1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Sweetpacks; How to remove?

Discussion in 'Virus & Other Malware Removal' started by cleek, Apr 9, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. cleek

    cleek Thread Starter

    Joined:
    Oct 2, 2006
    Messages:
    59
    Sweetpacks; How to remove?
    I've been infected by the sweetpacks malware. I've downloaded Hijack This & ran a scan. Below are the results of the scan. Any help is greatly appreciated. I'm running Windows Home Premium.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 4:32:54 PM, on 4/7/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v10.0 (10.00.9200.16521)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Webroot\WRSA.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\snuvcdsm.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\program files\supreme savings\supreme savings-bg.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Cleek\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={4A37F94A-94CB-11E2-8319-001F16E2D39B}
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={4A37F94A-94CB-11E2-8319-001F16E2D39B}
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    R3 - URLSearchHook: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
    O2 - BHO: CrossriderApp0019962 - {11111111-1111-1111-1111-110111991162} - C:\Program Files\Supreme Savings\Supreme Savings.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Updater By SweetPacks Helper - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension32.dll
    O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll
    O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O4 - HKLM\..\Run: [SNUVCDSM] C:\Windows\snuvcdsm.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [Driver Pro] C:\Program Files\Driver Pro\DPLauncher.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
    O23 - Service: Updater By SweetPacks - Unknown owner - C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
    O23 - Service: WRSVC - Webroot - C:\Program Files\Webroot\WRSA.exe

    --
    End of file - 10964 bytes
    Report Quote Reply
     
  2. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,056
    Have you tried uninstalling SweetPacks?


    Please download AdwCleaner.

    • Double click the adwcleaner.exe to run the tool.
    • Click Delete.
    • When the scan is finished, a Notepad window will be opened.
    • Please post the contents here in your topic.
    • The log file will also be saved in C:\AdwCleaner[R1].txt.
     
  3. cleek

    cleek Thread Starter

    Joined:
    Oct 2, 2006
    Messages:
    59
    Thanks; I'll try that this evening & update results.
     
  4. cleek

    cleek Thread Starter

    Joined:
    Oct 2, 2006
    Messages:
    59
    Below are the AdwCleaner results

    # AdwCleaner v2.200 - Logfile created 04/09/2013 at 18:06:50
    # Updated 02/04/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
    # User : Cleek - CLEEK-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Cleek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4MEHEQZ6\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\adawaretb.xml
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    Folder Deleted : C:\Program Files\adawaretb
    Folder Deleted : C:\Program Files\DomaIQ Uninstaller
    Folder Deleted : C:\Program Files\Supreme Savings
    Folder Deleted : C:\Program Files\SweetIM
    Folder Deleted : C:\ProgramData\adawaretb
    Folder Deleted : C:\ProgramData\blekko toolbars
    Folder Deleted : C:\ProgramData\search protection
    Folder Deleted : C:\Users\Cleek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Folder Deleted : C:\Users\Cleek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihkeoookbpemkdccdccdmacnidhooohk
    Folder Deleted : C:\Users\Cleek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
    Folder Deleted : C:\Users\Cleek\AppData\Local\Supreme Savings
    Folder Deleted : C:\Users\Cleek\AppData\Local\Updater19962
    Folder Deleted : C:\Users\Cleek\AppData\LocalLow\adawaretb
    Folder Deleted : C:\Users\Cleek\AppData\LocalLow\SweetIM
    Folder Deleted : C:\Users\Cleek\AppData\Roaming\Mozilla\Firefox\Profiles\jvqj13i2.default\adawaretb
    Folder Deleted : C:\Users\Cleek\AppData\Roaming\Mozilla\Firefox\Profiles\jvqj13i2.default\Conduit
    Folder Deleted : C:\Users\Cleek\AppData\Roaming\Mozilla\Firefox\Profiles\jvqj13i2.default\jetpack

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\Cr_Installer
    Key Deleted : HKCU\Software\InstalledBrowserExtensions
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110111991162}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110111991162}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Key Deleted : HKCU\Software\Optimizer Pro
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110111991162}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019962.BHO
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019962.BHO.1
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019962.Sandbox
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019962.Sandbox.1
    Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
    Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
    Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
    Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
    Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111991162}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111991162}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110111991162}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111991162}
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
    Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16521

    [OK] Registry is clean.

    -\\ Mozilla Firefox v20.0 (en-US)

    File : C:\Users\Cleek\AppData\Roaming\Mozilla\Firefox\Profiles\jvqj13i2.default\prefs.js

    C:\Users\Cleek\AppData\Roaming\Mozilla\Firefox\Profiles\jvqj13i2.default\user.js ... Deleted !

    Deleted : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Deleted : user_pref("CT2438727.CTID", "CT2438727");
    Deleted : user_pref("CT2438727.CommunitiesChangesLastCheckTime", "0");
    Deleted : user_pref("CT2438727.CurrentServerDate", "24-7-2010");
    Deleted : user_pref("CT2438727.DialogsAlignMode", "LTR");
    Deleted : user_pref("CT2438727.FirstServerDate", "2-6-2010");
    Deleted : user_pref("CT2438727.FirstTime", true);
    Deleted : user_pref("CT2438727.FirstTimeFF3", true);
    Deleted : user_pref("CT2438727.GroupingInvalidateCache", false);
    Deleted : user_pref("CT2438727.GroupingLastCheckTime", "0");
    Deleted : user_pref("CT2438727.GroupingLastServerUpdateTime", "0");
    Deleted : user_pref("CT2438727.GroupingServerCheckInterval", 1440);
    Deleted : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Deleted : user_pref("CT2438727.Initialize", true);
    Deleted : user_pref("CT2438727.InitializeCommonPrefs", true);
    Deleted : user_pref("CT2438727.InstalledDate", "Tue Jun 01 2010 22:28:06 GMT-0500 (Central Daylight Time)");
    Deleted : user_pref("CT2438727.InvalidateCache", false);
    Deleted : user_pref("CT2438727.IsGrouping", false);
    Deleted : user_pref("CT2438727.IsMulticommunity", false);
    Deleted : user_pref("CT2438727.IsOpenThankYouPage", true);
    Deleted : user_pref("CT2438727.IsOpenUninstallPage", true);
    Deleted : user_pref("CT2438727.LanguagePackLastCheckTime", "Thu Jul 22 2010 20:49:52 GMT-0500 (Central Dayligh[...]
    Deleted : user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440);
    Deleted : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
    Deleted : user_pref("CT2438727.LastLogin_2.5.8.6", "Fri Jul 23 2010 19:19:56 GMT-0500 (Central Daylight Time)"[...]
    Deleted : user_pref("CT2438727.LatestVersion", "2.7.1.3");
    Deleted : user_pref("CT2438727.Locale", "en");
    Deleted : user_pref("CT2438727.LoginCache", 4);
    Deleted : user_pref("CT2438727.MCDetectTooltipHeight", "83");
    Deleted : user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
    Deleted : user_pref("CT2438727.MCDetectTooltipWidth", "295");
    Deleted : user_pref("CT2438727.RadioLastCheckTime", "0");
    Deleted : user_pref("CT2438727.RadioLastUpdateIPServer", "0");
    Deleted : user_pref("CT2438727.RadioLastUpdateServer", "0");
    Deleted : user_pref("CT2438727.SHRINK_TOOLBAR", 1);
    Deleted : user_pref("CT2438727.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
    Deleted : user_pref("CT2438727.SearchFromAddressBarIsInit", true);
    Deleted : user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
    Deleted : user_pref("CT2438727.SearchInNewTabEnabled", true);
    Deleted : user_pref("CT2438727.SearchInNewTabIntervalMM", 1440);
    Deleted : user_pref("CT2438727.SearchInNewTabLastCheckTime", "Fri Jul 23 2010 19:19:55 GMT-0500 (Central Dayli[...]
    Deleted : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
    Deleted : user_pref("CT2438727.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
    Deleted : user_pref("CT2438727.SettingsCheckIntervalMin", 120);
    Deleted : user_pref("CT2438727.SettingsLastCheckTime", "Fri Jul 23 2010 19:19:55 GMT-0500 (Central Daylight Ti[...]
    Deleted : user_pref("CT2438727.SettingsLastUpdate", "1278548974");
    Deleted : user_pref("CT2438727.ThirdPartyComponentsInterval", 504);
    Deleted : user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Wed Jul 14 2010 07:50:24 GMT-0500 (Central Day[...]
    Deleted : user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1278548974");
    Deleted : user_pref("CT2438727.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
    Deleted : user_pref("CT2438727.UserID", "UN25862078492520983");
    Deleted : user_pref("CT2438727.ValidationData_Search", 2);
    Deleted : user_pref("CT2438727.ValidationData_Toolbar", 2);
    Deleted : user_pref("CT2438727.alertChannelId", "832836");
    Deleted : user_pref("CT2438727.clientLogIsEnabled", true);
    Deleted : user_pref("CT2438727.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
    Deleted : user_pref("CT2438727.myStuffEnabled", true);
    Deleted : user_pref("CT2438727.myStuffPublihserMinWidth", 400);
    Deleted : user_pref("CT2438727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
    Deleted : user_pref("CT2438727.myStuffServiceIntervalMM", 1440);
    Deleted : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
    Deleted : user_pref("CT2438727.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
    Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
    Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2438727");
    Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2438727");
    Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
    Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jul 23 2010 20:47:00 GMT-0500 (Centr[...]
    Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
    Deleted : user_pref("CommunityToolbar.alert.locale", "en");
    Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
    Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jul 23 2010 19:19:55 GMT-0500 (Central D[...]
    Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1276093853");
    Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
    Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
    Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
    Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
    Deleted : user_pref("CommunityToolbar.alert.userId", "{e188f66e-a642-42ae-85ca-c5acea73885a}");
    Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...]
    Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

    -\\ Google Chrome v26.0.1410.43

    File : C:\Users\Cleek\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [16757 octets] - [09/04/2013 18:06:03]
    AdwCleaner[S1].txt - [16839 octets] - [09/04/2013 18:06:50]

    ########## EOF - C:\AdwCleaner[S1].txt - [16900 octets] ##########
     
  5. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,056
    Are you still having trouble with SweetPacks?
     
  6. cleek

    cleek Thread Starter

    Joined:
    Oct 2, 2006
    Messages:
    59
    It appears that SweetPacks is not hijacking my home pages anymore and IE seems to be working OK, but FireFox still has a problem. After opening and then opening a couple of tabs the program locks up, won't respond and needs to be shut down. Not sure if this was from SweetPacks, or another issue.
     
  7. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,056
  8. cleek

    cleek Thread Starter

    Joined:
    Oct 2, 2006
    Messages:
    59
    I disabled all but the problem still exists.
    Also, looks like SweetPacks is still affecting both FireFox and Chrome.
     
  9. cleek

    cleek Thread Starter

    Joined:
    Oct 2, 2006
    Messages:
    59
    Looks like SweetPacks is still in IE too. When I open a new tab, the tab is labeled "start.sweetpacks.com"
     
  10. cleek

    cleek Thread Starter

    Joined:
    Oct 2, 2006
    Messages:
    59
    Also, the address window has the following:

    http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={4A37F94A-94CB-11E2-8319-001F16E2D39B}
     
  11. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,056
    Malwarebytes' Anti-Malware will help you get rid of SweetPacks residues left by AdwCleaner.



    Download, install and run the free version of Malwarebytes' Anti-Malware.

    Click Update > Check for Updates.

    When the definition files have updated, click OK.

    Click the Scanner tab > Perform quick scan > Scan.

    If infections are found during the scan, the number of infections will be highlighted in red.

    When the scan is finished, click Show Results.

    Make sure that everything is selected, then click Remove Selected.

    If you're prompted to restart to finish the removal process, click Yes.

    Start Malwarebytes' Anti-Malware again.

    Click the Logs tab.

    Highlight the scan log entry, then click Open.

    When the scan log appears in Notepad, copy and paste it into your next reply.
     
  12. cleek

    cleek Thread Starter

    Joined:
    Oct 2, 2006
    Messages:
    59
    Hi,

    There were two logs, here's the first:

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.04.10.01

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 10.0.9200.16521
    Cleek :: CLEEK-PC [administrator]

    Protection: Enabled

    4/9/2013 9:20:02 PM
    mbam-log-2013-04-09 (21-20-02).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 217270
    Time elapsed: 9 minute(s), 24 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\Cleek\AppData\Local\Temp\DIQ\google-earth_109\software\SupremeSavings.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.

    (end)

    And here's the second:

    2013/04/09 21:18:51 -0500 CLEEK-PC Cleek MESSAGE Starting protection
    2013/04/09 21:18:51 -0500 CLEEK-PC Cleek MESSAGE Protection started successfully
    2013/04/09 21:18:51 -0500 CLEEK-PC Cleek MESSAGE Starting IP protection
    2013/04/09 21:19:19 -0500 CLEEK-PC Cleek MESSAGE IP Protection started successfully
    2013/04/09 21:19:28 -0500 CLEEK-PC Cleek MESSAGE Starting database refresh
    2013/04/09 21:19:28 -0500 CLEEK-PC Cleek MESSAGE Stopping IP protection
    2013/04/09 21:19:37 -0500 CLEEK-PC Cleek MESSAGE IP Protection stopped successfully
    2013/04/09 21:19:41 -0500 CLEEK-PC Cleek MESSAGE Database refreshed successfully
    2013/04/09 21:19:41 -0500 CLEEK-PC Cleek MESSAGE Starting IP protection
    2013/04/09 21:20:05 -0500 CLEEK-PC Cleek MESSAGE IP Protection started successfully
    2013/04/09 21:23:40 -0500 CLEEK-PC Cleek MESSAGE Executing scheduled update: Daily
    2013/04/09 21:23:42 -0500 CLEEK-PC Cleek MESSAGE Database already up-to-date
    2013/04/09 21:33:34 -0500 CLEEK-PC (null) MESSAGE Starting protection
    2013/04/09 21:33:34 -0500 CLEEK-PC (null) MESSAGE Protection started successfully
    2013/04/09 21:33:34 -0500 CLEEK-PC (null) MESSAGE Starting IP protection
    2013/04/09 21:34:16 -0500 CLEEK-PC Cleek MESSAGE IP Protection started successfully

    I will be shutting down until tomorrow; thanks for all the help, but looks like SweetPacks is still infecting this computer. FireFox looks clean (for the moment) but opening a new tab in IE brings me back to SweetPacks (as described above).

    Paul
     
  13. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,056
    Try running AdwCleaner another time.
     
  14. cleek

    cleek Thread Starter

    Joined:
    Oct 2, 2006
    Messages:
    59
    Ok, will do when I get back from work.
     
  15. cleek

    cleek Thread Starter

    Joined:
    Oct 2, 2006
    Messages:
    59
    Here's the latest AdwCleaner report

    # AdwCleaner v2.200 - Logfile created 04/10/2013 at 21:58:11
    # Updated 02/04/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
    # User : Cleek - CLEEK-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Cleek\Downloads\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Found : C:\Users\Cleek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Folder Found : C:\Users\Cleek\AppData\Roaming\Mozilla\Firefox\Profiles\jvqj13i2.default\adawaretb

    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16537

    [OK] Registry is clean.

    -\\ Mozilla Firefox v20.0 (en-US)

    File : C:\Users\Cleek\AppData\Roaming\Mozilla\Firefox\Profiles\jvqj13i2.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v26.0.1410.64

    File : C:\Users\Cleek\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [16757 octets] - [09/04/2013 18:06:03]
    AdwCleaner[R2].txt - [1092 octets] - [10/04/2013 21:58:11]
    AdwCleaner[S1].txt - [16970 octets] - [09/04/2013 18:06:50]

    ########## EOF - C:\AdwCleaner[R2].txt - [1213 octets] ##########
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1095645