PDA

View Full Version : Delta tool bar and SweetIM



timotb
2013-06-07, 04:25
Hopefully this is the right place to post this issue and I have complied with the complicated procedure as per the sticky request. My problem is that Spybot will not remove, but does identify Delta tool bar and SweetIM. I ran the program several times with updates. Thanks in advance for any suggestions to remove these bugs. Tim

Enclosed are the two files requested:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-06 21:14:54
-----------------------------
21:14:54.875 OS Version: Windows 5.1.2600 Service Pack 3
21:14:54.875 Number of processors: 2 586 0x209
21:14:54.890 ComputerName: BB UserName:
21:14:57.156 Initialze error C0000022 - driver not loaded
21:14:58.343 write error "aswCmnB.dll". The process cannot access the file because it is being used by another process.
21:15:11.234 Service scanning
21:15:24.937 Service MpKsl2fa38e69 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E1983DAB-25EC-4117-B985-AB953080DA67}\MpKsl2fa38e69.sys **LOCKED** 32
21:15:40.125 Modules scanning
21:15:40.125 Disk 0 trace - called modules:
21:15:40.125
21:15:40.125 Scan finished successfully
21:15:57.906 The log file has been saved successfully to "C:\ERDNT\aswMBR.txt"


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.21.2
Run by Administrator at 21:01:12 on 2013-06-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1519.468 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: COMODO Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Program Files\Soluto\soluto.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\FreeClip\FreeClip.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com
uSearch Bar = hxxp://www.bing.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={C04E4D25-CD8E-11E2-9BC4-0008A1036248}
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>
uURLSearchHooks: {09152f0b-739c-4dec-a245-1aa8a37594f1} - <orphaned>
mWinlogon: Userinit = c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: {09152f0b-739c-4dec-a245-1aa8a37594f1} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>
BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - c:\documents and settings\all users\application data\wecarereminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [A24802D8E0033B87C7A71FBB6D39DEF74469BA10._service_run] "c:\program files\google\chrome\application\chrome.exe" --type=service
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\3\printray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" -H
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\freeclip.lnk - c:\program files\freeclip\FreeClip.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1306869292421
DPF: {88D969C0-F192-11D4-A65F-0040963251E5} - file://c:\tempei4\ei40_\msxml4.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6F393746-6C71-428E-A299-273B9C51E705} : DHCPNameServer = 192.168.1.1
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs= c:\docume~1\alluse~1\applic~1\browse~1\261339~1.144\{c16c1~1\browse~1.dll c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\jvf7j1n6.default\
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\jvf7j1n6.default\extensions\{09152f0b-739c-4dec-a245-1aa8a37594f1}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\jvf7j1n6.default\extensions\{09152f0b-739c-4dec-a245-1aa8a37594f1}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\jvf7j1n6.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\jvf7j1n6.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extentions.y2layers.installId, eb619e31-7d46-464f-a876-2bd06755699e
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 78578ba70000000000000008a1036248
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15861
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.523:27:45
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=122471&tt=gc_
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 195296]
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2012-9-6 51144]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-10-7 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-10-7 32640]
R1 MpKsl2fa38e69;MpKsl2fa38e69;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e1983dab-25ec-4117-b985-ab953080da67}\MpKsl2fa38e69.sys [2013-6-6 29904]
R2 BrowserDefendert;BrowserDefendert;c:\documents and settings\all users\application data\browserdefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2013-6-4 2827728]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-10-7 1990464]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2012-9-6 604688]
R2 Updater By SweetPacks;Updater By SweetPacks;c:\program files\updater by sweetpacks\ExtensionUpdaterService.exe [2013-6-4 188760]
R3 cpuz135;cpuz135;\??\c:\windows\temp\cpuz135\cpuz135_x32.sys --> c:\windows\temp\cpuz135\cpuz135_x32.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;\??\c:\program files\checkpoint\zaforcefield\iswkl.sys --> c:\program files\checkpoint\zaforcefield\ISWKL.sys [?]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo geekbuddy\CLPSLS.exe [2011-11-23 1052472]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-6-6 40776]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
ShellExec: Acrobat.exe: print="c:\program files\adobe\acrobat 4.0\acrobat\Acrobat.exe"
ShellExec: Acrobat.exe: printto="c:\program files\adobe\acrobat 4.0\acrobat\Acrobat.exe"
.
=============== Created Last 30 ================
.
2100-02-08 20:03:54 53248 ----a-w- c:\program files\ACMonitor_X73.exe
2013-06-07 00:56:12 -------- d-----w- C:\ERDNT
2013-06-07 00:20:21 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e1983dab-25ec-4117-b985-ab953080da67}\MpKsl2fa38e69.sys
2013-06-06 21:24:40 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-06-06 18:11:08 7016152 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e1983dab-25ec-4117-b985-ab953080da67}\mpengine.dll
2013-06-05 17:39:35 7016152 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-06-05 03:25:47 -------- d-----w- c:\documents and settings\all users\application data\BrowserDefender
2013-06-05 03:23:10 33958 ----a-w- c:\documents and settings\all users\application data\uninstaller.exe
2013-06-05 03:22:59 -------- d-----w- c:\documents and settings\all users\application data\WeCareReminder
2013-06-05 03:21:27 -------- d-----w- c:\program files\Updater By SweetPacks
2013-06-05 03:20:12 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-06-05 03:20:12 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-06-05 03:20:12 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-05-29 15:20:55 262552 ----a-w- c:\program files\mozilla firefox\updated\browser\components\browsercomps.dll
2013-05-22 15:21:06 4325376 ----a-w- c:\documents and settings\all users\application data\ReadOnlyInstaller.msi
.
==================== Find3M ====================
.
2013-05-15 19:21:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 19:21:38 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-16 22:17:15 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17:14 43520 ------w- c:\windows\system32\licmgr10.dll
2013-04-16 22:17:14 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28:55 385024 ------w- c:\windows\system32\html.iec
2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 18:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-04 09:35:08 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-02 14:09:52 4550656 ----a-w- c:\windows\system32\GPhotos.scr
2001-05-08 20:36:42 114688 ----a-w- c:\program files\lxarscan.dll
.
============= FINISH: 21:07:30.10 ===============

timotb
2013-06-07, 07:11
One or both of these bugs will crash Adwcleaner and Malwarebytes Anti-Malware.

timotb
2013-06-16, 02:56
Never mind. I decided to format my hard disk and re-install windows. That will fix those bugs.