Search Snacks and srshql Pop Up

Hi there,

I ran into two problems that may or may not be related to each other while trying to fix my parents' desktop.

First I noticed that in Google Chrome every time I clicked on a link a pop up opens that initially has an address containing the term srshql. The address quickly changes to the ad's real address. I uninstalled Chrome and checked the add-ins and extensions in Explorer and Firefox (yes they have all three programs for some reason). I noticed an add-in called "Search Snacks". It was also listed in the "Programs and Applications". I tried uninstalling it from that screen in the control panel but nothing happens.

I just updated Explorer and Firefox to the latest versions and the problem seems to have gone away with a few sites I visited since then but I know "Search Snacks" is still on my machine and I honestly don't know when it will start wrecking havoc again...most likely while I am no longer at my folks' place and I will be receiving distressed calls from my parents and trying to fix their machine over the phone. :banghead:

Thank you in advance!!
Jen




DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16592
Run by yxu at 17:52:31 on 2014-11-26
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3036.460 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: Norton Security Suite *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Norton Security Suite\Engine\21.6.0.32\N360.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton Security Suite\Engine\21.6.0.32\N360.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/?gws_rd=ssl
uWindow Title = Internet Explorer, optimized for Bing and MSN
mStart Page = about:blank
mSearch Page = hxxp://search.v9.com/web/?type=ds&ts=1404779914&from=irs&uid=SAMSUNGXHD322HJ_S1GXJ1KS102073102073X&i=psd&t=34550676a&q={searchTerms}
mDefault_Page_URL = about:blank
mDefault_Search_URL = hxxp://search.v9.com/web/?type=ds&ts=1404779914&from=irs&uid=SAMSUNGXHD322HJ_S1GXJ1KS102073102073X&i=psd&t=34550676a&q={searchTerms}
uURLSearchHooks: {D8278076-BC68-4484-9233-6E7F1628B56C} - <orphaned>
dURLSearchHooks: {D8278076-BC68-4484-9233-6E7F1628B56C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CSohuDetector Object: {452ADB5B-00BE-469D-A65F-3046146B2ED5} -
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\21.6.0.32\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\21.6.0.32\ips\ipsbho.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: SearchSnacks: {7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} -
BHO: {C9C42510-9B41-42c1-9DCD-7282A2D07C61}C - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\21.6.0.32\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\21.6.0.32\coieplg.dll
mRun: [fst_us_139] <no file>
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: ??????? - <no file>
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{E476B5FB-6EAA-489B-A454-393256BF1B61} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\suptab\search~1.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1 Spyware Info | Spyware Info
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\yxu\appdata\roaming\mozilla\firefox\profiles\y92f75em.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_239.dll
FF - ExtSQL: 2014-11-21 11:38; search-snacks@search-snacks.com; c:\program files\mozilla firefox\extensions\search-snacks@search-snacks.com
FF - ExtSQL: 2014-11-23 11:14; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_21.1.0.18\coFFPlgn
FF - ExtSQL: !HIDDEN! 2014-11-21 11:38; search-snacks@search-snacks.com; c:\program files\mozilla firefox\extensions\search-snacks@search-snacks.com
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-7-17 231800]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1506000.020\symds.sys [2014-9-30 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1506000.020\symefa.sys [2014-9-30 936152]
R1 BHDrvx86;BHDrvx86;c:\program files\norton security suite\nortondata\21.1.0.18\definitions\bashdefs\20141118.001\BHDrvx86.sys [2014-11-20 1138392]
R1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\n360\1506000.020\ccsetx86.sys [2014-9-30 127064]
R1 IDSVix86;IDSVix86;c:\program files\norton security suite\nortondata\21.1.0.18\definitions\ipsdefs\20141125.001\IDSvix86.sys [2014-11-25 479448]
R1 ssnfd;ssnfd;c:\windows\system32\drivers\ssnfd.sys [2014-8-21 52744]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1506000.020\ironx86.sys [2014-9-30 209624]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\1506000.020\symtdiv.sys [2014-9-30 384728]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2009-3-27 81920]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\21.6.0.32\n360.exe [2014-9-30 265040]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 95920]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2009-3-27 27648]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-9-9 111408]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-3-27 112128]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-8-22 288120]
S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-3-20 245760]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
S4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
.
=============== Created Last 30 ================
.
2014-11-26 22:40:30 -------- d--h--w- c:\windows\msdownld.tmp
2014-11-26 22:10:10 8941456 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6a20feab-3d32-4640-a7ea-6bbcab551f3d}\mpengine.dll
2014-11-25 14:56:13 8941456 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-11-23 16:10:06 -------- d-----w- c:\windows\pss
2014-11-21 14:50:30 908840 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{39a14f1e-a554-4395-8fe6-91bbb609847b}\gapaengine.dll
2014-11-19 13:21:29 499200 ----a-w- c:\windows\system32\kerberos.dll
2014-11-13 14:50:59 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-13 14:50:58 619520 ----a-w- c:\windows\system32\adtschema.dll
2014-11-13 14:50:56 449536 ----a-w- c:\windows\system32\termsrv.dll
2014-11-13 14:50:56 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-13 14:50:02 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-13 14:50:02 1249280 ----a-w- c:\windows\system32\msxml3.dll
2014-11-13 14:49:11 278528 ----a-w- c:\windows\system32\schannel.dll
2014-11-13 14:48:50 67072 ----a-w- c:\windows\system32\packager.dll
2014-11-13 14:44:55 729600 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-13 14:35:15 396800 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-13 14:35:15 316928 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-13 14:35:14 274432 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-13 14:35:14 170496 ----a-w- c:\windows\system32\EncDump.dll
2014-11-13 14:34:57 564224 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-13 14:23:15 2054656 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2014-11-26 17:42:31 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-26 17:42:30 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-10-30 11:24:45 229000 ------w- c:\windows\system32\MpSigStub.exe
2014-10-27 19:05:44 1810944 ----a-w- c:\windows\system32\jscript9.dll
2014-10-27 18:59:06 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-10-27 18:58:19 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-10-27 18:56:58 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-10-27 18:56:40 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-10-27 18:55:20 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-10-27 18:55:17 11776 ----a-w- c:\windows\system32\mshta.exe
2014-09-24 12:11:13 70144 ----a-w- c:\windows\system32\tasks.dll
2014-09-09 06:24:46 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-04 23:27:58 143360 ----a-w- c:\windows\system32\drivers\fastfat.sys
.
============= FINISH: 17:55:40.57 ===============

Attached Files

Attach.zip (3.1 KB)