Jump to content

Recommended Posts

Hello I have been working on removing some malware that I am unsure exactly how it got on my computer. I run malwarebytes and prevx/webroot, and neither program is able to remove the "IE Toolbar " program from my control panel installed programs list.

I was following the post from this thread and decided to make a help thread before proceeding any more.

https://forums.malwarebytes.org/index.php?showtopic=125930

I scanned full with an up to date malwarebytes, couldn't get security check to give a log, and moved on to adwcleaner. I have logs for malwarebytes and adwcleaner, but I am submitting this thread from an iPad, so I will reply with the logs once all backups are done and I will be ready to find and destroy this malware!

Thank you ahead of time for your help.

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300

 

www.malwarebytes.org
 
Database version: v2013.12.06.02
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Eric Shaffron :: ERICSHAFFRON-PC [administrator]
 
12/5/2013 9:56:54 PM
mbam-log-2013-12-05 (21-56-54).txt
 
Scan type: Full scan (A:\|C:\|D:\|F:\|Z:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 1476564
Time elapsed: 5 hour(s), 40 minute(s), 20 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 30
HKCR\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\esrv.BabylonESrvc.1 (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\esrv.BabylonESrvc (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\b (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\Toolbar3.SWEETIE.1 (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\Toolbar3.SWEETIE (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.
HKCR\Typelib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCR\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1 (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1 (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
HKCU\Software\Systweak\RegClean Pro (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\BabylonToolbar (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 6
HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} (PUP.Optional.SweetPacks.A) -> Data:  -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} (PUP.Optional.SweetPacks.A) -> Data: C:\Program Files\Updater By SweetPacks\Firefox -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Data: http://search.babylon.com/?AF=111917&babsrc=HP_ss&mntrId=5496177b0000000000001c6f6535de6d -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Data: {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} -> Quarantined and deleted successfully.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {EF14C18D-E2D9-11E2-B8A0-1C6F6535DE6D} -> Quarantined and deleted successfully.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {EF14C18D-E2D9-11E2-B8A0-1C6F6535DE6D} -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit) -> Bad: (http://search.conduit.com?SearchSource=10&CUI=UN97895449327066122&UM=2&ctid=CT3279411&SSPV=SSPV_AB_IE_2) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.SweetPacks) -> Bad: (http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={EF14C18D-E2D9-11E2-B8A0-1C6F6535DE6D}) Good: (http://www.google.com) -> Quarantined and repaired successfully.
 
Folders Detected: 13
C:\Users\Eric Shaffron\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Roaming\OpenCandy\OpenCandy_B68E64792EA949FDAF562E4DF2287E64 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Roaming\File Scout (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\plugins (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\xpi\defaults (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Roaming\Systweak\RegClean Pro (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Roaming\Systweak\RegClean Pro\Version 6.1 (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.
 
Files Detected: 64
C:\Program Files (x86)\Outspark\DarkBlood\DarkBlood.exe (PUP.Riskware.GameCheat) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Local\Conduit\CT3279411\appbario12AutoUpdateHelper.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Local\Temp\05E7ADCB-BAB0-7891-A8DD-D3CC5D5C8F96\MyBabylonTB.exe (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\chLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\ffLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\spch.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\spff.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Local\Temp\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}\mgSqlite3.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Roaming\File Scout\filescout.exe (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Roaming\OpenCandy\OpenCandy_B68E64792EA949FDAF562E4DF2287E64\LatestDLMgr.exe (PUP.Optional.OpenCandy.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Roaming\OpenCandy\OpenCandy_B68E64792EA949FDAF562E4DF2287E64\OpenCandyU1Dlm.dll (PUP.Optional.OpenCandy.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\Documents\myStuff\myLife\Resources\Files\CS5MasterCollection_Crack\keygen.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.
C:\Windows\Installer\220af69.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
F:\Steam\steamapps\common\Risk of Rain\39dll.dll (PUP.HackTool.DDoS) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\TraditionalCn_rcp_zh-tw.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\Chinese_rcp.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\CleanSchedule.exe (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\Danish_rcp.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\Dutch_rcp.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\Finnish_rcp_fi.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\French_rcp.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\install_left_image.bmp (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\isxdl.dll (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\Japanese_rcp.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\korean_rcp_ko.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\Norwegian_rcp.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\polish_rcp_pl.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\RCPUninstall.exe (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\receipt.pdf (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\RegCleanPro.dll (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\russian_rcp_ru.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\turkish_rcp_tr.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\unins000.dat (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\unins000.exe (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\unins000.msg (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RegClean Pro\xmllite.dll (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Roaming\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\conduit.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\CT3279411.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\CT3279411.xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\initData.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\version.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\xpi\install.rdf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\xpi\defaults\preferences\defaults.js (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\1319409400.reg (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\eng_rcp.dat (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\ExcludeList.rcp (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\log_10-23-2011.log (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\rcpupdate.ini (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\results.rcp (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\TempHLList.rcp (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000001.rmx (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.
C:\Users\Eric Shaffron\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000001.rxb (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.
 
(end)
Link to post
Share on other sites

# AdwCleaner v3.014 - Report created 06/12/2013 at 11:18:47

# Updated 01/12/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Eric Shaffron - ERICSHAFFRON-PC

# Running from : C:\Users\Eric Shaffron\Desktop\RemovingSweetPacks\adwcleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

[#] Service Deleted : bProtector

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro

Folder Deleted : C:\Program Files (x86)\AutocompletePro

Folder Deleted : C:\Program Files (x86)\Conduit

Folder Deleted : C:\Program Files (x86)\Common Files\Tencent

Folder Deleted : C:\Windows\SysWOW64\WNLT

Folder Deleted : C:\Users\Eric Shaffron\AppData\Local\Babylon

Folder Deleted : C:\Users\Eric Shaffron\AppData\Local\Conduit

Folder Deleted : C:\Users\Eric Shaffron\AppData\Local\PackageAware

Folder Deleted : C:\Users\ERICSH~1\AppData\Local\Temp\BabylonToolbar

Folder Deleted : C:\Users\Eric Shaffron\AppData\LocalLow\BabylonToolbar

Folder Deleted : C:\Users\Eric Shaffron\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Eric Shaffron\AppData\LocalLow\appbario12

Folder Deleted : C:\Users\Eric Shaffron\AppData\Roaming\BabylonToolbar

Folder Deleted : C:\Users\Eric Shaffron\AppData\Roaming\PerformerSoft

Folder Deleted : C:\Users\Eric Shaffron\AppData\Roaming\Systweak

Folder Deleted : C:\Users\Eric Shaffron\AppData\Roaming\Tencent

Folder Deleted : C:\Users\Eric Shaffron\AppData\Roaming\yourfiledownloader

Folder Deleted : C:\Users\Eric Shaffron\AppData\Roaming\Mozilla\Firefox\Profiles\kcml7z6r.default\Conduit

Folder Deleted : C:\Users\Eric Shaffron\AppData\Roaming\Mozilla\Firefox\Profiles\kcml7z6r.default\Smartbar

Folder Deleted : C:\Users\Eric Shaffron\AppData\Roaming\Mozilla\Firefox\Profiles\kcml7z6r.default\SweetPacksToolbarData

Folder Deleted : C:\Users\Eric Shaffron\AppData\Roaming\Mozilla\Firefox\Profiles\kcml7z6r.default\CT3279411

Folder Deleted : C:\Users\Eric Shaffron\AppData\Roaming\Mozilla\Firefox\Profiles\kcml7z6r.default\CT1098640

Folder Deleted : C:\Users\Eric Shaffron\AppData\Roaming\Mozilla\Firefox\Profiles\kcml7z6r.default\Extensions\{465fcfbb-47a4-4866-a5d5-d12f9a77da00}

Folder Deleted : C:\Users\Eric Shaffron\AppData\Roaming\Mozilla\Firefox\Profiles\kcml7z6r.default\Extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}

File Deleted : C:\Users\Eric Shaffron\AppData\Roaming\Mozilla\Firefox\Profiles\kcml7z6r.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

File Deleted : C:\Windows\System32\roboot64.exe

File Deleted : C:\Users\Eric Shaffron\AppData\Roaming\Mozilla\Firefox\Profiles\kcml7z6r.default\bProtector_extensions.rdf

File Deleted : C:\Users\Eric Shaffron\AppData\Roaming\Mozilla\Firefox\Profiles\kcml7z6r.default\bprotector_prefs.js

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml

File Deleted : C:\Users\Eric Shaffron\AppData\Roaming\Mozilla\Firefox\Profiles\kcml7z6r.default\searchplugins\bProtect.xml

File Deleted : C:\Users\Eric Shaffron\AppData\Roaming\Mozilla\Firefox\Profiles\kcml7z6r.default\searchplugins\Conduit.xml

File Deleted : C:\Users\Eric Shaffron\AppData\Roaming\Mozilla\Firefox\Profiles\kcml7z6r.default\searchplugins\SweetIm.xml

File Deleted : C:\Users\Eric Shaffron\AppData\Roaming\Mozilla\Firefox\Profiles\kcml7z6r.default\user.js

File Deleted : C:\Windows\System32\Tasks\bProtector

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}]

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{B64982B1-D112-42B5-B1E4-D3867C4533F8}]

Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout

Key Deleted : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL

Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd

Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1

Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore

Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1

Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO

Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1

Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar

Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_veoh_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_veoh_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASMANCS

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

Key Deleted : HKLM\SOFTWARE\NSIS_OVERGROWTH

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Raise Data Recovery for NTFS_is1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1098640

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3279411

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{465FCFBB-47A4-4866-A5D5-D12F9A77DA00}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51500046-8DB3-4B85-9C53-B31A79F1C49F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{465FCFBB-47A4-4866-A5D5-D12F9A77DA00}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{465FCFBB-47A4-4866-A5D5-D12F9A77DA00}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{51500046-8DB3-4B85-9C53-B31A79F1C49F}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{356AD805-9DA9-4112-A6E7-F451AA10249E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7EF6CC48-B6BB-4C71-BECA-B36DE2E264EE}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{465FCFBB-47A4-4866-A5D5-D12F9A77DA00}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{465FCFBB-47A4-4866-A5D5-D12F9A77DA00}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{465FCFBB-47A4-4866-A5D5-D12F9A77DA00}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}

Key Deleted : HKCU\Software\AutocompleteProBHO

Key Deleted : HKCU\Software\bProtector

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\filescout

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\systweak

Key Deleted : HKCU\Software\TENCENT

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\YourFileDownloader

Key Deleted : HKCU\Software\Zugo

Key Deleted : HKCU\Software\AppDataLow\Toolbar

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\Software\appbario12

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\Software\systweak

Key Deleted : HKLM\Software\TENCENT

Key Deleted : HKLM\Software\YourFileDownloader

Key Deleted : HKLM\Software\appbario12

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}

Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v0.0.0.0

 

 

-\\ Mozilla Firefox v

 

[ File : C:\Users\Eric Shaffron\AppData\Roaming\Mozilla\Firefox\Profiles\kcml7z6r.default\prefs.js ]

 


Line Deleted : user_pref("CT1098640.CTID", "CT1098640");

Line Deleted : user_pref("CT1098640.Chat.Meebo.ServerLastCheckTime", "");

Line Deleted : user_pref("CT1098640.Chat.Meebo.ServerLastResponseTime", "Sun Jul 25 2010 22:20:14 GMT-0700 (Pacific Daylight Time)");

Line Deleted : user_pref("CT1098640.Chat.Meebo.rooms.entertainmentc0ed09fb", 0);

Line Deleted : user_pref("CT1098640.Chat.Meebo.rooms.freedownloadsnetcommunitychatcfa4bf59", 0);

Line Deleted : user_pref("CT1098640.Chat.Meebo.rooms.health3693b665", 0);

Line Deleted : user_pref("CT1098640.Chat.Meebo.rooms.musicj375cf270", 2);

Line Deleted : user_pref("CT1098640.Chat.Meebo.rooms.newsxu117b840d", 4);

Line Deleted : user_pref("CT1098640.Chat.Meebo.rooms.sports522528d3", 3);

Line Deleted : user_pref("CT1098640.Chat.Meebo.rooms.technology8bb9fd5b", 0);

Line Deleted : user_pref("CT1098640.Chat.Meebo.rooms.travel8c2e48db", 0);

Line Deleted : user_pref("CT1098640.Chat.Meebo.rooms.videogames2fe066e0", 1);

Line Deleted : user_pref("CT1098640.Chat.ServerLastCheckTime", "Sun Jul 25 2010 22:20:14 GMT-0700 (Pacific Daylight Time)");

Line Deleted : user_pref("CT1098640.CommunitiesChangesLastCheckTime", "Sun Jul 25 2010 22:20:13 GMT-0700 (Pacific Daylight Time)");

Line Deleted : user_pref("CT1098640.CommunityChanged", true);

Line Deleted : user_pref("CT1098640.CurrentServerDate", "26-7-2010");

Line Deleted : user_pref("CT1098640.DialogsAlignMode", "LTR");

Line Deleted : user_pref("CT1098640.DownloadDomainsCheckInterval", "168");

Line Deleted : user_pref("CT1098640.DownloadDomainsListLastCheckTime", "Sun Jul 25 2010 22:20:13 GMT-0700 (Pacific Daylight Time)");

Line Deleted : user_pref("CT1098640.DownloadDomainsListLastServerUpdateTime", "1201073583");

Line Deleted : user_pref("CT1098640.EMailNotifierPollDate", "Sun Jul 25 2010 22:20:15 GMT-0700 (Pacific Daylight Time)");

Line Deleted : user_pref("CT1098640.FeedLastCount128295885701037994", 11);

Line Deleted : user_pref("CT1098640.FeedPollDate128295885701037994", "Sun Jul 25 2010 22:20:14 GMT-0700 (Pacific Daylight Time)");

Line Deleted : user_pref("CT1098640.FeedTTL128295885701037994", 60);

Line Deleted : user_pref("CT1098640.FirstServerDate", "26-5-2010");

Line Deleted : user_pref("CT1098640.FirstTime", true);

Line Deleted : user_pref("CT1098640.FirstTimeFF3", true);

Line Deleted : user_pref("CT1098640.FixPageNotFoundErrors", true);

Line Deleted : user_pref("CT1098640.GroupingServerCheckInterval", 1440);


Line Deleted : user_pref("CT1098640.Initialize", true);

Line Deleted : user_pref("CT1098640.InitializeCommonPrefs", true);

Line Deleted : user_pref("CT1098640.InstalledDate", "Wed May 26 2010 03:37:00 GMT-0700 (Pacific Daylight Time)");

Line Deleted : user_pref("CT1098640.InvalidateCache", false);

Line Deleted : user_pref("CT1098640.IsGrouping", false);

Line Deleted : user_pref("CT1098640.IsMulticommunity", true);

Line Deleted : user_pref("CT1098640.IsOpenThankYouPage", false);

Line Deleted : user_pref("CT1098640.IsOpenUninstallPage", true);

Line Deleted : user_pref("CT1098640.LanguagePackLastCheckTime", "Sun Jul 25 2010 22:20:14 GMT-0700 (Pacific Daylight Time)");

Line Deleted : user_pref("CT1098640.LanguagePackReloadIntervalMM", 1440);


Line Deleted : user_pref("CT1098640.LastLogin_2.5.6.0", "Sun Jul 25 2010 22:20:14 GMT-0700 (Pacific Daylight Time)");

Line Deleted : user_pref("CT1098640.LatestVersion", "2.1.0.18");

Line Deleted : user_pref("CT1098640.Locale", "en-us");

Line Deleted : user_pref("CT1098640.LoginCache", 4);

Line Deleted : user_pref("CT1098640.MCDetectTooltipHeight", "83");


Line Deleted : user_pref("CT1098640.MCDetectTooltipWidth", "295");

Line Deleted : user_pref("CT1098640.RadioIsPodcast", false);

Line Deleted : user_pref("CT1098640.RadioLastCheckTime", "Sun Jul 25 2010 22:20:14 GMT-0700 (Pacific Daylight Time)");

Line Deleted : user_pref("CT1098640.RadioLastUpdateIPServer", "0");

Line Deleted : user_pref("CT1098640.RadioLastUpdateServer", "128929877726170000");

Line Deleted : user_pref("CT1098640.RadioMediaID", "4817804");

Line Deleted : user_pref("CT1098640.RadioMediaType", "Media Player");

Line Deleted : user_pref("CT1098640.RadioMenuSelectedID", "EBRadioMenu_CT10986404817804");

Line Deleted : user_pref("CT1098640.RadioStationName", "Adult%20Alternative");


Line Deleted : user_pref("CT1098640.SHRINK_TOOLBAR", 1);



Line Deleted : user_pref("CT1098640.SearchFromAddressBarIsInit", true);


Line Deleted : user_pref("CT1098640.SearchInNewTabEnabled", true);

Line Deleted : user_pref("CT1098640.SearchInNewTabIntervalMM", 1440);

Line Deleted : user_pref("CT1098640.SearchInNewTabLastCheckTime", "Sun Jul 25 2010 22:20:13 GMT-0700 (Pacific Daylight Time)");



Line Deleted : user_pref("CT1098640.SettingsCheckIntervalMin", 120);

Line Deleted : user_pref("CT1098640.SettingsLastCheckTime", "Sun Jul 25 2010 22:20:13 GMT-0700 (Pacific Daylight Time)");

Line Deleted : user_pref("CT1098640.SettingsLastUpdate", "1274806459");

Line Deleted : user_pref("CT1098640.ThirdPartyComponentsInterval", 504);

Line Deleted : user_pref("CT1098640.ThirdPartyComponentsLastCheck", "Sat Jul 10 2010 13:12:49 GMT-0700 (Pacific Daylight Time)");

Line Deleted : user_pref("CT1098640.ThirdPartyComponentsLastUpdate", "1277822495");


Line Deleted : user_pref("CT1098640.UserID", "UN36764889720360274");

Line Deleted : user_pref("CT1098640.ValidationData_Toolbar", 2);

Line Deleted : user_pref("CT1098640.WeatherNetwork", "");

Line Deleted : user_pref("CT1098640.WeatherPollDate", "Sun Jul 25 2010 22:20:15 GMT-0700 (Pacific Daylight Time)");

Line Deleted : user_pref("CT1098640.WeatherUnit", "F");

Line Deleted : user_pref("CT1098640.clientLogIsEnabled", true);


Line Deleted : user_pref("CT1098640.myStuffEnabled", true);

Line Deleted : user_pref("CT1098640.myStuffPublihserMinWidth", 400);


Line Deleted : user_pref("CT1098640.myStuffServiceIntervalMM", 1440);



Line Deleted : user_pref("CT3279411.1000082.isPlayDisplay", "true");


Line Deleted : user_pref("CT3279411.CT3279411ads1", "%AB%BD%C8%AB%B8%B8%E7%EA%F9%AB%B8%B8%AB%B9%C7%AB%BB%C8%AB%BD%C8%AB%B8%B8%E7%EF%EA%AB%B8%B8%AB%B9%C7%AB%B8%B8%B7%B6%BC%BD%BE%BC%AB%B8%B8%AB%B8%C9%AB%B8%B8%FA%EF%FA[...]

Line Deleted : user_pref("CT3279411.CT3279411ads1.enc", "JTdCJTIyYWRzJTIyJTNBJTVCJTdCJTIyYWlkJTIyJTNBJTIyMTA2Nzg2JTIyJTJDJTIydGl0bGUlMjIlM0ElMjJTcGVlZCUyMFVwJTIwWW91ciUyMERvd25sb2FkJTIxJTIyJTJDJTIyYWR0ZXh0MSUyMiUzQS[...]

Line Deleted : user_pref("CT3279411.CT3279411current_term", "");

Line Deleted : user_pref("CT3279411.CT3279411current_term.enc", "");

Line Deleted : user_pref("CT3279411.CT3279411sdate", "%B7%BC");

Line Deleted : user_pref("CT3279411.CT3279411sdate.enc", "MTY=");

Line Deleted : user_pref("CT3279411.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Deleted : user_pref("CT3279411.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Deleted : user_pref("CT3279411.FF19Solved", "true");

Line Deleted : user_pref("CT3279411.FirstTime", "true");

Line Deleted : user_pref("CT3279411.FirstTimeFF3", "true");

Line Deleted : user_pref("CT3279411.LAST_CLIENT_STATS_SUBMIT_2.enc", "MTM3ODQ4ODAxOQ==");

Line Deleted : user_pref("CT3279411.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc", "MTM3ODQ4ODAzMA==");

Line Deleted : user_pref("CT3279411.LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "Ng==");

Line Deleted : user_pref("CT3279411.LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "Ng==");

Line Deleted : user_pref("CT3279411.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MTM3ODU0MTkxOA==");

Line Deleted : user_pref("CT3279411.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MTM3ODQ4ODE3Nw==");

Line Deleted : user_pref("CT3279411.PG_ENABLE", "dHJ1ZQ==");

Line Deleted : user_pref("CT3279411.SF_JUST_INSTALLED.enc", "RkFMU0U=");

Line Deleted : user_pref("CT3279411.SF_STATUS.enc", "RU5BQkxFRA==");

Line Deleted : user_pref("CT3279411.SF_USER_ID.enc", "Y2lkXzY5MjAxMzEwMjAxOTM1OTc4NTE=");


Line Deleted : user_pref("CT3279411.UserID", "UN13053266602792729");

Line Deleted : user_pref("CT3279411.acp_personal.appstate.enc", "ZW5hYmxl");

Line Deleted : user_pref("CT3279411.addressBarTakeOverEnabledInHidden", "true");

Line Deleted : user_pref("CT3279411.bDay_InstallDate", "%B7%BC%B3%B7%B6");

Line Deleted : user_pref("CT3279411.bDay_InstallDate.enc", "MTYtMTA=");

Line Deleted : user_pref("CT3279411.bDay_InstallFromToolbar", "%FF%EB%F9");

Line Deleted : user_pref("CT3279411.bDay_InstallFromToolbar.enc", "eWVz");

Line Deleted : user_pref("CT3279411.browser.search.defaultthis.engineName", "true");

Line Deleted : user_pref("CT3279411.cbfirsttime.enc", "RnJpIFNlcCAwNiAyMDEzIDEwOjIwOjIwIEdNVC0wNzAwIChQYWNpZmljIERheWxpZ2h0IFRpbWUp");

Line Deleted : user_pref("CT3279411.countryCode", "US");

Line Deleted : user_pref("CT3279411.defaultSearch", "true");

Line Deleted : user_pref("CT3279411.embeddedsData", "[{\"appId\":\"130028909967386036\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]

Line Deleted : user_pref("CT3279411.enableAlerts", "true");

Line Deleted : user_pref("CT3279411.enableSearchFromAddressBar", "true");

Line Deleted : user_pref("CT3279411.enlargeSearchBox", "{\"enabled\":true,\"maxWidth\":1000,\"minWidth\":250,\"width\":500}");

Line Deleted : user_pref("CT3279411.firstTimeDialogOpened", "true");

Line Deleted : user_pref("CT3279411.fixPageNotFoundError", "true");

Line Deleted : user_pref("CT3279411.fixPageNotFoundErrorByUser", "true");

Line Deleted : user_pref("CT3279411.fixPageNotFoundErrorInHidden", "true");

Line Deleted : user_pref("CT3279411.fixUrls", true);

Line Deleted : user_pref("CT3279411.fullUserID", "UN13053266602792729.IN.20130730195207");

Line Deleted : user_pref("CT3279411.installDate", "30/07/2013 19:52:07");

Line Deleted : user_pref("CT3279411.installId", "cid3477");

Line Deleted : user_pref("CT3279411.installSessionId", "{7BBF019C-02F5-43B3-8DB6-2AD528778512}");

Line Deleted : user_pref("CT3279411.installSp", "TRUE");

Line Deleted : user_pref("CT3279411.installType", "conduitnsisintegration");

Line Deleted : user_pref("CT3279411.installUsage", "2013-09-06T20:20:12.5417145+03:00");

Line Deleted : user_pref("CT3279411.installUsageEarly", "2013-09-06T20:20:03.3567307+03:00");

Line Deleted : user_pref("CT3279411.installerVersion", "1.5.4.4");

Line Deleted : user_pref("CT3279411.isCheckedStartAsHidden", true);

Line Deleted : user_pref("CT3279411.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Deleted : user_pref("CT3279411.isFirstTimeToolbarLoading", "false");

Line Deleted : user_pref("CT3279411.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Line Deleted : user_pref("CT3279411.keyword", "true");


Line Deleted : user_pref("CT3279411.lastVersion", "10.16.70.5");

Line Deleted : user_pref("CT3279411.mam_gk_appStateReportTime", "%B7%B9%BE%BA%BC%BC%BF%BD%BF%BD%B6%BE%BB");

Line Deleted : user_pref("CT3279411.mam_gk_appStateReportTime.enc", "MTM4NDY2OTc5NzA4NQ==");

Line Deleted : user_pref("CT3279411.mam_gk_appState_ACplus.enc", "b24=");

Line Deleted : user_pref("CT3279411.mam_gk_appState_CouponBuddy.enc", "b24=");

Line Deleted : user_pref("CT3279411.mam_gk_appState_Discover.enc", "b24=");

Line Deleted : user_pref("CT3279411.mam_gk_appState_Easytobook.enc", "b24=");

Line Deleted : user_pref("CT3279411.mam_gk_appState_Easytobook_targeted.enc", "b24=");

Line Deleted : user_pref("CT3279411.mam_gk_appState_Find-a-Pro.enc", "b24=");

Line Deleted : user_pref("CT3279411.mam_gk_appState_PiclickV2-WebSearch.enc", "b24=");

Line Deleted : user_pref("CT3279411.mam_gk_appState_PriceGong.enc", "b24=");

Line Deleted : user_pref("CT3279411.mam_gk_appState_WindowShopper.enc", "b24=");

Line Deleted : user_pref("CT3279411.mam_gk_appsConfig.enc", "eyJBcHBzQ29uZmlndXJhdGlvbiI6W3siaWQiOiJDbGFyaXR5X0FjdGl2ZSIsInVybCI6Imh0dHA6Ly9zdG9yYWdlLmNvbmR1aXQuY29tL21hbS8zcmRwYXJ0eWFwcHMvY2xhcml0eVJheS9jcl9hY3Rpdm[...]

Line Deleted : user_pref("CT3279411.mam_gk_appsDefaultEnabled", "%F4%FB%F2%F2");

Line Deleted : user_pref("CT3279411.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");

Line Deleted : user_pref("CT3279411.mam_gk_calledSetupService.enc", "MQ==");

Line Deleted : user_pref("CT3279411.mam_gk_currentVersion", "%B7%B4%B7%B7%B4%BA%B4%B8");

Line Deleted : user_pref("CT3279411.mam_gk_currentVersion.enc", "MS4xMS40LjI=");

Line Deleted : user_pref("CT3279411.mam_gk_existingUsersRecoveryDone.enc", "MQ==");

Line Deleted : user_pref("CT3279411.mam_gk_first_time", "%B7");

Line Deleted : user_pref("CT3279411.mam_gk_first_time.enc", "MQ==");

Line Deleted : user_pref("CT3279411.mam_gk_globalKeysMigratedToLocalStorage", "%B7");

Line Deleted : user_pref("CT3279411.mam_gk_globalKeysMigratedToLocalStorage.enc", "MQ==");

Line Deleted : user_pref("CT3279411.mam_gk_installer_preapproved.enc", "ZmFsc2U=");

Line Deleted : user_pref("CT3279411.mam_gk_lastLoginTime", "%B7%B9%BE%BA%BC%BC%BF%BD%BF%BD%B9%B8%BF");

Line Deleted : user_pref("CT3279411.mam_gk_lastLoginTime.enc", "MTM4NDY2OTc5NzMyOQ==");

Line Deleted : user_pref("CT3279411.mam_gk_localization.enc", "eyJkaWFsb2dPSyI6eyJUZXh0IjoiT0sifSwiZG1ib3gxIjp7IlRleHQiOiJEZWFsXHJcbm9mIHRoZSBkYXkifSwiZG1ib3gyIjp7IlRleHQiOiJGcmVlXHJcblNoaXBtZW50In0sImRtYnVsbGV0MSI6[...]

Line Deleted : user_pref("CT3279411.mam_gk_mamEnabled.enc", "dHJ1ZQ==");

Line Deleted : user_pref("CT3279411.mam_gk_new_welcome_experience.enc", "MQ==");

Line Deleted : user_pref("CT3279411.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");

Line Deleted : user_pref("CT3279411.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBl[...]

Line Deleted : user_pref("CT3279411.mam_gk_settings1.11.4.2", "Ä%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0Ä%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%B[...]

Line Deleted : user_pref("CT3279411.mam_gk_settings1.11.4.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzExMTciLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjEwNDNfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50[...]

Line Deleted : user_pref("CT3279411.mam_gk_showWelcomeGadget", "%EC%E7%F2%F9%EB");

Line Deleted : user_pref("CT3279411.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");

Line Deleted : user_pref("CT3279411.mam_gk_stamp", "%B7%B6%BA%B9%E5%B6");

Line Deleted : user_pref("CT3279411.mam_gk_stamp.enc", "MTA0M18w");

Line Deleted : user_pref("CT3279411.mam_gk_userId", "%BA%BB%B9%BB%BD%BE%E8%BE%B3%BC%BF%BA%BA%B3%BA%BF%BA%BA%B3%E8%E9%EB%B7%B3%BE%B7%EA%EC%B7%EC%B6%E7%BF%BB%EC%B9");

Line Deleted : user_pref("CT3279411.mam_gk_userId.enc", "NDUzNTc4YjgtNjk0NC00OTQ0LWJjZTEtODFkZjFmMGE5NWYz");

Line Deleted : user_pref("CT3279411.mam_gk_user_approval_interacted", "%B7");

Line Deleted : user_pref("CT3279411.mam_gk_user_approval_interacted.enc", "MQ==");

Line Deleted : user_pref("CT3279411.mam_gk_welcomeDialogMode", "%B7");

Line Deleted : user_pref("CT3279411.mam_gk_welcomeDialogMode.enc", "MQ==");

Line Deleted : user_pref("CT3279411.migrateAppsAndComponents", true);


Line Deleted : user_pref("CT3279411.openThankYouPage", "false");

Line Deleted : user_pref("CT3279411.openUninstallPage", "false");



Line Deleted : user_pref("CT3279411.originalSearchEngine", "XFINITY");

Line Deleted : user_pref("CT3279411.originalSearchEngineName", "XFINITY");

Line Deleted : user_pref("CT3279411.price-gong.isManagedApp", "true");

Line Deleted : user_pref("CT3279411.revertSettingsEnabled", "false");

Line Deleted : user_pref("CT3279411.search.searchAppId", "130028909967386036");

Line Deleted : user_pref("CT3279411.search.searchCount", "0");

Line Deleted : user_pref("CT3279411.searchFromAddressBarEnabledByUser", "true");

Line Deleted : user_pref("CT3279411.searchInNewTabEnabledByUser", "true");

Line Deleted : user_pref("CT3279411.searchInNewTabEnabledInHidden", "true");

Line Deleted : user_pref("CT3279411.searchRevert", "false");

Line Deleted : user_pref("CT3279411.searchSuggestEnabledByUser", "true");

Line Deleted : user_pref("CT3279411.searchUserMode", "2");

Line Deleted : user_pref("CT3279411.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Deleted : user_pref("CT3279411.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Line Deleted : user_pref("CT3279411.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");

Line Deleted : user_pref("CT3279411.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3279411\"}");


Line Deleted : user_pref("CT3279411.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"appbario12\"}");

Line Deleted : user_pref("CT3279411.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");

Line Deleted : user_pref("CT3279411.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");

Line Deleted : user_pref("CT3279411.serviceLayer_services_Configuration_lastUpdate", "1378488011271");

Line Deleted : user_pref("CT3279411.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1378488011877");

Line Deleted : user_pref("CT3279411.serviceLayer_services_appsMetadata_lastUpdate", "1384669793701");

Line Deleted : user_pref("CT3279411.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1378488011842");

Line Deleted : user_pref("CT3279411.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1378488011277");

Line Deleted : user_pref("CT3279411.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1378488012290");

Line Deleted : user_pref("CT3279411.serviceLayer_services_login_10.16.70.5_lastUpdate", "1378488012240");

Line Deleted : user_pref("CT3279411.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1378488011784");

Line Deleted : user_pref("CT3279411.serviceLayer_services_searchAPI_lastUpdate", "1378488011275");

Line Deleted : user_pref("CT3279411.serviceLayer_services_serviceMap_lastUpdate", "1378488002489");

Line Deleted : user_pref("CT3279411.serviceLayer_services_toolbarContextMenu_lastUpdate", "1378488011811");

Line Deleted : user_pref("CT3279411.serviceLayer_services_toolbarSettings_lastUpdate", "1384669793681");

Line Deleted : user_pref("CT3279411.serviceLayer_services_translation_lastUpdate", "1378488011776");

Line Deleted : user_pref("CT3279411.settingsINI", true);

Line Deleted : user_pref("CT3279411.shouldFirstTimeDialog", "false");

Line Deleted : user_pref("CT3279411.showToolbarPermission", "false");

Line Deleted : user_pref("CT3279411.smartbar.CTID", "CT3279411");

Line Deleted : user_pref("CT3279411.smartbar.Uninstall", "0");

Line Deleted : user_pref("CT3279411.smartbar.homepage", "true");

Line Deleted : user_pref("CT3279411.smartbar.toolbarName", "appbario12 ");

Line Deleted : user_pref("CT3279411.startPage", "true");

Line Deleted : user_pref("CT3279411.toolbarBornServerTime", "6-9-2013");

Line Deleted : user_pref("CT3279411.toolbarCurrentServerTime", "6-9-2013");

Line Deleted : user_pref("CT3279411.toolbarLoginClientTime", "Fri Sep 06 2013 10:20:12 GMT-0700 (Pacific Daylight Time)");

Line Deleted : user_pref("CT3279411.url_history0001.enc", "aHR0cDovL3d3dy55cG1hdGUuY29tL3dlYmNhbS9zdHJhaWdodC1jb3VwbGVzLz9BRk5PPTEtMzAyOjo6Y2xpY2toYW5kbGVyOjo6MTM3ODQ4ODExOTIzMywsLGh0dHA6Ly93d3cueXBtYXRlLmNvbS93ZWJj[...]

Line Deleted : user_pref("CT3279411.versionFromInstaller", "10.16.70.5");

Line Deleted : user_pref("CT3279411.xpeMode", "0");

Line Deleted : user_pref("CT3279411_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1386145403377,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");


Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1098640");

Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1098640");

Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Jul 25 2010 22:20:14 GMT-0700 (Pacific Daylight Time)");

Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1098640");


Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "appbario12 Customized Web Search");



Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3279411");

Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");


Line Deleted : user_pref("browser.search.defaultthis.engineName", "appbario12 Customized Web Search");



Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);

Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Line Deleted : user_pref("extensions.BabylonToolbar.babExt", "");

Line Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=111917");

Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 18);

Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Line Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);

Line Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);

Line Deleted : user_pref("extensions.BabylonToolbar.id", "5496177b0000000000001c6f6535de6d");

Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15507");

Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");


Line Deleted : user_pref("extensions.BabylonToolbar.lastDP", 18);

Line Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1711:18:37");

Line Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.5");

Line Deleted : user_pref("extensions.BabylonToolbar.newTab", true);


Line Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);

Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Line Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 78569390);

Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1);

Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);

Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Line Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);

Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");

Line Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");

Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");

Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");

Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1711:18:37");

Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");

Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");

Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111917");

Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "5496177b0000000000001c6f6535de6d");

Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "5496177b0000000000001c6f6535de6d");

Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15507");

Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);

Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");

Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1711:18:37");

Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3279411");



Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3279411");

Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3279411");

Line Deleted : user_pref("smartbar.machineId", "B9OZ7HJVD5ROYMA3YKI/KKCNU+KDJ5IB9ZMSC6Y3P2JTZXZUSI/8KHNPTJLPIY8J20YFKE4FHPPT8RRNLYJ1WG");


Line Deleted : user_pref("sweetim.toolbar.RevertDialog.enable", "false");

Line Deleted : user_pref("sweetim.toolbar.SearchBoxLogo", "bing.png");

Line Deleted : user_pref("sweetim.toolbar.SearchBoxText", "Search with Bing");

Line Deleted : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");

Line Deleted : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");

Line Deleted : user_pref("sweetim.toolbar.Visibility.enable", "true");

Line Deleted : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");

Line Deleted : user_pref("sweetim.toolbar.cargo", "3.5000006.10042");

Line Deleted : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "false");

Line Deleted : user_pref("sweetim.toolbar.cda.HideOveride.enable", "false");

Line Deleted : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "false");

Line Deleted : user_pref("sweetim.toolbar.defaultProvider", "bng");

Line Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");


Line Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");

Line Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");

Line Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");


Line Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");

Line Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");


Line Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");

Line Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");

Line Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");


Line Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");

Line Deleted : user_pref("sweetim.toolbar.dialogs.2.enable", "true");


Line Deleted : user_pref("sweetim.toolbar.dialogs.2.height", "150");

Line Deleted : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");

Line Deleted : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");


Line Deleted : user_pref("sweetim.toolbar.dialogs.2.width", "530");

Line Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube.com/.*|.*.yahoo.com/.*|.[...]

Line Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");

Line Deleted : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");

Line Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");

Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");

Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");

Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");

Line Deleted : user_pref("sweetim.toolbar.mode.debug", "false");

Line Deleted : user_pref("sweetim.toolbar.newtab.created", "true");

Line Deleted : user_pref("sweetim.toolbar.newtab.enable", "true");


Line Deleted : user_pref("sweetim.toolbar.previous.browser.newtab.url", "about:newtab");

Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Search the web (Babylon)");


Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Secure Search");


Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");


Line Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");

Line Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");

Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");


Line Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");

Line Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "false");

Line Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");


Line Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");

Line Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");

Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");


Line Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");

Line Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false");

Line Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");


Line Deleted : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");

Line Deleted : user_pref("sweetim.toolbar.scripts.2.callback", "");

Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");

Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");

Line Deleted : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");

Line Deleted : user_pref("sweetim.toolbar.scripts.2.enable", "false");

Line Deleted : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");



Line Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");

Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");

Line Deleted : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");

Line Deleted : user_pref("sweetim.toolbar.simapp_id", "{EF14C18D-E2D9-11E2-B8A0-1C6F6535DE6D}");







Line Deleted : user_pref("sweetim.toolbar.version", "1.13.0.1");

Line Deleted : user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocationType=tb50-ff-aolsoftonic[...]

Line Deleted : user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searc[...]

Line Deleted : user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_product_name", "Updater By SweetPacks");

 

*************************

 

AdwCleaner[R0].txt - [55481 octets] - [06/12/2013 11:16:03]

AdwCleaner[s0].txt - [55397 octets] - [06/12/2013 11:18:47]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [55458 octets] ##########

 

 

 

 

-------------------------------------------------------------------------------------------------------------------------------------------------------------------

------------------------------------------------------------------------------------------------------------------------------------------------------------------  After running both, the "Internet Explorer Toolbar 4.8 by SweetPacks" is  still listed in my control panel's installed programs list (still cannot uninstall from there). If I try to uninstall from the windows control panel it tells me I am missing a DLL, and it has failed to remove the program. 
Link to post
Share on other sites

I proceeded to the third program listed on the forum post mentioned before about sweetpacks, RogueKiller, and after running that the "Internet Explorer Toolbar 4.8 by Sweetpacks" was gone from the installed programs list. I will post the log below, but a second issue came up when Webroot/Prevx detected something connected to GeForce NVIDIA Experience, which was quarentined with some other items, and after a few more runs of that software they are no longer detecting any problems. I will post the log of Webroot/Prevx after the RogueKiller. 

 

 

 
 
Link to post
Share on other sites

 


RogueKiller V8.7.11 [Dec  3 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Eric Shaffron [Admin rights]

Mode : Remove -- Date : 12/06/2013 12:57:32

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 16 ¤¤¤

[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED

[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED

[HJ POL][PUM] HKCU\[...]\System : DisableCMD (0) -> DELETED

[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED

[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

[HJ POL][PUM] HKLM\[...]\System : DisableCMD (0) -> DELETED

[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)

[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> [0x2] The system cannot find the file specified. 

[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified. 

[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableCMD (0) -> [0x2] The system cannot find the file specified. 

[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> REPLACED (1)

[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)

[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1       activate.adobe.com

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST31000528AS ATA Device +++++

--- User ---

[MBR] e278382dd1c55fa582caf51c6428346f

[bSP] f55a70ceb9d27dd931bd9687f36e4fe2 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) Hitachi HDS721010CLA332 ATA Device +++++

--- User ---

[MBR] 937c2fd24d3aa302a9baf2c204bd602e

[bSP] 3cb1249f11ff297d38052d6f5fff59e9 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_D_12062013_125732.txt >>

RKreport[0]_S_12062013_125721.txt

 

 

 

Link to post
Share on other sites

This log is a lot longer, but I could only fit the events from today after roguekiller was run, but not from thursday when I found out about the Sweetpacks. Let me know if you will need the full log, and what to do next. For now the system says clean, and I will wait to hear back from here. Thanks again.

----------------------------------------------------------

SecureAnywhere Scan Log (Version v8.0.3.3)

Log saved at Fri 2013-12-06 14:25:56

 

v8.0.3.3

Windows 7 Service Pack 1 (Build 7601) 64bit (Hostname: ERICSHAFFRON-PC - Local IP: 10.0.0.2)

Scan Started: Fri 2013-12-06 14:07:51

Files Scanned: 135912

Malicious Files: 0

Duration: 15m 57s

 

Previous Scan Results

 

INFECTED - [Fri 2013-12-06 13:43:33] 133264 files scanned, 4 infections found in 21m 50s

INFECTED - [Fri 2013-12-06 13:10:38] 135491 files scanned, 15 infections found in 26m 11s

INFECTED - [Fri 2013-12-06 11:23:16] 130592 files scanned, 17 infections found in 35m 14s

INFECTED - [Fri 2013-12-06 00:44:16] 134081 files scanned, 21 infections found in 42m 47s

INFECTED - [Thu 2013-12-05 23:31:23] 141075 files scanned, 17 infections found in 52m 39s

INFECTED - [Thu 2013-12-05 23:29:02] 135329 files scanned, 24 infections found in 53m 42s

INFECTED - [Thu 2013-12-05 23:28:42] 1252 files scanned, 8 infections found in 14s

INFECTED - [Thu 2013-12-05 23:28:17] 1312 files scanned, 5 infections found in 21s

INFECTED - [Thu 2013-12-05 23:27:29] 1308 files scanned, 1 infection found in 16s

INFECTED - [Thu 2013-12-05 23:09:15] 872 files scanned, 1 infection found in 2s

INFECTED - [Thu 2013-12-05 19:48:00] 92 files scanned, 11 infections found in 1s

INFECTED - [Thu 2013-12-05 11:58:32] 84246 files scanned, 1 infection found in 11m 0s

 

 


Fri 2013-12-06 00:00:47.0735 File blocked in realtime: c:\windows\system32\taskhost.exe [MD5: 639774C9ACD063F028F6084ABF5593AD, Size: 68608 bytes] [1074331712/00000011] [(null)]

Fri 2013-12-06 00:00:47.0735 File blocked in realtime: c:\windows\system32\taskhost.exe [MD5: 639774C9ACD063F028F6084ABF5593AD, Size: 68608 bytes] [1074331712/00000011] [(null)]

Fri 2013-12-06 00:00:47.0876 File blocked in realtime: c:\windows\system32\taskhost.exe [MD5: 639774C9ACD063F028F6084ABF5593AD, Size: 68608 bytes] [1074331712/00000011] [(null)]

Fri 2013-12-06 00:00:47.0876 File blocked in realtime: c:\windows\system32\taskhost.exe [MD5: 639774C9ACD063F028F6084ABF5593AD, Size: 68608 bytes] [1074331712/00000011] [(null)]

Fri 2013-12-06 00:22:44.0534 Infection detected: c:\windows\system32\vmnetdhcp.exe [MD5: 9FAD0F49EDA6E16EC61BF7DD1A5107B3] [17/40081040] [(null)]

Fri 2013-12-06 00:22:44.0534 Infection detected: c:\windows\system32\vmnat.exe [MD5: D3ECFDBFAFD965AFDAC299DEBE71B4C7] [17/40081040] [(null)]

Fri 2013-12-06 00:22:44.0534 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.1.7600.16385_none_9ba1049ce0053bef\inputpersonalization.exe [MD5: C7DE4414D5F6F9373F913CB86262D512] [17/40090040] [(null)]

Fri 2013-12-06 00:22:44.0534 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7600.16385_none_6d84076d913353c5\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144] [17/40090040] [(null)]

Fri 2013-12-06 00:22:44.0534 Infection detected: c:\windows\winsxs\wow64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.17514_none_7a09c587c282995a\tabtip32.exe [MD5: 2DC64A3446C8C6E020E781456B46573D] [17/40080040] [(null)]

Fri 2013-12-06 00:22:44.0549 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-wmpnss-service_31bf3856ad364e35_6.1.7601.17514_none_61acd141e5332baf\wmpnetwk.exe [MD5: A9F3BFC9345F49614D5859EC95B9E994] [17/40090040] [(null)]

Fri 2013-12-06 00:22:44.0549 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7601.18010_none_86608c5a70f925bc\taskhost.exe [MD5: 639774C9ACD063F028F6084ABF5593AD] [17/40090040] [(null)]

Fri 2013-12-06 00:22:44.0970 Scan Results: Files Scanned: 135329, Duration: 53m 42s, Malicious Files: 24

Fri 2013-12-06 00:22:47.0357 Scan Finished: [iD: 41 - Seq: 84699386]

Fri 2013-12-06 00:24:03.0142 Scan Results: Files Scanned: 141075, Duration: 52m 39s, Malicious Files: 17

Fri 2013-12-06 00:24:04.0718 Scan Finished: [iD: 42 - Seq: 42]

Fri 2013-12-06 00:43:59.0820 Determination flags modified: c:\windows\system32\conhost.exe - MD5: BF95EA5809E3BBF55370F7CB309FEBD0, Size: 338432 bytes, Flags: 00000020

Fri 2013-12-06 00:43:59.0820 Determination flags modified: c:\windows\system32\taskhost.exe - MD5: 639774C9ACD063F028F6084ABF5593AD, Size: 68608 bytes, Flags: 00000020

Fri 2013-12-06 00:44:08.0338 Performing cleanup entry: 87

Fri 2013-12-06 00:44:08.0353 Performing cleanup entry: 88

Fri 2013-12-06 00:44:16.0200 Scan Started:  [iD: 43 - Flags: 551/128]

Fri 2013-12-06 00:59:24.0434 Infection detected: c:\program files\nvidia corporation\installer2\display.gfexperience.{6ba94af2-c531-489c-ae4a-b4352fd530e2}\nvtmru.exe [MD5: 588BEEE7B106E6520F550A45897D00B2] [17/40081040] [(null)]

Fri 2013-12-06 00:59:24.0434 Infection detected: c:\windows\winsxs\wow64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.17514_none_7a09c587c282995a\tabtip32.exe [MD5: 2DC64A3446C8C6E020E781456B46573D] [17/40080040] [(null)]

Fri 2013-12-06 00:59:24.0434 Infection detected: c:\windows\runsw.exe [MD5: 6F26FA3FE9ACF14C1B2D1CB92D3B35B0] [17/40080040] [(null)]

Fri 2013-12-06 00:59:24.0449 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7601.18010_none_86608c5a70f925bc\taskhost.exe [MD5: 639774C9ACD063F028F6084ABF5593AD] [17/40090040] [(null)]

Fri 2013-12-06 00:59:24.0449 Infection detected: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144] [17/40090040] [(null)]

Fri 2013-12-06 00:59:24.0449 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.1.7601.17514_none_d4c5c995fb3f4a1b\audiodg.exe [MD5: D5CCA1453B98A5801E6D5FF0FF89DC6C] [17/40090040] [(null)]

Fri 2013-12-06 00:59:24.0449 Infection detected: c:\windows\system32\searchfilterhost.exe [MD5: 49A3AD5CE578CD77F445F3D244AEAB2D] [17/40090040] [(null)]

Fri 2013-12-06 00:59:24.0449 Infection detected: c:\windows\syswow64\vmnetdhcp.exe [MD5: 9FAD0F49EDA6E16EC61BF7DD1A5107B3] [17/40081040] [(null)]

Fri 2013-12-06 00:59:24.0449 Infection detected: c:\windows\system32\searchprotocolhost.exe [MD5: D9E21CBF9E6A87847AFFD39EA3FA28EE] [17/40090040] [(null)]

Fri 2013-12-06 00:59:24.0449 Infection detected: c:\program files\common files\microsoft shared\ink\inputpersonalization.exe [MD5: C7DE4414D5F6F9373F913CB86262D512] [17/40090040] [(null)]

Fri 2013-12-06 00:59:24.0449 Infection detected: c:\windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.17610_none_d17c28e532189242\searchindexer.exe [MD5: E0B340996A41C9A75DFA3B99BBA9C500] [17/40090040] [(null)]

Fri 2013-12-06 00:59:24.0449 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_43d2529dd579f798\taskeng.exe [MD5: 65EA57712340C09B1B0C427B4848AE05] [17/40090040] [(null)]

Fri 2013-12-06 00:59:24.0449 Infection detected: c:\windows\syswow64\vmnat.exe [MD5: D3ECFDBFAFD965AFDAC299DEBE71B4C7] [17/40081040] [(null)]

Fri 2013-12-06 00:59:24.0465 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.18229_none_d27be1cc18bd0cc4\conhost.exe [MD5: BF95EA5809E3BBF55370F7CB309FEBD0] [17/40090040] [(null)]

Fri 2013-12-06 00:59:24.0465 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-wmpnss-service_31bf3856ad364e35_6.1.7601.17514_none_61acd141e5332baf\wmpnetwk.exe [MD5: A9F3BFC9345F49614D5859EC95B9E994] [17/40090040] [(null)]

Fri 2013-12-06 00:59:24.0465 Infection detected: c:\program files (x86)\nvidia corporation\nvidia update core\nvtmru.exe [MD5: 588BEEE7B106E6520F550A45897D00B2] [17/40081040] [(null)]

Fri 2013-12-06 00:59:24.0465 Infection detected: c:\users\eric shaffron\appdata\local\temp\nvidia\geforceexperienceselfupdate\9.3.21.0\gfexperience\nvtmru.exe [MD5: 588BEEE7B106E6520F550A45897D00B2] [17/40081040] [(null)]

Fri 2013-12-06 01:16:01.0884 Monitoring process C:\Windows\System32\msdt.exe [AECB7B09566B1F83F61D5A4B44AE9C7E]. Type: 3 (15489)

Fri 2013-12-06 01:16:01.0884 Monitoring process C:\Windows\System32\msdt.exe [AECB7B09566B1F83F61D5A4B44AE9C7E]. Type: 4 (15489)

Fri 2013-12-06 01:16:01.0884 Monitoring process C:\Windows\System32\msdt.exe [AECB7B09566B1F83F61D5A4B44AE9C7E]. Type: 5 (15489)

Fri 2013-12-06 01:16:01.0946 Monitoring process C:\Windows\System32\msdt.exe [AECB7B09566B1F83F61D5A4B44AE9C7E]. Type: 8 (15489)

Fri 2013-12-06 01:16:01.0946 Monitoring process C:\Windows\System32\msdt.exe [AECB7B09566B1F83F61D5A4B44AE9C7E]. Type: 6 (15489)

Fri 2013-12-06 01:19:31.0735 Infection detected: c:\windows\system32\vmnetdhcp.exe [MD5: 9FAD0F49EDA6E16EC61BF7DD1A5107B3] [17/40081040] [(null)]

Fri 2013-12-06 01:19:31.0751 Infection detected: c:\windows\system32\vmnat.exe [MD5: D3ECFDBFAFD965AFDAC299DEBE71B4C7] [17/40081040] [(null)]

Fri 2013-12-06 01:20:30.0142 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.1.7600.16385_none_9ba1049ce0053bef\inputpersonalization.exe [MD5: C7DE4414D5F6F9373F913CB86262D512] [17/40090040] [(null)]

Fri 2013-12-06 01:20:30.0158 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7600.16385_none_6d84076d913353c5\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144] [17/40090040] [(null)]

Fri 2013-12-06 01:27:04.0121 Scan Results: Files Scanned: 134081, Duration: 42m 47s, Malicious Files: 21

Fri 2013-12-06 01:27:08.0333 Scan Finished: [iD: 43 - Seq: 43]

Fri 2013-12-06 04:02:23.0359 Monitoring process C:\Windows\system32\aitagent.EXE [DDB88D0BB116D468B2B3EFBB6E3D6D06]. Type: 3 (15569)

Fri 2013-12-06 04:02:23.0359 Monitoring process C:\Windows\system32\aitagent.EXE [DDB88D0BB116D468B2B3EFBB6E3D6D06]. Type: 4 (15569)

Fri 2013-12-06 04:02:23.0359 Monitoring process C:\Windows\system32\aitagent.EXE [DDB88D0BB116D468B2B3EFBB6E3D6D06]. Type: 5 (15569)

Fri 2013-12-06 04:02:23.0359 Monitoring process C:\Windows\system32\aitagent.EXE [DDB88D0BB116D468B2B3EFBB6E3D6D06]. Type: 7 (15569)

Fri 2013-12-06 04:02:23.0390 Monitoring process C:\Windows\system32\aitagent.EXE [DDB88D0BB116D468B2B3EFBB6E3D6D06]. Type: 8 (15569)

Fri 2013-12-06 04:02:23.0780 Monitoring process C:\Windows\system32\aitagent.EXE [DDB88D0BB116D468B2B3EFBB6E3D6D06]. Type: 3 (15569)

Fri 2013-12-06 04:02:23.0780 Monitoring process C:\Windows\system32\aitagent.EXE [DDB88D0BB116D468B2B3EFBB6E3D6D06]. Type: 4 (15569)

Fri 2013-12-06 04:02:23.0780 Monitoring process C:\Windows\system32\aitagent.EXE [DDB88D0BB116D468B2B3EFBB6E3D6D06]. Type: 5 (15569)

Fri 2013-12-06 04:02:23.0780 Monitoring process C:\Windows\system32\aitagent.EXE [DDB88D0BB116D468B2B3EFBB6E3D6D06]. Type: 7 (15569)

Fri 2013-12-06 04:02:23.0780 Monitoring process C:\Windows\system32\aitagent.EXE [DDB88D0BB116D468B2B3EFBB6E3D6D06]. Type: 8 (15569)

Fri 2013-12-06 04:09:23.0358 Monitoring process C:\Windows\system32\lpremove.exe [E3F30C809B0E3C34588BD336D8090CD2]. Type: 3 (15571)

Fri 2013-12-06 04:09:23.0358 Monitoring process C:\Windows\system32\lpremove.exe [E3F30C809B0E3C34588BD336D8090CD2]. Type: 4 (15571)

Fri 2013-12-06 04:09:23.0358 Monitoring process C:\Windows\system32\lpremove.exe [E3F30C809B0E3C34588BD336D8090CD2]. Type: 5 (15571)

Fri 2013-12-06 04:09:23.0358 Monitoring process C:\Windows\system32\lpremove.exe [E3F30C809B0E3C34588BD336D8090CD2]. Type: 7 (15571)

Fri 2013-12-06 04:09:23.0374 Monitoring process C:\Windows\system32\lpremove.exe [E3F30C809B0E3C34588BD336D8090CD2]. Type: 8 (15571)

Fri 2013-12-06 06:53:45.0446 File blocked in realtime: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes] [1074331712/00000011] [(null)]

Fri 2013-12-06 06:53:48.0722 System shutting down.

Fri 2013-12-06 06:53:49.0268 File blocked in realtime: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes] [1074331712/00000011] [(null)]

Fri 2013-12-06 06:53:50.0360 File blocked in realtime: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes] [1074331712/00000011] [(null)]

Fri 2013-12-06 06:53:50.0376 File blocked in realtime: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes] [1074331712/00000011] [(null)]

Fri 2013-12-06 06:53:50.0734 File blocked in realtime: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes] [1074331712/00000011] [(null)]

Fri 2013-12-06 06:53:50.0750 File blocked in realtime: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes] [1074331712/00000011] [(null)]

Fri 2013-12-06 06:53:54.0135 Configuration Saved: CSCSBD23B2A539CAC6C9B2820109CC72FE97,00011,00021,00031,00041,00051,00061,00070,00081,00091,000A1,000B1,000C1,000D0,000E1,000F0,001014,001138,00120,00130,00140,00151,00161,00170,00181,00191,001A0,001B0,001C1,001D0,001E0,001F1,00201,00211,00221,00231,00240,00251,00260,00270,00281,00291,002A0,002B1,002C1,002D0,002E1,002F1,00301,00311,00321,00331,00341,00351,00361,00371,00381,00390,003A1,003B1,003C2,003D1,003E1,003F1,00401,00411,00421,00430,00441,00450,00461,00471,00481,00491,004A1,004B1,004C1,004D1,004E1,004F1,00501,00511,00521,00530,00541,00551,00561,00571,00581,00591,005A1,005B1,005C1,005D0,005E1,005F0,00601,00612,00621,00631,00641,00653,00662,00672,00681,00692,006A1,006B1,006C1,006D2,006E1,006F1,00701,00711,00721,00731,00741,00753,00761,00771,00781,00791,007A0,007B0,007C0,007D0,007E0,007F0,00800,00810,00820,00830,00840,00850,00861,00870,00880,00890,008A0,008B0,008C0,008D0,008E0,008F0,00900,00910,00920,00930,00940,00950,00960,00970,00980,00990,009A0,009B0,009C0,009D0,009E0,009F0,00A00,00A10,00A20,00A30,00A40,00A50,00A60,00A70,00A80,00A90,00AA0,00AB0,00AC0,00AD0,00AE0,00AF0,00B00,00B10,00B20,00B30,00B40,00B50,00B60,00B70,00B80,00B90,00BA0,00BB0,00BC0,00BD0,00BE0,

Fri 2013-12-06 06:53:54.0135 <<< Service shut down successfully. Uptime: 464 minute(s)

Fri 2013-12-06 06:55:22.0553 >>> Service started [v8.0.3.3]

Fri 2013-12-06 06:55:52.0271 File blocked in realtime: c:\windows\runsw.exe [MD5: 6F26FA3FE9ACF14C1B2D1CB92D3B35B0, Size: 36864 bytes] [1074266176/00000011] [(null)]

Fri 2013-12-06 06:55:52.0349 File blocked in realtime: c:\windows\runsw.exe [MD5: 6F26FA3FE9ACF14C1B2D1CB92D3B35B0, Size: 36864 bytes] [1074266176/00000011] [(null)]

Fri 2013-12-06 06:55:52.0380 File blocked in realtime: c:\windows\runsw.exe [MD5: 6F26FA3FE9ACF14C1B2D1CB92D3B35B0, Size: 36864 bytes] [1074266176/00000011] [(null)]

Fri 2013-12-06 06:55:52.0380 File blocked in realtime: c:\windows\runsw.exe [MD5: 6F26FA3FE9ACF14C1B2D1CB92D3B35B0, Size: 36864 bytes] [1074266176/00000011] [(null)]

Fri 2013-12-06 06:55:57.0528 File blocked in realtime: c:\windows\syswow64\vmnat.exe [MD5: D3ECFDBFAFD965AFDAC299DEBE71B4C7, Size: 395824 bytes] [1074270272/00000011] [(null)]

Fri 2013-12-06 06:55:57.0528 File blocked in realtime: c:\windows\syswow64\vmnat.exe [MD5: D3ECFDBFAFD965AFDAC299DEBE71B4C7, Size: 395824 bytes] [1074270272/00000011] [(null)]

Fri 2013-12-06 06:55:57.0871 File blocked in realtime: c:\windows\syswow64\vmnat.exe [MD5: D3ECFDBFAFD965AFDAC299DEBE71B4C7, Size: 395824 bytes] [1074270272/00000011] [(null)]

Fri 2013-12-06 06:55:57.0871 File blocked in realtime: c:\windows\syswow64\vmnat.exe [MD5: D3ECFDBFAFD965AFDAC299DEBE71B4C7, Size: 395824 bytes] [1074270272/00000011] [(null)]

Fri 2013-12-06 06:55:58.0589 Connecting to 1 - 1

Fri 2013-12-06 06:56:00.0976 File blocked in realtime: c:\windows\syswow64\vmnetdhcp.exe [MD5: 9FAD0F49EDA6E16EC61BF7DD1A5107B3, Size: 334384 bytes] [1074270272/00000011] [(null)]

Fri 2013-12-06 06:56:00.0976 File blocked in realtime: c:\windows\syswow64\vmnetdhcp.exe [MD5: 9FAD0F49EDA6E16EC61BF7DD1A5107B3, Size: 334384 bytes] [1074270272/00000011] [(null)]

Fri 2013-12-06 06:56:01.0303 File blocked in realtime: c:\windows\syswow64\vmnetdhcp.exe [MD5: 9FAD0F49EDA6E16EC61BF7DD1A5107B3, Size: 334384 bytes] [1074270272/00000011] [(null)]

Fri 2013-12-06 06:56:01.0303 File blocked in realtime: c:\windows\syswow64\vmnetdhcp.exe [MD5: 9FAD0F49EDA6E16EC61BF7DD1A5107B3, Size: 334384 bytes] [1074270272/00000011] [(null)]

Fri 2013-12-06 07:31:59.0957 Monitoring process C:\Windows\system32\lpremove.exe [E3F30C809B0E3C34588BD336D8090CD2]. Type: 3 (15571)

Fri 2013-12-06 07:31:59.0957 Monitoring process C:\Windows\system32\lpremove.exe [E3F30C809B0E3C34588BD336D8090CD2]. Type: 4 (15571)

Fri 2013-12-06 07:31:59.0957 Monitoring process C:\Windows\system32\lpremove.exe [E3F30C809B0E3C34588BD336D8090CD2]. Type: 5 (15571)

Fri 2013-12-06 07:31:59.0957 Monitoring process C:\Windows\system32\lpremove.exe [E3F30C809B0E3C34588BD336D8090CD2]. Type: 7 (15571)

Fri 2013-12-06 07:31:59.0973 Monitoring process C:\Windows\system32\lpremove.exe [E3F30C809B0E3C34588BD336D8090CD2]. Type: 8 (15571)

Fri 2013-12-06 11:13:11.0821 File blocked in realtime: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes] [1074331712/00000011] [(null)]

Fri 2013-12-06 11:13:11.0821 File blocked in realtime: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes] [1074331712/00000011] [(null)]

Fri 2013-12-06 11:13:11.0946 File blocked in realtime: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes] [1074331712/00000011] [(null)]

Fri 2013-12-06 11:13:11.0946 File blocked in realtime: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes] [1074331712/00000011] [(null)]

Fri 2013-12-06 11:13:12.0133 User process connected successfully from PID 940, Session 1

Fri 2013-12-06 11:13:13.0240 File blocked in realtime: c:\program files (x86)\nvidia corporation\nvidia update core\nvtmru.exe [MD5: 588BEEE7B106E6520F550A45897D00B2, Size: 1028384 bytes] [1074270272/00000011] [(null)]

Fri 2013-12-06 11:13:13.0240 File blocked in realtime: c:\program files (x86)\nvidia corporation\nvidia update core\nvtmru.exe [MD5: 588BEEE7B106E6520F550A45897D00B2, Size: 1028384 bytes] [1074270272/00000011] [(null)]

Fri 2013-12-06 11:13:13.0490 Scan Started:  [iD: 44 - Flags: 1575/16]

Fri 2013-12-06 11:13:24.0098 Determination flags modified: c:\program files\nvidia corporation\installer2\display.gfexperience.{6ba94af2-c531-489c-ae4a-b4352fd530e2}\nvtmru.exe - MD5: 588BEEE7B106E6520F550A45897D00B2, Size: 1028384 bytes, Flags: 00000020

Fri 2013-12-06 11:13:26.0329 Performing cleanup entry: 17

Fri 2013-12-06 11:13:34.0628 Scan Started:  [iD: 45 - Flags: 551/128]

Fri 2013-12-06 11:14:55.0911 Monitoring process C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.libs\AwesomiumProcess.exe [8C1D70B5081773D7DFC331FDC59BBD0E]. Type: 3 (15577)

Fri 2013-12-06 11:14:55.0911 Monitoring process C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.libs\AwesomiumProcess.exe [8C1D70B5081773D7DFC331FDC59BBD0E]. Type: 4 (15577)

Fri 2013-12-06 11:14:55.0911 Monitoring process C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.libs\AwesomiumProcess.exe [8C1D70B5081773D7DFC331FDC59BBD0E]. Type: 5 (15577)

Fri 2013-12-06 11:14:55.0912 Monitoring process C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.libs\AwesomiumProcess.exe [8C1D70B5081773D7DFC331FDC59BBD0E]. Type: 7 (15577)

Fri 2013-12-06 11:14:55.0914 Monitoring process C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.libs\AwesomiumProcess.exe [8C1D70B5081773D7DFC331FDC59BBD0E]. Type: 8 (15577)

Fri 2013-12-06 11:14:55.0920 Monitoring process C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.libs\AwesomiumProcess.exe [8C1D70B5081773D7DFC331FDC59BBD0E]. Type: 3 (15577)

Fri 2013-12-06 11:14:55.0920 Monitoring process C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.libs\AwesomiumProcess.exe [8C1D70B5081773D7DFC331FDC59BBD0E]. Type: 4 (15577)

Fri 2013-12-06 11:14:55.0920 Monitoring process C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.libs\AwesomiumProcess.exe [8C1D70B5081773D7DFC331FDC59BBD0E]. Type: 5 (15577)

Fri 2013-12-06 11:14:55.0921 Monitoring process C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.libs\AwesomiumProcess.exe [8C1D70B5081773D7DFC331FDC59BBD0E]. Type: 7 (15577)

Fri 2013-12-06 11:14:55.0923 Monitoring process C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.libs\AwesomiumProcess.exe [8C1D70B5081773D7DFC331FDC59BBD0E]. Type: 8 (15577)

Fri 2013-12-06 11:14:56.0902 Monitoring process C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.libs\AwesomiumProcess.exe [8C1D70B5081773D7DFC331FDC59BBD0E]. Type: 3 (15577)

Fri 2013-12-06 11:14:56.0902 Monitoring process C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.libs\AwesomiumProcess.exe [8C1D70B5081773D7DFC331FDC59BBD0E]. Type: 4 (15577)

Fri 2013-12-06 11:14:56.0902 Monitoring process C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.libs\AwesomiumProcess.exe [8C1D70B5081773D7DFC331FDC59BBD0E]. Type: 5 (15577)

Fri 2013-12-06 11:14:56.0903 Monitoring process C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.libs\AwesomiumProcess.exe [8C1D70B5081773D7DFC331FDC59BBD0E]. Type: 7 (15577)

Fri 2013-12-06 11:14:56.0905 Monitoring process C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.libs\AwesomiumProcess.exe [8C1D70B5081773D7DFC331FDC59BBD0E]. Type: 8 (15577)

Fri 2013-12-06 11:15:39.0789 File blocked in realtime: c:\program files\common files\microsoft shared\ink\inputpersonalization.exe [MD5: C7DE4414D5F6F9373F913CB86262D512, Size: 383488 bytes] [1074331712/00000011] [(null)]

Fri 2013-12-06 11:15:39.0789 File blocked in realtime: c:\program files\common files\microsoft shared\ink\inputpersonalization.exe [MD5: C7DE4414D5F6F9373F913CB86262D512, Size: 383488 bytes] [1074331712/00000011] [(null)]

Fri 2013-12-06 11:15:40.0070 File blocked in realtime: c:\program files\common files\microsoft shared\ink\inputpersonalization.exe [MD5: C7DE4414D5F6F9373F913CB86262D512, Size: 383488 bytes] [1074331712/00000011] [(null)]

Fri 2013-12-06 11:15:40.0070 File blocked in realtime: c:\program files\common files\microsoft shared\ink\inputpersonalization.exe [MD5: C7DE4414D5F6F9373F913CB86262D512, Size: 383488 bytes] [1074331712/00000011] [(null)]

Fri 2013-12-06 11:15:46.0731 Determination flags modified: c:\program files\common files\microsoft shared\ink\inputpersonalization.exe - MD5: C7DE4414D5F6F9373F913CB86262D512, Size: 383488 bytes, Flags: 00000020

Fri 2013-12-06 11:15:47.0465 Performing cleanup entry: 19

Fri 2013-12-06 11:15:50.0195 Scan Started:  [iD: 46 - Flags: 551/128]

Fri 2013-12-06 11:20:07.0368 File blocked in realtime: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes] [1074331712/00000011] [(null)]

Fri 2013-12-06 11:20:07.0368 File blocked in realtime: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes] [1074331712/00000011] [(null)]

Fri 2013-12-06 11:20:07.0555 File blocked in realtime: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes] [1074331712/00000011] [(null)]

Fri 2013-12-06 11:20:07.0555 File blocked in realtime: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes] [1074331712/00000011] [(null)]

Fri 2013-12-06 11:20:09.0708 System shutting down.

Fri 2013-12-06 11:20:10.0706 Scan Results: Files Scanned: 10521, Duration: 4m 20s, Malicious Files: 0

Fri 2013-12-06 11:20:10.0706 Scan Results: Files Scanned: 9622, Duration: 6m 36s, Malicious Files: 0

Fri 2013-12-06 11:20:10.0706 Scan Results: Files Scanned: 9662, Duration: 6m 57s, Malicious Files: 0

Fri 2013-12-06 11:20:10.0753 Scan Aborted: [iD: 46]

Fri 2013-12-06 11:20:10.0753 Scan Aborted: [iD: 45]

Fri 2013-12-06 11:20:10.0753 Scan Aborted: [iD: 44]

Fri 2013-12-06 11:20:11.0408 Configuration Saved: CSCSBD23B2A539CAC6C9B2820109CC72FE97,00011,00021,00031,00041,00051,00061,00070,00081,00091,000A1,000B1,000C1,000D0,000E1,000F0,001014,001138,00120,00130,00140,00151,00161,00170,00181,00191,001A0,001B0,001C1,001D0,001E0,001F1,00201,00211,00221,00231,00240,00251,00260,00270,00281,00291,002A0,002B1,002C1,002D0,002E1,002F1,00301,00311,00321,00331,00341,00351,00361,00371,00381,00390,003A1,003B1,003C2,003D1,003E1,003F1,00401,00411,00421,00430,00441,00450,00461,00471,00481,00491,004A1,004B1,004C1,004D1,004E1,004F1,00501,00511,00521,00530,00541,00551,00561,00571,00581,00591,005A1,005B1,005C1,005D0,005E1,005F0,00601,00612,00621,00631,00641,00653,00662,00672,00681,00692,006A1,006B1,006C1,006D2,006E1,006F1,00701,00711,00721,00731,00741,00753,00761,00771,00781,00791,007A0,007B0,007C0,007D0,007E0,007F0,00800,00810,00820,00830,00840,00850,00861,00870,00880,00890,008A0,008B0,008C0,008D0,008E0,008F0,00900,00910,00920,00930,00940,00950,00960,00970,00980,00990,009A0,009B0,009C0,009D0,009E0,009F0,00A00,00A10,00A20,00A30,00A40,00A50,00A60,00A70,00A80,00A90,00AA0,00AB0,00AC0,00AD0,00AE0,00AF0,00B00,00B10,00B20,00B30,00B40,00B50,00B60,00B70,00B80,00B90,00BA0,00BB0,00BC0,00BD0,00BE0,

Fri 2013-12-06 11:20:11.0408 <<< Service shut down successfully. Uptime: 264 minute(s)

Fri 2013-12-06 11:21:24.0726 >>> Service started [v8.0.3.3]

Fri 2013-12-06 11:21:30.0732 File blocked in realtime: c:\windows\runsw.exe [MD5: 6F26FA3FE9ACF14C1B2D1CB92D3B35B0, Size: 36864 bytes] [1074266176/00000011] [(null)]

Fri 2013-12-06 11:21:30.0732 File blocked in realtime: c:\windows\runsw.exe [MD5: 6F26FA3FE9ACF14C1B2D1CB92D3B35B0, Size: 36864 bytes] [1074266176/00000011] [(null)]

Fri 2013-12-06 11:21:31.0076 File blocked in realtime: c:\windows\runsw.exe [MD5: 6F26FA3FE9ACF14C1B2D1CB92D3B35B0, Size: 36864 bytes] [1074266176/00000011] [(null)]

Fri 2013-12-06 11:21:31.0076 File blocked in realtime: c:\windows\runsw.exe [MD5: 6F26FA3FE9ACF14C1B2D1CB92D3B35B0, Size: 36864 bytes] [1074266176/00000011] [(null)]

Fri 2013-12-06 11:21:31.0622 File blocked in realtime: c:\windows\syswow64\vmnat.exe [MD5: D3ECFDBFAFD965AFDAC299DEBE71B4C7, Size: 395824 bytes] [1074270272/00000011] [(null)]

Fri 2013-12-06 11:21:31.0622 File blocked in realtime: c:\windows\syswow64\vmnat.exe [MD5: D3ECFDBFAFD965AFDAC299DEBE71B4C7, Size: 395824 bytes] [1074270272/00000011] [(null)]

Fri 2013-12-06 11:21:31.0762 File blocked in realtime: c:\windows\syswow64\vmnat.exe [MD5: D3ECFDBFAFD965AFDAC299DEBE71B4C7, Size: 395824 bytes] [1074270272/00000011] [(null)]

Fri 2013-12-06 11:21:31.0762 File blocked in realtime: c:\windows\syswow64\vmnat.exe [MD5: D3ECFDBFAFD965AFDAC299DEBE71B4C7, Size: 395824 bytes] [1074270272/00000011] [(null)]

Fri 2013-12-06 11:21:31.0840 File blocked in realtime: c:\windows\syswow64\vmnetdhcp.exe [MD5: 9FAD0F49EDA6E16EC61BF7DD1A5107B3, Size: 334384 bytes] [1074270272/00000011] [(null)]

Fri 2013-12-06 11:21:31.0840 File blocked in realtime: c:\windows\syswow64\vmnetdhcp.exe [MD5: 9FAD0F49EDA6E16EC61BF7DD1A5107B3, Size: 334384 bytes] [1074270272/00000011] [(null)]

Fri 2013-12-06 11:21:32.0105 File blocked in realtime: c:\windows\syswow64\vmnetdhcp.exe [MD5: 9FAD0F49EDA6E16EC61BF7DD1A5107B3, Size: 334384 bytes] [1074270272/00000011] [(null)]

Fri 2013-12-06 11:21:32.0105 File blocked in realtime: c:\windows\syswow64\vmnetdhcp.exe [MD5: 9FAD0F49EDA6E16EC61BF7DD1A5107B3, Size: 334384 bytes] [1074270272/00000011] [(null)]

Fri 2013-12-06 11:21:37.0659 File blocked in realtime: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes] [1074331712/00000011] [(null)]

Fri 2013-12-06 11:21:37.0659 File blocked in realtime: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes] [1074331712/00000011] [(null)]

Fri 2013-12-06 11:21:37.0924 User process connected successfully from PID 868, Session 1

Fri 2013-12-06 11:21:37.0940 File blocked in realtime: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes] [1074331712/00000011] [(null)]

Fri 2013-12-06 11:21:37.0940 File blocked in realtime: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes] [1074331712/00000011] [(null)]

Fri 2013-12-06 11:22:00.0622 Connecting to 1 - 1

Fri 2013-12-06 11:22:28.0764 Determination flags modified: c:\program files\common files\microsoft shared\ink\tabtip.exe - MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes, Flags: 00000020

Fri 2013-12-06 11:23:15.0128 Performing cleanup entry: 15

Fri 2013-12-06 11:23:16.0313 Scan Started:  [iD: 47 - Flags: 551/128]

Fri 2013-12-06 11:32:35.0996 Infection detected: c:\windows\winsxs\wow64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.17514_none_7a09c587c282995a\tabtip32.exe [MD5: 2DC64A3446C8C6E020E781456B46573D] [17/40080040] [(null)]

Fri 2013-12-06 11:32:37.0977 Infection detected: c:\windows\runsw.exe [MD5: 6F26FA3FE9ACF14C1B2D1CB92D3B35B0] [17/40080040] [(null)]

Fri 2013-12-06 11:32:38.0460 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7601.18010_none_86608c5a70f925bc\taskhost.exe [MD5: 639774C9ACD063F028F6084ABF5593AD] [17/40090040] [(null)]

Fri 2013-12-06 11:32:38.0928 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7600.16385_none_6d84076d913353c5\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144] [17/40090040] [(null)]

Fri 2013-12-06 11:32:39.0412 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.1.7601.17514_none_d4c5c995fb3f4a1b\audiodg.exe [MD5: D5CCA1453B98A5801E6D5FF0FF89DC6C] [17/40090040] [(null)]

Fri 2013-12-06 11:32:39.0740 Infection detected: c:\windows\system32\searchfilterhost.exe [MD5: 49A3AD5CE578CD77F445F3D244AEAB2D] [17/40090040] [(null)]

Fri 2013-12-06 11:32:40.0660 Infection detected: c:\windows\syswow64\vmnetdhcp.exe [MD5: 9FAD0F49EDA6E16EC61BF7DD1A5107B3] [17/40081040] [(null)]

Fri 2013-12-06 11:32:41.0924 Infection detected: c:\windows\system32\searchprotocolhost.exe [MD5: D9E21CBF9E6A87847AFFD39EA3FA28EE] [17/40090040] [(null)]

Fri 2013-12-06 11:32:44.0732 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.1.7600.16385_none_9ba1049ce0053bef\inputpersonalization.exe [MD5: C7DE4414D5F6F9373F913CB86262D512] [17/40090040] [(null)]

Fri 2013-12-06 11:32:44.0747 Infection detected: c:\windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.17610_none_d17c28e532189242\searchindexer.exe [MD5: E0B340996A41C9A75DFA3B99BBA9C500] [17/40090040] [(null)]

Fri 2013-12-06 11:32:46.0354 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_43d2529dd579f798\taskeng.exe [MD5: 65EA57712340C09B1B0C427B4848AE05] [17/40090040] [(null)]

Fri 2013-12-06 11:32:46.0463 Infection detected: c:\windows\syswow64\vmnat.exe [MD5: D3ECFDBFAFD965AFDAC299DEBE71B4C7] [17/40081040] [(null)]

Fri 2013-12-06 11:32:46.0884 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.18229_none_d27be1cc18bd0cc4\conhost.exe [MD5: BF95EA5809E3BBF55370F7CB309FEBD0] [17/40090040] [(null)]

Fri 2013-12-06 11:32:54.0513 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-wmpnss-service_31bf3856ad364e35_6.1.7601.17514_none_61acd141e5332baf\wmpnetwk.exe [MD5: A9F3BFC9345F49614D5859EC95B9E994] [17/40090040] [(null)]

Fri 2013-12-06 11:33:15.0994 Infection detected: c:\users\eric shaffron\appdata\local\temp\nvidia\geforceexperienceselfupdate\9.3.21.0\gfexperience\nvtmru.exe [MD5: 588BEEE7B106E6520F550A45897D00B2] [17/40081040] [(null)]

Fri 2013-12-06 11:54:19.0783 Infection detected: c:\windows\system32\vmnetdhcp.exe [MD5: 9FAD0F49EDA6E16EC61BF7DD1A5107B3] [17/40081040] [(null)]

Fri 2013-12-06 11:54:19.0815 Infection detected: c:\windows\system32\vmnat.exe [MD5: D3ECFDBFAFD965AFDAC299DEBE71B4C7] [17/40081040] [(null)]

Fri 2013-12-06 11:58:30.0803 Scan Results: Files Scanned: 130592, Duration: 35m 14s, Malicious Files: 17

Fri 2013-12-06 11:58:32.0941 Scan Finished: [iD: 47 - Seq: 47]

Fri 2013-12-06 12:26:48.0008 Monitoring process C:\Windows\system32\msfeedssync.exe [DA9648200FC010A6DF004FAC8A775FD9]. Type: 3 (15708)

Fri 2013-12-06 12:26:48.0040 Monitoring process C:\Windows\system32\msfeedssync.exe [DA9648200FC010A6DF004FAC8A775FD9]. Type: 4 (15708)

Fri 2013-12-06 12:26:48.0040 Monitoring process C:\Windows\system32\msfeedssync.exe [DA9648200FC010A6DF004FAC8A775FD9]. Type: 5 (15708)

Fri 2013-12-06 12:26:48.0040 Monitoring process C:\Windows\system32\msfeedssync.exe [DA9648200FC010A6DF004FAC8A775FD9]. Type: 7 (15708)

Fri 2013-12-06 12:26:48.0102 Monitoring process C:\Windows\system32\msfeedssync.exe [DA9648200FC010A6DF004FAC8A775FD9]. Type: 8 (15708)

Fri 2013-12-06 12:26:53.0281 Begin passive write scan (2 file(s))

Fri 2013-12-06 12:26:54.0404 End passive write scan (2 file(s))

Fri 2013-12-06 12:27:59.0223 Begin passive write scan (1 file(s))

Fri 2013-12-06 12:28:00.0112 End passive write scan (1 file(s))

Fri 2013-12-06 12:28:00.0252 Begin passive write scan (2 file(s))

Fri 2013-12-06 12:28:00.0923 End passive write scan (2 file(s))

Fri 2013-12-06 12:28:01.0282 Begin passive write scan (2 file(s))

Fri 2013-12-06 12:28:02.0296 End passive write scan (2 file(s))

Fri 2013-12-06 12:28:04.0371 Begin passive write scan (2 file(s))

Fri 2013-12-06 12:28:05.0151 End passive write scan (2 file(s))

Fri 2013-12-06 12:28:30.0111 Begin passive write scan (1 file(s))

Fri 2013-12-06 12:28:30.0345 End passive write scan (1 file(s))

Fri 2013-12-06 12:52:06.0300 Monitoring process c:\users\eric shaffron\desktop\viruscleanup_2013\roguekiller.exe [0408F45DEF2A1A90C78ABC5D0837C011]. Type: 9 (5984)

Fri 2013-12-06 12:52:06.0409 Monitoring process c:\users\eric shaffron\desktop\viruscleanup_2013\roguekiller.exe [0408F45DEF2A1A90C78ABC5D0837C011]. Type: 3 (5984)

Fri 2013-12-06 12:52:06.0425 Monitoring process c:\users\eric shaffron\desktop\viruscleanup_2013\roguekiller.exe [0408F45DEF2A1A90C78ABC5D0837C011]. Type: 4 (5984)

Fri 2013-12-06 12:52:06.0440 Monitoring process c:\users\eric shaffron\desktop\viruscleanup_2013\roguekiller.exe [0408F45DEF2A1A90C78ABC5D0837C011]. Type: 5 (5984)

Fri 2013-12-06 12:52:06.0456 Monitoring process c:\users\eric shaffron\desktop\viruscleanup_2013\roguekiller.exe [0408F45DEF2A1A90C78ABC5D0837C011]. Type: 8 (5984)

Fri 2013-12-06 12:52:06.0456 Monitoring process c:\users\eric shaffron\desktop\viruscleanup_2013\roguekiller.exe [0408F45DEF2A1A90C78ABC5D0837C011]. Type: 6 (5984)

Fri 2013-12-06 12:52:06.0846 Monitoring process C:\Users\Eric Shaffron\Desktop\VirusCleanUp_2013\RogueKiller.exe [0408F45DEF2A1A90C78ABC5D0837C011]. Type: 3 (5984)

Fri 2013-12-06 12:52:06.0846 Monitoring process C:\Users\Eric Shaffron\Desktop\VirusCleanUp_2013\RogueKiller.exe [0408F45DEF2A1A90C78ABC5D0837C011]. Type: 4 (5984)

Fri 2013-12-06 12:52:06.0846 Monitoring process C:\Users\Eric Shaffron\Desktop\VirusCleanUp_2013\RogueKiller.exe [0408F45DEF2A1A90C78ABC5D0837C011]. Type: 5 (5984)

Fri 2013-12-06 12:52:06.0862 Monitoring process C:\Users\Eric Shaffron\Desktop\VirusCleanUp_2013\RogueKiller.exe [0408F45DEF2A1A90C78ABC5D0837C011]. Type: 8 (5984)

Fri 2013-12-06 12:52:06.0862 Monitoring process C:\Users\Eric Shaffron\Desktop\VirusCleanUp_2013\RogueKiller.exe [0408F45DEF2A1A90C78ABC5D0837C011]. Type: 6 (5984)

Fri 2013-12-06 12:52:08.0172 Begin passive write scan (1 file(s))

Fri 2013-12-06 12:52:09.0872 End passive write scan (1 file(s))

Fri 2013-12-06 12:54:48.0281 Monitoring process C:\Users\Eric Shaffron\Desktop\VirusCleanUp_2013\RogueKiller.exe [0408F45DEF2A1A90C78ABC5D0837C011]. Type: 3 (5984)

Fri 2013-12-06 12:54:48.0297 Monitoring process C:\Users\Eric Shaffron\Desktop\VirusCleanUp_2013\RogueKiller.exe [0408F45DEF2A1A90C78ABC5D0837C011]. Type: 4 (5984)

Fri 2013-12-06 12:54:48.0297 Monitoring process C:\Users\Eric Shaffron\Desktop\VirusCleanUp_2013\RogueKiller.exe [0408F45DEF2A1A90C78ABC5D0837C011]. Type: 5 (5984)

Fri 2013-12-06 12:54:48.0297 Monitoring process C:\Users\Eric Shaffron\Desktop\VirusCleanUp_2013\RogueKiller.exe [0408F45DEF2A1A90C78ABC5D0837C011]. Type: 8 (5984)

Fri 2013-12-06 12:54:48.0297 Monitoring process C:\Users\Eric Shaffron\Desktop\VirusCleanUp_2013\RogueKiller.exe [0408F45DEF2A1A90C78ABC5D0837C011]. Type: 6 (5984)

Fri 2013-12-06 12:54:50.0293 Begin passive write scan (1 file(s))

Fri 2013-12-06 12:54:50.0527 End passive write scan (1 file(s))

Fri 2013-12-06 12:58:50.0191 Begin passive write scan (1 file(s))

Fri 2013-12-06 12:58:50.0425 End passive write scan (1 file(s))

Fri 2013-12-06 13:10:38.0635 Scan Started:  [iD: 48 - Flags: 551/16]

Fri 2013-12-06 13:24:16.0232 Infection detected: c:\windows\winsxs\wow64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.17514_none_7a09c587c282995a\tabtip32.exe [MD5: 2DC64A3446C8C6E020E781456B46573D] [17/40080040] [(null)]

Fri 2013-12-06 13:24:16.0232 Infection detected: c:\windows\runsw.exe [MD5: 6F26FA3FE9ACF14C1B2D1CB92D3B35B0] [17/40080040] [(null)]

Fri 2013-12-06 13:24:16.0232 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7601.18010_none_86608c5a70f925bc\taskhost.exe [MD5: 639774C9ACD063F028F6084ABF5593AD] [17/40090040] [(null)]

Fri 2013-12-06 13:24:16.0232 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7600.16385_none_6d84076d913353c5\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144] [17/40090040] [(null)]

Fri 2013-12-06 13:24:16.0232 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.1.7601.17514_none_d4c5c995fb3f4a1b\audiodg.exe [MD5: D5CCA1453B98A5801E6D5FF0FF89DC6C] [17/40090040] [(null)]

Fri 2013-12-06 13:24:16.0232 Infection detected: c:\windows\system32\searchfilterhost.exe [MD5: 49A3AD5CE578CD77F445F3D244AEAB2D] [17/40090040] [(null)]

Fri 2013-12-06 13:24:16.0232 Infection detected: c:\windows\syswow64\vmnetdhcp.exe [MD5: 9FAD0F49EDA6E16EC61BF7DD1A5107B3] [17/40081040] [(null)]

Fri 2013-12-06 13:24:16.0232 Infection detected: c:\windows\system32\searchprotocolhost.exe [MD5: D9E21CBF9E6A87847AFFD39EA3FA28EE] [17/40090040] [(null)]

Fri 2013-12-06 13:24:16.0232 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.1.7600.16385_none_9ba1049ce0053bef\inputpersonalization.exe [MD5: C7DE4414D5F6F9373F913CB86262D512] [17/40090040] [(null)]

Fri 2013-12-06 13:24:16.0232 Infection detected: c:\windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.17610_none_d17c28e532189242\searchindexer.exe [MD5: E0B340996A41C9A75DFA3B99BBA9C500] [17/40090040] [(null)]

Fri 2013-12-06 13:24:16.0232 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_43d2529dd579f798\taskeng.exe [MD5: 65EA57712340C09B1B0C427B4848AE05] [17/40090040] [(null)]

Fri 2013-12-06 13:24:16.0232 Infection detected: c:\windows\syswow64\vmnat.exe [MD5: D3ECFDBFAFD965AFDAC299DEBE71B4C7] [17/40081040] [(null)]

Fri 2013-12-06 13:24:16.0232 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.18229_none_d27be1cc18bd0cc4\conhost.exe [MD5: BF95EA5809E3BBF55370F7CB309FEBD0] [17/40090040] [(null)]

Fri 2013-12-06 13:24:16.0248 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-wmpnss-service_31bf3856ad364e35_6.1.7601.17514_none_61acd141e5332baf\wmpnetwk.exe [MD5: A9F3BFC9345F49614D5859EC95B9E994] [17/40090040] [(null)]

Fri 2013-12-06 13:24:16.0310 Infection detected: c:\users\eric shaffron\appdata\local\temp\nvidia\geforceexperienceselfupdate\9.3.21.0\gfexperience\nvtmru.exe [MD5: 588BEEE7B106E6520F550A45897D00B2] [17/40081040] [(null)]

Fri 2013-12-06 13:36:49.0713 Scan Results: Files Scanned: 135491, Duration: 26m 11s, Malicious Files: 15

Fri 2013-12-06 13:36:50.0415 Scan Finished: [iD: 48 - Seq: 48]

Fri 2013-12-06 13:38:15.0248 Determination flags modified: c:\program files (x86)\common files\microsoft shared\ink\tabtip32.exe - MD5: 2DC64A3446C8C6E020E781456B46573D, Size: 10240 bytes, Flags: 00000020

Fri 2013-12-06 13:38:15.0248 Determination flags modified: c:\windows\runsw.exe - MD5: 6F26FA3FE9ACF14C1B2D1CB92D3B35B0, Size: 36864 bytes, Flags: 00000020

Fri 2013-12-06 13:38:15.0248 Determination flags modified: c:\windows\system32\taskhost.exe - MD5: 639774C9ACD063F028F6084ABF5593AD, Size: 68608 bytes, Flags: 00000020

Fri 2013-12-06 13:38:15.0248 Determination flags modified: c:\program files\common files\microsoft shared\ink\tabtip.exe - MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes, Flags: 00000020

Fri 2013-12-06 13:38:15.0248 Determination flags modified: c:\windows\system32\audiodg.exe - MD5: D5CCA1453B98A5801E6D5FF0FF89DC6C, Size: 126464 bytes, Flags: 00000020

Fri 2013-12-06 13:38:15.0248 Determination flags modified: c:\windows\system32\searchfilterhost.exe - MD5: 49A3AD5CE578CD77F445F3D244AEAB2D, Size: 113664 bytes, Flags: 00000020

Fri 2013-12-06 13:38:15.0248 Determination flags modified: c:\windows\system32\vmnetdhcp.exe - MD5: 9FAD0F49EDA6E16EC61BF7DD1A5107B3, Size: 334384 bytes, Flags: 00000020

Fri 2013-12-06 13:38:15.0248 Determination flags modified: c:\windows\system32\searchprotocolhost.exe - MD5: D9E21CBF9E6A87847AFFD39EA3FA28EE, Size: 249856 bytes, Flags: 00000020

Fri 2013-12-06 13:38:15.0248 Determination flags modified: c:\program files\common files\microsoft shared\ink\inputpersonalization.exe - MD5: C7DE4414D5F6F9373F913CB86262D512, Size: 383488 bytes, Flags: 00000020

Fri 2013-12-06 13:38:15.0248 Determination flags modified: c:\windows\system32\searchindexer.exe - MD5: E0B340996A41C9A75DFA3B99BBA9C500, Size: 591872 bytes, Flags: 00000020

Fri 2013-12-06 13:38:15.0248 Determination flags modified: c:\windows\system32\taskeng.exe - MD5: 65EA57712340C09B1B0C427B4848AE05, Size: 464384 bytes, Flags: 00000020

Fri 2013-12-06 13:38:15.0248 Determination flags modified: c:\windows\system32\vmnat.exe - MD5: D3ECFDBFAFD965AFDAC299DEBE71B4C7, Size: 395824 bytes, Flags: 00000020

Fri 2013-12-06 13:38:15.0248 Determination flags modified: c:\windows\system32\conhost.exe - MD5: BF95EA5809E3BBF55370F7CB309FEBD0, Size: 338432 bytes, Flags: 00000020

Fri 2013-12-06 13:38:15.0248 Determination flags modified: c:\program files\windows media player\wmpnetwk.exe - MD5: A9F3BFC9345F49614D5859EC95B9E994, Size: 1525248 bytes, Flags: 00000020

Fri 2013-12-06 13:38:15.0248 Determination flags modified: c:\program files\nvidia corporation\installer2\display.gfexperience.{6ba94af2-c531-489c-ae4a-b4352fd530e2}\nvtmru.exe - MD5: 588BEEE7B106E6520F550A45897D00B2, Size: 1028384 bytes, Flags: 00000020

Fri 2013-12-06 13:38:23.0906 Performing cleanup entry: 34

Fri 2013-12-06 13:38:23.0906 Performing cleanup entry: 35

Fri 2013-12-06 13:38:23.0906 Performing cleanup entry: 36

Fri 2013-12-06 13:38:23.0906 Performing cleanup entry: 37

Fri 2013-12-06 13:38:23.0906 Performing cleanup entry: 38

Fri 2013-12-06 13:38:23.0906 Performing cleanup entry: 39

Fri 2013-12-06 13:38:23.0906 Performing cleanup entry: 40

Fri 2013-12-06 13:38:23.0906 Performing cleanup entry: 41

Fri 2013-12-06 13:38:23.0906 Performing cleanup entry: 42

Fri 2013-12-06 13:38:23.0906 Performing cleanup entry: 43

Fri 2013-12-06 13:38:23.0906 Performing cleanup entry: 44

Fri 2013-12-06 13:38:23.0906 Performing cleanup entry: 45

Fri 2013-12-06 13:38:23.0906 Performing cleanup entry: 46

Fri 2013-12-06 13:38:23.0906 Performing cleanup entry: 47

Fri 2013-12-06 13:38:23.0906 Performing cleanup entry: 48

Fri 2013-12-06 13:38:25.0576 Begin passive write scan (1 file(s))

Fri 2013-12-06 13:38:25.0810 End passive write scan (1 file(s))

Fri 2013-12-06 13:42:00.0887 System shutting down.

Fri 2013-12-06 13:42:01.0870 Configuration Saved: CSCSBD23B2A539CAC6C9B2820109CC72FE97,00011,00021,00031,00041,00051,00061,00070,00081,00091,000A1,000B1,000C1,000D0,000E1,000F0,001014,001138,00120,00130,00140,00151,00161,00170,00181,00191,001A0,001B0,001C1,001D0,001E0,001F1,00201,00211,00221,00231,00240,00251,00260,00270,00281,00291,002A0,002B1,002C1,002D0,002E1,002F1,00301,00311,00321,00331,00341,00351,00361,00371,00381,00390,003A1,003B1,003C2,003D1,003E1,003F1,00401,00411,00421,00430,00441,00450,00461,00471,00481,00491,004A1,004B1,004C1,004D1,004E1,004F1,00501,00511,00521,00530,00541,00551,00561,00571,00581,00591,005A1,005B1,005C1,005D0,005E1,005F0,00601,00612,00621,00631,00641,00653,00662,00672,00681,00692,006A1,006B1,006C1,006D2,006E1,006F1,00701,00711,00721,00731,00741,00753,00761,00771,00781,00791,007A0,007B0,007C0,007D0,007E0,007F0,00800,00810,00820,00830,00840,00850,00861,00870,00880,00890,008A0,008B0,008C0,008D0,008E0,008F0,00900,00910,00920,00930,00940,00950,00960,00970,00980,00990,009A0,009B0,009C0,009D0,009E0,009F0,00A00,00A10,00A20,00A30,00A40,00A50,00A60,00A70,00A80,00A90,00AA0,00AB0,00AC0,00AD0,00AE0,00AF0,00B00,00B10,00B20,00B30,00B40,00B50,00B60,00B70,00B80,00B90,00BA0,00BB0,00BC0,00BD0,00BE0,

Fri 2013-12-06 13:42:01.0870 <<< Service shut down successfully. Uptime: 140 minute(s)

Fri 2013-12-06 13:43:21.0801 >>> Service started [v8.0.3.3]

Fri 2013-12-06 13:43:21.0864 Terminated abruptly in the last session

Fri 2013-12-06 13:43:33.0642 User process connected successfully from PID 928, Session 1

Fri 2013-12-06 13:43:33.0642 Scan Started:  [iD: 49 - Flags: 551/176]

Fri 2013-12-06 13:43:57.0962 Connecting to 1 - 1

Fri 2013-12-06 13:43:58.0633 Begin passive write scan (2 file(s))

Fri 2013-12-06 13:43:59.0865 End passive write scan (2 file(s))

Fri 2013-12-06 13:51:10.0054 Begin passive write scan (1 file(s))

Fri 2013-12-06 13:51:10.0288 End passive write scan (1 file(s))

Fri 2013-12-06 13:51:14.0173 Begin passive write scan (1 file(s))

Fri 2013-12-06 13:51:14.0422 End passive write scan (1 file(s))

Fri 2013-12-06 13:51:29.0523 File blocked in realtime: c:\program files\nvidia corporation\installer2\display.gfexperience.{6ba94af2-c531-489c-ae4a-b4352fd530e2}\nvtmru.exe [MD5: 588BEEE7B106E6520F550A45897D00B2, Size: 1028384 bytes] [1074270304/00000011] [(null)]

Fri 2013-12-06 13:51:29.0523 File blocked in realtime: c:\program files\nvidia corporation\installer2\display.gfexperience.{6ba94af2-c531-489c-ae4a-b4352fd530e2}\nvtmru.exe [MD5: 588BEEE7B106E6520F550A45897D00B2, Size: 1028384 bytes] [1074270304/00000011] [(null)]

Fri 2013-12-06 13:51:29.0523 Determination flags modified: c:\program files\nvidia corporation\installer2\display.gfexperience.{6ba94af2-c531-489c-ae4a-b4352fd530e2}\nvtmru.exe - MD5: 588BEEE7B106E6520F550A45897D00B2, Size: 1028384 bytes, Flags: 00000020

Fri 2013-12-06 13:51:29.0523 Performing cleanup entry: 1

Fri 2013-12-06 13:51:29.0523 Determination flags modified: c:\program files\nvidia corporation\installer2\display.gfexperience.{6ba94af2-c531-489c-ae4a-b4352fd530e2}\nvtmru.exe - MD5: 588BEEE7B106E6520F550A45897D00B2, Size: 1028384 bytes, Flags: 00000020

Fri 2013-12-06 13:51:31.0473 Performing cleanup entry: 2

Fri 2013-12-06 13:52:02.0112 Connected to A1

Fri 2013-12-06 13:52:25.0543 Infection detected: c:\windows\winsxs\wow64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7600.16385_none_77d8b1bfc59415c0\tabtip32.exe [MD5: 2DC64A3446C8C6E020E781456B46573D] [17/40080040] [(null)]

Fri 2013-12-06 13:52:27.0243 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.17514_none_6fb51b358e21d75f\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144] [17/40090040] [(null)]

Fri 2013-12-06 13:52:27.0259 Infection detected: c:\windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.17610_none_d17c28e532189242\searchfilterhost.exe [MD5: 49A3AD5CE578CD77F445F3D244AEAB2D] [17/40090040] [(null)]

Fri 2013-12-06 13:52:29.0661 Infection detected: c:\windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.17610_none_d17c28e532189242\searchprotocolhost.exe [MD5: D9E21CBF9E6A87847AFFD39EA3FA28EE] [17/40090040] [(null)]

Fri 2013-12-06 14:05:24.0015 Scan Results: Files Scanned: 133264, Duration: 21m 50s, Malicious Files: 4

Fri 2013-12-06 14:05:24.0171 Scan Finished: [iD: 49 - Seq: 84750745]

Fri 2013-12-06 14:07:48.0706 Determination flags modified: c:\program files (x86)\common files\microsoft shared\ink\tabtip32.exe - MD5: 2DC64A3446C8C6E020E781456B46573D, Size: 10240 bytes, Flags: 00000020

Fri 2013-12-06 14:07:48.0721 Determination flags modified: c:\program files\common files\microsoft shared\ink\tabtip.exe - MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes, Flags: 00000020

Fri 2013-12-06 14:07:48.0721 Determination flags modified: c:\windows\system32\searchfilterhost.exe - MD5: 49A3AD5CE578CD77F445F3D244AEAB2D, Size: 113664 bytes, Flags: 00000020

Fri 2013-12-06 14:07:48.0721 Determination flags modified: c:\windows\system32\searchprotocolhost.exe - MD5: D9E21CBF9E6A87847AFFD39EA3FA28EE, Size: 249856 bytes, Flags: 00000020

Fri 2013-12-06 14:07:49.0876 Performing cleanup entry: 3

Fri 2013-12-06 14:07:49.0876 Performing cleanup entry: 4

Fri 2013-12-06 14:07:49.0876 Performing cleanup entry: 5

Fri 2013-12-06 14:07:49.0876 Performing cleanup entry: 6

Fri 2013-12-06 14:07:51.0763 Scan Started:  [iD: 50 - Flags: 551/176]

Fri 2013-12-06 14:19:00.0958 Saved updated configuration

Fri 2013-12-06 14:19:06.0308 Saved updated configuration

Fri 2013-12-06 14:19:27.0977 Saved updated configuration

Fri 2013-12-06 14:23:49.0074 Scan Results: Files Scanned: 135912, Duration: 15m 57s, Malicious Files: 0

Fri 2013-12-06 14:23:49.0932 Scan Finished: [iD: 50 - Seq: 84751819]

Fri 2013-12-06 14:25:56.0963 Saved the product log to C:\Users\Eric Shaffron\Desktop\WebrootLog_ES2013.log

 

Link to post
Share on other sites

  • Root Admin

By replying to your own topic and self medicating makes it look like you don't want help.

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

Sorry, still getting use to this phone. My last update was sent too early.

I updated because according to the combofix guide I should see a blue screen and the program should install onto my computer, but I never saw a blue screen.

The information given above looks like the combofix install window, but I also saw the backup registry window come up.

I wanted to update in case this requires new action.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.