eShaft

Sorry, still getting use to this phone. My last update was sent too early. I updated because according to the combofix guide I should see a blue screen and the program should install onto my computer, but I never saw a blue screen. The information given above looks like the combofix install window, but I also saw the backup registry window come up. I wanted to update in case this requires new action.

ComboFix is hung up on "Output folder: C:\32788R22FWJFW" Less than 1/10th of the bar remaining after Combofix should be looking for the WinRecovery Console, no notifications have come up.

Okay I understand, and I will start with the combofix, sorry I made it difficult for you to discern the nature of my post. Update: From Phone Reading ComboFix info, so it may take a little bit longer.

Update: Still infected, but the problem described in the title is not the issue. There is something about appbario12, still need help. Thanks.

This log is a lot longer, but I could only fit the events from today after roguekiller was run, but not from thursday when I found out about the Sweetpacks. Let me know if you will need the full log, and what to do next. For now the system says clean, and I will wait to hear back from here. Thanks again. ---------------------------------------------------------- SecureAnywhere Scan Log (Version v8.0.3.3) Log saved at Fri 2013-12-06 14:25:56 v8.0.3.3 Windows 7 Service Pack 1 (Build 7601) 64bit (Hostname: ERICSHAFFRON-PC - Local IP: 10.0.0.2) Scan Started: Fri 2013-12-06 14:07:51 Files Scanned: 135912 Malicious Files: 0 Duration: 15m 57s Previous Scan Results INFECTED - [Fri 2013-12-06 13:43:33] 133264 files scanned, 4 infections found in 21m 50s INFECTED - [Fri 2013-12-06 13:10:38] 135491 files scanned, 15 infections found in 26m 11s INFECTED - [Fri 2013-12-06 11:23:16] 130592 files scanned, 17 infections found in 35m 14s INFECTED - [Fri 2013-12-06 00:44:16] 134081 files scanned, 21 infections found in 42m 47s INFECTED - [Thu 2013-12-05 23:31:23] 141075 files scanned, 17 infections found in 52m 39s INFECTED - [Thu 2013-12-05 23:29:02] 135329 files scanned, 24 infections found in 53m 42s INFECTED - [Thu 2013-12-05 23:28:42] 1252 files scanned, 8 infections found in 14s INFECTED - [Thu 2013-12-05 23:28:17] 1312 files scanned, 5 infections found in 21s INFECTED - [Thu 2013-12-05 23:27:29] 1308 files scanned, 1 infection found in 16s INFECTED - [Thu 2013-12-05 23:09:15] 872 files scanned, 1 infection found in 2s INFECTED - [Thu 2013-12-05 19:48:00] 92 files scanned, 11 infections found in 1s INFECTED - [Thu 2013-12-05 11:58:32] 84246 files scanned, 1 infection found in 11m 0s Fri 2013-12-06 00:00:47.0735 File blocked in realtime: c:\windows\system32\taskhost.exe [MD5: 639774C9ACD063F028F6084ABF5593AD, Size: 68608 bytes] [1074331712/00000011] [(null)] Fri 2013-12-06 00:00:47.0735 File blocked in realtime: c:\windows\system32\taskhost.exe [MD5: 639774C9ACD063F028F6084ABF5593AD, Size: 68608 bytes] [1074331712/00000011] [(null)] Fri 2013-12-06 00:00:47.0876 File blocked in realtime: c:\windows\system32\taskhost.exe [MD5: 639774C9ACD063F028F6084ABF5593AD, Size: 68608 bytes] [1074331712/00000011] [(null)] Fri 2013-12-06 00:00:47.0876 File blocked in realtime: c:\windows\system32\taskhost.exe [MD5: 639774C9ACD063F028F6084ABF5593AD, Size: 68608 bytes] [1074331712/00000011] [(null)] Fri 2013-12-06 00:22:44.0534 Infection detected: c:\windows\system32\vmnetdhcp.exe [MD5: 9FAD0F49EDA6E16EC61BF7DD1A5107B3] [17/40081040] [(null)] Fri 2013-12-06 00:22:44.0534 Infection detected: c:\windows\system32\vmnat.exe [MD5: D3ECFDBFAFD965AFDAC299DEBE71B4C7] [17/40081040] [(null)] Fri 2013-12-06 00:22:44.0534 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.1.7600.16385_none_9ba1049ce0053bef\inputpersonalization.exe [MD5: C7DE4414D5F6F9373F913CB86262D512] [17/40090040] [(null)] Fri 2013-12-06 00:22:44.0534 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7600.16385_none_6d84076d913353c5\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144] [17/40090040] [(null)] Fri 2013-12-06 00:22:44.0534 Infection detected: c:\windows\winsxs\wow64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.17514_none_7a09c587c282995a\tabtip32.exe [MD5: 2DC64A3446C8C6E020E781456B46573D] [17/40080040] [(null)] Fri 2013-12-06 00:22:44.0549 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-wmpnss-service_31bf3856ad364e35_6.1.7601.17514_none_61acd141e5332baf\wmpnetwk.exe [MD5: A9F3BFC9345F49614D5859EC95B9E994] [17/40090040] [(null)] Fri 2013-12-06 00:22:44.0549 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7601.18010_none_86608c5a70f925bc\taskhost.exe [MD5: 639774C9ACD063F028F6084ABF5593AD] [17/40090040] [(null)] Fri 2013-12-06 00:22:44.0970 Scan Results: Files Scanned: 135329, Duration: 53m 42s, Malicious Files: 24 Fri 2013-12-06 00:22:47.0357 Scan Finished: [iD: 41 - Seq: 84699386] Fri 2013-12-06 00:24:03.0142 Scan Results: Files Scanned: 141075, Duration: 52m 39s, Malicious Files: 17 Fri 2013-12-06 00:24:04.0718 Scan Finished: [iD: 42 - Seq: 42] Fri 2013-12-06 00:43:59.0820 Determination flags modified: c:\windows\system32\conhost.exe - MD5: BF95EA5809E3BBF55370F7CB309FEBD0, Size: 338432 bytes, Flags: 00000020 Fri 2013-12-06 00:43:59.0820 Determination flags modified: c:\windows\system32\taskhost.exe - MD5: 639774C9ACD063F028F6084ABF5593AD, Size: 68608 bytes, Flags: 00000020 Fri 2013-12-06 00:44:08.0338 Performing cleanup entry: 87 Fri 2013-12-06 00:44:08.0353 Performing cleanup entry: 88 Fri 2013-12-06 00:44:16.0200 Scan Started: [iD: 43 - Flags: 551/128] Fri 2013-12-06 00:59:24.0434 Infection detected: c:\program files\nvidia corporation\installer2\display.gfexperience.{6ba94af2-c531-489c-ae4a-b4352fd530e2}\nvtmru.exe [MD5: 588BEEE7B106E6520F550A45897D00B2] [17/40081040] [(null)] Fri 2013-12-06 00:59:24.0434 Infection detected: c:\windows\winsxs\wow64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.17514_none_7a09c587c282995a\tabtip32.exe [MD5: 2DC64A3446C8C6E020E781456B46573D] [17/40080040] [(null)] Fri 2013-12-06 00:59:24.0434 Infection detected: c:\windows\runsw.exe [MD5: 6F26FA3FE9ACF14C1B2D1CB92D3B35B0] [17/40080040] [(null)] Fri 2013-12-06 00:59:24.0449 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7601.18010_none_86608c5a70f925bc\taskhost.exe [MD5: 639774C9ACD063F028F6084ABF5593AD] [17/40090040] [(null)] Fri 2013-12-06 00:59:24.0449 Infection detected: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144] [17/40090040] [(null)] Fri 2013-12-06 00:59:24.0449 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.1.7601.17514_none_d4c5c995fb3f4a1b\audiodg.exe [MD5: D5CCA1453B98A5801E6D5FF0FF89DC6C] [17/40090040] [(null)] Fri 2013-12-06 00:59:24.0449 Infection detected: c:\windows\system32\searchfilterhost.exe [MD5: 49A3AD5CE578CD77F445F3D244AEAB2D] [17/40090040] [(null)] Fri 2013-12-06 00:59:24.0449 Infection detected: c:\windows\syswow64\vmnetdhcp.exe [MD5: 9FAD0F49EDA6E16EC61BF7DD1A5107B3] [17/40081040] [(null)] Fri 2013-12-06 00:59:24.0449 Infection detected: c:\windows\system32\searchprotocolhost.exe [MD5: D9E21CBF9E6A87847AFFD39EA3FA28EE] [17/40090040] [(null)] Fri 2013-12-06 00:59:24.0449 Infection detected: c:\program files\common files\microsoft shared\ink\inputpersonalization.exe [MD5: C7DE4414D5F6F9373F913CB86262D512] [17/40090040] [(null)] Fri 2013-12-06 00:59:24.0449 Infection detected: c:\windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.17610_none_d17c28e532189242\searchindexer.exe [MD5: E0B340996A41C9A75DFA3B99BBA9C500] [17/40090040] [(null)] Fri 2013-12-06 00:59:24.0449 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_43d2529dd579f798\taskeng.exe [MD5: 65EA57712340C09B1B0C427B4848AE05] [17/40090040] [(null)] Fri 2013-12-06 00:59:24.0449 Infection detected: c:\windows\syswow64\vmnat.exe [MD5: D3ECFDBFAFD965AFDAC299DEBE71B4C7] [17/40081040] [(null)] Fri 2013-12-06 00:59:24.0465 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.18229_none_d27be1cc18bd0cc4\conhost.exe [MD5: BF95EA5809E3BBF55370F7CB309FEBD0] [17/40090040] [(null)] Fri 2013-12-06 00:59:24.0465 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-wmpnss-service_31bf3856ad364e35_6.1.7601.17514_none_61acd141e5332baf\wmpnetwk.exe [MD5: A9F3BFC9345F49614D5859EC95B9E994] [17/40090040] [(null)] Fri 2013-12-06 00:59:24.0465 Infection detected: c:\program files (x86)\nvidia corporation\nvidia update core\nvtmru.exe [MD5: 588BEEE7B106E6520F550A45897D00B2] [17/40081040] [(null)] Fri 2013-12-06 00:59:24.0465 Infection detected: c:\users\eric shaffron\appdata\local\temp\nvidia\geforceexperienceselfupdate\9.3.21.0\gfexperience\nvtmru.exe [MD5: 588BEEE7B106E6520F550A45897D00B2] [17/40081040] [(null)] Fri 2013-12-06 01:16:01.0884 Monitoring process C:\Windows\System32\msdt.exe [AECB7B09566B1F83F61D5A4B44AE9C7E]. Type: 3 (15489) Fri 2013-12-06 01:16:01.0884 Monitoring process C:\Windows\System32\msdt.exe [AECB7B09566B1F83F61D5A4B44AE9C7E]. Type: 4 (15489) Fri 2013-12-06 01:16:01.0884 Monitoring process C:\Windows\System32\msdt.exe [AECB7B09566B1F83F61D5A4B44AE9C7E]. Type: 5 (15489) Fri 2013-12-06 01:16:01.0946 Monitoring process C:\Windows\System32\msdt.exe [AECB7B09566B1F83F61D5A4B44AE9C7E]. Type: 8 (15489) Fri 2013-12-06 01:16:01.0946 Monitoring process C:\Windows\System32\msdt.exe [AECB7B09566B1F83F61D5A4B44AE9C7E]. Type: 6 (15489) Fri 2013-12-06 01:19:31.0735 Infection detected: c:\windows\system32\vmnetdhcp.exe [MD5: 9FAD0F49EDA6E16EC61BF7DD1A5107B3] [17/40081040] [(null)] Fri 2013-12-06 01:19:31.0751 Infection detected: c:\windows\system32\vmnat.exe [MD5: D3ECFDBFAFD965AFDAC299DEBE71B4C7] [17/40081040] [(null)] Fri 2013-12-06 01:20:30.0142 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.1.7600.16385_none_9ba1049ce0053bef\inputpersonalization.exe [MD5: C7DE4414D5F6F9373F913CB86262D512] [17/40090040] [(null)] Fri 2013-12-06 01:20:30.0158 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7600.16385_none_6d84076d913353c5\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144] [17/40090040] [(null)] Fri 2013-12-06 01:27:04.0121 Scan Results: Files Scanned: 134081, Duration: 42m 47s, Malicious Files: 21 Fri 2013-12-06 01:27:08.0333 Scan Finished: [iD: 43 - Seq: 43] Fri 2013-12-06 04:02:23.0359 Monitoring process C:\Windows\system32\aitagent.EXE [DDB88D0BB116D468B2B3EFBB6E3D6D06]. Type: 3 (15569) Fri 2013-12-06 04:02:23.0359 Monitoring process C:\Windows\system32\aitagent.EXE [DDB88D0BB116D468B2B3EFBB6E3D6D06]. Type: 4 (15569) Fri 2013-12-06 04:02:23.0359 Monitoring process C:\Windows\system32\aitagent.EXE [DDB88D0BB116D468B2B3EFBB6E3D6D06]. Type: 5 (15569) Fri 2013-12-06 04:02:23.0359 Monitoring process C:\Windows\system32\aitagent.EXE [DDB88D0BB116D468B2B3EFBB6E3D6D06]. Type: 7 (15569) Fri 2013-12-06 04:02:23.0390 Monitoring process C:\Windows\system32\aitagent.EXE [DDB88D0BB116D468B2B3EFBB6E3D6D06]. Type: 8 (15569) Fri 2013-12-06 04:02:23.0780 Monitoring process C:\Windows\system32\aitagent.EXE [DDB88D0BB116D468B2B3EFBB6E3D6D06]. Type: 3 (15569) Fri 2013-12-06 04:02:23.0780 Monitoring process C:\Windows\system32\aitagent.EXE [DDB88D0BB116D468B2B3EFBB6E3D6D06]. Type: 4 (15569) Fri 2013-12-06 04:02:23.0780 Monitoring process C:\Windows\system32\aitagent.EXE [DDB88D0BB116D468B2B3EFBB6E3D6D06]. Type: 5 (15569) Fri 2013-12-06 04:02:23.0780 Monitoring process C:\Windows\system32\aitagent.EXE [DDB88D0BB116D468B2B3EFBB6E3D6D06]. Type: 7 (15569) Fri 2013-12-06 04:02:23.0780 Monitoring process C:\Windows\system32\aitagent.EXE [DDB88D0BB116D468B2B3EFBB6E3D6D06]. Type: 8 (15569) Fri 2013-12-06 04:09:23.0358 Monitoring process C:\Windows\system32\lpremove.exe [E3F30C809B0E3C34588BD336D8090CD2]. Type: 3 (15571) Fri 2013-12-06 04:09:23.0358 Monitoring process C:\Windows\system32\lpremove.exe [E3F30C809B0E3C34588BD336D8090CD2]. Type: 4 (15571) Fri 2013-12-06 04:09:23.0358 Monitoring process C:\Windows\system32\lpremove.exe [E3F30C809B0E3C34588BD336D8090CD2]. Type: 5 (15571) Fri 2013-12-06 04:09:23.0358 Monitoring process C:\Windows\system32\lpremove.exe [E3F30C809B0E3C34588BD336D8090CD2]. Type: 7 (15571) Fri 2013-12-06 04:09:23.0374 Monitoring process C:\Windows\system32\lpremove.exe [E3F30C809B0E3C34588BD336D8090CD2]. Type: 8 (15571) Fri 2013-12-06 06:53:45.0446 File blocked in realtime: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes] [1074331712/00000011] [(null)] Fri 2013-12-06 06:53:48.0722 System shutting down. Fri 2013-12-06 06:53:49.0268 File blocked in realtime: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes] [1074331712/00000011] [(null)] Fri 2013-12-06 06:53:50.0360 File blocked in realtime: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes] [1074331712/00000011] [(null)] Fri 2013-12-06 06:53:50.0376 File blocked in realtime: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes] [1074331712/00000011] [(null)] Fri 2013-12-06 06:53:50.0734 File blocked in realtime: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes] [1074331712/00000011] [(null)] Fri 2013-12-06 06:53:50.0750 File blocked in realtime: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes] [1074331712/00000011] [(null)] Fri 2013-12-06 06:53:54.0135 Configuration Saved: CSCSBD23B2A539CAC6C9B2820109CC72FE97,00011,00021,00031,00041,00051,00061,00070,00081,00091,000A1,000B1,000C1,000D0,000E1,000F0,001014,001138,00120,00130,00140,00151,00161,00170,00181,00191,001A0,001B0,001C1,001D0,001E0,001F1,00201,00211,00221,00231,00240,00251,00260,00270,00281,00291,002A0,002B1,002C1,002D0,002E1,002F1,00301,00311,00321,00331,00341,00351,00361,00371,00381,00390,003A1,003B1,003C2,003D1,003E1,003F1,00401,00411,00421,00430,00441,00450,00461,00471,00481,00491,004A1,004B1,004C1,004D1,004E1,004F1,00501,00511,00521,00530,00541,00551,00561,00571,00581,00591,005A1,005B1,005C1,005D0,005E1,005F0,00601,00612,00621,00631,00641,00653,00662,00672,00681,00692,006A1,006B1,006C1,006D2,006E1,006F1,00701,00711,00721,00731,00741,00753,00761,00771,00781,00791,007A0,007B0,007C0,007D0,007E0,007F0,00800,00810,00820,00830,00840,00850,00861,00870,00880,00890,008A0,008B0,008C0,008D0,008E0,008F0,00900,00910,00920,00930,00940,00950,00960,00970,00980,00990,009A0,009B0,009C0,009D0,009E0,009F0,00A00,00A10,00A20,00A30,00A40,00A50,00A60,00A70,00A80,00A90,00AA0,00AB0,00AC0,00AD0,00AE0,00AF0,00B00,00B10,00B20,00B30,00B40,00B50,00B60,00B70,00B80,00B90,00BA0,00BB0,00BC0,00BD0,00BE0, Fri 2013-12-06 06:53:54.0135 <<< Service shut down successfully. Uptime: 464 minute(s) Fri 2013-12-06 06:55:22.0553 >>> Service started [v8.0.3.3] Fri 2013-12-06 06:55:52.0271 File blocked in realtime: c:\windows\runsw.exe [MD5: 6F26FA3FE9ACF14C1B2D1CB92D3B35B0, Size: 36864 bytes] [1074266176/00000011] [(null)] Fri 2013-12-06 06:55:52.0349 File blocked in realtime: c:\windows\runsw.exe [MD5: 6F26FA3FE9ACF14C1B2D1CB92D3B35B0, Size: 36864 bytes] [1074266176/00000011] [(null)] Fri 2013-12-06 06:55:52.0380 File blocked in realtime: c:\windows\runsw.exe [MD5: 6F26FA3FE9ACF14C1B2D1CB92D3B35B0, Size: 36864 bytes] [1074266176/00000011] [(null)] Fri 2013-12-06 06:55:52.0380 File blocked in realtime: c:\windows\runsw.exe [MD5: 6F26FA3FE9ACF14C1B2D1CB92D3B35B0, Size: 36864 bytes] [1074266176/00000011] [(null)] Fri 2013-12-06 06:55:57.0528 File blocked in realtime: c:\windows\syswow64\vmnat.exe [MD5: D3ECFDBFAFD965AFDAC299DEBE71B4C7, Size: 395824 bytes] [1074270272/00000011] [(null)] Fri 2013-12-06 06:55:57.0528 File blocked in realtime: c:\windows\syswow64\vmnat.exe [MD5: D3ECFDBFAFD965AFDAC299DEBE71B4C7, Size: 395824 bytes] [1074270272/00000011] [(null)] Fri 2013-12-06 06:55:57.0871 File blocked in realtime: c:\windows\syswow64\vmnat.exe [MD5: D3ECFDBFAFD965AFDAC299DEBE71B4C7, Size: 395824 bytes] [1074270272/00000011] [(null)] Fri 2013-12-06 06:55:57.0871 File blocked in realtime: c:\windows\syswow64\vmnat.exe [MD5: D3ECFDBFAFD965AFDAC299DEBE71B4C7, Size: 395824 bytes] [1074270272/00000011] [(null)] Fri 2013-12-06 06:55:58.0589 Connecting to 1 - 1 Fri 2013-12-06 06:56:00.0976 File blocked in realtime: c:\windows\syswow64\vmnetdhcp.exe [MD5: 9FAD0F49EDA6E16EC61BF7DD1A5107B3, Size: 334384 bytes] [1074270272/00000011] [(null)] Fri 2013-12-06 06:56:00.0976 File blocked in realtime: c:\windows\syswow64\vmnetdhcp.exe [MD5: 9FAD0F49EDA6E16EC61BF7DD1A5107B3, Size: 334384 bytes] [1074270272/00000011] [(null)] Fri 2013-12-06 06:56:01.0303 File blocked in realtime: c:\windows\syswow64\vmnetdhcp.exe [MD5: 9FAD0F49EDA6E16EC61BF7DD1A5107B3, Size: 334384 bytes] [1074270272/00000011] [(null)] Fri 2013-12-06 06:56:01.0303 File blocked in realtime: c:\windows\syswow64\vmnetdhcp.exe [MD5: 9FAD0F49EDA6E16EC61BF7DD1A5107B3, Size: 334384 bytes] [1074270272/00000011] [(null)] Fri 2013-12-06 07:31:59.0957 Monitoring process C:\Windows\system32\lpremove.exe [E3F30C809B0E3C34588BD336D8090CD2]. Type: 3 (15571) Fri 2013-12-06 07:31:59.0957 Monitoring process C:\Windows\system32\lpremove.exe [E3F30C809B0E3C34588BD336D8090CD2]. Type: 4 (15571) Fri 2013-12-06 07:31:59.0957 Monitoring process C:\Windows\system32\lpremove.exe [E3F30C809B0E3C34588BD336D8090CD2]. Type: 5 (15571) Fri 2013-12-06 07:31:59.0957 Monitoring process C:\Windows\system32\lpremove.exe [E3F30C809B0E3C34588BD336D8090CD2]. Type: 7 (15571) Fri 2013-12-06 07:31:59.0973 Monitoring process C:\Windows\system32\lpremove.exe [E3F30C809B0E3C34588BD336D8090CD2]. Type: 8 (15571) Fri 2013-12-06 11:13:11.0821 File blocked in realtime: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes] [1074331712/00000011] [(null)] Fri 2013-12-06 11:13:11.0821 File blocked in realtime: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes] [1074331712/00000011] [(null)] Fri 2013-12-06 11:13:11.0946 File blocked in realtime: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes] [1074331712/00000011] [(null)] Fri 2013-12-06 11:13:11.0946 File blocked in realtime: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes] [1074331712/00000011] [(null)] Fri 2013-12-06 11:13:12.0133 User process connected successfully from PID 940, Session 1 Fri 2013-12-06 11:13:13.0240 File blocked in realtime: c:\program files (x86)\nvidia corporation\nvidia update core\nvtmru.exe [MD5: 588BEEE7B106E6520F550A45897D00B2, Size: 1028384 bytes] [1074270272/00000011] [(null)] Fri 2013-12-06 11:13:13.0240 File blocked in realtime: c:\program files (x86)\nvidia corporation\nvidia update core\nvtmru.exe [MD5: 588BEEE7B106E6520F550A45897D00B2, Size: 1028384 bytes] [1074270272/00000011] [(null)] Fri 2013-12-06 11:13:13.0490 Scan Started: [iD: 44 - Flags: 1575/16] Fri 2013-12-06 11:13:24.0098 Determination flags modified: c:\program files\nvidia corporation\installer2\display.gfexperience.{6ba94af2-c531-489c-ae4a-b4352fd530e2}\nvtmru.exe - MD5: 588BEEE7B106E6520F550A45897D00B2, Size: 1028384 bytes, Flags: 00000020 Fri 2013-12-06 11:13:26.0329 Performing cleanup entry: 17 Fri 2013-12-06 11:13:34.0628 Scan Started: [iD: 45 - Flags: 551/128] Fri 2013-12-06 11:14:55.0911 Monitoring process C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.libs\AwesomiumProcess.exe [8C1D70B5081773D7DFC331FDC59BBD0E]. Type: 3 (15577) Fri 2013-12-06 11:14:55.0911 Monitoring process C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.libs\AwesomiumProcess.exe [8C1D70B5081773D7DFC331FDC59BBD0E]. Type: 4 (15577) Fri 2013-12-06 11:14:55.0911 Monitoring process C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.libs\AwesomiumProcess.exe [8C1D70B5081773D7DFC331FDC59BBD0E]. Type: 5 (15577) Fri 2013-12-06 11:14:55.0912 Monitoring process C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.libs\AwesomiumProcess.exe [8C1D70B5081773D7DFC331FDC59BBD0E]. Type: 7 (15577) Fri 2013-12-06 11:14:55.0914 Monitoring process C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.libs\AwesomiumProcess.exe [8C1D70B5081773D7DFC331FDC59BBD0E]. Type: 8 (15577) Fri 2013-12-06 11:14:55.0920 Monitoring process C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.libs\AwesomiumProcess.exe [8C1D70B5081773D7DFC331FDC59BBD0E]. Type: 3 (15577) Fri 2013-12-06 11:14:55.0920 Monitoring process C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.libs\AwesomiumProcess.exe [8C1D70B5081773D7DFC331FDC59BBD0E]. Type: 4 (15577) Fri 2013-12-06 11:14:55.0920 Monitoring process C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.libs\AwesomiumProcess.exe [8C1D70B5081773D7DFC331FDC59BBD0E]. Type: 5 (15577) Fri 2013-12-06 11:14:55.0921 Monitoring process C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.libs\AwesomiumProcess.exe [8C1D70B5081773D7DFC331FDC59BBD0E]. Type: 7 (15577) Fri 2013-12-06 11:14:55.0923 Monitoring process C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.libs\AwesomiumProcess.exe [8C1D70B5081773D7DFC331FDC59BBD0E]. Type: 8 (15577) Fri 2013-12-06 11:14:56.0902 Monitoring process C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.libs\AwesomiumProcess.exe [8C1D70B5081773D7DFC331FDC59BBD0E]. Type: 3 (15577) Fri 2013-12-06 11:14:56.0902 Monitoring process C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.libs\AwesomiumProcess.exe [8C1D70B5081773D7DFC331FDC59BBD0E]. Type: 4 (15577) Fri 2013-12-06 11:14:56.0902 Monitoring process C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.libs\AwesomiumProcess.exe [8C1D70B5081773D7DFC331FDC59BBD0E]. Type: 5 (15577) Fri 2013-12-06 11:14:56.0903 Monitoring process C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.libs\AwesomiumProcess.exe [8C1D70B5081773D7DFC331FDC59BBD0E]. Type: 7 (15577) Fri 2013-12-06 11:14:56.0905 Monitoring process C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.libs\AwesomiumProcess.exe [8C1D70B5081773D7DFC331FDC59BBD0E]. Type: 8 (15577) Fri 2013-12-06 11:15:39.0789 File blocked in realtime: c:\program files\common files\microsoft shared\ink\inputpersonalization.exe [MD5: C7DE4414D5F6F9373F913CB86262D512, Size: 383488 bytes] [1074331712/00000011] [(null)] Fri 2013-12-06 11:15:39.0789 File blocked in realtime: c:\program files\common files\microsoft shared\ink\inputpersonalization.exe [MD5: C7DE4414D5F6F9373F913CB86262D512, Size: 383488 bytes] [1074331712/00000011] [(null)] Fri 2013-12-06 11:15:40.0070 File blocked in realtime: c:\program files\common files\microsoft shared\ink\inputpersonalization.exe [MD5: C7DE4414D5F6F9373F913CB86262D512, Size: 383488 bytes] [1074331712/00000011] [(null)] Fri 2013-12-06 11:15:40.0070 File blocked in realtime: c:\program files\common files\microsoft shared\ink\inputpersonalization.exe [MD5: C7DE4414D5F6F9373F913CB86262D512, Size: 383488 bytes] [1074331712/00000011] [(null)] Fri 2013-12-06 11:15:46.0731 Determination flags modified: c:\program files\common files\microsoft shared\ink\inputpersonalization.exe - MD5: C7DE4414D5F6F9373F913CB86262D512, Size: 383488 bytes, Flags: 00000020 Fri 2013-12-06 11:15:47.0465 Performing cleanup entry: 19 Fri 2013-12-06 11:15:50.0195 Scan Started: [iD: 46 - Flags: 551/128] Fri 2013-12-06 11:20:07.0368 File blocked in realtime: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes] [1074331712/00000011] [(null)] Fri 2013-12-06 11:20:07.0368 File blocked in realtime: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes] [1074331712/00000011] [(null)] Fri 2013-12-06 11:20:07.0555 File blocked in realtime: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes] [1074331712/00000011] [(null)] Fri 2013-12-06 11:20:07.0555 File blocked in realtime: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes] [1074331712/00000011] [(null)] Fri 2013-12-06 11:20:09.0708 System shutting down. Fri 2013-12-06 11:20:10.0706 Scan Results: Files Scanned: 10521, Duration: 4m 20s, Malicious Files: 0 Fri 2013-12-06 11:20:10.0706 Scan Results: Files Scanned: 9622, Duration: 6m 36s, Malicious Files: 0 Fri 2013-12-06 11:20:10.0706 Scan Results: Files Scanned: 9662, Duration: 6m 57s, Malicious Files: 0 Fri 2013-12-06 11:20:10.0753 Scan Aborted: [iD: 46] Fri 2013-12-06 11:20:10.0753 Scan Aborted: [iD: 45] Fri 2013-12-06 11:20:10.0753 Scan Aborted: [iD: 44] Fri 2013-12-06 11:20:11.0408 Configuration Saved: CSCSBD23B2A539CAC6C9B2820109CC72FE97,00011,00021,00031,00041,00051,00061,00070,00081,00091,000A1,000B1,000C1,000D0,000E1,000F0,001014,001138,00120,00130,00140,00151,00161,00170,00181,00191,001A0,001B0,001C1,001D0,001E0,001F1,00201,00211,00221,00231,00240,00251,00260,00270,00281,00291,002A0,002B1,002C1,002D0,002E1,002F1,00301,00311,00321,00331,00341,00351,00361,00371,00381,00390,003A1,003B1,003C2,003D1,003E1,003F1,00401,00411,00421,00430,00441,00450,00461,00471,00481,00491,004A1,004B1,004C1,004D1,004E1,004F1,00501,00511,00521,00530,00541,00551,00561,00571,00581,00591,005A1,005B1,005C1,005D0,005E1,005F0,00601,00612,00621,00631,00641,00653,00662,00672,00681,00692,006A1,006B1,006C1,006D2,006E1,006F1,00701,00711,00721,00731,00741,00753,00761,00771,00781,00791,007A0,007B0,007C0,007D0,007E0,007F0,00800,00810,00820,00830,00840,00850,00861,00870,00880,00890,008A0,008B0,008C0,008D0,008E0,008F0,00900,00910,00920,00930,00940,00950,00960,00970,00980,00990,009A0,009B0,009C0,009D0,009E0,009F0,00A00,00A10,00A20,00A30,00A40,00A50,00A60,00A70,00A80,00A90,00AA0,00AB0,00AC0,00AD0,00AE0,00AF0,00B00,00B10,00B20,00B30,00B40,00B50,00B60,00B70,00B80,00B90,00BA0,00BB0,00BC0,00BD0,00BE0, Fri 2013-12-06 11:20:11.0408 <<< Service shut down successfully. Uptime: 264 minute(s) Fri 2013-12-06 11:21:24.0726 >>> Service started [v8.0.3.3] Fri 2013-12-06 11:21:30.0732 File blocked in realtime: c:\windows\runsw.exe [MD5: 6F26FA3FE9ACF14C1B2D1CB92D3B35B0, Size: 36864 bytes] [1074266176/00000011] [(null)] Fri 2013-12-06 11:21:30.0732 File blocked in realtime: c:\windows\runsw.exe [MD5: 6F26FA3FE9ACF14C1B2D1CB92D3B35B0, Size: 36864 bytes] [1074266176/00000011] [(null)] Fri 2013-12-06 11:21:31.0076 File blocked in realtime: c:\windows\runsw.exe [MD5: 6F26FA3FE9ACF14C1B2D1CB92D3B35B0, Size: 36864 bytes] [1074266176/00000011] [(null)] Fri 2013-12-06 11:21:31.0076 File blocked in realtime: c:\windows\runsw.exe [MD5: 6F26FA3FE9ACF14C1B2D1CB92D3B35B0, Size: 36864 bytes] [1074266176/00000011] [(null)] Fri 2013-12-06 11:21:31.0622 File blocked in realtime: c:\windows\syswow64\vmnat.exe [MD5: D3ECFDBFAFD965AFDAC299DEBE71B4C7, Size: 395824 bytes] [1074270272/00000011] [(null)] Fri 2013-12-06 11:21:31.0622 File blocked in realtime: c:\windows\syswow64\vmnat.exe [MD5: D3ECFDBFAFD965AFDAC299DEBE71B4C7, Size: 395824 bytes] [1074270272/00000011] [(null)] Fri 2013-12-06 11:21:31.0762 File blocked in realtime: c:\windows\syswow64\vmnat.exe [MD5: D3ECFDBFAFD965AFDAC299DEBE71B4C7, Size: 395824 bytes] [1074270272/00000011] [(null)] Fri 2013-12-06 11:21:31.0762 File blocked in realtime: c:\windows\syswow64\vmnat.exe [MD5: D3ECFDBFAFD965AFDAC299DEBE71B4C7, Size: 395824 bytes] [1074270272/00000011] [(null)] Fri 2013-12-06 11:21:31.0840 File blocked in realtime: c:\windows\syswow64\vmnetdhcp.exe [MD5: 9FAD0F49EDA6E16EC61BF7DD1A5107B3, Size: 334384 bytes] [1074270272/00000011] [(null)] Fri 2013-12-06 11:21:31.0840 File blocked in realtime: c:\windows\syswow64\vmnetdhcp.exe [MD5: 9FAD0F49EDA6E16EC61BF7DD1A5107B3, Size: 334384 bytes] [1074270272/00000011] [(null)] Fri 2013-12-06 11:21:32.0105 File blocked in realtime: c:\windows\syswow64\vmnetdhcp.exe [MD5: 9FAD0F49EDA6E16EC61BF7DD1A5107B3, Size: 334384 bytes] [1074270272/00000011] [(null)] Fri 2013-12-06 11:21:32.0105 File blocked in realtime: c:\windows\syswow64\vmnetdhcp.exe [MD5: 9FAD0F49EDA6E16EC61BF7DD1A5107B3, Size: 334384 bytes] [1074270272/00000011] [(null)] Fri 2013-12-06 11:21:37.0659 File blocked in realtime: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes] [1074331712/00000011] [(null)] Fri 2013-12-06 11:21:37.0659 File blocked in realtime: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes] [1074331712/00000011] [(null)] Fri 2013-12-06 11:21:37.0924 User process connected successfully from PID 868, Session 1 Fri 2013-12-06 11:21:37.0940 File blocked in realtime: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes] [1074331712/00000011] [(null)] Fri 2013-12-06 11:21:37.0940 File blocked in realtime: c:\program files\common files\microsoft shared\ink\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes] [1074331712/00000011] [(null)] Fri 2013-12-06 11:22:00.0622 Connecting to 1 - 1 Fri 2013-12-06 11:22:28.0764 Determination flags modified: c:\program files\common files\microsoft shared\ink\tabtip.exe - MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes, Flags: 00000020 Fri 2013-12-06 11:23:15.0128 Performing cleanup entry: 15 Fri 2013-12-06 11:23:16.0313 Scan Started: [iD: 47 - Flags: 551/128] Fri 2013-12-06 11:32:35.0996 Infection detected: c:\windows\winsxs\wow64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.17514_none_7a09c587c282995a\tabtip32.exe [MD5: 2DC64A3446C8C6E020E781456B46573D] [17/40080040] [(null)] Fri 2013-12-06 11:32:37.0977 Infection detected: c:\windows\runsw.exe [MD5: 6F26FA3FE9ACF14C1B2D1CB92D3B35B0] [17/40080040] [(null)] Fri 2013-12-06 11:32:38.0460 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7601.18010_none_86608c5a70f925bc\taskhost.exe [MD5: 639774C9ACD063F028F6084ABF5593AD] [17/40090040] [(null)] Fri 2013-12-06 11:32:38.0928 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7600.16385_none_6d84076d913353c5\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144] [17/40090040] [(null)] Fri 2013-12-06 11:32:39.0412 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.1.7601.17514_none_d4c5c995fb3f4a1b\audiodg.exe [MD5: D5CCA1453B98A5801E6D5FF0FF89DC6C] [17/40090040] [(null)] Fri 2013-12-06 11:32:39.0740 Infection detected: c:\windows\system32\searchfilterhost.exe [MD5: 49A3AD5CE578CD77F445F3D244AEAB2D] [17/40090040] [(null)] Fri 2013-12-06 11:32:40.0660 Infection detected: c:\windows\syswow64\vmnetdhcp.exe [MD5: 9FAD0F49EDA6E16EC61BF7DD1A5107B3] [17/40081040] [(null)] Fri 2013-12-06 11:32:41.0924 Infection detected: c:\windows\system32\searchprotocolhost.exe [MD5: D9E21CBF9E6A87847AFFD39EA3FA28EE] [17/40090040] [(null)] Fri 2013-12-06 11:32:44.0732 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.1.7600.16385_none_9ba1049ce0053bef\inputpersonalization.exe [MD5: C7DE4414D5F6F9373F913CB86262D512] [17/40090040] [(null)] Fri 2013-12-06 11:32:44.0747 Infection detected: c:\windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.17610_none_d17c28e532189242\searchindexer.exe [MD5: E0B340996A41C9A75DFA3B99BBA9C500] [17/40090040] [(null)] Fri 2013-12-06 11:32:46.0354 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_43d2529dd579f798\taskeng.exe [MD5: 65EA57712340C09B1B0C427B4848AE05] [17/40090040] [(null)] Fri 2013-12-06 11:32:46.0463 Infection detected: c:\windows\syswow64\vmnat.exe [MD5: D3ECFDBFAFD965AFDAC299DEBE71B4C7] [17/40081040] [(null)] Fri 2013-12-06 11:32:46.0884 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.18229_none_d27be1cc18bd0cc4\conhost.exe [MD5: BF95EA5809E3BBF55370F7CB309FEBD0] [17/40090040] [(null)] Fri 2013-12-06 11:32:54.0513 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-wmpnss-service_31bf3856ad364e35_6.1.7601.17514_none_61acd141e5332baf\wmpnetwk.exe [MD5: A9F3BFC9345F49614D5859EC95B9E994] [17/40090040] [(null)] Fri 2013-12-06 11:33:15.0994 Infection detected: c:\users\eric shaffron\appdata\local\temp\nvidia\geforceexperienceselfupdate\9.3.21.0\gfexperience\nvtmru.exe [MD5: 588BEEE7B106E6520F550A45897D00B2] [17/40081040] [(null)] Fri 2013-12-06 11:54:19.0783 Infection detected: c:\windows\system32\vmnetdhcp.exe [MD5: 9FAD0F49EDA6E16EC61BF7DD1A5107B3] [17/40081040] [(null)] Fri 2013-12-06 11:54:19.0815 Infection detected: c:\windows\system32\vmnat.exe [MD5: D3ECFDBFAFD965AFDAC299DEBE71B4C7] [17/40081040] [(null)] Fri 2013-12-06 11:58:30.0803 Scan Results: Files Scanned: 130592, Duration: 35m 14s, Malicious Files: 17 Fri 2013-12-06 11:58:32.0941 Scan Finished: [iD: 47 - Seq: 47] Fri 2013-12-06 12:26:48.0008 Monitoring process C:\Windows\system32\msfeedssync.exe [DA9648200FC010A6DF004FAC8A775FD9]. Type: 3 (15708) Fri 2013-12-06 12:26:48.0040 Monitoring process C:\Windows\system32\msfeedssync.exe [DA9648200FC010A6DF004FAC8A775FD9]. Type: 4 (15708) Fri 2013-12-06 12:26:48.0040 Monitoring process C:\Windows\system32\msfeedssync.exe [DA9648200FC010A6DF004FAC8A775FD9]. Type: 5 (15708) Fri 2013-12-06 12:26:48.0040 Monitoring process C:\Windows\system32\msfeedssync.exe [DA9648200FC010A6DF004FAC8A775FD9]. Type: 7 (15708) Fri 2013-12-06 12:26:48.0102 Monitoring process C:\Windows\system32\msfeedssync.exe [DA9648200FC010A6DF004FAC8A775FD9]. Type: 8 (15708) Fri 2013-12-06 12:26:53.0281 Begin passive write scan (2 file(s)) Fri 2013-12-06 12:26:54.0404 End passive write scan (2 file(s)) Fri 2013-12-06 12:27:59.0223 Begin passive write scan (1 file(s)) Fri 2013-12-06 12:28:00.0112 End passive write scan (1 file(s)) Fri 2013-12-06 12:28:00.0252 Begin passive write scan (2 file(s)) Fri 2013-12-06 12:28:00.0923 End passive write scan (2 file(s)) Fri 2013-12-06 12:28:01.0282 Begin passive write scan (2 file(s)) Fri 2013-12-06 12:28:02.0296 End passive write scan (2 file(s)) Fri 2013-12-06 12:28:04.0371 Begin passive write scan (2 file(s)) Fri 2013-12-06 12:28:05.0151 End passive write scan (2 file(s)) Fri 2013-12-06 12:28:30.0111 Begin passive write scan (1 file(s)) Fri 2013-12-06 12:28:30.0345 End passive write scan (1 file(s)) Fri 2013-12-06 12:52:06.0300 Monitoring process c:\users\eric shaffron\desktop\viruscleanup_2013\roguekiller.exe [0408F45DEF2A1A90C78ABC5D0837C011]. Type: 9 (5984) Fri 2013-12-06 12:52:06.0409 Monitoring process c:\users\eric shaffron\desktop\viruscleanup_2013\roguekiller.exe [0408F45DEF2A1A90C78ABC5D0837C011]. Type: 3 (5984) Fri 2013-12-06 12:52:06.0425 Monitoring process c:\users\eric shaffron\desktop\viruscleanup_2013\roguekiller.exe [0408F45DEF2A1A90C78ABC5D0837C011]. Type: 4 (5984) Fri 2013-12-06 12:52:06.0440 Monitoring process c:\users\eric shaffron\desktop\viruscleanup_2013\roguekiller.exe [0408F45DEF2A1A90C78ABC5D0837C011]. Type: 5 (5984) Fri 2013-12-06 12:52:06.0456 Monitoring process c:\users\eric shaffron\desktop\viruscleanup_2013\roguekiller.exe [0408F45DEF2A1A90C78ABC5D0837C011]. Type: 8 (5984) Fri 2013-12-06 12:52:06.0456 Monitoring process c:\users\eric shaffron\desktop\viruscleanup_2013\roguekiller.exe [0408F45DEF2A1A90C78ABC5D0837C011]. Type: 6 (5984) Fri 2013-12-06 12:52:06.0846 Monitoring process C:\Users\Eric Shaffron\Desktop\VirusCleanUp_2013\RogueKiller.exe [0408F45DEF2A1A90C78ABC5D0837C011]. Type: 3 (5984) Fri 2013-12-06 12:52:06.0846 Monitoring process C:\Users\Eric Shaffron\Desktop\VirusCleanUp_2013\RogueKiller.exe [0408F45DEF2A1A90C78ABC5D0837C011]. Type: 4 (5984) Fri 2013-12-06 12:52:06.0846 Monitoring process C:\Users\Eric Shaffron\Desktop\VirusCleanUp_2013\RogueKiller.exe [0408F45DEF2A1A90C78ABC5D0837C011]. Type: 5 (5984) Fri 2013-12-06 12:52:06.0862 Monitoring process C:\Users\Eric Shaffron\Desktop\VirusCleanUp_2013\RogueKiller.exe [0408F45DEF2A1A90C78ABC5D0837C011]. Type: 8 (5984) Fri 2013-12-06 12:52:06.0862 Monitoring process C:\Users\Eric Shaffron\Desktop\VirusCleanUp_2013\RogueKiller.exe [0408F45DEF2A1A90C78ABC5D0837C011]. Type: 6 (5984) Fri 2013-12-06 12:52:08.0172 Begin passive write scan (1 file(s)) Fri 2013-12-06 12:52:09.0872 End passive write scan (1 file(s)) Fri 2013-12-06 12:54:48.0281 Monitoring process C:\Users\Eric Shaffron\Desktop\VirusCleanUp_2013\RogueKiller.exe [0408F45DEF2A1A90C78ABC5D0837C011]. Type: 3 (5984) Fri 2013-12-06 12:54:48.0297 Monitoring process C:\Users\Eric Shaffron\Desktop\VirusCleanUp_2013\RogueKiller.exe [0408F45DEF2A1A90C78ABC5D0837C011]. Type: 4 (5984) Fri 2013-12-06 12:54:48.0297 Monitoring process C:\Users\Eric Shaffron\Desktop\VirusCleanUp_2013\RogueKiller.exe [0408F45DEF2A1A90C78ABC5D0837C011]. Type: 5 (5984) Fri 2013-12-06 12:54:48.0297 Monitoring process C:\Users\Eric Shaffron\Desktop\VirusCleanUp_2013\RogueKiller.exe [0408F45DEF2A1A90C78ABC5D0837C011]. Type: 8 (5984) Fri 2013-12-06 12:54:48.0297 Monitoring process C:\Users\Eric Shaffron\Desktop\VirusCleanUp_2013\RogueKiller.exe [0408F45DEF2A1A90C78ABC5D0837C011]. Type: 6 (5984) Fri 2013-12-06 12:54:50.0293 Begin passive write scan (1 file(s)) Fri 2013-12-06 12:54:50.0527 End passive write scan (1 file(s)) Fri 2013-12-06 12:58:50.0191 Begin passive write scan (1 file(s)) Fri 2013-12-06 12:58:50.0425 End passive write scan (1 file(s)) Fri 2013-12-06 13:10:38.0635 Scan Started: [iD: 48 - Flags: 551/16] Fri 2013-12-06 13:24:16.0232 Infection detected: c:\windows\winsxs\wow64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.17514_none_7a09c587c282995a\tabtip32.exe [MD5: 2DC64A3446C8C6E020E781456B46573D] [17/40080040] [(null)] Fri 2013-12-06 13:24:16.0232 Infection detected: c:\windows\runsw.exe [MD5: 6F26FA3FE9ACF14C1B2D1CB92D3B35B0] [17/40080040] [(null)] Fri 2013-12-06 13:24:16.0232 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7601.18010_none_86608c5a70f925bc\taskhost.exe [MD5: 639774C9ACD063F028F6084ABF5593AD] [17/40090040] [(null)] Fri 2013-12-06 13:24:16.0232 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7600.16385_none_6d84076d913353c5\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144] [17/40090040] [(null)] Fri 2013-12-06 13:24:16.0232 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.1.7601.17514_none_d4c5c995fb3f4a1b\audiodg.exe [MD5: D5CCA1453B98A5801E6D5FF0FF89DC6C] [17/40090040] [(null)] Fri 2013-12-06 13:24:16.0232 Infection detected: c:\windows\system32\searchfilterhost.exe [MD5: 49A3AD5CE578CD77F445F3D244AEAB2D] [17/40090040] [(null)] Fri 2013-12-06 13:24:16.0232 Infection detected: c:\windows\syswow64\vmnetdhcp.exe [MD5: 9FAD0F49EDA6E16EC61BF7DD1A5107B3] [17/40081040] [(null)] Fri 2013-12-06 13:24:16.0232 Infection detected: c:\windows\system32\searchprotocolhost.exe [MD5: D9E21CBF9E6A87847AFFD39EA3FA28EE] [17/40090040] [(null)] Fri 2013-12-06 13:24:16.0232 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-t..nputpersonalization_31bf3856ad364e35_6.1.7600.16385_none_9ba1049ce0053bef\inputpersonalization.exe [MD5: C7DE4414D5F6F9373F913CB86262D512] [17/40090040] [(null)] Fri 2013-12-06 13:24:16.0232 Infection detected: c:\windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.17610_none_d17c28e532189242\searchindexer.exe [MD5: E0B340996A41C9A75DFA3B99BBA9C500] [17/40090040] [(null)] Fri 2013-12-06 13:24:16.0232 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_43d2529dd579f798\taskeng.exe [MD5: 65EA57712340C09B1B0C427B4848AE05] [17/40090040] [(null)] Fri 2013-12-06 13:24:16.0232 Infection detected: c:\windows\syswow64\vmnat.exe [MD5: D3ECFDBFAFD965AFDAC299DEBE71B4C7] [17/40081040] [(null)] Fri 2013-12-06 13:24:16.0232 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.18229_none_d27be1cc18bd0cc4\conhost.exe [MD5: BF95EA5809E3BBF55370F7CB309FEBD0] [17/40090040] [(null)] Fri 2013-12-06 13:24:16.0248 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-wmpnss-service_31bf3856ad364e35_6.1.7601.17514_none_61acd141e5332baf\wmpnetwk.exe [MD5: A9F3BFC9345F49614D5859EC95B9E994] [17/40090040] [(null)] Fri 2013-12-06 13:24:16.0310 Infection detected: c:\users\eric shaffron\appdata\local\temp\nvidia\geforceexperienceselfupdate\9.3.21.0\gfexperience\nvtmru.exe [MD5: 588BEEE7B106E6520F550A45897D00B2] [17/40081040] [(null)] Fri 2013-12-06 13:36:49.0713 Scan Results: Files Scanned: 135491, Duration: 26m 11s, Malicious Files: 15 Fri 2013-12-06 13:36:50.0415 Scan Finished: [iD: 48 - Seq: 48] Fri 2013-12-06 13:38:15.0248 Determination flags modified: c:\program files (x86)\common files\microsoft shared\ink\tabtip32.exe - MD5: 2DC64A3446C8C6E020E781456B46573D, Size: 10240 bytes, Flags: 00000020 Fri 2013-12-06 13:38:15.0248 Determination flags modified: c:\windows\runsw.exe - MD5: 6F26FA3FE9ACF14C1B2D1CB92D3B35B0, Size: 36864 bytes, Flags: 00000020 Fri 2013-12-06 13:38:15.0248 Determination flags modified: c:\windows\system32\taskhost.exe - MD5: 639774C9ACD063F028F6084ABF5593AD, Size: 68608 bytes, Flags: 00000020 Fri 2013-12-06 13:38:15.0248 Determination flags modified: c:\program files\common files\microsoft shared\ink\tabtip.exe - MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes, Flags: 00000020 Fri 2013-12-06 13:38:15.0248 Determination flags modified: c:\windows\system32\audiodg.exe - MD5: D5CCA1453B98A5801E6D5FF0FF89DC6C, Size: 126464 bytes, Flags: 00000020 Fri 2013-12-06 13:38:15.0248 Determination flags modified: c:\windows\system32\searchfilterhost.exe - MD5: 49A3AD5CE578CD77F445F3D244AEAB2D, Size: 113664 bytes, Flags: 00000020 Fri 2013-12-06 13:38:15.0248 Determination flags modified: c:\windows\system32\vmnetdhcp.exe - MD5: 9FAD0F49EDA6E16EC61BF7DD1A5107B3, Size: 334384 bytes, Flags: 00000020 Fri 2013-12-06 13:38:15.0248 Determination flags modified: c:\windows\system32\searchprotocolhost.exe - MD5: D9E21CBF9E6A87847AFFD39EA3FA28EE, Size: 249856 bytes, Flags: 00000020 Fri 2013-12-06 13:38:15.0248 Determination flags modified: c:\program files\common files\microsoft shared\ink\inputpersonalization.exe - MD5: C7DE4414D5F6F9373F913CB86262D512, Size: 383488 bytes, Flags: 00000020 Fri 2013-12-06 13:38:15.0248 Determination flags modified: c:\windows\system32\searchindexer.exe - MD5: E0B340996A41C9A75DFA3B99BBA9C500, Size: 591872 bytes, Flags: 00000020 Fri 2013-12-06 13:38:15.0248 Determination flags modified: c:\windows\system32\taskeng.exe - MD5: 65EA57712340C09B1B0C427B4848AE05, Size: 464384 bytes, Flags: 00000020 Fri 2013-12-06 13:38:15.0248 Determination flags modified: c:\windows\system32\vmnat.exe - MD5: D3ECFDBFAFD965AFDAC299DEBE71B4C7, Size: 395824 bytes, Flags: 00000020 Fri 2013-12-06 13:38:15.0248 Determination flags modified: c:\windows\system32\conhost.exe - MD5: BF95EA5809E3BBF55370F7CB309FEBD0, Size: 338432 bytes, Flags: 00000020 Fri 2013-12-06 13:38:15.0248 Determination flags modified: c:\program files\windows media player\wmpnetwk.exe - MD5: A9F3BFC9345F49614D5859EC95B9E994, Size: 1525248 bytes, Flags: 00000020 Fri 2013-12-06 13:38:15.0248 Determination flags modified: c:\program files\nvidia corporation\installer2\display.gfexperience.{6ba94af2-c531-489c-ae4a-b4352fd530e2}\nvtmru.exe - MD5: 588BEEE7B106E6520F550A45897D00B2, Size: 1028384 bytes, Flags: 00000020 Fri 2013-12-06 13:38:23.0906 Performing cleanup entry: 34 Fri 2013-12-06 13:38:23.0906 Performing cleanup entry: 35 Fri 2013-12-06 13:38:23.0906 Performing cleanup entry: 36 Fri 2013-12-06 13:38:23.0906 Performing cleanup entry: 37 Fri 2013-12-06 13:38:23.0906 Performing cleanup entry: 38 Fri 2013-12-06 13:38:23.0906 Performing cleanup entry: 39 Fri 2013-12-06 13:38:23.0906 Performing cleanup entry: 40 Fri 2013-12-06 13:38:23.0906 Performing cleanup entry: 41 Fri 2013-12-06 13:38:23.0906 Performing cleanup entry: 42 Fri 2013-12-06 13:38:23.0906 Performing cleanup entry: 43 Fri 2013-12-06 13:38:23.0906 Performing cleanup entry: 44 Fri 2013-12-06 13:38:23.0906 Performing cleanup entry: 45 Fri 2013-12-06 13:38:23.0906 Performing cleanup entry: 46 Fri 2013-12-06 13:38:23.0906 Performing cleanup entry: 47 Fri 2013-12-06 13:38:23.0906 Performing cleanup entry: 48 Fri 2013-12-06 13:38:25.0576 Begin passive write scan (1 file(s)) Fri 2013-12-06 13:38:25.0810 End passive write scan (1 file(s)) Fri 2013-12-06 13:42:00.0887 System shutting down. Fri 2013-12-06 13:42:01.0870 Configuration Saved: CSCSBD23B2A539CAC6C9B2820109CC72FE97,00011,00021,00031,00041,00051,00061,00070,00081,00091,000A1,000B1,000C1,000D0,000E1,000F0,001014,001138,00120,00130,00140,00151,00161,00170,00181,00191,001A0,001B0,001C1,001D0,001E0,001F1,00201,00211,00221,00231,00240,00251,00260,00270,00281,00291,002A0,002B1,002C1,002D0,002E1,002F1,00301,00311,00321,00331,00341,00351,00361,00371,00381,00390,003A1,003B1,003C2,003D1,003E1,003F1,00401,00411,00421,00430,00441,00450,00461,00471,00481,00491,004A1,004B1,004C1,004D1,004E1,004F1,00501,00511,00521,00530,00541,00551,00561,00571,00581,00591,005A1,005B1,005C1,005D0,005E1,005F0,00601,00612,00621,00631,00641,00653,00662,00672,00681,00692,006A1,006B1,006C1,006D2,006E1,006F1,00701,00711,00721,00731,00741,00753,00761,00771,00781,00791,007A0,007B0,007C0,007D0,007E0,007F0,00800,00810,00820,00830,00840,00850,00861,00870,00880,00890,008A0,008B0,008C0,008D0,008E0,008F0,00900,00910,00920,00930,00940,00950,00960,00970,00980,00990,009A0,009B0,009C0,009D0,009E0,009F0,00A00,00A10,00A20,00A30,00A40,00A50,00A60,00A70,00A80,00A90,00AA0,00AB0,00AC0,00AD0,00AE0,00AF0,00B00,00B10,00B20,00B30,00B40,00B50,00B60,00B70,00B80,00B90,00BA0,00BB0,00BC0,00BD0,00BE0, Fri 2013-12-06 13:42:01.0870 <<< Service shut down successfully. Uptime: 140 minute(s) Fri 2013-12-06 13:43:21.0801 >>> Service started [v8.0.3.3] Fri 2013-12-06 13:43:21.0864 Terminated abruptly in the last session Fri 2013-12-06 13:43:33.0642 User process connected successfully from PID 928, Session 1 Fri 2013-12-06 13:43:33.0642 Scan Started: [iD: 49 - Flags: 551/176] Fri 2013-12-06 13:43:57.0962 Connecting to 1 - 1 Fri 2013-12-06 13:43:58.0633 Begin passive write scan (2 file(s)) Fri 2013-12-06 13:43:59.0865 End passive write scan (2 file(s)) Fri 2013-12-06 13:51:10.0054 Begin passive write scan (1 file(s)) Fri 2013-12-06 13:51:10.0288 End passive write scan (1 file(s)) Fri 2013-12-06 13:51:14.0173 Begin passive write scan (1 file(s)) Fri 2013-12-06 13:51:14.0422 End passive write scan (1 file(s)) Fri 2013-12-06 13:51:29.0523 File blocked in realtime: c:\program files\nvidia corporation\installer2\display.gfexperience.{6ba94af2-c531-489c-ae4a-b4352fd530e2}\nvtmru.exe [MD5: 588BEEE7B106E6520F550A45897D00B2, Size: 1028384 bytes] [1074270304/00000011] [(null)] Fri 2013-12-06 13:51:29.0523 File blocked in realtime: c:\program files\nvidia corporation\installer2\display.gfexperience.{6ba94af2-c531-489c-ae4a-b4352fd530e2}\nvtmru.exe [MD5: 588BEEE7B106E6520F550A45897D00B2, Size: 1028384 bytes] [1074270304/00000011] [(null)] Fri 2013-12-06 13:51:29.0523 Determination flags modified: c:\program files\nvidia corporation\installer2\display.gfexperience.{6ba94af2-c531-489c-ae4a-b4352fd530e2}\nvtmru.exe - MD5: 588BEEE7B106E6520F550A45897D00B2, Size: 1028384 bytes, Flags: 00000020 Fri 2013-12-06 13:51:29.0523 Performing cleanup entry: 1 Fri 2013-12-06 13:51:29.0523 Determination flags modified: c:\program files\nvidia corporation\installer2\display.gfexperience.{6ba94af2-c531-489c-ae4a-b4352fd530e2}\nvtmru.exe - MD5: 588BEEE7B106E6520F550A45897D00B2, Size: 1028384 bytes, Flags: 00000020 Fri 2013-12-06 13:51:31.0473 Performing cleanup entry: 2 Fri 2013-12-06 13:52:02.0112 Connected to A1 Fri 2013-12-06 13:52:25.0543 Infection detected: c:\windows\winsxs\wow64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7600.16385_none_77d8b1bfc59415c0\tabtip32.exe [MD5: 2DC64A3446C8C6E020E781456B46573D] [17/40080040] [(null)] Fri 2013-12-06 13:52:27.0243 Infection detected: c:\windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.17514_none_6fb51b358e21d75f\tabtip.exe [MD5: 2DC0C4DE960A20BC2840D72E7B98A144] [17/40090040] [(null)] Fri 2013-12-06 13:52:27.0259 Infection detected: c:\windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.17610_none_d17c28e532189242\searchfilterhost.exe [MD5: 49A3AD5CE578CD77F445F3D244AEAB2D] [17/40090040] [(null)] Fri 2013-12-06 13:52:29.0661 Infection detected: c:\windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.17610_none_d17c28e532189242\searchprotocolhost.exe [MD5: D9E21CBF9E6A87847AFFD39EA3FA28EE] [17/40090040] [(null)] Fri 2013-12-06 14:05:24.0015 Scan Results: Files Scanned: 133264, Duration: 21m 50s, Malicious Files: 4 Fri 2013-12-06 14:05:24.0171 Scan Finished: [iD: 49 - Seq: 84750745] Fri 2013-12-06 14:07:48.0706 Determination flags modified: c:\program files (x86)\common files\microsoft shared\ink\tabtip32.exe - MD5: 2DC64A3446C8C6E020E781456B46573D, Size: 10240 bytes, Flags: 00000020 Fri 2013-12-06 14:07:48.0721 Determination flags modified: c:\program files\common files\microsoft shared\ink\tabtip.exe - MD5: 2DC0C4DE960A20BC2840D72E7B98A144, Size: 224256 bytes, Flags: 00000020 Fri 2013-12-06 14:07:48.0721 Determination flags modified: c:\windows\system32\searchfilterhost.exe - MD5: 49A3AD5CE578CD77F445F3D244AEAB2D, Size: 113664 bytes, Flags: 00000020 Fri 2013-12-06 14:07:48.0721 Determination flags modified: c:\windows\system32\searchprotocolhost.exe - MD5: D9E21CBF9E6A87847AFFD39EA3FA28EE, Size: 249856 bytes, Flags: 00000020 Fri 2013-12-06 14:07:49.0876 Performing cleanup entry: 3 Fri 2013-12-06 14:07:49.0876 Performing cleanup entry: 4 Fri 2013-12-06 14:07:49.0876 Performing cleanup entry: 5 Fri 2013-12-06 14:07:49.0876 Performing cleanup entry: 6 Fri 2013-12-06 14:07:51.0763 Scan Started: [iD: 50 - Flags: 551/176] Fri 2013-12-06 14:19:00.0958 Saved updated configuration Fri 2013-12-06 14:19:06.0308 Saved updated configuration Fri 2013-12-06 14:19:27.0977 Saved updated configuration Fri 2013-12-06 14:23:49.0074 Scan Results: Files Scanned: 135912, Duration: 15m 57s, Malicious Files: 0 Fri 2013-12-06 14:23:49.0932 Scan Finished: [iD: 50 - Seq: 84751819] Fri 2013-12-06 14:25:56.0963 Saved the product log to C:\Users\Eric Shaffron\Desktop\WebrootLog_ES2013.log

RogueKiller V8.7.11 [Dec 3 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Eric Shaffron [Admin rights] Mode : Remove -- Date : 12/06/2013 12:57:32 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 16 ¤¤¤ [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED [HJ POL][PUM] HKCU\[...]\System : DisableCMD (0) -> DELETED [HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ POL][PUM] HKLM\[...]\System : DisableCMD (0) -> DELETED [HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1) [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> [0x2] The system cannot find the file specified. [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified. [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableCMD (0) -> [0x2] The system cannot find the file specified. [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> REPLACED (1) [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1) [HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 activate.adobe.com ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST31000528AS ATA Device +++++ --- User --- [MBR] e278382dd1c55fa582caf51c6428346f [bSP] f55a70ceb9d27dd931bd9687f36e4fe2 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) Hitachi HDS721010CLA332 ATA Device +++++ --- User --- [MBR] 937c2fd24d3aa302a9baf2c204bd602e [bSP] 3cb1249f11ff297d38052d6f5fff59e9 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_D_12062013_125732.txt >> RKreport[0]_S_12062013_125721.txt

I proceeded to the third program listed on the forum post mentioned before about sweetpacks, RogueKiller, and after running that the "Internet Explorer Toolbar 4.8 by Sweetpacks" was gone from the installed programs list. I will post the log below, but a second issue came up when Webroot/Prevx detected something connected to GeForce NVIDIA Experience, which was quarentined with some other items, and after a few more runs of that software they are no longer detecting any problems. I will post the log of Webroot/Prevx after the RogueKiller.

# AdwCleaner v3.014 - Report created 06/12/2013 at 11:18:47 # Updated 01/12/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Eric Shaffron - ERICSHAFFRON-PC # Running from : C:\Users\Eric Shaffron\Desktop\RemovingSweetPacks\adwcleaner.exe # Option : Clean ***** [ Services ] ***** [#] Service Deleted : bProtector ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro Folder Deleted : C:\Program Files (x86)\AutocompletePro Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\Common Files\Tencent Folder Deleted : C:\Windows\SysWOW64\WNLT Folder Deleted : C:\Users\Eric Shaffron\AppData\Local\Babylon Folder Deleted : C:\Users\Eric Shaffron\AppData\Local\Conduit Folder Deleted : C:\Users\Eric Shaffron\AppData\Local\PackageAware Folder Deleted : C:\Users\ERICSH~1\AppData\Local\Temp\BabylonToolbar Folder Deleted : C:\Users\Eric Shaffron\AppData\LocalLow\BabylonToolbar Folder Deleted : C:\Users\Eric Shaffron\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Eric Shaffron\AppData\LocalLow\appbario12 Folder Deleted : C:\Users\Eric Shaffron\AppData\Roaming\BabylonToolbar Folder Deleted : C:\Users\Eric Shaffron\AppData\Roaming\PerformerSoft Folder Deleted : C:\Users\Eric Shaffron\AppData\Roaming\Systweak Folder Deleted : C:\Users\Eric Shaffron\AppData\Roaming\Tencent Folder Deleted : C:\Users\Eric Shaffron\AppData\Roaming\yourfiledownloader Folder Deleted : C:\Users\Eric Shaffron\AppData\Roaming\Mozilla\Firefox\Profiles\kcml7z6r.default\Conduit Folder Deleted : C:\Users\Eric Shaffron\AppData\Roaming\Mozilla\Firefox\Profiles\kcml7z6r.default\Smartbar Folder Deleted : C:\Users\Eric Shaffron\AppData\Roaming\Mozilla\Firefox\Profiles\kcml7z6r.default\SweetPacksToolbarData Folder Deleted : C:\Users\Eric Shaffron\AppData\Roaming\Mozilla\Firefox\Profiles\kcml7z6r.default\CT3279411 Folder Deleted : C:\Users\Eric Shaffron\AppData\Roaming\Mozilla\Firefox\Profiles\kcml7z6r.default\CT1098640 Folder Deleted : C:\Users\Eric Shaffron\AppData\Roaming\Mozilla\Firefox\Profiles\kcml7z6r.default\Extensions\{465fcfbb-47a4-4866-a5d5-d12f9a77da00} Folder Deleted : C:\Users\Eric Shaffron\AppData\Roaming\Mozilla\Firefox\Profiles\kcml7z6r.default\Extensions\{ecdee021-0d17-467f-a1ff-c7a115230949} File Deleted : C:\Users\Eric Shaffron\AppData\Roaming\Mozilla\Firefox\Profiles\kcml7z6r.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi File Deleted : C:\Windows\System32\roboot64.exe File Deleted : C:\Users\Eric Shaffron\AppData\Roaming\Mozilla\Firefox\Profiles\kcml7z6r.default\bProtector_extensions.rdf File Deleted : C:\Users\Eric Shaffron\AppData\Roaming\Mozilla\Firefox\Profiles\kcml7z6r.default\bprotector_prefs.js File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml File Deleted : C:\Users\Eric Shaffron\AppData\Roaming\Mozilla\Firefox\Profiles\kcml7z6r.default\searchplugins\bProtect.xml File Deleted : C:\Users\Eric Shaffron\AppData\Roaming\Mozilla\Firefox\Profiles\kcml7z6r.default\searchplugins\Conduit.xml File Deleted : C:\Users\Eric Shaffron\AppData\Roaming\Mozilla\Firefox\Profiles\kcml7z6r.default\searchplugins\SweetIm.xml File Deleted : C:\Users\Eric Shaffron\AppData\Roaming\Mozilla\Firefox\Profiles\kcml7z6r.default\user.js File Deleted : C:\Windows\System32\Tasks\bProtector ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{B64982B1-D112-42B5-B1E4-D3867C4533F8}] Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout Key Deleted : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1 Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1 Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1 Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1 Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1 Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_veoh_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_veoh_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASMANCS Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll] Key Deleted : HKLM\SOFTWARE\NSIS_OVERGROWTH Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Raise Data Recovery for NTFS_is1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1098640 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3279411 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{465FCFBB-47A4-4866-A5D5-D12F9A77DA00} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51500046-8DB3-4B85-9C53-B31A79F1C49F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{465FCFBB-47A4-4866-A5D5-D12F9A77DA00} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{465FCFBB-47A4-4866-A5D5-D12F9A77DA00} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{51500046-8DB3-4B85-9C53-B31A79F1C49F} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{356AD805-9DA9-4112-A6E7-F451AA10249E} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7EF6CC48-B6BB-4C71-BECA-B36DE2E264EE} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{465FCFBB-47A4-4866-A5D5-D12F9A77DA00}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{465FCFBB-47A4-4866-A5D5-D12F9A77DA00}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{465FCFBB-47A4-4866-A5D5-D12F9A77DA00}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Key Deleted : HKCU\Software\AutocompleteProBHO Key Deleted : HKCU\Software\bProtector Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\filescout Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\systweak Key Deleted : HKCU\Software\TENCENT Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\YourFileDownloader Key Deleted : HKCU\Software\Zugo Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Software\appbario12 Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\systweak Key Deleted : HKLM\Software\TENCENT Key Deleted : HKLM\Software\YourFileDownloader Key Deleted : HKLM\Software\appbario12 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834} Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar ***** [ Browsers ] ***** -\\ Internet Explorer v0.0.0.0 -\\ Mozilla Firefox v [ File : C:\Users\Eric Shaffron\AppData\Roaming\Mozilla\Firefox\Profiles\kcml7z6r.default\prefs.js ] Line Deleted : user_pref("CT1098640.CTID", "CT1098640"); Line Deleted : user_pref("CT1098640.Chat.Meebo.ServerLastCheckTime", ""); Line Deleted : user_pref("CT1098640.Chat.Meebo.ServerLastResponseTime", "Sun Jul 25 2010 22:20:14 GMT-0700 (Pacific Daylight Time)"); Line Deleted : user_pref("CT1098640.Chat.Meebo.rooms.entertainmentc0ed09fb", 0); Line Deleted : user_pref("CT1098640.Chat.Meebo.rooms.freedownloadsnetcommunitychatcfa4bf59", 0); Line Deleted : user_pref("CT1098640.Chat.Meebo.rooms.health3693b665", 0); Line Deleted : user_pref("CT1098640.Chat.Meebo.rooms.musicj375cf270", 2); Line Deleted : user_pref("CT1098640.Chat.Meebo.rooms.newsxu117b840d", 4); Line Deleted : user_pref("CT1098640.Chat.Meebo.rooms.sports522528d3", 3); Line Deleted : user_pref("CT1098640.Chat.Meebo.rooms.technology8bb9fd5b", 0); Line Deleted : user_pref("CT1098640.Chat.Meebo.rooms.travel8c2e48db", 0); Line Deleted : user_pref("CT1098640.Chat.Meebo.rooms.videogames2fe066e0", 1); Line Deleted : user_pref("CT1098640.Chat.ServerLastCheckTime", "Sun Jul 25 2010 22:20:14 GMT-0700 (Pacific Daylight Time)"); Line Deleted : user_pref("CT1098640.CommunitiesChangesLastCheckTime", "Sun Jul 25 2010 22:20:13 GMT-0700 (Pacific Daylight Time)"); Line Deleted : user_pref("CT1098640.CommunityChanged", true); Line Deleted : user_pref("CT1098640.CurrentServerDate", "26-7-2010"); Line Deleted : user_pref("CT1098640.DialogsAlignMode", "LTR"); Line Deleted : user_pref("CT1098640.DownloadDomainsCheckInterval", "168"); Line Deleted : user_pref("CT1098640.DownloadDomainsListLastCheckTime", "Sun Jul 25 2010 22:20:13 GMT-0700 (Pacific Daylight Time)"); Line Deleted : user_pref("CT1098640.DownloadDomainsListLastServerUpdateTime", "1201073583"); Line Deleted : user_pref("CT1098640.EMailNotifierPollDate", "Sun Jul 25 2010 22:20:15 GMT-0700 (Pacific Daylight Time)"); Line Deleted : user_pref("CT1098640.FeedLastCount128295885701037994", 11); Line Deleted : user_pref("CT1098640.FeedPollDate128295885701037994", "Sun Jul 25 2010 22:20:14 GMT-0700 (Pacific Daylight Time)"); Line Deleted : user_pref("CT1098640.FeedTTL128295885701037994", 60); Line Deleted : user_pref("CT1098640.FirstServerDate", "26-5-2010"); Line Deleted : user_pref("CT1098640.FirstTime", true); Line Deleted : user_pref("CT1098640.FirstTimeFF3", true); Line Deleted : user_pref("CT1098640.FixPageNotFoundErrors", true); Line Deleted : user_pref("CT1098640.GroupingServerCheckInterval", 1440); Line Deleted : user_pref("CT1098640.Initialize", true); Line Deleted : user_pref("CT1098640.InitializeCommonPrefs", true); Line Deleted : user_pref("CT1098640.InstalledDate", "Wed May 26 2010 03:37:00 GMT-0700 (Pacific Daylight Time)"); Line Deleted : user_pref("CT1098640.InvalidateCache", false); Line Deleted : user_pref("CT1098640.IsGrouping", false); Line Deleted : user_pref("CT1098640.IsMulticommunity", true); Line Deleted : user_pref("CT1098640.IsOpenThankYouPage", false); Line Deleted : user_pref("CT1098640.IsOpenUninstallPage", true); Line Deleted : user_pref("CT1098640.LanguagePackLastCheckTime", "Sun Jul 25 2010 22:20:14 GMT-0700 (Pacific Daylight Time)"); Line Deleted : user_pref("CT1098640.LanguagePackReloadIntervalMM", 1440); Line Deleted : user_pref("CT1098640.LastLogin_2.5.6.0", "Sun Jul 25 2010 22:20:14 GMT-0700 (Pacific Daylight Time)"); Line Deleted : user_pref("CT1098640.LatestVersion", "2.1.0.18"); Line Deleted : user_pref("CT1098640.Locale", "en-us"); Line Deleted : user_pref("CT1098640.LoginCache", 4); Line Deleted : user_pref("CT1098640.MCDetectTooltipHeight", "83"); Line Deleted : user_pref("CT1098640.MCDetectTooltipWidth", "295"); Line Deleted : user_pref("CT1098640.RadioIsPodcast", false); Line Deleted : user_pref("CT1098640.RadioLastCheckTime", "Sun Jul 25 2010 22:20:14 GMT-0700 (Pacific Daylight Time)"); Line Deleted : user_pref("CT1098640.RadioLastUpdateIPServer", "0"); Line Deleted : user_pref("CT1098640.RadioLastUpdateServer", "128929877726170000"); Line Deleted : user_pref("CT1098640.RadioMediaID", "4817804"); Line Deleted : user_pref("CT1098640.RadioMediaType", "Media Player"); Line Deleted : user_pref("CT1098640.RadioMenuSelectedID", "EBRadioMenu_CT10986404817804"); Line Deleted : user_pref("CT1098640.RadioStationName", "Adult%20Alternative"); Line Deleted : user_pref("CT1098640.SHRINK_TOOLBAR", 1); Line Deleted : user_pref("CT1098640.SearchFromAddressBarIsInit", true); Line Deleted : user_pref("CT1098640.SearchInNewTabEnabled", true); Line Deleted : user_pref("CT1098640.SearchInNewTabIntervalMM", 1440); Line Deleted : user_pref("CT1098640.SearchInNewTabLastCheckTime", "Sun Jul 25 2010 22:20:13 GMT-0700 (Pacific Daylight Time)"); Line Deleted : user_pref("CT1098640.SettingsCheckIntervalMin", 120); Line Deleted : user_pref("CT1098640.SettingsLastCheckTime", "Sun Jul 25 2010 22:20:13 GMT-0700 (Pacific Daylight Time)"); Line Deleted : user_pref("CT1098640.SettingsLastUpdate", "1274806459"); Line Deleted : user_pref("CT1098640.ThirdPartyComponentsInterval", 504); Line Deleted : user_pref("CT1098640.ThirdPartyComponentsLastCheck", "Sat Jul 10 2010 13:12:49 GMT-0700 (Pacific Daylight Time)"); Line Deleted : user_pref("CT1098640.ThirdPartyComponentsLastUpdate", "1277822495"); Line Deleted : user_pref("CT1098640.UserID", "UN36764889720360274"); Line Deleted : user_pref("CT1098640.ValidationData_Toolbar", 2); Line Deleted : user_pref("CT1098640.WeatherNetwork", ""); Line Deleted : user_pref("CT1098640.WeatherPollDate", "Sun Jul 25 2010 22:20:15 GMT-0700 (Pacific Daylight Time)"); Line Deleted : user_pref("CT1098640.WeatherUnit", "F"); Line Deleted : user_pref("CT1098640.clientLogIsEnabled", true); Line Deleted : user_pref("CT1098640.myStuffEnabled", true); Line Deleted : user_pref("CT1098640.myStuffPublihserMinWidth", 400); Line Deleted : user_pref("CT1098640.myStuffServiceIntervalMM", 1440); Line Deleted : user_pref("CT3279411.1000082.isPlayDisplay", "true"); Line Deleted : user_pref("CT3279411.CT3279411ads1", "%AB%BD%C8%AB%B8%B8%E7%EA%F9%AB%B8%B8%AB%B9%C7%AB%BB%C8%AB%BD%C8%AB%B8%B8%E7%EF%EA%AB%B8%B8%AB%B9%C7%AB%B8%B8%B7%B6%BC%BD%BE%BC%AB%B8%B8%AB%B8%C9%AB%B8%B8%FA%EF%FA[...] Line Deleted : user_pref("CT3279411.CT3279411ads1.enc", "JTdCJTIyYWRzJTIyJTNBJTVCJTdCJTIyYWlkJTIyJTNBJTIyMTA2Nzg2JTIyJTJDJTIydGl0bGUlMjIlM0ElMjJTcGVlZCUyMFVwJTIwWW91ciUyMERvd25sb2FkJTIxJTIyJTJDJTIyYWR0ZXh0MSUyMiUzQS[...] Line Deleted : user_pref("CT3279411.CT3279411current_term", ""); Line Deleted : user_pref("CT3279411.CT3279411current_term.enc", ""); Line Deleted : user_pref("CT3279411.CT3279411sdate", "%B7%BC"); Line Deleted : user_pref("CT3279411.CT3279411sdate.enc", "MTY="); Line Deleted : user_pref("CT3279411.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3279411.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3279411.FF19Solved", "true"); Line Deleted : user_pref("CT3279411.FirstTime", "true"); Line Deleted : user_pref("CT3279411.FirstTimeFF3", "true"); Line Deleted : user_pref("CT3279411.LAST_CLIENT_STATS_SUBMIT_2.enc", "MTM3ODQ4ODAxOQ=="); Line Deleted : user_pref("CT3279411.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc", "MTM3ODQ4ODAzMA=="); Line Deleted : user_pref("CT3279411.LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "Ng=="); Line Deleted : user_pref("CT3279411.LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "Ng=="); Line Deleted : user_pref("CT3279411.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MTM3ODU0MTkxOA=="); Line Deleted : user_pref("CT3279411.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MTM3ODQ4ODE3Nw=="); Line Deleted : user_pref("CT3279411.PG_ENABLE", "dHJ1ZQ=="); Line Deleted : user_pref("CT3279411.SF_JUST_INSTALLED.enc", "RkFMU0U="); Line Deleted : user_pref("CT3279411.SF_STATUS.enc", "RU5BQkxFRA=="); Line Deleted : user_pref("CT3279411.SF_USER_ID.enc", "Y2lkXzY5MjAxMzEwMjAxOTM1OTc4NTE="); Line Deleted : user_pref("CT3279411.UserID", "UN13053266602792729"); Line Deleted : user_pref("CT3279411.acp_personal.appstate.enc", "ZW5hYmxl"); Line Deleted : user_pref("CT3279411.addressBarTakeOverEnabledInHidden", "true"); Line Deleted : user_pref("CT3279411.bDay_InstallDate", "%B7%BC%B3%B7%B6"); Line Deleted : user_pref("CT3279411.bDay_InstallDate.enc", "MTYtMTA="); Line Deleted : user_pref("CT3279411.bDay_InstallFromToolbar", "%FF%EB%F9"); Line Deleted : user_pref("CT3279411.bDay_InstallFromToolbar.enc", "eWVz"); Line Deleted : user_pref("CT3279411.browser.search.defaultthis.engineName", "true"); Line Deleted : user_pref("CT3279411.cbfirsttime.enc", "RnJpIFNlcCAwNiAyMDEzIDEwOjIwOjIwIEdNVC0wNzAwIChQYWNpZmljIERheWxpZ2h0IFRpbWUp"); Line Deleted : user_pref("CT3279411.countryCode", "US"); Line Deleted : user_pref("CT3279411.defaultSearch", "true"); Line Deleted : user_pref("CT3279411.embeddedsData", "[{\"appId\":\"130028909967386036\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...] Line Deleted : user_pref("CT3279411.enableAlerts", "true"); Line Deleted : user_pref("CT3279411.enableSearchFromAddressBar", "true"); Line Deleted : user_pref("CT3279411.enlargeSearchBox", "{\"enabled\":true,\"maxWidth\":1000,\"minWidth\":250,\"width\":500}"); Line Deleted : user_pref("CT3279411.firstTimeDialogOpened", "true"); Line Deleted : user_pref("CT3279411.fixPageNotFoundError", "true"); Line Deleted : user_pref("CT3279411.fixPageNotFoundErrorByUser", "true"); Line Deleted : user_pref("CT3279411.fixPageNotFoundErrorInHidden", "true"); Line Deleted : user_pref("CT3279411.fixUrls", true); Line Deleted : user_pref("CT3279411.fullUserID", "UN13053266602792729.IN.20130730195207"); Line Deleted : user_pref("CT3279411.installDate", "30/07/2013 19:52:07"); Line Deleted : user_pref("CT3279411.installId", "cid3477"); Line Deleted : user_pref("CT3279411.installSessionId", "{7BBF019C-02F5-43B3-8DB6-2AD528778512}"); Line Deleted : user_pref("CT3279411.installSp", "TRUE"); Line Deleted : user_pref("CT3279411.installType", "conduitnsisintegration"); Line Deleted : user_pref("CT3279411.installUsage", "2013-09-06T20:20:12.5417145+03:00"); Line Deleted : user_pref("CT3279411.installUsageEarly", "2013-09-06T20:20:03.3567307+03:00"); Line Deleted : user_pref("CT3279411.installerVersion", "1.5.4.4"); Line Deleted : user_pref("CT3279411.isCheckedStartAsHidden", true); Line Deleted : user_pref("CT3279411.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3279411.isFirstTimeToolbarLoading", "false"); Line Deleted : user_pref("CT3279411.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); Line Deleted : user_pref("CT3279411.keyword", "true"); Line Deleted : user_pref("CT3279411.lastVersion", "10.16.70.5"); Line Deleted : user_pref("CT3279411.mam_gk_appStateReportTime", "%B7%B9%BE%BA%BC%BC%BF%BD%BF%BD%B6%BE%BB"); Line Deleted : user_pref("CT3279411.mam_gk_appStateReportTime.enc", "MTM4NDY2OTc5NzA4NQ=="); Line Deleted : user_pref("CT3279411.mam_gk_appState_ACplus.enc", "b24="); Line Deleted : user_pref("CT3279411.mam_gk_appState_CouponBuddy.enc", "b24="); Line Deleted : user_pref("CT3279411.mam_gk_appState_Discover.enc", "b24="); Line Deleted : user_pref("CT3279411.mam_gk_appState_Easytobook.enc", "b24="); Line Deleted : user_pref("CT3279411.mam_gk_appState_Easytobook_targeted.enc", "b24="); Line Deleted : user_pref("CT3279411.mam_gk_appState_Find-a-Pro.enc", "b24="); Line Deleted : user_pref("CT3279411.mam_gk_appState_PiclickV2-WebSearch.enc", "b24="); Line Deleted : user_pref("CT3279411.mam_gk_appState_PriceGong.enc", "b24="); Line Deleted : user_pref("CT3279411.mam_gk_appState_WindowShopper.enc", "b24="); Line Deleted : user_pref("CT3279411.mam_gk_appsConfig.enc", "eyJBcHBzQ29uZmlndXJhdGlvbiI6W3siaWQiOiJDbGFyaXR5X0FjdGl2ZSIsInVybCI6Imh0dHA6Ly9zdG9yYWdlLmNvbmR1aXQuY29tL21hbS8zcmRwYXJ0eWFwcHMvY2xhcml0eVJheS9jcl9hY3Rpdm[...] Line Deleted : user_pref("CT3279411.mam_gk_appsDefaultEnabled", "%F4%FB%F2%F2"); Line Deleted : user_pref("CT3279411.mam_gk_appsDefaultEnabled.enc", "bnVsbA=="); Line Deleted : user_pref("CT3279411.mam_gk_calledSetupService.enc", "MQ=="); Line Deleted : user_pref("CT3279411.mam_gk_currentVersion", "%B7%B4%B7%B7%B4%BA%B4%B8"); Line Deleted : user_pref("CT3279411.mam_gk_currentVersion.enc", "MS4xMS40LjI="); Line Deleted : user_pref("CT3279411.mam_gk_existingUsersRecoveryDone.enc", "MQ=="); Line Deleted : user_pref("CT3279411.mam_gk_first_time", "%B7"); Line Deleted : user_pref("CT3279411.mam_gk_first_time.enc", "MQ=="); Line Deleted : user_pref("CT3279411.mam_gk_globalKeysMigratedToLocalStorage", "%B7"); Line Deleted : user_pref("CT3279411.mam_gk_globalKeysMigratedToLocalStorage.enc", "MQ=="); Line Deleted : user_pref("CT3279411.mam_gk_installer_preapproved.enc", "ZmFsc2U="); Line Deleted : user_pref("CT3279411.mam_gk_lastLoginTime", "%B7%B9%BE%BA%BC%BC%BF%BD%BF%BD%B9%B8%BF"); Line Deleted : user_pref("CT3279411.mam_gk_lastLoginTime.enc", "MTM4NDY2OTc5NzMyOQ=="); Line Deleted : user_pref("CT3279411.mam_gk_localization.enc", "eyJkaWFsb2dPSyI6eyJUZXh0IjoiT0sifSwiZG1ib3gxIjp7IlRleHQiOiJEZWFsXHJcbm9mIHRoZSBkYXkifSwiZG1ib3gyIjp7IlRleHQiOiJGcmVlXHJcblNoaXBtZW50In0sImRtYnVsbGV0MSI6[...] Line Deleted : user_pref("CT3279411.mam_gk_mamEnabled.enc", "dHJ1ZQ=="); Line Deleted : user_pref("CT3279411.mam_gk_new_welcome_experience.enc", "MQ=="); Line Deleted : user_pref("CT3279411.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ=="); Line Deleted : user_pref("CT3279411.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBl[...] Line Deleted : user_pref("CT3279411.mam_gk_settings1.11.4.2", "Ä%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0Ä%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%B[...] Line Deleted : user_pref("CT3279411.mam_gk_settings1.11.4.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzExMTciLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6IjEwNDNfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50[...] Line Deleted : user_pref("CT3279411.mam_gk_showWelcomeGadget", "%EC%E7%F2%F9%EB"); Line Deleted : user_pref("CT3279411.mam_gk_showWelcomeGadget.enc", "ZmFsc2U="); Line Deleted : user_pref("CT3279411.mam_gk_stamp", "%B7%B6%BA%B9%E5%B6"); Line Deleted : user_pref("CT3279411.mam_gk_stamp.enc", "MTA0M18w"); Line Deleted : user_pref("CT3279411.mam_gk_userId", "%BA%BB%B9%BB%BD%BE%E8%BE%B3%BC%BF%BA%BA%B3%BA%BF%BA%BA%B3%E8%E9%EB%B7%B3%BE%B7%EA%EC%B7%EC%B6%E7%BF%BB%EC%B9"); Line Deleted : user_pref("CT3279411.mam_gk_userId.enc", "NDUzNTc4YjgtNjk0NC00OTQ0LWJjZTEtODFkZjFmMGE5NWYz"); Line Deleted : user_pref("CT3279411.mam_gk_user_approval_interacted", "%B7"); Line Deleted : user_pref("CT3279411.mam_gk_user_approval_interacted.enc", "MQ=="); Line Deleted : user_pref("CT3279411.mam_gk_welcomeDialogMode", "%B7"); Line Deleted : user_pref("CT3279411.mam_gk_welcomeDialogMode.enc", "MQ=="); Line Deleted : user_pref("CT3279411.migrateAppsAndComponents", true); Line Deleted : user_pref("CT3279411.openThankYouPage", "false"); Line Deleted : user_pref("CT3279411.openUninstallPage", "false"); Line Deleted : user_pref("CT3279411.originalSearchEngine", "XFINITY"); Line Deleted : user_pref("CT3279411.originalSearchEngineName", "XFINITY"); Line Deleted : user_pref("CT3279411.price-gong.isManagedApp", "true"); Line Deleted : user_pref("CT3279411.revertSettingsEnabled", "false"); Line Deleted : user_pref("CT3279411.search.searchAppId", "130028909967386036"); Line Deleted : user_pref("CT3279411.search.searchCount", "0"); Line Deleted : user_pref("CT3279411.searchFromAddressBarEnabledByUser", "true"); Line Deleted : user_pref("CT3279411.searchInNewTabEnabledByUser", "true"); Line Deleted : user_pref("CT3279411.searchInNewTabEnabledInHidden", "true"); Line Deleted : user_pref("CT3279411.searchRevert", "false"); Line Deleted : user_pref("CT3279411.searchSuggestEnabledByUser", "true"); Line Deleted : user_pref("CT3279411.searchUserMode", "2"); Line Deleted : user_pref("CT3279411.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3279411.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3279411.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}"); Line Deleted : user_pref("CT3279411.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3279411\"}"); Line Deleted : user_pref("CT3279411.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"appbario12\"}"); Line Deleted : user_pref("CT3279411.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}"); Line Deleted : user_pref("CT3279411.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}"); Line Deleted : user_pref("CT3279411.serviceLayer_services_Configuration_lastUpdate", "1378488011271"); Line Deleted : user_pref("CT3279411.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1378488011877"); Line Deleted : user_pref("CT3279411.serviceLayer_services_appsMetadata_lastUpdate", "1384669793701"); Line Deleted : user_pref("CT3279411.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1378488011842"); Line Deleted : user_pref("CT3279411.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1378488011277"); Line Deleted : user_pref("CT3279411.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1378488012290"); Line Deleted : user_pref("CT3279411.serviceLayer_services_login_10.16.70.5_lastUpdate", "1378488012240"); Line Deleted : user_pref("CT3279411.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1378488011784"); Line Deleted : user_pref("CT3279411.serviceLayer_services_searchAPI_lastUpdate", "1378488011275"); Line Deleted : user_pref("CT3279411.serviceLayer_services_serviceMap_lastUpdate", "1378488002489"); Line Deleted : user_pref("CT3279411.serviceLayer_services_toolbarContextMenu_lastUpdate", "1378488011811"); Line Deleted : user_pref("CT3279411.serviceLayer_services_toolbarSettings_lastUpdate", "1384669793681"); Line Deleted : user_pref("CT3279411.serviceLayer_services_translation_lastUpdate", "1378488011776"); Line Deleted : user_pref("CT3279411.settingsINI", true); Line Deleted : user_pref("CT3279411.shouldFirstTimeDialog", "false"); Line Deleted : user_pref("CT3279411.showToolbarPermission", "false"); Line Deleted : user_pref("CT3279411.smartbar.CTID", "CT3279411"); Line Deleted : user_pref("CT3279411.smartbar.Uninstall", "0"); Line Deleted : user_pref("CT3279411.smartbar.homepage", "true"); Line Deleted : user_pref("CT3279411.smartbar.toolbarName", "appbario12 "); Line Deleted : user_pref("CT3279411.startPage", "true"); Line Deleted : user_pref("CT3279411.toolbarBornServerTime", "6-9-2013"); Line Deleted : user_pref("CT3279411.toolbarCurrentServerTime", "6-9-2013"); Line Deleted : user_pref("CT3279411.toolbarLoginClientTime", "Fri Sep 06 2013 10:20:12 GMT-0700 (Pacific Daylight Time)"); Line Deleted : user_pref("CT3279411.url_history0001.enc", "aHR0cDovL3d3dy55cG1hdGUuY29tL3dlYmNhbS9zdHJhaWdodC1jb3VwbGVzLz9BRk5PPTEtMzAyOjo6Y2xpY2toYW5kbGVyOjo6MTM3ODQ4ODExOTIzMywsLGh0dHA6Ly93d3cueXBtYXRlLmNvbS93ZWJj[...] Line Deleted : user_pref("CT3279411.versionFromInstaller", "10.16.70.5"); Line Deleted : user_pref("CT3279411.xpeMode", "0"); Line Deleted : user_pref("CT3279411_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1386145403377,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]"); Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1098640"); Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1098640"); Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Jul 25 2010 22:20:14 GMT-0700 (Pacific Daylight Time)"); Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1098640"); Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "appbario12 Customized Web Search"); Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3279411"); Line Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Line Deleted : user_pref("browser.search.defaultthis.engineName", "appbario12 Customized Web Search"); Line Deleted : user_pref("extensions.BabylonToolbar.admin", false); Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Line Deleted : user_pref("extensions.BabylonToolbar.babExt", ""); Line Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=111917"); Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 18); Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Line Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true); Line Deleted : user_pref("extensions.BabylonToolbar.hmpg", true); Line Deleted : user_pref("extensions.BabylonToolbar.id", "5496177b0000000000001c6f6535de6d"); Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15507"); Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Line Deleted : user_pref("extensions.BabylonToolbar.lastDP", 18); Line Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1711:18:37"); Line Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.5"); Line Deleted : user_pref("extensions.BabylonToolbar.newTab", true); Line Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false); Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Line Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 78569390); Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1); Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1); Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Line Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true); Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none"); Line Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss"); Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base"); Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17"); Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1711:18:37"); Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17"); Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", ""); Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111917"); Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "5496177b0000000000001c6f6535de6d"); Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "5496177b0000000000001c6f6535de6d"); Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15507"); Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false); Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base"); Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1711:18:37"); Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3279411"); Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3279411"); Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3279411"); Line Deleted : user_pref("smartbar.machineId", "B9OZ7HJVD5ROYMA3YKI/KKCNU+KDJ5IB9ZMSC6Y3P2JTZXZUSI/8KHNPTJLPIY8J20YFKE4FHPPT8RRNLYJ1WG"); Line Deleted : user_pref("sweetim.toolbar.RevertDialog.enable", "false"); Line Deleted : user_pref("sweetim.toolbar.SearchBoxLogo", "bing.png"); Line Deleted : user_pref("sweetim.toolbar.SearchBoxText", "Search with Bing"); Line Deleted : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true"); Line Deleted : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0"); Line Deleted : user_pref("sweetim.toolbar.Visibility.enable", "true"); Line Deleted : user_pref("sweetim.toolbar.Visibility.intervaldays", "7"); Line Deleted : user_pref("sweetim.toolbar.cargo", "3.5000006.10042"); Line Deleted : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "false"); Line Deleted : user_pref("sweetim.toolbar.cda.HideOveride.enable", "false"); Line Deleted : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "false"); Line Deleted : user_pref("sweetim.toolbar.defaultProvider", "bng"); Line Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true"); Line Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335"); Line Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog"); Line Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;"); Line Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761"); Line Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true"); Line Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300"); Line Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog"); Line Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog"); Line Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500"); Line Deleted : user_pref("sweetim.toolbar.dialogs.2.enable", "true"); Line Deleted : user_pref("sweetim.toolbar.dialogs.2.height", "150"); Line Deleted : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove"); Line Deleted : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog"); Line Deleted : user_pref("sweetim.toolbar.dialogs.2.width", "530"); Line Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube.com/.*|.*.yahoo.com/.*|.[...] Line Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0"); Line Deleted : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false"); Line Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7"); Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log"); Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000"); Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7"); Line Deleted : user_pref("sweetim.toolbar.mode.debug", "false"); Line Deleted : user_pref("sweetim.toolbar.newtab.created", "true"); Line Deleted : user_pref("sweetim.toolbar.newtab.enable", "true"); Line Deleted : user_pref("sweetim.toolbar.previous.browser.newtab.url", "about:newtab"); Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Search the web (Babylon)"); Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Secure Search"); Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", ""); Line Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true"); Line Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification"); Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", ""); Line Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb"); Line Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "false"); Line Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb"); Line Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true"); Line Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification"); Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); Line Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb"); Line Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false"); Line Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS"); Line Deleted : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false"); Line Deleted : user_pref("sweetim.toolbar.scripts.2.callback", ""); Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*"); Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", ""); Line Deleted : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script"); Line Deleted : user_pref("sweetim.toolbar.scripts.2.enable", "false"); Line Deleted : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad"); Line Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10"); Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false"); Line Deleted : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true"); Line Deleted : user_pref("sweetim.toolbar.simapp_id", "{EF14C18D-E2D9-11E2-B8A0-1C6F6535DE6D}"); Line Deleted : user_pref("sweetim.toolbar.version", "1.13.0.1"); Line Deleted : user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocationType=tb50-ff-aolsoftonic[...] Line Deleted : user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searc[...] Line Deleted : user_pref("{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}.ScriptData_product_name", "Updater By SweetPacks"); ************************* AdwCleaner[R0].txt - [55481 octets] - [06/12/2013 11:16:03] AdwCleaner[s0].txt - [55397 octets] - [06/12/2013 11:18:47] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [55458 octets] ########## ------------------------------------------------------------------------------------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------------------------------------------------------------------------------------ After running both, the "Internet Explorer Toolbar 4.8 by SweetPacks" is still listed in my control panel's installed programs list (still cannot uninstall from there). If I try to uninstall from the windows control panel it tells me I am missing a DLL, and it has failed to remove the program.

Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.12.06.02 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Eric Shaffron :: ERICSHAFFRON-PC [administrator] 12/5/2013 9:56:54 PMmbam-log-2013-12-05 (21-56-54).txt Scan type: Full scan (A:\|C:\|D:\|F:\|Z:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 1476564Time elapsed: 5 hour(s), 40 minute(s), 20 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 30HKCR\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.HKCR\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.HKCR\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.HKCR\esrv.BabylonESrvc.1 (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.HKCR\esrv.BabylonESrvc (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.HKCR\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.HKCR\b (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.HKCR\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.HKCR\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.HKCR\Toolbar3.SWEETIE.1 (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.HKCR\Toolbar3.SWEETIE (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} (PUP.Optional.SweetPacks) -> Quarantined and deleted successfully.HKCR\Typelib\{6E8BF012-2C85-4834-B10A-1B31AF173D70} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.HKCR\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542} (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1 (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1 (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Quarantined and deleted successfully.HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.HKCU\Software\Systweak\RegClean Pro (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.HKLM\SOFTWARE\BabylonToolbar (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.HKLM\SOFTWARE\Wow6432Node\Updater By SweetPacks (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. Registry Values Detected: 6HKLM\SOFTWARE\Mozilla\Firefox\Extensions\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} (PUP.Optional.SweetPacks.A) -> Data: -> Quarantined and deleted successfully.HKLM\SOFTWARE\Mozilla\Firefox\Extensions|{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} (PUP.Optional.SweetPacks.A) -> Data: C:\Program Files\Updater By SweetPacks\Firefox -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Data: http://search.babylon.com/?AF=111917&babsrc=HP_ss&mntrId=5496177b0000000000001c6f6535de6d -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Data: {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} -> Quarantined and deleted successfully.HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {EF14C18D-E2D9-11E2-B8A0-1C6F6535DE6D} -> Quarantined and deleted successfully.HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {EF14C18D-E2D9-11E2-B8A0-1C6F6535DE6D} -> Quarantined and deleted successfully. Registry Data Items Detected: 2HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit) -> Bad: (http://search.conduit.com?SearchSource=10&CUI=UN97895449327066122&UM=2&ctid=CT3279411&SSPV=SSPV_AB_IE_2) Good: (http://www.google.com) -> Quarantined and repaired successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.SweetPacks) -> Bad: (http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={EF14C18D-E2D9-11E2-B8A0-1C6F6535DE6D}) Good: (http://www.google.com) -> Quarantined and repaired successfully. Folders Detected: 13C:\Users\Eric Shaffron\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\RegClean Pro (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Roaming\OpenCandy\OpenCandy_B68E64792EA949FDAF562E4DF2287E64 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Roaming\File Scout (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\plugins (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\xpi\defaults (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Roaming\Systweak\RegClean Pro (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Roaming\Systweak\RegClean Pro\Version 6.1 (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully. Files Detected: 64C:\Program Files (x86)\Outspark\DarkBlood\DarkBlood.exe (PUP.Riskware.GameCheat) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Local\Conduit\CT3279411\appbario12AutoUpdateHelper.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Local\Temp\05E7ADCB-BAB0-7891-A8DD-D3CC5D5C8F96\MyBabylonTB.exe (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\chLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\ffLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\spch.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\spff.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Local\Temp\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}\mgSqlite3.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Roaming\File Scout\filescout.exe (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Roaming\OpenCandy\OpenCandy_B68E64792EA949FDAF562E4DF2287E64\LatestDLMgr.exe (PUP.Optional.OpenCandy.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Roaming\OpenCandy\OpenCandy_B68E64792EA949FDAF562E4DF2287E64\OpenCandyU1Dlm.dll (PUP.Optional.OpenCandy.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\Documents\myStuff\myLife\Resources\Files\CS5MasterCollection_Crack\keygen.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.C:\Windows\Installer\220af69.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.F:\Steam\steamapps\common\Risk of Rain\39dll.dll (PUP.HackTool.DDoS) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\RegClean Pro\TraditionalCn_rcp_zh-tw.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\RegClean Pro\Chinese_rcp.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\RegClean Pro\CleanSchedule.exe (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\RegClean Pro\Danish_rcp.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\RegClean Pro\Dutch_rcp.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\RegClean Pro\Finnish_rcp_fi.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\RegClean Pro\French_rcp.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\RegClean Pro\install_left_image.bmp (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\RegClean Pro\isxdl.dll (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\RegClean Pro\Japanese_rcp.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\RegClean Pro\korean_rcp_ko.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\RegClean Pro\Norwegian_rcp.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\RegClean Pro\polish_rcp_pl.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\RegClean Pro\RCPUninstall.exe (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\RegClean Pro\receipt.pdf (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\RegClean Pro\RegCleanPro.dll (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\RegClean Pro\russian_rcp_ru.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\RegClean Pro\turkish_rcp_tr.ini (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\RegClean Pro\unins000.dat (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\RegClean Pro\unins000.exe (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\RegClean Pro\unins000.msg (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.C:\Program Files (x86)\RegClean Pro\xmllite.dll (PUP.Optional.RegCleanPro.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Roaming\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\conduit.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\CT3279411.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\CT3279411.xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\initData.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\version.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\xpi\install.rdf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Local\Temp\ct3279411\xpi\defaults\preferences\defaults.js (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\1319409400.reg (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\eng_rcp.dat (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\ExcludeList.rcp (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\log_10-23-2011.log (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\rcpupdate.ini (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\results.rcp (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\TempHLList.rcp (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000001.rmx (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.C:\Users\Eric Shaffron\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000001.rxb (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully. (end)

Hello I have been working on removing some malware that I am unsure exactly how it got on my computer. I run malwarebytes and prevx/webroot, and neither program is able to remove the "IE Toolbar " program from my control panel installed programs list. I was following the post from this thread and decided to make a help thread before proceeding any more. https://forums.malwarebytes.org/index.php?showtopic=125930 I scanned full with an up to date malwarebytes, couldn't get security check to give a log, and moved on to adwcleaner. I have logs for malwarebytes and adwcleaner, but I am submitting this thread from an iPad, so I will reply with the logs once all backups are done and I will be ready to find and destroy this malware! Thank you ahead of time for your help.