Martymfla
Honorary Members-
Posts
22 -
Joined
-
Last visited
Reputation
0 NeutralRecent Profile Visitors
-
Firefox patch malwareware removal
Martymfla replied to Martymfla's topic in Resolved Malware Removal Logs
Do you think uninstalling Firefox, then doing a reinstall, would do anything? -
Firefox patch malwareware removal
Martymfla replied to Martymfla's topic in Resolved Malware Removal Logs
Yes -
Firefox patch malwareware removal
Martymfla replied to Martymfla's topic in Resolved Malware Removal Logs
Just was in firefox and the popup appeared again. :-/ -
Firefox patch malwareware removal
Martymfla replied to Martymfla's topic in Resolved Malware Removal Logs
It erased my IE "homepage" list but seems to be running ok now. Patch popup hasn't come back, but I will have to see if it comes back today sometime. It would only come up a couple times during the day, so I will give it a day and let you know. Ok? Thanks again. -
Firefox patch malwareware removal
Martymfla replied to Martymfla's topic in Resolved Malware Removal Logs
Program bombed (XP). Rebooted and re-ran and it did ok. Attached is the file created. Thank you. Fixlog.txt -
Firefox patch malwareware removal
Martymfla replied to Martymfla's topic in Resolved Malware Removal Logs
Here are the two files. Thanks Addition.txt FRST.txt -
I am running Malwarebytes Anti-Exploit Premium, but still got the popup malware Firefox-patch.js Are there instructions on how to get rid of this? Thanks
-
Continual blocking even when Browser is closed
Martymfla replied to Martymfla's topic in Resolved Malware Removal Logs
Yes. And thank you very much. -
Continual blocking even when Browser is closed
Martymfla replied to Martymfla's topic in Resolved Malware Removal Logs
Just a long ways away and many hours ahead of US. -
Continual blocking even when Browser is closed
Martymfla replied to Martymfla's topic in Resolved Malware Removal Logs
Thanks again. Are you really in Bulgaria? -
Continual blocking even when Browser is closed
Martymfla replied to Martymfla's topic in Resolved Malware Removal Logs
Thanks. I did it and now no more problems. Did you know what the problem was? Thanks again.! -
Continual blocking even when Browser is closed
Martymfla replied to Martymfla's topic in Resolved Malware Removal Logs
Do I have to re-enable Defogger? Are the CD Emulation drivers OK? Thanks. Were you able to determine exactly what the culprit was? -
Continual blocking even when Browser is closed
Martymfla replied to Martymfla's topic in Resolved Malware Removal Logs
Is it combo-fix or just combofix? I remember I had to rename it. Thanks -
Continual blocking even when Browser is closed
Martymfla replied to Martymfla's topic in Resolved Malware Removal Logs
No. No more continous popup blocking by Malwarebytes!! -
Continual blocking even when Browser is closed
Martymfla replied to Martymfla's topic in Resolved Malware Removal Logs
Some things were found: Virus scan Avira AntiVir Personal Report file date: Wednesday, May 19, 2010 13:32 Scanning for 2136678 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : DHS1D7F1 Version information: BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00 AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 17:37:38 AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04 LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04 LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03 VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 12:37:54 VBASE006.VDF : 7.10.6.83 2048 Bytes 4/15/2010 12:37:54 VBASE007.VDF : 7.10.6.84 2048 Bytes 4/15/2010 12:37:54 VBASE008.VDF : 7.10.6.85 2048 Bytes 4/15/2010 12:37:54 VBASE009.VDF : 7.10.6.86 2048 Bytes 4/15/2010 12:37:55 VBASE010.VDF : 7.10.6.87 2048 Bytes 4/15/2010 12:37:55 VBASE011.VDF : 7.10.6.88 2048 Bytes 4/15/2010 12:37:55 VBASE012.VDF : 7.10.6.89 2048 Bytes 4/15/2010 12:37:55 VBASE013.VDF : 7.10.6.90 2048 Bytes 4/15/2010 12:37:55 VBASE014.VDF : 7.10.6.123 126464 Bytes 4/19/2010 12:37:56 VBASE015.VDF : 7.10.6.152 123392 Bytes 4/21/2010 12:37:57 VBASE016.VDF : 7.10.6.178 122880 Bytes 4/22/2010 12:37:58 VBASE017.VDF : 7.10.6.206 120320 Bytes 4/26/2010 12:37:59 VBASE018.VDF : 7.10.6.232 99328 Bytes 4/28/2010 12:38:00 VBASE019.VDF : 7.10.7.2 155648 Bytes 4/30/2010 12:38:02 VBASE020.VDF : 7.10.7.26 119808 Bytes 5/4/2010 12:38:03 VBASE021.VDF : 7.10.7.51 118272 Bytes 5/6/2010 12:38:04 VBASE022.VDF : 7.10.7.75 404992 Bytes 5/10/2010 12:38:08 VBASE023.VDF : 7.10.7.100 125440 Bytes 5/13/2010 12:38:09 VBASE024.VDF : 7.10.7.119 177664 Bytes 5/17/2010 12:38:10 VBASE025.VDF : 7.10.7.120 2048 Bytes 5/17/2010 12:38:10 VBASE026.VDF : 7.10.7.121 2048 Bytes 5/17/2010 12:38:11 VBASE027.VDF : 7.10.7.122 2048 Bytes 5/17/2010 12:38:11 VBASE028.VDF : 7.10.7.123 2048 Bytes 5/17/2010 12:38:11 VBASE029.VDF : 7.10.7.124 2048 Bytes 5/17/2010 12:38:11 VBASE030.VDF : 7.10.7.125 2048 Bytes 5/17/2010 12:38:12 VBASE031.VDF : 7.10.7.135 123392 Bytes 5/19/2010 17:31:30 Engineversion : 8.2.1.242 AEVDF.DLL : 8.1.2.0 106868 Bytes 5/18/2010 12:38:32 AESCRIPT.DLL : 8.1.3.29 1343866 Bytes 5/18/2010 12:38:31 AESCN.DLL : 8.1.6.1 127347 Bytes 5/18/2010 12:38:29 AESBX.DLL : 8.1.3.1 254324 Bytes 5/18/2010 12:38:33 AERDL.DLL : 8.1.4.6 541043 Bytes 5/18/2010 12:38:28 AEPACK.DLL : 8.2.1.1 426358 Bytes 3/19/2010 17:34:51 AEOFFICE.DLL : 8.1.1.0 201081 Bytes 5/18/2010 12:38:27 AEHEUR.DLL : 8.1.1.27 2670967 Bytes 5/18/2010 12:38:26 AEHELP.DLL : 8.1.11.3 242039 Bytes 4/1/2010 21:05:25 AEGEN.DLL : 8.1.3.9 377203 Bytes 5/18/2010 12:38:18 AEEMU.DLL : 8.1.2.0 393588 Bytes 5/18/2010 12:38:16 AECORE.DLL : 8.1.15.3 192886 Bytes 5/18/2010 12:38:15 AEBB.DLL : 8.1.1.0 53618 Bytes 5/18/2010 12:38:14 AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38 AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 17:03:35 AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 21:47:40 AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 17:35:46 AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 17:39:51 AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 17:22:13 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 14:53:30 SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58 AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56 NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20 RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 19:14:29 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: Wednesday, May 19, 2010 13:32 Starting search for hidden objects. HKEY_USERS\S-1-5-21-460463297-704316826-2195380584-1005\Software\Microsoft\Office\12.0\Outlook\Catalog\c:\documents and settings\collections\local settings\application data\microsoft\outlook\outlook.pst [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\RNG\seed [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Search\Gather\Windows\SystemIndex\notificationlogcheckpoint [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\geyekrcofrtofb\main [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\geyekrcofrtofb\modules [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\geyekrcofrtofb\start [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\geyekrcofrtofb\type [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\geyekrcofrtofb\group [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\geyekrcofrtofb\group \systemroot\system32\drivers\geyekrjyxlioak.sys C:\WINDOWS\system32\drivers\geyekrjyxlioak.sys [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UACd.sys\modules [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UACd.sys\start [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UACd.sys\type [NOTE] The registry entry is invisible. \systemroot\system32\drivers\UACrfshxduptxvmlkbik.sys C:\WINDOWS\system32\drivers\UACrfshxduptxvmlkbik.sys [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NtmsSvc\Config\Standalone\drivelist [NOTE] The registry entry is invisible. The scan of running processes will be started Scan process 'rsmsink.exe' - '31' Module(s) have been scanned Scan process 'OUTLOOK.EXE' - '117' Module(s) have been scanned Scan process 'msdtc.exe' - '42' Module(s) have been scanned Scan process 'dllhost.exe' - '61' Module(s) have been scanned Scan process 'dllhost.exe' - '47' Module(s) have been scanned Scan process 'vssvc.exe' - '50' Module(s) have been scanned Scan process 'avscan.exe' - '72' Module(s) have been scanned Scan process 'avcenter.exe' - '63' Module(s) have been scanned Scan process 'mbam.exe' - '48' Module(s) have been scanned Scan process 'mbamgui.exe' - '26' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '57' Module(s) have been scanned Scan process 'ctfmon.exe' - '27' Module(s) have been scanned Scan process 'explorer.exe' - '135' Module(s) have been scanned Scan process 'alg.exe' - '35' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '57' Module(s) have been scanned Scan process 'sprtsvc.exe' - '60' Module(s) have been scanned Scan process 'McciCMService.exe' - '27' Module(s) have been scanned Scan process 'mbamservice.exe' - '41' Module(s) have been scanned Scan process 'avshadow.exe' - '26' Module(s) have been scanned Scan process 'hnm_svc.exe' - '57' Module(s) have been scanned Scan process 'avguard.exe' - '53' Module(s) have been scanned Scan process 'svchost.exe' - '36' Module(s) have been scanned Scan process 'sched.exe' - '48' Module(s) have been scanned Scan process 'spoolsv.exe' - '82' Module(s) have been scanned Scan process 'svchost.exe' - '41' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'svchost.exe' - '168' Module(s) have been scanned Scan process 'svchost.exe' - '41' Module(s) have been scanned Scan process 'svchost.exe' - '55' Module(s) have been scanned Scan process 'lsass.exe' - '65' Module(s) have been scanned Scan process 'services.exe' - '27' Module(s) have been scanned Scan process 'winlogon.exe' - '76' Module(s) have been scanned Scan process 'csrss.exe' - '14' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '1174' files ). Starting the file scan: Begin scan in 'C:\' C:\Program Files\BellSouth\HelpCenter\ATT_SST_Installer.exe [0] Archive type: NSIS --> ProgramFilesDir/MotiveClient.exe [WARNING] The file could not be written! C:\Qoobox\Quarantine\C\Documents and Settings\Collections\ATT_SST_Installer.exe.vir [0] Archive type: NSIS --> ProgramFilesDir/PreCheck.html [WARNING] The file could not be written! [WARNING] The file could not be written! C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ws2ifsl.sys.vir [DETECTION] Is the TR/Patched.Gen Trojan C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP517\A0061736.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP517\A0061758.sys [DETECTION] Is the TR/Patched.Gen Trojan C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP517\A0061811.exe [0] Archive type: NSIS --> ProgramFilesDir/PreCheck.html [WARNING] The file could not be written! [WARNING] The file could not be written! Beginning disinfection: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP517\A0061758.sys [DETECTION] Is the TR/Patched.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '470ce7bc.qua'. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP517\A0061736.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '5f9bc81c.qua'. C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ws2ifsl.sys.vir [DETECTION] Is the TR/Patched.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '0dc692b7.qua'. End of the scan: Wednesday, May 19, 2010 15:58 Used time: 2:25:48 Hour(s) The scan has been done completely. 11662 Scanned directories 290052 Files were scanned 3 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 3 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 290049 Files not concerned 4695 Archives were scanned 5 Warnings 3 Notes 494673 Objects were scanned with rootkit scan 15 Hidden objects were found Malware Found 1: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4117 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 5/19/2010 4:07:19 PM mbam-log-2010-05-19 (16-07-19).txt Scan type: Full scan (C:\|) Objects scanned: 283110 Time elapsed: 2 hour(s), 38 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP517\A0061736.exe (Trojan.Dropper) -> Quarantined and deleted successfully.