Can't remove Sweetpacks toolbar in add/remove programs

[jr70895]

Did all suggestings by malware tips to remove sweetpacks and all seemed fine. However, under add/remove programs Internet Explorer Toolbar 4.9 by Sweetpacks is listed.
When I tried to uninstall it re-installed itself. It blcoks acces to tool/ie options so not able to reset internet explorer. Did a system restore and all is fine but it is still listed in the add/remove programs.

Also ran ccleaner, malwarebytes, spybot, wise registry cleaner, and nothing helps.

Thanks

 

[Fiery]

Hi and welcome to MalwareTips!

I'm Fiery and I would gladly assist you in removing the malware on your computer.

PLEASE NOTE: The first 3 posts of ALL new members require approval by mods/admins. Please be patient if you don't see your post immediately after submitting it.

Before we start:

• Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
• Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
• Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
• Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
• The absence of symptoms does not mean your PC is fully disinfected.
• If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
• Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>
Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
• Click delete
• Please post the content of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt

Download & SAVE to your Desktop RogueKiller or from here

• Quit all programs that you may have started.
• Please disconnect any USB or external drives from the computer before you run this scan!
• For Vista or Windows 7, right-click and select Run as Administrator to start
• Wait until Prescan has finished, then click on "Scan" button
• Wait until the Status box shows "Scan Finished"
• Click delete and wait until it saids deleting finished
• Click on "Report" and copy/paste the content of the Notepad into your next reply.
• The log should be found in RKreport[1].txt on your Desktop
  Exit/Close RogueKiller+

Please download Junkware Removal Tool to your desktop from here

• Turn off your antivirus software now to avoid potential conflicts
• Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
• The tool will open and start scanning your system
• Please be patient as this can take a while to complete depending on your system's specifications
• On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
• Post the contents of JRT.txt into your next reply

Download OTL by Old Timer from here and save it to your Desktop.

• Double click on OTL.exe to run it.
• Click the Scan All Users checkbox.
• Check the boxes beside LOP Check and Purity Check
• Click on Run Scan at the top left hand corner.
• When done, two Notepad files will open.
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
• Please attach the contents of these 2 Notepad files in your next reply.

If you don't know how to attach the files, please follow the instructions here: http://malwaretips.com/Thread-How-to-use-the-attachment-system?pid=16072#pid16072

 

[jr70895]

Computer has been taken over by Sweetpacks, have been trying to get rid of it. After many attempts with some success the computer seems to be running fine except there is an entry in add/removes programs:
Internet Explorer Toolbar 4.9 by Sweetpacks
I have attached the requested files
Thanks

Hi and welcome to MalwareTips!

I'm Fiery and I would gladly assist you in removing the malware on your computer.

PLEASE NOTE: The first 3 posts of ALL new members require approval by mods/admins. Please be patient if you don't see your post immediately after submitting it.

Before we start:

• Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
• Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
• Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
• Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
• The absence of symptoms does not mean your PC is fully disinfected.
• If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
• Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>
Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
• Click delete
• Please post the content of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt

Download & SAVE to your Desktop RogueKiller or from here

• Quit all programs that you may have started.
• Please disconnect any USB or external drives from the computer before you run this scan!
• For Vista or Windows 7, right-click and select Run as Administrator to start
• Wait until Prescan has finished, then click on "Scan" button
• Wait until the Status box shows "Scan Finished"
• Click delete and wait until it saids deleting finished
• Click on "Report" and copy/paste the content of the Notepad into your next reply.
• The log should be found in RKreport[1].txt on your Desktop
  Exit/Close RogueKiller+

Please download Junkware Removal Tool to your desktop from here

• Turn off your antivirus software now to avoid potential conflicts
• Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
• The tool will open and start scanning your system
• Please be patient as this can take a while to complete depending on your system's specifications
• On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
• Post the contents of JRT.txt into your next reply

Download OTL by Old Timer from here and save it to your Desktop.

• Double click on OTL.exe to run it.
• Click the Scan All Users checkbox.
• Check the boxes beside LOP Check and Purity Check
• Click on Run Scan at the top left hand corner.
• When done, two Notepad files will open.
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
• Please attach the contents of these 2 Notepad files in your next reply.

If you don't know how to attach the files, please follow the instructions here: http://malwaretips.com/Thread-How-to-use-the-attachment-system?pid=16072#pid16072

 

[Fiery]

Hi,

Open OTL. Under custom scan/fixes, copy and paste the following:

:OTL
SRV - File not found [Disabled | Stopped] -- -- (Zumie Search Service)

:Files
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]

Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.

Download Farbar Recovery Scan Tool from the below link:
<ul><li>For 32 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST.exe" rel="nofollow external"><>Farbar Recovery Scan Tool</></a> and save it to a USB/flash drive.
</li>

<li>Plug the flashdrive into the infected PC.</li>
<li>Transfer the file from your USB onto your Desktop and double-click it.</li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close the message.
<li>Please copy and paste FRST.txt in your next reply</li></li>
</ol>
</ul>

 

[jr70895]

The OTL scan below, would not allow me to attach. 2 other scans attached.
Thanks



All processes killed
========== OTL ==========
Service Zumie Search Service stopped successfully!
Service Zumie Search Service deleted successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\furball\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\furball\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 3315765 bytes
->Temporary Internet Files folder emptied: 398298 bytes
->FireFox cache emptied: 3212855 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes

User: All Users

User: Default

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: furball
->Temp folder emptied: 2130341 bytes
->Temporary Internet Files folder emptied: 5637827 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 11387608 bytes
->Flash cache emptied: 15509163 bytes

User: Guest
->Temp folder emptied: 6856 bytes
->Temporary Internet Files folder emptied: 1510446 bytes
->Flash cache emptied: 470 bytes

User: Jason
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 112245896 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33293 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 1028018 bytes
->Temporary Internet Files folder emptied: 65670 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 48724 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 511431538 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 680946028 bytes

Total Files Cleaned = 1,287.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07252013_042614

Files\Folders moved on Reboot...
C:\Documents and Settings\furball\Local Settings\Temp\JavaDeployReg.log moved successfully.
C:\Documents and Settings\furball\Local Settings\Temporary Internet Files\Content.IE5\K17I47KX\Thread-Can-t-remove-Sweetpacks-toolbar-in-add-remove-programs[1].htm moved successfully.
C:\Documents and Settings\furball\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Hi,

Open OTL. Under custom scan/fixes, copy and paste the following:

:OTL
SRV - File not found [Disabled | Stopped] -- -- (Zumie Search Service)

:Files
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]

Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.

Download Farbar Recovery Scan Tool from the below link:
<ul><li>For 32 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST.exe" rel="nofollow external"><>Farbar Recovery Scan Tool</></a> and save it to a USB/flash drive.
</li>

<li>Plug the flashdrive into the infected PC.</li>
<li>Transfer the file from your USB onto your Desktop and double-click it.</li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close the message.
<li>Please copy and paste FRST.txt in your next reply</li></li>
</ol>
</ul>

 

[jr70895]

The OTL scan below, would not allow me to attach. 2 other scans attached.
Thanks



All processes killed
========== OTL ==========
Service Zumie Search Service stopped successfully!
Service Zumie Search Service deleted successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\furball\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\furball\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 3315765 bytes
->Temporary Internet Files folder emptied: 398298 bytes
->FireFox cache emptied: 3212855 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes

User: All Users

User: Default

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: furball
->Temp folder emptied: 2130341 bytes
->Temporary Internet Files folder emptied: 5637827 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 11387608 bytes
->Flash cache emptied: 15509163 bytes

User: Guest
->Temp folder emptied: 6856 bytes
->Temporary Internet Files folder emptied: 1510446 bytes
->Flash cache emptied: 470 bytes

User: Jason
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 112245896 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33293 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 1028018 bytes
->Temporary Internet Files folder emptied: 65670 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 48724 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 511431538 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 680946028 bytes

Total Files Cleaned = 1,287.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07252013_042614

Files\Folders moved on Reboot...
C:\Documents and Settings\furball\Local Settings\Temp\JavaDeployReg.log moved successfully.
C:\Documents and Settings\furball\Local Settings\Temporary Internet Files\Content.IE5\K17I47KX\Thread-Can-t-remove-Sweetpacks-toolbar-in-add-remove-programs[1].htm moved successfully.
C:\Documents and Settings\furball\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Hi,

Open OTL. Under custom scan/fixes, copy and paste the following:

:OTL
SRV - File not found [Disabled | Stopped] -- -- (Zumie Search Service)

:Files
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]

Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.

Download Farbar Recovery Scan Tool from the below link:
<ul><li>For 32 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST.exe" rel="nofollow external"><>Farbar Recovery Scan Tool</></a> and save it to a USB/flash drive.
</li>

<li>Plug the flashdrive into the infected PC.</li>
<li>Transfer the file from your USB onto your Desktop and double-click it.</li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close the message.
<li>Please copy and paste FRST.txt in your next reply</li></li>
</ol>
</ul>

 

[jr70895]

Sorry if this appears as a double post but having problems attaching the OTL.

OTL posted here, 2 others attached
still noted in add/remove programs
Thanks

All processes killed
========== OTL ==========
Service Zumie Search Service stopped successfully!
Service Zumie Search Service deleted successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\furball\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\furball\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 3315765 bytes
->Temporary Internet Files folder emptied: 398298 bytes
->FireFox cache emptied: 3212855 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes

User: All Users

User: Default

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: furball
->Temp folder emptied: 2130341 bytes
->Temporary Internet Files folder emptied: 5637827 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 11387608 bytes
->Flash cache emptied: 15509163 bytes

User: Guest
->Temp folder emptied: 6856 bytes
->Temporary Internet Files folder emptied: 1510446 bytes
->Flash cache emptied: 470 bytes

User: Jason
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 112245896 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33293 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 1028018 bytes
->Temporary Internet Files folder emptied: 65670 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 48724 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 511431538 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 680946028 bytes

Total Files Cleaned = 1,287.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07252013_042614

Files\Folders moved on Reboot...
C:\Documents and Settings\furball\Local Settings\Temp\JavaDeployReg.log moved successfully.
C:\Documents and Settings\furball\Local Settings\Temporary Internet Files\Content.IE5\K17I47KX\Thread-Can-t-remove-Sweetpacks-toolbar-in-add-remove-programs[1].htm moved successfully.
C:\Documents and Settings\furball\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

The OTL scan below, would not allow me to attach. 2 other scans attached.
Thanks



All processes killed
========== OTL ==========
Service Zumie Search Service stopped successfully!
Service Zumie Search Service deleted successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\furball\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\furball\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 3315765 bytes
->Temporary Internet Files folder emptied: 398298 bytes
->FireFox cache emptied: 3212855 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes

User: All Users

User: Default

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: furball
->Temp folder emptied: 2130341 bytes
->Temporary Internet Files folder emptied: 5637827 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 11387608 bytes
->Flash cache emptied: 15509163 bytes

User: Guest
->Temp folder emptied: 6856 bytes
->Temporary Internet Files folder emptied: 1510446 bytes
->Flash cache emptied: 470 bytes

User: Jason
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 112245896 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33293 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 1028018 bytes
->Temporary Internet Files folder emptied: 65670 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 48724 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 511431538 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 680946028 bytes

Total Files Cleaned = 1,287.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07252013_042614

Files\Folders moved on Reboot...
C:\Documents and Settings\furball\Local Settings\Temp\JavaDeployReg.log moved successfully.
C:\Documents and Settings\furball\Local Settings\Temporary Internet Files\Content.IE5\K17I47KX\Thread-Can-t-remove-Sweetpacks-toolbar-in-add-remove-programs[1].htm moved successfully.
C:\Documents and Settings\furball\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Hi,

Open OTL. Under custom scan/fixes, copy and paste the following:

:OTL
SRV - File not found [Disabled | Stopped] -- -- (Zumie Search Service)

:Files
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]

Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.

Download Farbar Recovery Scan Tool from the below link:
<ul><li>For 32 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST.exe" rel="nofollow external"><>Farbar Recovery Scan Tool</></a> and save it to a USB/flash drive.
</li>

<li>Plug the flashdrive into the infected PC.</li>
<li>Transfer the file from your USB onto your Desktop and double-click it.</li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close the message.
<li>Please copy and paste FRST.txt in your next reply</li></li>
</ol>
</ul>

 

[Fiery]

Download Malwarebytes Anti-Rootkit from here to your Desktop

• Unzip the contents to a folder on your Desktop.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
• After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
• When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)

Please download ComboFix from one of these locations:

<a title="External link" href="http://download.bleepingcomputer.com/sUBs/ComboFix.exe" rel="external"><>Link 1</></a>
<a title="External link" href="http://www.infospyware.net/antimalware/combofix/" rel="external"><>Link 2</></a>
<ul>
<li>Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See <a title="External link" href="http://www.bleepingcomputer.com/forums/topic114351.html" rel="external">HERE</a> for help</li>
<li>Double click on Combo-Fix & follow the prompts.</li>
</ul>

When finished, ComboFix will produce a log.

<>Note:</>
1. Do not mouseclick combofix's window while it's running. That may cause it to stall!
2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

 

[Fiery]

Download Malwarebytes Anti-Rootkit from here to your Desktop

• Unzip the contents to a folder on your Desktop.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
• After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
• When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)

Please download ComboFix from one of these locations:

<a title="External link" href="http://download.bleepingcomputer.com/sUBs/ComboFix.exe" rel="external"><>Link 1</></a>
<a title="External link" href="http://www.infospyware.net/antimalware/combofix/" rel="external"><>Link 2</></a>

<>* IMPORTANT !!! Save ComboFix to your Desktop as ComboFix.exe</>
<ul>
<li>Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See <a title="External link" href="http://www.bleepingcomputer.com/forums/topic114351.html" rel="external">HERE</a> for help</li>
<li>Double click on Combo-Fix & follow the prompts.</li>
<li>As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's ly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.</li>
<li>Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.</li>
</ul>
**Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

<img src="http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif" alt="Posted Image" />
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

<img src="http://img.photobucket.com/albums/v706/ried7/whatnext.png" alt="Posted Image" />
Click on <>Yes</>, to continue scanning for malware.

When finished, ComboFix will produce a log.

<>Note:</>
1. Do not mouseclick combofix's window while it's running. That may cause it to stall!
2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

 

[jr70895]

The Malware bytes anti root kit came back clean with no log.
TheCombo Fix is attached,

Still listed in add/remove programs. Can't delete

 

[Fiery]

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:

:filefind
*sweet*

:folderfind
*sweet*

:Regfind
sweet

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt