Can anyone tell me how to make sure I am no longer infected? No current issues I see other than the extra folders in local low.
unusual files in local low folder
- Thread starter RalphG
- Start date
- Apr 24, 2014
- 3,395
Helllo,
Before we begin, please note the following:
Scan with Farbar Recovery Scan Tool
Please download Farbar Recovery Scan Tool and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
Before we begin, please note the following:
- I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
- The logs can take some time to research, so please be patient with me.
- Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
- Instructions that I give are for your system only!
- Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
- Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
- Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
Please download Farbar Recovery Scan Tool and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
- Double-click to run it. When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
- The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
I just got a spam email, supposedly from someone in my contact list. When I hover over the name it shows the email is actually from someone else. I have gotten about 3-4 of these over the last week. They all have a link in them, usually to a php file, but I have al
- Apr 24, 2014
- 3,395
Download
Malwarebytes Anti-Rootkit to your desktop.
- Double-click the icon to start the tool.
- It will ask you where to extract it, then it will start.
- Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
- Click in the introduction screen "next" to continue.
- Click in the following screen "Update" to obtain the latest malware definitions.
- Once the update is complete select "Next" and click "Scan".
- When the scan is finished and no malware has been found select "Exit".
- If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
- Open the MBAR folder and paste the content of the following files in your next reply:
- "mbar-log-{date} (xx-xx-xx).txt"
- "system-log.txt"
- Apr 24, 2014
- 3,395
I ran the malwarebytes rootkit yesterday after malwarebytes quarantined the iph.trogan.clicker.W7 yesterday. running it again now and will forward the info when it is down. I've attached pdf file with images of the unusual files/folders I am seeing in local low.
- Apr 24, 2014
- 3,395
We'll clean now.
Scan with ZOEK
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Post its content into your next reply.
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
- Right-click on
icon and select
Run as Administrator to start the tool.
- Wait patiently until the main console will appear, it may take a minute or two.
- In the main box please paste in the following script:
Code:createsrpoint; emptyfolderscheck;delete autoclean; emptyalltemp; ipconfig /flushdns;b - Make sure that Scan All Users option is checked.
- Push Run Script and wait patiently. The scan may take a couple of minutes.
- When the scan completes, a zoek-results logfile should open in notepad.
- If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
- Apr 24, 2014
- 3,395
Zoek.exe v5.0.0.0 Updated 10-December-2014
Tool run by Ralph on Thu 12/11/2014 at 11:04:28.91.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Ralph\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
12/11/2014 11:05:50 AM Zoek.exe System Restore Point Created Succesfully.
==== Empty Folders Check ======================
C:\PROGRA~2\AVS4YOU deleted successfully
C:\PROGRA~2\McAfee deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\VideoLAN deleted successfully
C:\Program Files\Google deleted successfully
C:\PROGRA~3\ALM deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\PCDr deleted successfully
C:\PROGRA~3\ZoomBrowser deleted successfully
C:\Users\Ralph\AppData\Roaming\DigitalSites deleted successfully
C:\Users\Ralph\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Ralph\AppData\Roaming\NeatImage SL deleted successfully
C:\Users\Ralph\AppData\Local\Conduit deleted successfully
C:\Users\Ralph\AppData\Local\DataSafeOnline deleted successfully
C:\Users\Ralph\AppData\Local\MigWiz deleted successfully
C:\Users\Ralph\AppData\Local\OpenCandy deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2246504950-3044468771-865909833-1001\Software\Microsoft\Internet Explorer\SearchScopes\{283B2E97-7B1B-48E3-828C-21F684E22054} deleted successfully
HKEY_USERS\S-1-5-21-2246504950-3044468771-865909833-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{022F3F10-3844-4BC6-B0F5-60DB5A516AF2} deleted successfully
HKEY_USERS\S-1-5-21-2246504950-3044468771-865909833-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C934CB7C-057C-4484-8DEC-4E9F9AAB5BAD} deleted successfully
HKEY_USERS\S-1-5-21-2246504950-3044468771-865909833-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0A900DF-9611-4446-86BD-4B1D47E7DB2A} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\YahooAUService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\YahooAUService deleted successfully
==== FireFox Fix ======================
ProfilePath: C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\kk1c8h74.default
user.js not found
---- Lines CT2704262 removed from prefs.js ----
user_pref("CT2704262..clientLogIsEnabled", false);
user_pref("CT2704262..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2704262..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2704262.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT2704262.AboutPrivacyUrl", "http://www.conduit.com/privacy/default.aspx");
user_pref("CT2704262.BrowserCompStateIsOpen_129738587603157113", true);
user_pref("CT2704262.BrowserCompStateIsOpen_129738587703159675", true);
user_pref("CT2704262.BrowserCompStateIsOpen_129869134590348979", true);
user_pref("CT2704262.BrowserCompStateIsOpen_130043821149723719", true);
user_pref("CT2704262.BrowserCompStateIsOpen_1367226070000", true);
user_pref("CT2704262.CTID", "CT2704262");
user_pref("CT2704262.CurrentServerDate", "1-4-2014");
user_pref("CT2704262.DSInstall", false);
user_pref("CT2704262.DialogsAlignMode", "LTR");
user_pref("CT2704262.DialogsGetterLastCheckTime", "Tue Apr 01 2014 16:57:05 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.DownloadReferralCookieData", "");
user_pref("CT2704262.FeedLastCount129531287796537552", 0);
user_pref("CT2704262.FeedPollDate129531287797162554", "Tue Apr 01 2014 16:57:05 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.FeedPollDate129531287797162555", "Tue Apr 01 2014 16:57:05 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.FeedPollDate129531287797162556", "Tue Apr 01 2014 16:57:05 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.FeedPollDate129531287797162557", "Tue Apr 01 2014 16:57:05 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.FeedPollDate129531287797162558", "Tue Apr 01 2014 16:57:05 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.FeedPollDate129531287797162559", "Tue Apr 01 2014 16:57:06 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.FeedPollDate129531287797162560", "Tue Apr 01 2014 16:57:06 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.FeedPollDate129531287797162561", "Tue Apr 01 2014 16:57:06 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.FirstServerDate", "4-1-2013");
user_pref("CT2704262.FirstTime", true);
user_pref("CT2704262.FirstTimeFF3", true);
user_pref("CT2704262.FixPageNotFoundErrors", true);
user_pref("CT2704262.GroupingServerCheckInterval", 1440);
user_pref("CT2704262.GroupingServiceUrl", "http://grouping.services.conduit.com/");
user_pref("CT2704262.HPInstall", false);
user_pref("CT2704262.HasUserGlobalKeys", true);
user_pref("CT2704262.HomePageProtectorEnabled", false);
user_pref("CT2704262.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
user_pref("CT2704262.Initialize", true);
user_pref("CT2704262.InitializeCommonPrefs", true);
user_pref("CT2704262.InstallationAndCookieDataSentCount", 3);
user_pref("CT2704262.InstallationId", "ConduitNSISIntegration");
user_pref("CT2704262.InstallationType", "ConduitXPEIntegration");
user_pref("CT2704262.InstalledDate", "Fri Jan 04 2013 12:13:37 GMT-0500 (Eastern Standard Time)");
user_pref("CT2704262.InvalidateCache", false);
user_pref("CT2704262.IsAlertDBUpdated", true);
user_pref("CT2704262.IsGrouping", false);
user_pref("CT2704262.IsInitSetupIni", true);
user_pref("CT2704262.IsMulticommunity", false);
user_pref("CT2704262.IsOpenThankYouPage", false);
user_pref("CT2704262.IsOpenUninstallPage", true);
user_pref("CT2704262.LanguagePackLastCheckTime", "Tue Apr 01 2014 16:57:07 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2704262.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");
user_pref("CT2704262.LastLogin_3.8.1.0", "Tue Apr 01 2014 16:57:05 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.LatestVersion", "3.20.0.4");
user_pref("CT2704262.Locale", "en");
user_pref("CT2704262.MCDetectTooltipHeight", "83");
user_pref("CT2704262.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2704262.MCDetectTooltipWidth", "295");
user_pref("CT2704262.MyStuffEnabledAtInstallation", true);
user_pref("CT2704262.OriginalFirstVersion", "3.8.1.0");
user_pref("CT2704262.RadioIsPodcast", false);
user_pref("CT2704262.RadioLastCheckTime", "Tue Apr 01 2014 16:57:05 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.RadioLastUpdateIPServer", "3");
user_pref("CT2704262.RadioLastUpdateServer", "129242955136270000");
user_pref("CT2704262.RadioMediaID", "21037024");
user_pref("CT2704262.RadioMediaType", "Media Player");
user_pref("CT2704262.RadioMenuSelectedID", "EBRadioMenu_CT270426221037024");
user_pref("CT2704262.RadioShrinkedFromSetup", false);
user_pref("CT2704262.RadioStationName", "California%20Rock");
user_pref("CT2704262.RadioStationURL", "http://feedlive.net/california.asx");
user_pref("CT2704262.SearchCaption", "FreeSoundRecorder Customized Web Search");
user_pref("CT2704262.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
user_pref("CT2704262.SearchFromAddressBarIsInit", true);
user_pref("CT2704262.SearchInNewTabEnabled", true);
user_pref("CT2704262.SearchInNewTabIntervalMM", 1440);
user_pref("CT2704262.SearchInNewTabLastCheckTime", "Tue Apr 01 2014 16:57:05 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
user_pref("CT2704262.SearchInNewTabUsageUrl", "http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
user_pref("CT2704262.SearchProtectorEnabled", false);
user_pref("CT2704262.SearchProtectorToolbarDisabled", false);
user_pref("CT2704262.SendProtectorDataViaLogin", true);
user_pref("CT2704262.ServiceMapLastCheckTime", "Tue Apr 01 2014 16:57:05 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.SettingsLastCheckTime", "Tue Apr 01 2014 16:57:05 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.SettingsLastUpdate", "1396314314");
user_pref("CT2704262.TBHomePageUrl", "http://search.conduit.com/?ctid=CT2704262&SearchSource=13");
user_pref("CT2704262.ThirdPartyComponentsInterval", 504);
user_pref("CT2704262.ThirdPartyComponentsLastCheck", "Tue Apr 01 2014 16:57:05 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.ThirdPartyComponentsLastUpdate", "1331805997");
user_pref("CT2704262.ToolbarShrinkedFromSetup", false);
user_pref("CT2704262.TrusteLinkUrl", "http://trust.conduit.com/CT2704262");
user_pref("CT2704262.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,codefuel.com,tbccint.com,tro
user_pref("CT2704262.UserID", "UN52587540129364174");
user_pref("CT2704262.ValidationData_Toolbar", 2);
user_pref("CT2704262.alertChannelId", "1096603");
user_pref("CT2704262.backendstorage./9b+7e-x305", "247E29327641363937333545397E3F493B2F77317E202520362D3842474A58515A5C585D505F593964595C49324B393A3F3
user_pref("CT2704262.backendstorage./9b+7e06cg5el8:", "6E6D686C706C706E7370");
user_pref("CT2704262.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74736E72767276747976242F4B49474F42357D5D5C3D");
user_pref("CT2704262.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426
user_pref("CT2704262.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
user_pref("CT2704262.backendstorage./9b-0?3g>d", "663D6F3C6A6D756D7A7374457B207B4A7C7725227E507C2A2526255427282A2A2C312C30");
user_pref("CT2704262.backendstorage./9b-0?3g@6:5;", "");
user_pref("CT2704262.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
user_pref("CT2704262.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A23282E2E3132333435363B466068576C5E685
user_pref("CT2704262.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
user_pref("CT2704262.backendstorage./9b3=>@44i48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
user_pref("CT2704262.backendstorage./9b5ba==9cjag", "3B3D703D406F42417A447576467348767D7D4C7E24");
user_pref("CT2704262.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D686C706C706E7375787274");
user_pref("CT2704262.backendstorage./9b90e@.3c;7b=?ofb>>rhiqs", "393F352F3E");
user_pref("CT2704262.backendstorage./9b9643g3/9e", "6A");
user_pref("CT2704262.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
user_pref("CT2704262.backendstorage./9b<:222h64<", "393F352F3E");
user_pref("CT2704262.backendstorage./9b<:222h64<l8daj", "6D70706F7674747977742A7974727C7B757B7C");
user_pref("CT2704262.backendstorage./9b=+03eh8h8j?:", "4443");
user_pref("CT2704262.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
user_pref("CT2704262.backendstorage./9b?b0d:8aj62<h", "6D");
user_pref("user_pref("CT2704262.backendstorage.cbfirsttime", "467269204A616E20303420323031332031323A31333A353220474D542D3035303020284561737465726E205374616E64617
user_pref("CT2704262.backendstorage.ct2704262ads1", "2537422532326164732532322533412535422537422532326169642532322533412532323336363831253232253243253
user_pref("CT2704262.backendstorage.ct2704262current_term", "");
user_pref("CT2704262.backendstorage.ct2704262isadsdisabled", "66616C7365");
user_pref("CT2704262.backendstorage.ct2704262sdate", "3231");
user_pref("CT2704262.backendstorage.mam_gk_appsdefaultenabled", "6E756C6C");
user_pref("CT2704262.backendstorage.mam_gk_appstate_app13", "6F6E");
user_pref("CT2704262.backendstorage.mam_gk_appstate_clarity_active", "6F6E");
user_pref("CT2704262.backendstorage.mam_gk_appstate_couponbuddy", "6F6E");
user_pref("CT2704262.backendstorage.mam_gk_appstate_discover", "6F6E");
user_pref("CT2704262.backendstorage.mam_gk_appstate_discover_apps", "6F6E");
user_pref("CT2704262.backendstorage.mam_gk_appstate_easytobook", "6F6E");
user_pref("CT2704262.backendstorage.mam_gk_appstate_easytobook_targeted", "6F6E");
user_pref("CT2704262.backendstorage.mam_gk_appstate_find-a-pro", "6F6E");
user_pref("CT2704262.backendstorage.mam_gk_appstate_pricegong", "6F6E");
user_pref("CT2704262.backendstorage.mam_gk_appstate_windowshopper", "6F6E");
user_pref("CT2704262.backendstorage.mam_gk_appstate_yieldkit", "6F6E");
user_pref("CT2704262.backendstorage.mam_gk_appstatereporttime", "31333936333835383435333238");
user_pref("CT2704262.backendstorage.mam_gk_calledsetupservice", "31");
user_pref("CT2704262.backendstorage.mam_gk_currentbadgevalue", "31");
user_pref("CT2704262.backendstorage.mam_gk_currentversion", "312E31332E302E3137");
user_pref("CT2704262.backendstorage.mam_gk_existingusersrecoverydone", "31");
user_pref("CT2704262.backendstorage.mam_gk_first_time", "31");
user_pref("CT2704262.backendstorage.mam_gk_globalkeysmigratedtolocalstorage", "31");
user_pref("CT2704262.backendstorage.mam_gk_lastlogintime", "31333936333835383535373034");
user_pref("CT2704262.backendstorage.mam_gk_localization", "7B226469616C6F674F4B223A7B2254657874223A224F4B227D2C22646D626F7831223A7B2254657874223A22446
user_pref("CT2704262.backendstorage.mam_gk_mamenabled", "74727565");
user_pref("CT2704262.backendstorage.mam_gk_new_welcome_experience", "31");
user_pref("CT2704262.backendstorage.mam_gk_newapps", "5B7B226964223A224368616E676F222C226E616D65223A224368616E676F222C226465736372697074696F6E223A2243
user_pref("CT2704262.backendstorage.mam_gk_settings1.11.5.1", "7B22537461747573223A22737563636565646564222C2244617461223A7B2263757272656E7444617465223
user_pref("CT2704262.backendstorage.mam_gk_settings1.12.0.5", "7B22537461747573223A22737563636565646564222C2244617461223A7B2263757272656E7444617465223
user_pref("CT2704262.backendstorage.mam_gk_settings1.13.0.17", "7B22537461747573223A22737563636565646564222C2244617461223A7B2263757272656E744461746522
user_pref("CT2704262.backendstorage.mam_gk_showwelcomegadget", "66616C7365");
user_pref("CT2704262.backendstorage.mam_gk_stamp", "313034335F30");
user_pref("CT2704262.backendstorage.mam_gk_user_approval_interacted", "31");
user_pref("CT2704262.backendstorage.mam_gk_userborndate", "4E2F41");
user_pref("CT2704262.backendstorage.mam_gk_userid", "61346338623737612D306664642D346463612D393563332D316565616462323135663161");
user_pref("CT2704262.backendstorage.mam_gk_welcomedialogmode", "31");
user_pref("CT2704262.backendstorage.pg_enable", "74727565");
user_pref("CT2704262.backendstorage.rematchagent-matkot-user-id", "22313338393636373330303832353132323334353622");
user_pref("CT2704262.backendstorage.rematchagent-periodic-reports", "7B2270696E675F30223A5B313339363338353835383730372C31343430303030305D7D");
user_pref("CT2704262.backendstorage.rematchagent-user-id", "2261373137623565622D383731362D343132392D396564382D32366339316239613931373422");
user_pref("CT2704262.backendstorage.rss_pub_config", "7B2273657474696E6773223A7B2269636F6E223A22687474703A2F2F73746F726167652E636F6E647569742E636F6D2F
user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000embeddedversion", "322E352E30");
user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000lastreporttime", "3133353838313036343334353420");
user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000newfeeds", "6E65774665656473");
user_pref("CT2704262.backendstorage.searchappstate", "32");
user_pref("CT2704262.backendstorage.searchapptracking", "73656E74");
user_pref("CT2704262.backendstorage.sf_just_installed", "46414C5345");
user_pref("CT2704262.backendstorage.sf_status", "454E41424C4544");
user_pref("CT2704262.globalFirstTimeInfoLastCheckTime", "Tue Apr 01 2014 16:57:06 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.homepageProtectorEnableByLogin", true);
user_pref("CT2704262.initDone", true);
user_pref("CT2704262.isAppTrackingManagerOn", false);
user_pref("CT2704262.isFirstRadioInstallation", false);
user_pref("CT2704262.myStuffEnabled", true);
user_pref("CT2704262.myStuffPublihserMinWidth", 400);
user_pref("CT2704262.myStuffSearchUrl", "[a href="http://appstrm.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID">http://appstrm.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2704262.myStuffServiceIntervalMM", 1440);
user_pref("CT2704262.myStuffServiceUrl", "http://mystuff.conduit-services.com...ntId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUF
user_pref("CT2704262.revertSettingsEnabled", true);
user_pref("CT2704262.searchProtectorDialogDelayInSec", 10);
user_pref("CT2704262.searchProtectorEnableByLogin", true);
user_pref("CT2704262.testingCtid", "");
user_pref("CT2704262.toolbarAppMetaDataLastCheckTime", "Tue Apr 01 2014 16:57:06 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.toolbarContextMenuLastCheckTime", "Tue Apr 01 2014 16:57:07 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.usagesFlag", 2);
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en&ctid=CT2704262", "SA8f/YRfs6V19wkAK/I6CA==
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en&ctid=CT2704262", "B6IX5R5ADEz7jZ1dTY4lpQ=="
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en&ctid=CT2704262", "8Pf+ZNlIALQFEm53aS9FRw==
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-...r&locale=en&ctid=CT2704262&UM=UM_UNINSTALL_ID", "Eqyi+rnB
user_pref("CommunityToolbar.ToolbarsList", "CT2704262");
user_pref("CommunityToolbar.ToolbarsList2", "CT2704262");
user_pref("CommunityToolbar.ToolbarsList4", "CT2704262");
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2704262");
---- Lines conduit removed from prefs.js ----
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "uG7mdamLoNmpmgC2c0JctQ==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "jf4tQQjNr2TQ31uHimzTMg==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "0BEXfBAJ1PdxmWK9VOejOg==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "ZU6zjERHpZr7lBpInn+HyA==");
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Ralph\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\kk1c8h74.default\\conduitCommon\
user_pref("CommunityToolbar.notifications.clientsServerUrl", "http://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.servicesServerUrl", "http://alert.services.conduit.com");
---- Lines CommunityToolbar removed from prefs.js ----
user_pref("CommunityToolbar.globalUserId", "e9bedcd3-dc0f-4e3b-9a66-d86b9e96d3d9");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Apr 01 2014 16:57:06 GMT-0400 (Eastern Daylight Time)");
user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Apr 01 2014 16:57:14 GMT-0400 (Eastern Daylight Time)");
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Apr 01 2014 16:57:05 GMT-0400 (Eastern Daylight Time)");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "aec5c459-315d-48e6-b007-8a69e0a4bd41");
user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
user_pref("CommunityToolbar.twitter.user_1344951.LastCheckTime", "Tue Apr 01 2014 16:57:07 GMT-0400 (Eastern Daylight Time)");
user_pref("CommunityToolbar.twitter.user_14293310.LastCheckTime", "Tue Apr 01 2014 16:57:07 GMT-0400 (Eastern Daylight Time)");
user_pref("CommunityToolbar.twitter.user_16887175.LastCheckTime", "Tue Apr 01 2014 16:57:07 GMT-0400 (Eastern Daylight Time)");
user_pref("CommunityToolbar.twitter.user_17151925.LastCheckTime", "Tue Apr 01 2014 16:57:07 GMT-0400 (Eastern Daylight Time)");
user_pref("CommunityToolbar.twitter.user_20536157.LastCheckTime", "Tue Apr 01 2014 16:57:07 GMT-0400 (Eastern Daylight Time)");
user_pref("CommunityToolbar.twitter.user_30261067.LastCheckTime", "Tue Apr 01 2014 16:57:07 GMT-0400 (Eastern Daylight Time)");
user_pref("CommunityToolbar.twitter.user_428333.LastCheckTime", "Tue Apr 01 2014 16:57:07 GMT-0400 (Eastern Daylight Time)");
user_pref("CommunityToolbar.twitter.user_816653.LastCheckTime", "Tue Apr 01 2014 16:57:07 GMT-0400 (Eastern Daylight Time)");
---- FireFox user.js and prefs.js backups ----
prefs_20141211_1118_.backup
==== Batch Command(s) Run By Tool======================
==== Deleting Files \ Folders ======================
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
"C:\Windows\Installer\141f9421.msi" not found
C:\PROGRA~3\Yahoo! Companion deleted
C:\Users\Ralph\AppData\LocalLow\Conduit deleted
C:\PROGRA~2\Star Envelope Printer Pro deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\TB deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\PROGRA~2\Yahoo! deleted
C:\PROGRA~2\Conduit deleted
C:\install.exe deleted
C:\Users\Ralph\AppData\Roaming\WB.CFG deleted
C:\Users\Ralph\AppData\Roaming\Uniblue deleted
C:\Users\Ralph\AppData\Roaming\Yahoo! deleted
C:\Users\Ralph\AppData\Roaming\Systweak deleted
C:\PROGRA~3\Yahoo! deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Ralph\Downloads\Total Energy Cost Savings (1).docx deleted
C:\Users\Ralph\Downloads\Total Energy Cost Savings.docx deleted
C:\Users\Ralph\AppData\LocalLow\Yahoo! deleted
C:\Users\Ralph\AppData\LocalLow\Yahoo! Companion deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\Ralph\Documents\Optimizer Pro deleted
C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\kk1c8h74.default\CT2704262 deleted
C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\kk1c8h74.default\conduitCommon deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"http://www.mail.yahoo.com/"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{281DF415-9674-415C-9654-B04D78399275} Google Url="http://www.google.com/search?q={sea...&ie={inputEncoding?}&oe={outputEncoding?}&rlz="
{59509169-EA4D-4150-A379-006C5CA063E8} Delicious Url="https://delicious.com/search?p={searchTerms}"
{8D1C00A5-B32A-48B1-B76C-D04ECF96D0A1} Unknown Url="Not_Found"
{A9BF52E2-4023-45DD-A183-3471C5D5E69E} Flickr Url="https://www.flickr.com/search/?q={searchTerms}"
{BBE56129-298D-42DC-BAE2-BC963B094BFF} Unknown Url="Not_Found"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2246504950-3044468771-865909833-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_USERS\S-1-5-21-2246504950-3044468771-865909833-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_USERS\S-1-5-21-2246504950-3044468771-865909833-1001\Software\Microsoft\Internet Explorer\SearchScopes\{8D1C00A5-B32A-48B1-B76C-D04ECF96D0A1} deleted successfully
HKEY_USERS\S-1-5-21-2246504950-3044468771-865909833-1001\Software\Microsoft\Internet Explorer\SearchScopes\{BBE56129-298D-42DC-BAE2-BC963B094BFF} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D8828220E5797F2499399EA1286EBB9D deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fitbit Connect deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ralph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ralph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2ONXN37X will be deleted at reboot
C:\Users\Ralph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AF3WPJLR will be deleted at reboot
C:\Users\Ralph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DRPNTHMD will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=284 folders=86 48155523 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Ralph\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Ralph\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Ralph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2ONXN37X" not found
"C:\Users\Ralph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AF3WPJLR" not found
"C:\Users\Ralph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DRPNTHMD" not found
==== EOF on Thu 12/11/2014 at 11:28:07.78 ======================
Tool run by Ralph on Thu 12/11/2014 at 11:04:28.91.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Ralph\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
12/11/2014 11:05:50 AM Zoek.exe System Restore Point Created Succesfully.
==== Empty Folders Check ======================
C:\PROGRA~2\AVS4YOU deleted successfully
C:\PROGRA~2\McAfee deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\VideoLAN deleted successfully
C:\Program Files\Google deleted successfully
C:\PROGRA~3\ALM deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\PCDr deleted successfully
C:\PROGRA~3\ZoomBrowser deleted successfully
C:\Users\Ralph\AppData\Roaming\DigitalSites deleted successfully
C:\Users\Ralph\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Ralph\AppData\Roaming\NeatImage SL deleted successfully
C:\Users\Ralph\AppData\Local\Conduit deleted successfully
C:\Users\Ralph\AppData\Local\DataSafeOnline deleted successfully
C:\Users\Ralph\AppData\Local\MigWiz deleted successfully
C:\Users\Ralph\AppData\Local\OpenCandy deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2246504950-3044468771-865909833-1001\Software\Microsoft\Internet Explorer\SearchScopes\{283B2E97-7B1B-48E3-828C-21F684E22054} deleted successfully
HKEY_USERS\S-1-5-21-2246504950-3044468771-865909833-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{022F3F10-3844-4BC6-B0F5-60DB5A516AF2} deleted successfully
HKEY_USERS\S-1-5-21-2246504950-3044468771-865909833-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C934CB7C-057C-4484-8DEC-4E9F9AAB5BAD} deleted successfully
HKEY_USERS\S-1-5-21-2246504950-3044468771-865909833-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0A900DF-9611-4446-86BD-4B1D47E7DB2A} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\YahooAUService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\YahooAUService deleted successfully
==== FireFox Fix ======================
ProfilePath: C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\kk1c8h74.default
user.js not found
---- Lines CT2704262 removed from prefs.js ----
user_pref("CT2704262..clientLogIsEnabled", false);
user_pref("CT2704262..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2704262..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2704262.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT2704262.AboutPrivacyUrl", "http://www.conduit.com/privacy/default.aspx");
user_pref("CT2704262.BrowserCompStateIsOpen_129738587603157113", true);
user_pref("CT2704262.BrowserCompStateIsOpen_129738587703159675", true);
user_pref("CT2704262.BrowserCompStateIsOpen_129869134590348979", true);
user_pref("CT2704262.BrowserCompStateIsOpen_130043821149723719", true);
user_pref("CT2704262.BrowserCompStateIsOpen_1367226070000", true);
user_pref("CT2704262.CTID", "CT2704262");
user_pref("CT2704262.CurrentServerDate", "1-4-2014");
user_pref("CT2704262.DSInstall", false);
user_pref("CT2704262.DialogsAlignMode", "LTR");
user_pref("CT2704262.DialogsGetterLastCheckTime", "Tue Apr 01 2014 16:57:05 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.DownloadReferralCookieData", "");
user_pref("CT2704262.FeedLastCount129531287796537552", 0);
user_pref("CT2704262.FeedPollDate129531287797162554", "Tue Apr 01 2014 16:57:05 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.FeedPollDate129531287797162555", "Tue Apr 01 2014 16:57:05 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.FeedPollDate129531287797162556", "Tue Apr 01 2014 16:57:05 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.FeedPollDate129531287797162557", "Tue Apr 01 2014 16:57:05 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.FeedPollDate129531287797162558", "Tue Apr 01 2014 16:57:05 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.FeedPollDate129531287797162559", "Tue Apr 01 2014 16:57:06 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.FeedPollDate129531287797162560", "Tue Apr 01 2014 16:57:06 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.FeedPollDate129531287797162561", "Tue Apr 01 2014 16:57:06 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.FirstServerDate", "4-1-2013");
user_pref("CT2704262.FirstTime", true);
user_pref("CT2704262.FirstTimeFF3", true);
user_pref("CT2704262.FixPageNotFoundErrors", true);
user_pref("CT2704262.GroupingServerCheckInterval", 1440);
user_pref("CT2704262.GroupingServiceUrl", "http://grouping.services.conduit.com/");
user_pref("CT2704262.HPInstall", false);
user_pref("CT2704262.HasUserGlobalKeys", true);
user_pref("CT2704262.HomePageProtectorEnabled", false);
user_pref("CT2704262.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
user_pref("CT2704262.Initialize", true);
user_pref("CT2704262.InitializeCommonPrefs", true);
user_pref("CT2704262.InstallationAndCookieDataSentCount", 3);
user_pref("CT2704262.InstallationId", "ConduitNSISIntegration");
user_pref("CT2704262.InstallationType", "ConduitXPEIntegration");
user_pref("CT2704262.InstalledDate", "Fri Jan 04 2013 12:13:37 GMT-0500 (Eastern Standard Time)");
user_pref("CT2704262.InvalidateCache", false);
user_pref("CT2704262.IsAlertDBUpdated", true);
user_pref("CT2704262.IsGrouping", false);
user_pref("CT2704262.IsInitSetupIni", true);
user_pref("CT2704262.IsMulticommunity", false);
user_pref("CT2704262.IsOpenThankYouPage", false);
user_pref("CT2704262.IsOpenUninstallPage", true);
user_pref("CT2704262.LanguagePackLastCheckTime", "Tue Apr 01 2014 16:57:07 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2704262.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");
user_pref("CT2704262.LastLogin_3.8.1.0", "Tue Apr 01 2014 16:57:05 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.LatestVersion", "3.20.0.4");
user_pref("CT2704262.Locale", "en");
user_pref("CT2704262.MCDetectTooltipHeight", "83");
user_pref("CT2704262.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2704262.MCDetectTooltipWidth", "295");
user_pref("CT2704262.MyStuffEnabledAtInstallation", true);
user_pref("CT2704262.OriginalFirstVersion", "3.8.1.0");
user_pref("CT2704262.RadioIsPodcast", false);
user_pref("CT2704262.RadioLastCheckTime", "Tue Apr 01 2014 16:57:05 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.RadioLastUpdateIPServer", "3");
user_pref("CT2704262.RadioLastUpdateServer", "129242955136270000");
user_pref("CT2704262.RadioMediaID", "21037024");
user_pref("CT2704262.RadioMediaType", "Media Player");
user_pref("CT2704262.RadioMenuSelectedID", "EBRadioMenu_CT270426221037024");
user_pref("CT2704262.RadioShrinkedFromSetup", false);
user_pref("CT2704262.RadioStationName", "California%20Rock");
user_pref("CT2704262.RadioStationURL", "http://feedlive.net/california.asx");
user_pref("CT2704262.SearchCaption", "FreeSoundRecorder Customized Web Search");
user_pref("CT2704262.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
user_pref("CT2704262.SearchFromAddressBarIsInit", true);
user_pref("CT2704262.SearchInNewTabEnabled", true);
user_pref("CT2704262.SearchInNewTabIntervalMM", 1440);
user_pref("CT2704262.SearchInNewTabLastCheckTime", "Tue Apr 01 2014 16:57:05 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
user_pref("CT2704262.SearchInNewTabUsageUrl", "http://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
user_pref("CT2704262.SearchProtectorEnabled", false);
user_pref("CT2704262.SearchProtectorToolbarDisabled", false);
user_pref("CT2704262.SendProtectorDataViaLogin", true);
user_pref("CT2704262.ServiceMapLastCheckTime", "Tue Apr 01 2014 16:57:05 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.SettingsLastCheckTime", "Tue Apr 01 2014 16:57:05 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.SettingsLastUpdate", "1396314314");
user_pref("CT2704262.TBHomePageUrl", "http://search.conduit.com/?ctid=CT2704262&SearchSource=13");
user_pref("CT2704262.ThirdPartyComponentsInterval", 504);
user_pref("CT2704262.ThirdPartyComponentsLastCheck", "Tue Apr 01 2014 16:57:05 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.ThirdPartyComponentsLastUpdate", "1331805997");
user_pref("CT2704262.ToolbarShrinkedFromSetup", false);
user_pref("CT2704262.TrusteLinkUrl", "http://trust.conduit.com/CT2704262");
user_pref("CT2704262.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,codefuel.com,tbccint.com,tro
user_pref("CT2704262.UserID", "UN52587540129364174");
user_pref("CT2704262.ValidationData_Toolbar", 2);
user_pref("CT2704262.alertChannelId", "1096603");
user_pref("CT2704262.backendstorage./9b+7e-x305", "247E29327641363937333545397E3F493B2F77317E202520362D3842474A58515A5C585D505F593964595C49324B393A3F3
user_pref("CT2704262.backendstorage./9b+7e06cg5el8:", "6E6D686C706C706E7370");
user_pref("CT2704262.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74736E72767276747976242F4B49474F42357D5D5C3D");
user_pref("CT2704262.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426
user_pref("CT2704262.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
user_pref("CT2704262.backendstorage./9b-0?3g>d", "663D6F3C6A6D756D7A7374457B207B4A7C7725227E507C2A2526255427282A2A2C312C30");
user_pref("CT2704262.backendstorage./9b-0?3g@6:5;", "");
user_pref("CT2704262.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
user_pref("CT2704262.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A23282E2E3132333435363B466068576C5E685
user_pref("CT2704262.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
user_pref("CT2704262.backendstorage./9b3=>@44i48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
user_pref("CT2704262.backendstorage./9b5ba==9cjag", "3B3D703D406F42417A447576467348767D7D4C7E24");
user_pref("CT2704262.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D686C706C706E7375787274");
user_pref("CT2704262.backendstorage./9b90e@.3c;7b=?ofb>>rhiqs", "393F352F3E");
user_pref("CT2704262.backendstorage./9b9643g3/9e", "6A");
user_pref("CT2704262.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
user_pref("CT2704262.backendstorage./9b<:222h64<", "393F352F3E");
user_pref("CT2704262.backendstorage./9b<:222h64<l8daj", "6D70706F7674747977742A7974727C7B757B7C");
user_pref("CT2704262.backendstorage./9b=+03eh8h8j?:", "4443");
user_pref("CT2704262.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
user_pref("CT2704262.backendstorage./9b?b0d:8aj62<h", "6D");
user_pref("user_pref("CT2704262.backendstorage.cbfirsttime", "467269204A616E20303420323031332031323A31333A353220474D542D3035303020284561737465726E205374616E64617
user_pref("CT2704262.backendstorage.ct2704262ads1", "2537422532326164732532322533412535422537422532326169642532322533412532323336363831253232253243253
user_pref("CT2704262.backendstorage.ct2704262current_term", "");
user_pref("CT2704262.backendstorage.ct2704262isadsdisabled", "66616C7365");
user_pref("CT2704262.backendstorage.ct2704262sdate", "3231");
user_pref("CT2704262.backendstorage.mam_gk_appsdefaultenabled", "6E756C6C");
user_pref("CT2704262.backendstorage.mam_gk_appstate_app13", "6F6E");
user_pref("CT2704262.backendstorage.mam_gk_appstate_clarity_active", "6F6E");
user_pref("CT2704262.backendstorage.mam_gk_appstate_couponbuddy", "6F6E");
user_pref("CT2704262.backendstorage.mam_gk_appstate_discover", "6F6E");
user_pref("CT2704262.backendstorage.mam_gk_appstate_discover_apps", "6F6E");
user_pref("CT2704262.backendstorage.mam_gk_appstate_easytobook", "6F6E");
user_pref("CT2704262.backendstorage.mam_gk_appstate_easytobook_targeted", "6F6E");
user_pref("CT2704262.backendstorage.mam_gk_appstate_find-a-pro", "6F6E");
user_pref("CT2704262.backendstorage.mam_gk_appstate_pricegong", "6F6E");
user_pref("CT2704262.backendstorage.mam_gk_appstate_windowshopper", "6F6E");
user_pref("CT2704262.backendstorage.mam_gk_appstate_yieldkit", "6F6E");
user_pref("CT2704262.backendstorage.mam_gk_appstatereporttime", "31333936333835383435333238");
user_pref("CT2704262.backendstorage.mam_gk_calledsetupservice", "31");
user_pref("CT2704262.backendstorage.mam_gk_currentbadgevalue", "31");
user_pref("CT2704262.backendstorage.mam_gk_currentversion", "312E31332E302E3137");
user_pref("CT2704262.backendstorage.mam_gk_existingusersrecoverydone", "31");
user_pref("CT2704262.backendstorage.mam_gk_first_time", "31");
user_pref("CT2704262.backendstorage.mam_gk_globalkeysmigratedtolocalstorage", "31");
user_pref("CT2704262.backendstorage.mam_gk_lastlogintime", "31333936333835383535373034");
user_pref("CT2704262.backendstorage.mam_gk_localization", "7B226469616C6F674F4B223A7B2254657874223A224F4B227D2C22646D626F7831223A7B2254657874223A22446
user_pref("CT2704262.backendstorage.mam_gk_mamenabled", "74727565");
user_pref("CT2704262.backendstorage.mam_gk_new_welcome_experience", "31");
user_pref("CT2704262.backendstorage.mam_gk_newapps", "5B7B226964223A224368616E676F222C226E616D65223A224368616E676F222C226465736372697074696F6E223A2243
user_pref("CT2704262.backendstorage.mam_gk_settings1.11.5.1", "7B22537461747573223A22737563636565646564222C2244617461223A7B2263757272656E7444617465223
user_pref("CT2704262.backendstorage.mam_gk_settings1.12.0.5", "7B22537461747573223A22737563636565646564222C2244617461223A7B2263757272656E7444617465223
user_pref("CT2704262.backendstorage.mam_gk_settings1.13.0.17", "7B22537461747573223A22737563636565646564222C2244617461223A7B2263757272656E744461746522
user_pref("CT2704262.backendstorage.mam_gk_showwelcomegadget", "66616C7365");
user_pref("CT2704262.backendstorage.mam_gk_stamp", "313034335F30");
user_pref("CT2704262.backendstorage.mam_gk_user_approval_interacted", "31");
user_pref("CT2704262.backendstorage.mam_gk_userborndate", "4E2F41");
user_pref("CT2704262.backendstorage.mam_gk_userid", "61346338623737612D306664642D346463612D393563332D316565616462323135663161");
user_pref("CT2704262.backendstorage.mam_gk_welcomedialogmode", "31");
user_pref("CT2704262.backendstorage.pg_enable", "74727565");
user_pref("CT2704262.backendstorage.rematchagent-matkot-user-id", "22313338393636373330303832353132323334353622");
user_pref("CT2704262.backendstorage.rematchagent-periodic-reports", "7B2270696E675F30223A5B313339363338353835383730372C31343430303030305D7D");
user_pref("CT2704262.backendstorage.rematchagent-user-id", "2261373137623565622D383731362D343132392D396564382D32366339316239613931373422");
user_pref("CT2704262.backendstorage.rss_pub_config", "7B2273657474696E6773223A7B2269636F6E223A22687474703A2F2F73746F726167652E636F6E647569742E636F6D2F
user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000embeddedversion", "322E352E30");
user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000lastreporttime", "3133353838313036343334353420");
user_pref("CT2704262.backendstorage.rssapp2704262a129531303481232105000000newfeeds", "6E65774665656473");
user_pref("CT2704262.backendstorage.searchappstate", "32");
user_pref("CT2704262.backendstorage.searchapptracking", "73656E74");
user_pref("CT2704262.backendstorage.sf_just_installed", "46414C5345");
user_pref("CT2704262.backendstorage.sf_status", "454E41424C4544");
user_pref("CT2704262.globalFirstTimeInfoLastCheckTime", "Tue Apr 01 2014 16:57:06 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.homepageProtectorEnableByLogin", true);
user_pref("CT2704262.initDone", true);
user_pref("CT2704262.isAppTrackingManagerOn", false);
user_pref("CT2704262.isFirstRadioInstallation", false);
user_pref("CT2704262.myStuffEnabled", true);
user_pref("CT2704262.myStuffPublihserMinWidth", 400);
user_pref("CT2704262.myStuffSearchUrl", "[a href="http://appstrm.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID">http://appstrm.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2704262.myStuffServiceIntervalMM", 1440);
user_pref("CT2704262.myStuffServiceUrl", "http://mystuff.conduit-services.com...ntId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUF
user_pref("CT2704262.revertSettingsEnabled", true);
user_pref("CT2704262.searchProtectorDialogDelayInSec", 10);
user_pref("CT2704262.searchProtectorEnableByLogin", true);
user_pref("CT2704262.testingCtid", "");
user_pref("CT2704262.toolbarAppMetaDataLastCheckTime", "Tue Apr 01 2014 16:57:06 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.toolbarContextMenuLastCheckTime", "Tue Apr 01 2014 16:57:07 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2704262.usagesFlag", 2);
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en&ctid=CT2704262", "SA8f/YRfs6V19wkAK/I6CA==
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en&ctid=CT2704262", "B6IX5R5ADEz7jZ1dTY4lpQ=="
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en&ctid=CT2704262", "8Pf+ZNlIALQFEm53aS9FRw==
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-...r&locale=en&ctid=CT2704262&UM=UM_UNINSTALL_ID", "Eqyi+rnB
user_pref("CommunityToolbar.ToolbarsList", "CT2704262");
user_pref("CommunityToolbar.ToolbarsList2", "CT2704262");
user_pref("CommunityToolbar.ToolbarsList4", "CT2704262");
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2704262");
---- Lines conduit removed from prefs.js ----
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "uG7mdamLoNmpmgC2c0JctQ==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "jf4tQQjNr2TQ31uHimzTMg==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "0BEXfBAJ1PdxmWK9VOejOg==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "ZU6zjERHpZr7lBpInn+HyA==");
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Ralph\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\kk1c8h74.default\\conduitCommon\
user_pref("CommunityToolbar.notifications.clientsServerUrl", "http://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.servicesServerUrl", "http://alert.services.conduit.com");
---- Lines CommunityToolbar removed from prefs.js ----
user_pref("CommunityToolbar.globalUserId", "e9bedcd3-dc0f-4e3b-9a66-d86b9e96d3d9");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Apr 01 2014 16:57:06 GMT-0400 (Eastern Daylight Time)");
user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Apr 01 2014 16:57:14 GMT-0400 (Eastern Daylight Time)");
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Apr 01 2014 16:57:05 GMT-0400 (Eastern Daylight Time)");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "aec5c459-315d-48e6-b007-8a69e0a4bd41");
user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
user_pref("CommunityToolbar.twitter.user_1344951.LastCheckTime", "Tue Apr 01 2014 16:57:07 GMT-0400 (Eastern Daylight Time)");
user_pref("CommunityToolbar.twitter.user_14293310.LastCheckTime", "Tue Apr 01 2014 16:57:07 GMT-0400 (Eastern Daylight Time)");
user_pref("CommunityToolbar.twitter.user_16887175.LastCheckTime", "Tue Apr 01 2014 16:57:07 GMT-0400 (Eastern Daylight Time)");
user_pref("CommunityToolbar.twitter.user_17151925.LastCheckTime", "Tue Apr 01 2014 16:57:07 GMT-0400 (Eastern Daylight Time)");
user_pref("CommunityToolbar.twitter.user_20536157.LastCheckTime", "Tue Apr 01 2014 16:57:07 GMT-0400 (Eastern Daylight Time)");
user_pref("CommunityToolbar.twitter.user_30261067.LastCheckTime", "Tue Apr 01 2014 16:57:07 GMT-0400 (Eastern Daylight Time)");
user_pref("CommunityToolbar.twitter.user_428333.LastCheckTime", "Tue Apr 01 2014 16:57:07 GMT-0400 (Eastern Daylight Time)");
user_pref("CommunityToolbar.twitter.user_816653.LastCheckTime", "Tue Apr 01 2014 16:57:07 GMT-0400 (Eastern Daylight Time)");
---- FireFox user.js and prefs.js backups ----
prefs_20141211_1118_.backup
==== Batch Command(s) Run By Tool======================
==== Deleting Files \ Folders ======================
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
"C:\Windows\Installer\141f9421.msi" not found
C:\PROGRA~3\Yahoo! Companion deleted
C:\Users\Ralph\AppData\LocalLow\Conduit deleted
C:\PROGRA~2\Star Envelope Printer Pro deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\TB deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\PROGRA~2\Yahoo! deleted
C:\PROGRA~2\Conduit deleted
C:\install.exe deleted
C:\Users\Ralph\AppData\Roaming\WB.CFG deleted
C:\Users\Ralph\AppData\Roaming\Uniblue deleted
C:\Users\Ralph\AppData\Roaming\Yahoo! deleted
C:\Users\Ralph\AppData\Roaming\Systweak deleted
C:\PROGRA~3\Yahoo! deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Ralph\Downloads\Total Energy Cost Savings (1).docx deleted
C:\Users\Ralph\Downloads\Total Energy Cost Savings.docx deleted
C:\Users\Ralph\AppData\LocalLow\Yahoo! deleted
C:\Users\Ralph\AppData\LocalLow\Yahoo! Companion deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\Ralph\Documents\Optimizer Pro deleted
C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\kk1c8h74.default\CT2704262 deleted
C:\Users\Ralph\AppData\Roaming\Mozilla\Firefox\Profiles\kk1c8h74.default\conduitCommon deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"http://www.mail.yahoo.com/"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{281DF415-9674-415C-9654-B04D78399275} Google Url="http://www.google.com/search?q={sea...&ie={inputEncoding?}&oe={outputEncoding?}&rlz="
{59509169-EA4D-4150-A379-006C5CA063E8} Delicious Url="https://delicious.com/search?p={searchTerms}"
{8D1C00A5-B32A-48B1-B76C-D04ECF96D0A1} Unknown Url="Not_Found"
{A9BF52E2-4023-45DD-A183-3471C5D5E69E} Flickr Url="https://www.flickr.com/search/?q={searchTerms}"
{BBE56129-298D-42DC-BAE2-BC963B094BFF} Unknown Url="Not_Found"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2246504950-3044468771-865909833-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_USERS\S-1-5-21-2246504950-3044468771-865909833-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_USERS\S-1-5-21-2246504950-3044468771-865909833-1001\Software\Microsoft\Internet Explorer\SearchScopes\{8D1C00A5-B32A-48B1-B76C-D04ECF96D0A1} deleted successfully
HKEY_USERS\S-1-5-21-2246504950-3044468771-865909833-1001\Software\Microsoft\Internet Explorer\SearchScopes\{BBE56129-298D-42DC-BAE2-BC963B094BFF} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D8828220E5797F2499399EA1286EBB9D deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fitbit Connect deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ralph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ralph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2ONXN37X will be deleted at reboot
C:\Users\Ralph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AF3WPJLR will be deleted at reboot
C:\Users\Ralph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DRPNTHMD will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=284 folders=86 48155523 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Ralph\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Ralph\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Ralph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2ONXN37X" not found
"C:\Users\Ralph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AF3WPJLR" not found
"C:\Users\Ralph\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DRPNTHMD" not found
==== EOF on Thu 12/11/2014 at 11:28:07.78 ======================
I still have all those unusually named files/folders in the local low folder. Yesterday, after running malwarebytes I wasn't seeing the weird chrome processes running anymore, even after rebooting, but those folders seem very strange to me. Prior to running malwarebytes I was getting about 6-7 of cakqbeauoyn.exe running with the description saying "google chrome". Ending the process in task manager and they would just recreate themselves. cakqbeauoyn.exe is still showing in the locallow/apple computer/febumex folder.
So to answer your question - I don't know if all is good.
So to answer your question - I don't know if all is good.
- Apr 24, 2014
- 3,395
Are you able to explain to me how/why that those folders with weird names all got created yesterday between 3:00-4:30 PM? Was I infected with something that created them? What does the iph.Trojan/clicker.W7 do to a computer? I've changed a lot of passwords using another computer to be safe, but might they have been compromised? Thanks for the help and hopefully you can give me some insight to these questions.
files/folders we've talked about still there. Were they suppose to be removed by that script? Do I need to reboot to see a change?
Have tried posting results, but the "post reply" button isn't taking them. I uploaded the text file.
Have tried posting results, but the "post reply" button isn't taking them. I uploaded the text file.
Similar threads
- Locked
- Locked
