Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser infected?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Browser infected?

Unread postby lmtis » July 4th, 2013, 10:36 am

When browsing I am constantly having add pages, tabs, and hover things popping up. Help please! My OS is Vista and I use Firefox for browsing.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Pete at 10:27:18.65 on Thu 07/04/2013
Internet Explorer: 8.0.6001.19437
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1915.679 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\dmwu.exe
C:\Windows\System32\jmdp\stij.exe
C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
C:\Users\Pete\AppData\Local\Smartbar\Application\QuickShare.exe
C:\Program Files\Jumpstart\jswpsapi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Pete\Documents\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.sweetpacks.com/?src=10&st= ... 045&barid={03E63A50-E42C-11E2-AD1E-001E3363C0D4}
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mStart Page = hxxp://start.sweetpacks.com/?src=10&st= ... 045&barid={03E63A50-E42C-11E2-AD1E-001E3363C0D4}
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll
BHO: InfoSeeker: {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - c:\program files\infoseeker\ie\common.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: Updater By SweetPacks: {7d4f1959-3f72-49d5-8e59-f02f8aa6815d} - c:\program files\updater by sweetpacks\Extension32.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll
BHO: SweetPacks Browser Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: SweetPacks Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Browser Infrastructure Helper] c:\users\pete\appdata\local\smartbar\application\QuickShare.exe startup
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Skytel] Skytel.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\pete\appdata\roaming\mozilla\firefox\profiles\b32qold8.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://start.sweetpacks.com?src=6&barid={03E63A50-E42C-11E2-AD1E-001E3363C0D4}&crg=3.5000006.10045&st=23&q=
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
.
============= SERVICES / DRIVERS ===============
.
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20130627.001\IDSvix86.sys [2013-6-28 286328]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-9-10 20384]
R3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-9 106656]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-18 7168]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-8-21 9216]
.
=============== Created Last 30 ================
.
2013-07-03 22:06:54 -------- d-----w- c:\users\pete\appdata\roaming\TuneUp Software
2013-07-03 22:03:30 -------- d-----w- c:\users\pete\appdata\local\Smartbar
2013-07-03 22:02:38 33958 ----a-w- c:\progra~2\uninstaller.exe
2013-07-03 22:02:36 -------- d-----w- c:\progra~2\WeCareReminder
2013-07-03 22:02:18 -------- d-----w- c:\program files\InfoSeeker
2013-07-03 22:02:02 -------- d-----w- c:\program files\Updater By SweetPacks
2013-07-03 22:01:22 -------- d-----w- c:\program files\SweetIM
2013-07-03 22:00:59 773968 ----a-w- c:\windows\system32\msvcr100.dll
2013-07-03 22:00:59 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-07-03 22:00:59 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-07-03 22:00:59 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-07-03 22:00:59 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-07-03 22:00:59 27136 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-07-03 22:00:59 1167152 ----a-w- c:\windows\system32\dmwu.exe
2013-07-03 22:00:59 -------- d-----w- c:\windows\system32\jmdp
2013-07-03 22:00:59 -------- d-----w- c:\windows\system32\ARFC
2013-07-03 22:00:58 -------- d-----w- c:\windows\system32\WNLT
2013-06-30 18:51:43 315392 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\hpfpp083.dll
2013-06-30 18:51:43 315392 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\1_hpfpp083.dll
2013-06-30 18:49:13 -------- d-----w- c:\program files\HP Photo Creations
2013-06-30 18:49:13 -------- d-----w- c:\progra~2\HP Photo Creations
2013-06-30 18:48:22 -------- d-----w- c:\users\pete\appdata\roaming\HpUpdate
2013-06-30 18:46:35 -------- d-----w- c:\program files\Coupons
2013-06-30 18:45:48 -------- d-----w- c:\program files\common files\HP
2013-06-30 18:43:37 -------- d-----w- c:\program files\common files\Hewlett-Packard
2013-06-30 18:41:23 121344 ----a-w- c:\windows\system32\hpf3l083.dll
2013-06-30 18:38:57 -------- d-----w- c:\program files\HP
2013-06-30 18:37:07 271704 ----a-w- c:\windows\system32\hpzids01.dll
2013-06-28 12:00:46 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2013-06-27 20:35:57 -------- d-----w- c:\users\pete\appdata\local\Macromedia
.
==================== Find3M ====================
.
2013-06-26 11:15:48 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-26 11:15:48 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-22 15:21:06 4325376 ----a-w- c:\progra~2\ReadOnlyInstaller.msi
2013-05-17 03:50:49 916480 ----a-w- c:\windows\system32\wininet.dll
2013-05-17 03:45:15 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-17 03:44:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-17 03:44:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-05-17 03:44:38 71680 ----a-w- c:\windows\system32\iesetup.dll
2013-05-17 02:06:08 385024 ----a-w- c:\windows\system32\html.iec
2013-05-17 00:20:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-17 00:18:12 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-02 22:03:36 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-02 22:03:36 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-02 04:04:25 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-05-02 04:03:42 37376 ----a-w- c:\windows\system32\printcom.dll
2013-04-24 04:00:30 985600 ----a-w- c:\windows\system32\crypt32.dll
2013-04-24 04:00:30 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-04-24 04:00:30 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-04-24 04:00:24 41984 ----a-w- c:\windows\system32\certenc.dll
2013-04-24 01:46:29 812544 ----a-w- c:\windows\system32\certutil.exe
2013-04-17 12:30:06 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-04-13 10:56:44 37376 ----a-w- c:\windows\system32\cdd.dll
2013-04-09 01:36:18 2049024 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 10:29:02.62 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/10/2008 12:09:11 AM
System Uptime: 7/1/2013 11:30:16 AM (71 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz | CPU | 2000/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 110 GiB total, 43.595 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP595: 3/22/2013 3:33:58 PM - Windows Update
RP596: 4/24/2013 4:56:35 PM - Windows Update
RP597: 4/30/2013 2:06:32 PM - Windows Update
RP598: 5/28/2013 2:05:14 PM - Windows Update
RP599: 6/24/2013 9:01:08 PM - Windows Update
RP600: 6/26/2013 7:43:10 AM - Norton 360 Registry Clean
RP601: 6/27/2013 7:19:02 PM - Scheduled Checkpoint
RP602: 6/29/2013 12:00:05 AM - Scheduled Checkpoint
RP603: 6/30/2013 3:00:27 AM - Windows Update
RP605: 6/30/2013 2:39:23 PM - HP Installation Restore Point
RP606: 7/1/2013 6:57:40 AM - Norton 360 Registry Clean
RP607: 7/2/2013 12:00:06 AM - Scheduled Checkpoint
RP608: 7/3/2013 12:00:07 AM - Scheduled Checkpoint
RP609: 7/3/2013 6:10:07 PM - Removed TuneUp Utilities 2013
RP610: 7/3/2013 6:11:31 PM - Removed TuneUp Utilities Language Pack (en-US)
.
==== Installed Programs ======================
.
2007 Microsoft Office system
32 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.2
Amazon Links
AppCore
ASPCA Reminder by We-Care.com v4.1.22.1
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
Backup
BufferChm
C4600
ccCommon
CD/DVD Drive Acoustic Silencer
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Coupon Printer for Windows
Destinations
DeviceDiscovery
DVD MovieFactory for TOSHIBA
GearDrvs
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart C4600 All-In-One Driver Software 14.0 Rel. 5
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPProductAssistant
HPSSupply
InfoSeeker
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Internet Explorer Toolbar 4.8 by SweetPacks
Java(TM) 6 Update 6
LiveUpdate (Symantec Corporation)
Mahjongg Master Egyptian Edition
Mahjongg Tiles of Time
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MP3 Cutter Joiner Free 2.5.1
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetZero Internet Access Installer
Norton 360
Norton 360 (Symantec Corporation)
Norton 360 HTMLHelp
Norton Confidential Core
Picasa 2
PS_AIO_05_C4600_Software_Min
QuickBooks Financial Center
QuickShare
QuickTransfer
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
SPBBC 32bit
Status
SweetPacks Updater Service
Symantec Real Time Storage Protection Component
Symantec Technical Support Controls
SymNet
Synaptics Pointing Device Driver
Toolbox
TOSHIBA Application Disc Creator
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Desktop Links
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
Toshiba Registration
TOSHIBA Service Station
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TrayApp
Ultimate Mahjongg 20
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Office 2007 (KB934528)
Update for Office System 2007 Setup (KB929722)
Updater By SweetPacks 2.0.0.586
WebReg
WildTangent Games
Windows Media Encoder 9 Series
.
==== Event Viewer Messages From Past Week ========
.
7/3/2013 6:05:21 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Installer service, but this action failed with the following error: An instance of the service is already running.
7/3/2013 6:03:21 PM, Error: Service Control Manager [7031] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
.
==== End Of File ===========================
lmtis
Member+
 
Posts: 34
Joined: January 14th, 2010, 11:43 pm
Advertisement
Register to Remove

Re: Browser infected?

Unread postby melboy » July 4th, 2013, 5:34 pm

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.



==============================================



Uninstall Programs

  • Go to start > control panel > programs and features.
  • Right click on each instance of:
    Adobe Reader 8.1.2
    ASPCA Reminder by We-Care.com v4.1.22.1
    InfoSeeker
    Internet Explorer Toolbar 4.8 by SweetPacks
    Java(TM) 6 Update 6
    SweetPacks Updater Service
    Updater By SweetPacks 2.0.0.586
  • Click Uninstall & then follow the prompts to remove them.



AdwCleaner

Download AdwCleaner from HERE & save it to your desktop.

  • Right click AdwCleaner.exe & chosse "Run as Administrator" to run it.
  • Click Search.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Post the contents of that logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[R1].txt.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Browser infected?

Unread postby lmtis » July 5th, 2013, 10:03 am

Thank you Melboy, I can already see improvement. I keep getting a message saying that Adobe Flash Player 11.7 r700 has stopped working. Also, when I open a new tab in Firefox, it opens to:

start.sweetpacks.com/?barid={03E63A50-E42C-11E2-AD1E-001E3363C0D4}&src=97&crg=3.5000006.10045&st=23

Scan data:

# AdwCleaner v2.304 - Logfile created 07/05/2013 at 09:57:33
# Updated 03/07/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Pete - PETE-PC
# Boot Mode : Normal
# Running from : C:\Users\Pete\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\b32qold8.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Found : C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\b32qold8.default\searchplugins\SweetIm.xml
Folder Found : C:\Program Files\SweetIM
Folder Found : C:\Program Files\Trymedia
Folder Found : C:\Users\Pete\AppData\Local\Smartbar
Folder Found : C:\Users\Pete\AppData\Local\Temp\Smartbar
Folder Found : C:\Users\Pete\AppData\LocalLow\Smartbar
Folder Found : C:\Users\Pete\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\SmartbarBackup
Key Found : HKCU\Software\SmartbarLog
Key Found : HKCU\Software\wecarereminder
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.BHO
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
Key Found : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Found : HKLM\SOFTWARE\Software
Key Found : HKU\S-1-5-21-397148462-3030776477-163826579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Found : HKU\S-1-5-21-397148462-3030776477-163826579-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19437

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st= ... 045&barid={03E63A50-E42C-11E2-AD1E-001E3363C0D4}
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st= ... 045&barid={03E63A50-E42C-11E2-AD1E-001E3363C0D4}

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\b32qold8.default\prefs.js

Found : user_pref("browser.newtab.url", "hxxp://start.sweetpacks.com/?barid={03E63A50-E42C-11E2-AD1E-001E336[...]
Found : user_pref("extensions.dynconff.JS.SFMNAppData", "%5B%7B%22d%22%3A%22start.sweetpacks.com%22%2C%22t%2[...]
Found : user_pref("extensions.dynconff.cache.app.noproblemppc.com.content", "<package expire=\"3600\" es=\"9[...]
Found : user_pref("extensions.dynconff.cache.login.yahoo.com.content", "<package expire=\"3600\" es=\"914\" [...]
Found : user_pref("extensions.dynconff.cache.my.yahoo.com.content", "<package expire=\"3600\" es=\"914\" pcd[...]
Found : user_pref("extensions.dynconff.cache.plugin.we-care.com.content", "<package expire=\"3600\" es=\"914[...]
Found : user_pref("extensions.dynconff.cache.start.sweetpacks.com.content", "<package expire=\"3600\" es=\"9[...]
Found : user_pref("extensions.dynconff.cache.start.sweetpacks.com.expires", "1373034837396");
Found : user_pref("extensions.dynconff.cache.tracking.si.com.content", "<package expire=\"3600\" es=\"914\" [...]
Found : user_pref("extensions.dynconff.cache.us-mg5.mail.yahoo.com.content", "<package expire=\"3600\" es=\"[...]
Found : user_pref("extensions.dynconff.cache.www.malwareremoval.com.content", "<package expire=\"3600\" es=\[...]
Found : user_pref("extensions.helperbar.SmartbarDisabled", false);
Found : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Found : user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sa[...]
Found : user_pref("keyword.URL", "hxxp://start.sweetpacks.com?src=6&barid={03E63A50-E42C-11E2-AD1E-001E3363C[...]
Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.msn.com/");
Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Found : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.[...]

*************************

AdwCleaner[R1].txt - [8565 octets] - [05/07/2013 09:57:33]

########## EOF - C:\AdwCleaner[R1].txt - [8625 octets] ##########
lmtis
Member+
 
Posts: 34
Joined: January 14th, 2010, 11:43 pm

Re: Browser infected?

Unread postby melboy » July 5th, 2013, 12:52 pm

Hi

Let me know how things are running after deleting with AdwCleaner and let me know if there are any outstanding issues.


AdwCleaner

  • Right click AdwCleaner.exe & choose "Run as Administrator" to run it.
  • Click Delete.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Browser infected?

Unread postby lmtis » July 6th, 2013, 8:35 am

Hi,
It is definitely doing better, but I still have a couple of problems. I periodically get a warning dialog box that says

"Warning: Unresponsive plugin"

"Shockwave Flash may be busy, or it may have stopped responding. You can stop the plugin now, or you can continue to see if the plugin will complete."

Also, whenever I open a new tab in Firefox it opens to a sweetpacks page:

"start.sweetpacks.com/?barid={03E63A50-E42C-11E2-AD1E-001E3363C0D4}&src=97&crg=3.5000006.10045&st=23"

which usually has a malware type warning dialog on it. I cannot find where to set the page that a new tab opens to.

Thanks for your help,
Jim
lmtis
Member+
 
Posts: 34
Joined: January 14th, 2010, 11:43 pm

Re: Browser infected?

Unread postby melboy » July 6th, 2013, 8:55 am

Hi :)

Have you re-run AdwCleaner as above to delete the items found?
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Browser infected?

Unread postby lmtis » July 6th, 2013, 9:27 am

Sorry, I didn't read closely enough! I did not go back and delete. I have now, and the new tabs are now blank. I will let you know how it goes with the "Flash" warning.

Thanks,
Jim
lmtis
Member+
 
Posts: 34
Joined: January 14th, 2010, 11:43 pm

Re: Browser infected?

Unread postby melboy » July 6th, 2013, 10:32 am

Post the AdwCleaner log for me to see.

For the flash problem there's information here that may help. I don't think that issue is malware related in any way.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Browser infected?

Unread postby lmtis » July 6th, 2013, 11:26 am

Would you recommend that I update Flash now? I didn't want to make any changes without your direction before you tell me that you are finished helping me.

Thank you again for your help.

# AdwCleaner v2.304 - Logfile created 07/06/2013 at 09:13:05
# Updated 03/07/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Pete - PETE-PC
# Boot Mode : Normal
# Running from : C:\Users\Pete\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\b32qold8.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Deleted : C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\b32qold8.default\searchplugins\SweetIm.xml
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\Program Files\Trymedia
Folder Deleted : C:\Users\Pete\AppData\Local\Smartbar
Folder Deleted : C:\Users\Pete\AppData\Local\Temp\Smartbar
Folder Deleted : C:\Users\Pete\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\Pete\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\SmartbarBackup
Key Deleted : HKCU\Software\SmartbarLog
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.BHO
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19437

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st= ... 045&barid={03E63A50-E42C-11E2-AD1E-001E3363C0D4} --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st= ... 045&barid={03E63A50-E42C-11E2-AD1E-001E3363C0D4} --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Pete\AppData\Roaming\Mozilla\Firefox\Profiles\b32qold8.default\prefs.js

Deleted : user_pref("browser.newtab.url", "hxxp://start.sweetpacks.com/?barid={03E63A50-E42C-11E2-AD1E-001E336[...]
Deleted : user_pref("extensions.dynconff.JS.SFMNAppData", "%5B%7B%22d%22%3A%22start.sweetpacks.com%22%2C%22t%2[...]
Deleted : user_pref("extensions.dynconff.cache.app.noproblemppc.com.content", "<package expire=\"3600\" es=\"9[...]
Deleted : user_pref("extensions.dynconff.cache.login.yahoo.com.content", "<package expire=\"3600\" es=\"914\" [...]
Deleted : user_pref("extensions.dynconff.cache.my.yahoo.com.content", "<package expire=\"3600\" es=\"914\" pcd[...]
Deleted : user_pref("extensions.dynconff.cache.plugin.we-care.com.content", "<package expire=\"3600\" es=\"914[...]
Deleted : user_pref("extensions.dynconff.cache.start.sweetpacks.com.content", "<package expire=\"3600\" es=\"9[...]
Deleted : user_pref("extensions.dynconff.cache.start.sweetpacks.com.expires", "1373034837396");
Deleted : user_pref("extensions.dynconff.cache.tracking.si.com.content", "<package expire=\"3600\" es=\"914\" [...]
Deleted : user_pref("extensions.dynconff.cache.us-mg5.mail.yahoo.com.content", "<package expire=\"3600\" es=\"[...]
Deleted : user_pref("extensions.dynconff.cache.www.malwareremoval.com.content", "<package expire=\"3600\" es=\[...]
Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Deleted : user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sa[...]
Deleted : user_pref("keyword.URL", "hxxp://start.sweetpacks.com?src=6&barid={03E63A50-E42C-11E2-AD1E-001E3363C[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.msn.com/");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.[...]

*************************

AdwCleaner[R1].txt - [8694 octets] - [05/07/2013 09:57:33]
AdwCleaner[R2].txt - [8754 octets] - [06/07/2013 09:12:31]
AdwCleaner[S1].txt - [8623 octets] - [06/07/2013 09:13:05]

########## EOF - C:\AdwCleaner[S1].txt - [8683 octets] ##########
lmtis
Member+
 
Posts: 34
Joined: January 14th, 2010, 11:43 pm

Re: Browser infected?

Unread postby melboy » July 6th, 2013, 6:04 pm

Hi

lmtis wrote:Would you recommend that I update Flash now?


Yes, update Flash.

http://get2.adobe.com/flashplayer

Uncheck any unnecessary extras that may be offered (Mcafee Security Scan, Google Toolbar etc), before downloading.

Let me know how things are running.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Browser infected?

Unread postby melboy » July 8th, 2013, 6:48 pm

melboy wrote:Let me know how things are running.


Hi lmtis

It has been two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • In accordance with Malware Removal policy, topics can be closed after 3 days without a response. If you do not reply within the next 24 hours, this topic will be closed.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Browser infected?

Unread postby lmtis » July 9th, 2013, 7:43 pm

Hi melboy,

I am still trying to evaluate the performance. I inherited this laptop and am trying to see what I need to do to make it right. We re basically using it as a kitchen PC that is basically used for nothing other than the internet. I am still getting periods where it freezes for as long as a minute. I appreciate what you have done for me, and I know that there is a time pressure, but I would really like either a little more time to evaluate before closing, or if you can think of any way to find the reason for the lockups that would be great.

Thanks,
Jim
lmtis
Member+
 
Posts: 34
Joined: January 14th, 2010, 11:43 pm

Re: Browser infected?

Unread postby melboy » July 10th, 2013, 1:15 pm

Hi Jim

We'll continue to see if there's anything amiss.


OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Browser infected?

Unread postby Wingman » July 13th, 2013, 9:33 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14112
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: M2Judy, pgmigg and 32 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware