.exe to run the tool .
Please wait while the tool does not start...
- Copy the text present inside the code box below and paste it into the large window in the zoek tool:
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Code:createsrpoint; emptyfolderscheck;delete autoclean; emptyclsid; emptyalltemp; ipconfig /flushdns;b - Click on
button.
Please wait until a logreport will open (this can be after reboot)
- Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named "zoek-results.log"
Please download zoek.zip or zoek.rar by smeenk () from here or here and save it to your Desktop.
Unpack the archive...
- Close any open browsers
- Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
- Double click on zoek.exe to run the tool .
Please wait while the tool does not start...
- Copy the text present inside the code box below and paste it into the large window in the zoek tool:
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Code:createsrpoint; emptyfolderscheck;delete autoclean; emptyclsid; emptyalltemp; ipconfig /flushdns;b- Click on
button.
Please wait until a logreport will open (this can be after reboot)
- Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named "zoek-results.log"
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?linkid=69157"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?linkid=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={sea...tartIndex={startIndex?}&startPage={startPage}"
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Admin.user-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Admin.user-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Admin.user-PC\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Admin.user-PC\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\General Manager.user-PC.001\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\General Manager.user-PC.001\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\General Manager.user-PC.001\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\General Manager.user-PC.001\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\user\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\user\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Admin.user-PC\AppData\Local\Mozilla\Firefox\Profiles\5edtrcht.default\Cache emptied successfully
C:\Users\General Manager.user-PC.001\AppData\Local\Mozilla\Firefox\Profiles\6l7e0bfl.default\Cache will be emptied at reboot
C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\c296436k.default\Cache will be emptied at reboot
==== Empty Chrome Cache ======================
C:\Users\Admin.user-PC\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\General Manager.user-PC.001\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache is not empty, a reboot is needed
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1309 folders=104 319509599 bytes)
==== Empty Temp Folders ======================
C:\Users\Admin\AppData\Local\temp emptied successfully
C:\Users\Admin.user-PC\AppData\Local\temp emptied successfully
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\General Manager\AppData\Local\temp emptied successfully
C:\Users\General Manager.user-PC\AppData\Local\temp emptied successfully
C:\Users\General Manager.user-PC.000\AppData\Local\temp emptied successfully
C:\Users\General Manager.user-PC.001\AppData\Local\temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\QBDataServiceUser20\AppData\Local\temp emptied successfully
C:\Users\QBDataServiceUser24\AppData\Local\temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\temp emptied successfully
C:\Users\user\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\GENERA~1.001\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\user\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\Q4LZMA5U\canstatic.cbs.com" not found
==== EOF on Thu 05/08/2014 at 13:44:40.50 ======================
- Mar 8, 2013
- 22,627
Report is not full, can you just attach it instead of copying...
Tell me as well as is your problem fixed now.
Tell me as well as is your problem fixed now.
Tuvaro still comes up with Firefox on the user "craig" (which is one of the admin accounts and the one which this fix was run under). It's no longer there with Chrome or Explorer.
On the user "admin" (not an actual admin account) the browsers can't access the proxy server.
On the user "admin" (not an actual admin account) the browsers can't access the proxy server.
- Mar 8, 2013
- 22,627
Zoek should have cleaned some entries in Firefox. Try to change homepage and search provider manually...
I can change the home page and if I click on the the home icon it takes me to what I set as the homepage. But when I close Firefox and go to reopen it, Tuvaro still is what comes up when I open it...
- Mar 8, 2013
- 22,627
> Re-run zoek with the script below and attach here fresh zoek log results.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
Code:
TidyNetwork;ff
We-Care App;ff
ArcadeParlor;ff
emptyclsid;
autoclean;I'm getting an error when trying to upload the file, says it's empty. but it's clearly not. here is the content:
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by General Manager on Mon 05/12/2014 at 14:51:26.59.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\General Manager.user-PC.001\AppData\Local\Temp\Temp1_zoek.zip\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-04-22-183405.log 83742 bytes
C:\zoek-results2014-05-07-161247.log 952 bytes
C:\zoek-results2014-05-08-204440.log 23850 bytes
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\ADMIN~1.USE\AppData\Roaming\Mozilla\Firefox\Profiles\5edtrcht.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_20140512_0303_.backup
ProfilePath: C:\Users\ADMIN~1.USE\AppData\Roaming\Thunderbird\Profiles\hctahht1.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_20140512_0303_.backup
ProfilePath: C:\Users\GENERA~1.001\AppData\Roaming\Mozilla\Firefox\Profiles\6l7e0bfl.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_20140512_0303_.backup
ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\c296436k.default
---- Lines TidyNetwork removed from prefs.js ----
user_pref("TidyNetwork_Ping", "4.12.2014");
---- Lines TidyNetwork modified from prefs.js ----
user_pref("extensions.enabledAddons", "TidyNetwork%40TidyNetwork:5.0,%7BF32E7E42-9AFA-47CA-A0C4-D07EE651D404%7D:1.0,wecarereminder%40bryan:4.1.23.4,%7
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{BBDA0591-3099-440a-AA10-41764D9DB4DB}\":{\"descriptor\":\"C:\\\\
---- Lines ArcadeParlor removed from prefs.js ----
user_pref("arcadeparlor.settings.addon_data", "http://tt.arcadeparlor.com/cmn?p=YTI5OTYwNjA1MTB4YGGXrTgmKmfXQiF/3L7gEEBq0/IeCuOG8S9JZqwapo9Bwplwi0
user_pref("arcadeparlor.settings.allowed_domains", "arcadeparlor.com|www.arcadeparlor.com");
user_pref("arcadeparlor.settings.last_update", "1398996996632");
user_pref("arcadeparlor.settings.storage_disabled", "0");
user_pref("arcadeparlor.settings.update_interval", "3600");
---- FireFox user.js and prefs.js backups ----
user_20140512_0303_.backup
prefs_20140512_0303_.backup
==== Deleting Files \ Folders ======================
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\c296436k.default\extensions\TidyNetwork@TidyNetwork deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{F04D2D30-776C-4d02-8627-8E4385ECA58D}"="C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.0.43\coFFPlgn" [05/08/2014 06:19 AM]
==== Firefox Extensions ======================
ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\c296436k.default
- We-Care App - %ProfilePath%\extensions\wecarereminder@bryan
- ArcadeParlor - %ProfilePath%\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\General Manager.user-PC.001\AppData\Roaming\Mozilla\Firefox\Profiles\6l7e0bfl.default
95812430959AE88CDD0301AB3A71913B - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll - Shockwave Flash
==== Deleted Firefox Extensions ======================
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\c296436k.default\extensions\wecarereminder@bryan deleted
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\c296436k.default\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
nppllibpnmahfaklnpggkibhkapjkeob - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\Exts\Chrome.crx[03/11/2014 01:44 PM]
Norton Identity Safe for Google Chrome™ - General Manager.user-PC.001\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob
Norton Identity Safe for Google Chrome™ - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?linkid=69157"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?linkid=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={sea...tartIndex={startIndex?}&startPage={startPage}"
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Admin.user-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Admin.user-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Admin.user-PC\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Admin.user-PC\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\General Manager.user-PC.001\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\General Manager.user-PC.001\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\General Manager.user-PC.001\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\General Manager.user-PC.001\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\user\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\user\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Admin.user-PC\AppData\Local\Mozilla\Firefox\Profiles\5edtrcht.default\Cache emptied successfully
C:\Users\General Manager.user-PC.001\AppData\Local\Mozilla\Firefox\Profiles\6l7e0bfl.default\Cache emptied successfully
C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\c296436k.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Admin.user-PC\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\General Manager.user-PC.001\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1339 folders=119 320638822 bytes)
==== Empty Temp Folders ======================
C:\Users\Admin\AppData\Local\temp emptied successfully
C:\Users\Admin.user-PC\AppData\Local\temp emptied successfully
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\General Manager\AppData\Local\temp emptied successfully
C:\Users\General Manager.user-PC\AppData\Local\temp emptied successfully
C:\Users\General Manager.user-PC.000\AppData\Local\temp emptied successfully
C:\Users\General Manager.user-PC.001\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\QBDataServiceUser20\AppData\Local\temp emptied successfully
C:\Users\QBDataServiceUser24\AppData\Local\temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\temp emptied successfully
C:\Users\user\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\GENERA~1.001\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\QBDataServiceUser24\AppData\Local\temp\sqla0005.tmp" not found
"C:\Users\QBDataServiceUser24\AppData\Local\temp\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_1101_1" not found
==== EOF on Mon 05/12/2014 at 16:47:11.78 ======================
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by General Manager on Mon 05/12/2014 at 14:51:26.59.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\General Manager.user-PC.001\AppData\Local\Temp\Temp1_zoek.zip\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-04-22-183405.log 83742 bytes
C:\zoek-results2014-05-07-161247.log 952 bytes
C:\zoek-results2014-05-08-204440.log 23850 bytes
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\ADMIN~1.USE\AppData\Roaming\Mozilla\Firefox\Profiles\5edtrcht.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_20140512_0303_.backup
ProfilePath: C:\Users\ADMIN~1.USE\AppData\Roaming\Thunderbird\Profiles\hctahht1.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_20140512_0303_.backup
ProfilePath: C:\Users\GENERA~1.001\AppData\Roaming\Mozilla\Firefox\Profiles\6l7e0bfl.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_20140512_0303_.backup
ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\c296436k.default
---- Lines TidyNetwork removed from prefs.js ----
user_pref("TidyNetwork_Ping", "4.12.2014");
---- Lines TidyNetwork modified from prefs.js ----
user_pref("extensions.enabledAddons", "TidyNetwork%40TidyNetwork:5.0,%7BF32E7E42-9AFA-47CA-A0C4-D07EE651D404%7D:1.0,wecarereminder%40bryan:4.1.23.4,%7
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{BBDA0591-3099-440a-AA10-41764D9DB4DB}\":{\"descriptor\":\"C:\\\\
---- Lines ArcadeParlor removed from prefs.js ----
user_pref("arcadeparlor.settings.addon_data", "http://tt.arcadeparlor.com/cmn?p=YTI5OTYwNjA1MTB4YGGXrTgmKmfXQiF/3L7gEEBq0/IeCuOG8S9JZqwapo9Bwplwi0
user_pref("arcadeparlor.settings.allowed_domains", "arcadeparlor.com|www.arcadeparlor.com");
user_pref("arcadeparlor.settings.last_update", "1398996996632");
user_pref("arcadeparlor.settings.storage_disabled", "0");
user_pref("arcadeparlor.settings.update_interval", "3600");
---- FireFox user.js and prefs.js backups ----
user_20140512_0303_.backup
prefs_20140512_0303_.backup
==== Deleting Files \ Folders ======================
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\c296436k.default\extensions\TidyNetwork@TidyNetwork deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{F04D2D30-776C-4d02-8627-8E4385ECA58D}"="C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.0.43\coFFPlgn" [05/08/2014 06:19 AM]
==== Firefox Extensions ======================
ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\c296436k.default
- We-Care App - %ProfilePath%\extensions\wecarereminder@bryan
- ArcadeParlor - %ProfilePath%\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404}
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\General Manager.user-PC.001\AppData\Roaming\Mozilla\Firefox\Profiles\6l7e0bfl.default
95812430959AE88CDD0301AB3A71913B - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll - Shockwave Flash
==== Deleted Firefox Extensions ======================
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\c296436k.default\extensions\wecarereminder@bryan deleted
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\c296436k.default\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
nppllibpnmahfaklnpggkibhkapjkeob - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.0.43\Exts\Chrome.crx[03/11/2014 01:44 PM]
Norton Identity Safe for Google Chrome™ - General Manager.user-PC.001\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob
Norton Identity Safe for Google Chrome™ - user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?linkid=69157"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?linkid=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={sea...tartIndex={startIndex?}&startPage={startPage}"
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Admin.user-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Admin.user-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Admin.user-PC\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Admin.user-PC\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\General Manager.user-PC.001\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\General Manager.user-PC.001\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\General Manager.user-PC.001\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\General Manager.user-PC.001\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\user\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\user\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Admin.user-PC\AppData\Local\Mozilla\Firefox\Profiles\5edtrcht.default\Cache emptied successfully
C:\Users\General Manager.user-PC.001\AppData\Local\Mozilla\Firefox\Profiles\6l7e0bfl.default\Cache emptied successfully
C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\c296436k.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Admin.user-PC\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\General Manager.user-PC.001\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=1339 folders=119 320638822 bytes)
==== Empty Temp Folders ======================
C:\Users\Admin\AppData\Local\temp emptied successfully
C:\Users\Admin.user-PC\AppData\Local\temp emptied successfully
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\General Manager\AppData\Local\temp emptied successfully
C:\Users\General Manager.user-PC\AppData\Local\temp emptied successfully
C:\Users\General Manager.user-PC.000\AppData\Local\temp emptied successfully
C:\Users\General Manager.user-PC.001\AppData\Local\Temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\QBDataServiceUser20\AppData\Local\temp emptied successfully
C:\Users\QBDataServiceUser24\AppData\Local\temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\temp emptied successfully
C:\Users\user\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\GENERA~1.001\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\QBDataServiceUser24\AppData\Local\temp\sqla0005.tmp" not found
"C:\Users\QBDataServiceUser24\AppData\Local\temp\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_1101_1" not found
==== EOF on Mon 05/12/2014 at 16:47:11.78 ======================
- Mar 8, 2013
- 22,627
Unfortunately it's the same...when launched it brings up a Tuvaro search engine...can then go to google or anywhere else.
- Mar 8, 2013
- 22,627
Similar threads
- Locked
