Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

Clicking on webpages opens up strange undesired pages

This is a discussion on Clicking on webpages opens up strange undesired pages within the Resolved HJT Threads forums, part of the Tech Support Forum category. For the last couple of weeks, every time I click on a link or any part of the page I'm


 
 
Thread Tools Search this Thread
Old 06-16-2013, 05:51 AM   #1
Registered Member
 
Join Date: May 2011
Posts: 83
OS: xp SP3



For the last couple of weeks, every time I click on a link or any part of the page I'm on for that matter, a strange new webpage window pops up. For example, if I am on amazon.com and I click on something, a new page pops up whose address is something like amazon.ievbz.com. Then 2 seconds later the address changes to some thing much more complicated. Then last time this happened it was some suspicious looking survey announcement.

Unfortunately the only workaround is to close the offending page, minimize the site I'm on, restore it and only then I can click on a desired link ... which is annoying.

I've run Malwarebytes and Avast, but to no avail. Is there a way to fix this? It may have come from the last software I downloaded, VLC Media Player, but I don't know

Any help would be greatly appreciated.

__________________
maxtot2 is offline  
Old 06-16-2013, 12:57 PM   #2
Security Team
Analyst
 
ryder's Avatar
 
Join Date: Sep 2012
Location: Southern Germany
Posts: 563
OS: Windows 7 SP1



Hello!

Please follow our First Steps and post your logfiles of DDS and GMER. Thank you!

Pleease also post logfiles from Avast and Malwarebytes, we really need those informiations too.

__________________


Mom's Old-Fashioned Robot Oil is made with 10% more love than the next leading brand!
ryder is offline  
Old 06-16-2013, 01:59 PM   #3
Registered Member
 
Join Date: May 2011
Posts: 83
OS: xp SP3



Where it says: Download DDS and save it to your desktop from here ,
and I click it takes me to a download page that says:
Fix My Registry Now
fix-registry.winzip.com
(Recommended) Free Download. Fixes The Windows Registry in 2 Minutes

Is this the right program? It says nothing about "DDS".
Thank you
__________________
maxtot2 is offline  
Old 06-16-2013, 02:11 PM   #4
Security Team
Analyst
 
ryder's Avatar
 
Join Date: Sep 2012
Location: Southern Germany
Posts: 563
OS: Windows 7 SP1



No it isnt. This seems to be already a redirect. Please try to download the correct program in the neighborhood if possible and transfer it to your computer by the use of a flash drive.
__________________


Mom's Old-Fashioned Robot Oil is made with 10% more love than the next leading brand!
ryder is offline  
Old 06-16-2013, 04:45 PM   #5
Registered Member
 
Join Date: May 2011
Posts: 83
OS: xp SP3



On bleepingcomputer.com I found ready for download "dds.com". Is this the same as dds.src or is it still not the right file?

Thanks
__________________
maxtot2 is offline  
Old 06-17-2013, 09:05 AM   #6
Security Team
Analyst
 
ryder's Avatar
 
Join Date: Sep 2012
Location: Southern Germany
Posts: 563
OS: Windows 7 SP1



Yes it is basically the same one.
__________________


Mom's Old-Fashioned Robot Oil is made with 10% more love than the next leading brand!
ryder is offline  
Old 06-18-2013, 07:59 AM   #7
Registered Member
 
Join Date: May 2011
Posts: 83
OS: xp SP3



Where do I find the logfiles for AVAST? Do I have to Enable debug logging?
Similarly, where do I find the logfiles for Malwarebytes?
__________________
maxtot2 is offline  
Old 06-19-2013, 09:11 AM   #8
Security Team
Analyst
 
ryder's Avatar
 
Join Date: Sep 2012
Location: Southern Germany
Posts: 563
OS: Windows 7 SP1



If you had them not enabled then you can't find anything later.
For MBAM: Open the application, switch to logfiles tab and find the one we need.
__________________


Mom's Old-Fashioned Robot Oil is made with 10% more love than the next leading brand!
ryder is offline  
Old 06-20-2013, 08:07 AM   #9
Registered Member
 
Join Date: May 2011
Posts: 83
OS: xp SP3



Ok here we go...


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by ***** at 19:51:41 on 2013-06-17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1443 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\Program Files\Zune\ZuneBusEnum.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\hott notes 4\hottnotes.exe
C:\Program Files\Check Point Software Technologies LTD\zonealarm\AbineSDK\IE\DNTPService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={0CD991F5-CE04-11E2-9AF6-001D7D296F31}
uURLSearchHooks: NetAssistant: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {EEE6C35D-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Zonealarm Helper Object: {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - c:\program files\check point software technologies ltd\zonealarm\1.8.11.6\bh\zonealarm.dll
BHO: Unit: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - c:\documents and settings\*****\local settings\application data\unitlayers\temp.dat
BHO: Updater By SweetPacks: {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - c:\program files\updater by sweetpacks\Extension32.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: NetAssistant: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
BHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} -
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - c:\program files\check point software technologies ltd\zonealarm\1.8.11.6\zonealarmTlbr.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:36
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{7F3D41CC-7C81-4242-AC9E-53E1ADA1417B} : DHCPNameServer = 192.168.2.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\*****\application data\mozilla\firefox\profiles\64epaoap.default\
FF - plugin: c:\documents and settings\*****\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-3 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-3 353688]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2013-1-29 527848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-3 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-3 44808]
R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\belkin\belkin usb print and storage center\BkBackupScheduler.exe [2011-5-31 152064]
R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\belkin\belkin usb print and storage center\Bkapcs.exe [2011-5-31 49152]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2012-11-22 27056]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2012-11-22 497320]
R2 Updater By SweetPacks;Updater By SweetPacks;c:\program files\updater by sweetpacks\ExtensionUpdaterService.exe [2013-6-5 188760]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2011-5-31 246936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-5-31 1691480]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-8-21 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-06-17 13:56:27 -------- d-----w- c:\documents and settings\*****\application data\hott notes 4
2013-06-17 13:56:15 -------- d-----w- c:\program files\hott notes 4
2013-06-17 13:49:06 -------- d-----w- c:\documents and settings\*****\Downloads
2013-06-17 11:27:06 -------- d-----w- C:\c0b8a8ab129dafe1b1
2013-06-05 17:26:18 -------- d-----w- c:\program files\VideoLAN
2013-06-05 17:24:40 -------- d-----w- c:\documents and settings\all users\application data\SweetIM
2013-06-05 17:20:52 -------- d-----w- c:\documents and settings\*****\local settings\application data\UnitLayers
2013-06-05 17:20:23 -------- d-----w- c:\program files\Updater By SweetPacks
2013-06-05 17:19:51 -------- d-----w- c:\program files\SweetIM
2013-06-05 17:19:28 -------- d-----w- c:\windows\system32\WNLT
2013-05-31 13:36:10 -------- d-----w- c:\documents and settings\*****\local settings\application data\DoNotTrackPlus
2013-05-31 13:29:18 -------- d-----w- c:\windows\Internet Logs
2013-05-31 13:27:46 -------- d-----w- c:\program files\Check Point Software Technologies LTD
.
==================== Find3M ====================
.
2013-05-07 22:30:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:30:05 43520 ------w- c:\windows\system32\licmgr10.dll
2013-05-07 22:30:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53:29 385024 ------w- c:\windows\system32\html.iec
2013-05-03 01:26:26 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:18 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-14 18:14:18 1072544 ----a-w- c:\windows\system32\nvdrsdb0.bin
2013-04-14 18:14:18 1 ----a-w- c:\windows\system32\nvdrssel.bin
2013-04-14 18:14:12 1072544 ----a-w- c:\windows\system32\nvdrsdb1.bin
2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 19:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 19:52:48.51 ===============


*
*
*


AVAST:
Full System Scan 6/19/2013 4:13:28 PM Result: no virus found

*

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.06.20.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jorge :: JORGE-51DDF1102 [administrator]
6/20/2013 8:20:15 AM
mbam-log-2013-06-20 (08-20-15).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 328019
Time elapsed: 32 minute(s), 50 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Attached Files
File Type: zip attach.zip (8.9 KB, 8 views)
__________________
maxtot2 is offline  
Old 06-22-2013, 03:44 AM   #10
Security Team
Analyst
 
ryder's Avatar
 
Join Date: Sep 2012
Location: Southern Germany
Posts: 563
OS: Windows 7 SP1



Hi maytot2,

I'm going to help you with your malware related problem. Please read the following carefully, since it will help both of us to finish the job as fast as possible :)

  • Sometimes I will give you several steps for you to process. Please handle them in the mentioned order and copy either the logfile that is created into your thread or report if the step went well or what happened. If you don't understand either one step or a part of it: Please ask. Usually the people who ask for help are no computer experts and we are very good in explaining of what to do. :)
  • It is very important for me that your system does not change fast. Don't install or remove programms, don't run scans you were not instructed to either by me or a team member of TechSupportForum.
  • Please follow my instructions until the end. Even if you think the symptoms went away, the infection might still be present. I will tell you explicit once we are finished and will add tips for you how you can avoid future infections with malware.
  • We expect you to answer within 48 hrs after my last answer. Please be sure to subscribe to your thread so the forum will send you an email if a new answer has been written. In the case I won't answer within two days after your last answer please notify me by sending me a private message.
  • At last please note that I am not a native speaker (my mother language is German). So please avoid any slang words or odd expressions, because I won't understand them. Thank you!


Good news: You only collected some adware and nothing really bad to see now.


Step 1:
Remove Adware with AdwCleaner

Please download AdwCleaner to your desktop.
  • Start AdwCleaner with a double click and click on delete.
  • Your computer will be restartet once and sometimes more often. That is quite normal.
  • After the reboot you will find a logfile open, it can be found also here C:\AdwCleaner[R1].txt (or higher number). Please paste your logfile here.



Step 2:
I see you have Zonealarm firewall installed. Usually you do not need an additional firewall than the Windows built-in one. I suggest to uninstall that since it only uses up resources. But this is your choice if you keep or uninstall it.


Step 3:
Please run DDS again for control and post me the new logfile.


Step 4:
Please report if you still have issues as descriped. If not .... we will go on.
__________________


Mom's Old-Fashioned Robot Oil is made with 10% more love than the next leading brand!
ryder is offline  
Old 06-22-2013, 07:50 AM   #11
Registered Member
 
Join Date: May 2011
Posts: 83
OS: xp SP3



Here..


# AdwCleaner v2.303 - Logfile created 06/22/2013 at 09:38:36
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Jorge - JORGE-51DDF1102
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Jorge\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
Deleted on reboot : C:\Program Files\Updater By SweetPacks
File Deleted : C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\64epaoap.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Deleted : C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\64epaoap.default\searchplugins\Conduit.xml
File Deleted : C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\64epaoap.default\searchplugins\SearchResults.xml
File Deleted : C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\64epaoap.default\searchplugins\SweetIm.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml
File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SweetIM
Folder Deleted : C:\Documents and Settings\All Users\Application Data\WeCareReminder
Folder Deleted : C:\Documents and Settings\Jorge\Application Data\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\64epaoap.default\ConduitCommon
Folder Deleted : C:\Documents and Settings\Jorge\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Jorge\Local Settings\Application Data\Conduit
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\Program Files\Freeze.com
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\WINDOWS\system32\WNLT
***** [Registry] *****
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\NetAssistant 3.8.3
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\NetAssistant 3.8.3
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\Software\Classes\Installer\Features\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : HKLM\Software\Classes\Installer\Products\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2645238
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2997301
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1E8FC16F-4C51-49C4-BC9B-4FC24BDDCEE7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Discount Buddy
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 0 MediaBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C792A75A-2A1F-4991-9B85-291745478A79}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EEE6C35D-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={0CD991F5-CE04-11E2-9AF6-001D7D296F31} --> hxxp://www.google.com
-\\ Mozilla Firefox v4.0.1 (en-US)
File : C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\64epaoap.default\prefs.js
C:\Documents and Settings\Jorge\Application Data\Mozilla\Firefox\Profiles\64epaoap.default\user.js ... Deleted !
[OK] File is clean.
-\\ Google Chrome v27.0.1453.116
File : C:\Documents and Settings\Jorge\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
Deleted [l.28] : search_url = "hxxp://dts.search-results.com/sr?src=crb&appid=0&systemid=421&q={searchTerms}",
Deleted [l.344] : homepage = "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={0CD991F5-CE04-1[...]
*************************
AdwCleaner[S1].txt - [18075 octets] - [22/06/2013 09:38:36]
########## EOF - C:\AdwCleaner[S1].txt - [18136 octets] ##########



Can I proceed with the next step, or does something else need to be done based on the log report? Thanks.
__________________
maxtot2 is offline  
Old 06-22-2013, 07:54 AM   #12
Security Team
Analyst
 
ryder's Avatar
 
Join Date: Sep 2012
Location: Southern Germany
Posts: 563
OS: Windows 7 SP1



No it is okay. It just shows that you had a lot of Adware and its gone now. :)
__________________


Mom's Old-Fashioned Robot Oil is made with 10% more love than the next leading brand!
ryder is offline  
Old 06-22-2013, 09:04 AM   #13
Registered Member
 
Join Date: May 2011
Posts: 83
OS: xp SP3



I've decided to keep Zonealarm for now...
__________________
maxtot2 is offline  
Old 06-22-2013, 09:13 AM   #14
Registered Member
 
Join Date: May 2011
Posts: 83
OS: xp SP3



DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Jorge at 11:07:39 on 2013-06-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1983.1375 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe
c:\Program Files\Zune\ZuneBusEnum.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Zonealarm Helper Object: {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - c:\program files\check point software technologies ltd\zonealarm\1.8.11.6\bh\zonealarm.dll
BHO: Unit: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - c:\documents and settings\jorge\local settings\application data\unitlayers\temp.dat
BHO: Updater By SweetPacks: {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} -
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - c:\program files\check point software technologies ltd\zonealarm\1.8.11.6\zonealarmTlbr.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [ISW] <no file>
uPolicies-Explorer: NoDriveTypeAutoRun = dword:36
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{7F3D41CC-7C81-4242-AC9E-53E1ADA1417B} : DHCPNameServer = 192.168.2.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jorge\application data\mozilla\firefox\profiles\64epaoap.default\
FF - plugin: c:\documents and settings\jorge\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-3 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-3 353688]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2013-1-29 527848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-3 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-3 44808]
R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\belkin\belkin usb print and storage center\BkBackupScheduler.exe [2011-5-31 152064]
R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\belkin\belkin usb print and storage center\Bkapcs.exe [2011-5-31 49152]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2012-11-22 27056]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2012-11-22 497320]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2011-5-31 246936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Updater By SweetPacks;Updater By SweetPacks;c:\program files\updater by sweetpacks\extensionupdaterservice.exe --> c:\program files\updater by sweetpacks\ExtensionUpdaterService.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-5-31 1691480]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-8-21 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-06-17 13:56:27 -------- d-----w- c:\documents and settings\jorge\application data\hott notes 4
2013-06-17 13:56:15 -------- d-----w- c:\program files\hott notes 4
2013-06-17 13:49:06 -------- d-----w- c:\documents and settings\jorge\Downloads
2013-06-05 17:26:18 -------- d-----w- c:\program files\VideoLAN
2013-06-05 17:20:52 -------- d-----w- c:\documents and settings\jorge\local settings\application data\UnitLayers
2013-05-31 13:36:10 -------- d-----w- c:\documents and settings\jorge\local settings\application data\DoNotTrackPlus
2013-05-31 13:29:18 -------- d-----w- c:\windows\Internet Logs
2013-05-31 13:27:46 -------- d-----w- c:\program files\Check Point Software Technologies LTD
.
==================== Find3M ====================
.
2013-05-07 22:30:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:30:05 43520 ------w- c:\windows\system32\licmgr10.dll
2013-05-07 22:30:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53:29 385024 ------w- c:\windows\system32\html.iec
2013-05-03 01:26:26 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:18 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-14 18:14:18 1072544 ----a-w- c:\windows\system32\nvdrsdb0.bin
2013-04-14 18:14:18 1 ----a-w- c:\windows\system32\nvdrssel.bin
2013-04-14 18:14:12 1072544 ----a-w- c:\windows\system32\nvdrsdb1.bin
2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 19:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 11:08:33.92 ===============
Attached Files
File Type: txt attach.txt (21.3 KB, 15 views)
__________________
maxtot2 is offline  
Old 06-22-2013, 09:18 AM   #15
Security Team
Analyst
 
ryder's Avatar
 
Join Date: Sep 2012
Location: Southern Germany
Posts: 563
OS: Windows 7 SP1



You did not report how things are now.
__________________


Mom's Old-Fashioned Robot Oil is made with 10% more love than the next leading brand!
ryder is offline  
Old 06-22-2013, 10:09 AM   #16
Registered Member
 
Join Date: May 2011
Posts: 83
OS: xp SP3



I tried all my favorite websites and everything was fine, but when I tried YouTube, the adware popped up once. So I tried YouTube several times more and nothing bad happened! It seems like the problem is almost comepletely gone!
__________________
maxtot2 is offline  
Old 06-22-2013, 10:17 AM   #17
Registered Member
 
Join Date: May 2011
Posts: 83
OS: xp SP3



Oh no! I was on www.myfitnesspal.com just now, and it happened once more. Maybe I got reinfected or something.
__________________
maxtot2 is offline  
Old 06-23-2013, 08:52 AM   #18
Security Team
Analyst
 
ryder's Avatar
 
Join Date: Sep 2012
Location: Southern Germany
Posts: 563
OS: Windows 7 SP1



Hi maxtot2

time for action now :)

Scan with Combofix

Warning: Combofix shall only be run under the assistance of a trained helper!

Please download the latest version of Combofix to your desktop: LINK
  • Deactivate your security software during the run of Combofix (Instructions)
  • Start Combofix by doubleclicking and follow the instructions on screen.
  • If you have Windows XP: Combofix will try to download and install the recovery console during the first run. Please allow that.
  • While Combofix is running: Please don't use your computer and don't click anywhere with your mouse.
  • After a successful scan Combofix will open a logfile. Please copy it here into your thread. You can find it later here: c:\combofix.txt
  • Reactivate your security software now.


NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
__________________


Mom's Old-Fashioned Robot Oil is made with 10% more love than the next leading brand!
ryder is offline  
Old 06-23-2013, 05:53 PM   #19
Registered Member
 
Join Date: May 2011
Posts: 83
OS: xp SP3



How do I shut down ZoneAlarm? There is no option to select "Shutdown Zone Alarm".
__________________
maxtot2 is offline  
Old 06-24-2013, 12:06 PM   #20
Security Team
Analyst
 
ryder's Avatar
 
Join Date: Sep 2012
Location: Southern Germany
Posts: 563
OS: Windows 7 SP1



It is only a firewall .... you do not need to shut it down.

__________________


Mom's Old-Fashioned Robot Oil is made with 10% more love than the next leading brand!
ryder is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Halpz! Left clicking opens new tabs O_O
Today, something weird started happening. Everytime that I left click anywhere on my firefox window, a new tab opens with a "Dummy test" advertisement. This means that when I try to close the tab with another left click, a new tab opens... and this is pretty much an endless process :P It looks...
halpzor Resolved HJT Threads 1 01-19-2013 06:11 PM
Listing Image not shown in Ebay Auction pages, Strange Browser Issue
hello experts, I am facing a strange problem when using ebay in Chrome/Firefox/IE or any other browser for that matter. The isssue is, when I try to look at any items listed by the ebay sellers, the images will not load at all. This happens only if I open the individual auction, if they are all...
jamesfrank Windows 7 Support, Windows Vista Support 7 12-26-2012 08:55 AM
Firefox Opens Strange Sites in New Tabs Without Input
When I'm browsing the internet with Firefox, strange sites (like yellowmoxie.com) will open in new tabs randomly. This happens without any input from me at all. I'm also having problems with Vista failing to boot when I start-up (requiring a few attempts) and Vista crashing usually once a day. ...
adamchurch Inactive Malware Help Topics 2 02-20-2011 06:11 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 03:08 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts