system
15
ComboFix
[*]Please open Notepad (Start → Run → type notepad in the Open field → OK) and copy and paste the text present inside the code box below:
ClearJavaCache::
DDS::
uStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={942B136B-CEF8-11E2-8BFA-C80AA987641E}
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={942B136B-CEF8-11E2-8BFA-C80AA987641E}
Firefox::
FF - ProfilePath - c:\users\Trish\AppData\Roaming\Mozilla\Firefox\Profiles\1ziu2w9m.default
FF - prefs.js: keyword.URL - hxxp://start.sweetpacks.com?src=6&barid={942B136B-CEF8-11E2-8BFA-C80AA987641E}&crg=3.5000006.10042&st=23&q=
FF - ExtSQL: 2013-06-06 15:31; {7D4F1959-3F72-49d5-8E59-F02F8AA6815D}; c:\program files\Updater By SweetPacks\Firefox
File::
c:\windows\system32\dmwu.exe
c:\program files\Updater By SweetPacks\Extension32.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
c:\users\Trish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\336854fbcf359e2983b299e0a624f777.exe
c:\users\Trish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe.Reader.exe
c:\users\Trish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d105f876dda75aef88398ebc60ebffda.exe
c:\users\Trish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\trz6E8B.tmp
c:\users\Trish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\trz7198.tmp
c:\users\Trish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\trz74E3.tmp
c:\users\Trish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\trzC159.tmp
c:\users\Trish\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\trzC1D7.tmp
c:\windows\SYSNATIVE\dmwu.exe
c:\program files\Updater By SweetPacks\Extension64.dll
Folder::
c:\program files\Updater By SweetPacks
c:\program files (x86)\SweetIM
DirLook::
c:\windows\SysWow64\jmdp
c:\windows\SysWow64\ARFC
c:\windows\SysWow64\WNLT
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node~\Browser Helper Objects{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node~\Browser Helper Objects{EEE6C35C-6118-11DC-9C72-001320C79847}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
“{EEE6C35B-6118-11DC-9C72-001320C79847}”=-
[-HKEY_CLASSES_ROOT\clsid{eee6c35b-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[-HKEY_CLASSES_ROOT\TypeLib{EEE6C35E-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[-HKEY_LOCAL_MACHINE~\Browser Helper Objects{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}]
Driver::
IBUpdaterService
[*]Save this as CFScript.txt and change the “Save as type” to “All Files” and place it on your desktop.
http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif
[*]Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause “unpredictable results”.
[*]Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
[*]ComboFix may request an update; please allow it.
[*]ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
[*]When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix’s window while it is running. That may cause it to stall.
Attach the new ComboFix log and let me know how your system is running now. 