Jump to content

Martymfla

Members
  • Posts

    22
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

1,291 profile views
  1. Do you think uninstalling Firefox, then doing a reinstall, would do anything?
  2. Just was in firefox and the popup appeared again. :-/
  3. It erased my IE "homepage" list but seems to be running ok now. Patch popup hasn't come back, but I will have to see if it comes back today sometime. It would only come up a couple times during the day, so I will give it a day and let you know. Ok? Thanks again.
  4. Program bombed (XP). Rebooted and re-ran and it did ok. Attached is the file created. Thank you. Fixlog.txt
  5. Here are the two files. Thanks Addition.txt FRST.txt
  6. I am running Malwarebytes Anti-Exploit Premium, but still got the popup malware Firefox-patch.js Are there instructions on how to get rid of this? Thanks
  7. Thanks. I did it and now no more problems. Did you know what the problem was? Thanks again.!
  8. Do I have to re-enable Defogger? Are the CD Emulation drivers OK? Thanks. Were you able to determine exactly what the culprit was?
  9. Is it combo-fix or just combofix? I remember I had to rename it. Thanks
  10. Some things were found: Virus scan Avira AntiVir Personal Report file date: Wednesday, May 19, 2010 13:32 Scanning for 2136678 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : DHS1D7F1 Version information: BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00 AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 17:37:38 AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04 LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04 LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03 VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 12:37:54 VBASE006.VDF : 7.10.6.83 2048 Bytes 4/15/2010 12:37:54 VBASE007.VDF : 7.10.6.84 2048 Bytes 4/15/2010 12:37:54 VBASE008.VDF : 7.10.6.85 2048 Bytes 4/15/2010 12:37:54 VBASE009.VDF : 7.10.6.86 2048 Bytes 4/15/2010 12:37:55 VBASE010.VDF : 7.10.6.87 2048 Bytes 4/15/2010 12:37:55 VBASE011.VDF : 7.10.6.88 2048 Bytes 4/15/2010 12:37:55 VBASE012.VDF : 7.10.6.89 2048 Bytes 4/15/2010 12:37:55 VBASE013.VDF : 7.10.6.90 2048 Bytes 4/15/2010 12:37:55 VBASE014.VDF : 7.10.6.123 126464 Bytes 4/19/2010 12:37:56 VBASE015.VDF : 7.10.6.152 123392 Bytes 4/21/2010 12:37:57 VBASE016.VDF : 7.10.6.178 122880 Bytes 4/22/2010 12:37:58 VBASE017.VDF : 7.10.6.206 120320 Bytes 4/26/2010 12:37:59 VBASE018.VDF : 7.10.6.232 99328 Bytes 4/28/2010 12:38:00 VBASE019.VDF : 7.10.7.2 155648 Bytes 4/30/2010 12:38:02 VBASE020.VDF : 7.10.7.26 119808 Bytes 5/4/2010 12:38:03 VBASE021.VDF : 7.10.7.51 118272 Bytes 5/6/2010 12:38:04 VBASE022.VDF : 7.10.7.75 404992 Bytes 5/10/2010 12:38:08 VBASE023.VDF : 7.10.7.100 125440 Bytes 5/13/2010 12:38:09 VBASE024.VDF : 7.10.7.119 177664 Bytes 5/17/2010 12:38:10 VBASE025.VDF : 7.10.7.120 2048 Bytes 5/17/2010 12:38:10 VBASE026.VDF : 7.10.7.121 2048 Bytes 5/17/2010 12:38:11 VBASE027.VDF : 7.10.7.122 2048 Bytes 5/17/2010 12:38:11 VBASE028.VDF : 7.10.7.123 2048 Bytes 5/17/2010 12:38:11 VBASE029.VDF : 7.10.7.124 2048 Bytes 5/17/2010 12:38:11 VBASE030.VDF : 7.10.7.125 2048 Bytes 5/17/2010 12:38:12 VBASE031.VDF : 7.10.7.135 123392 Bytes 5/19/2010 17:31:30 Engineversion : 8.2.1.242 AEVDF.DLL : 8.1.2.0 106868 Bytes 5/18/2010 12:38:32 AESCRIPT.DLL : 8.1.3.29 1343866 Bytes 5/18/2010 12:38:31 AESCN.DLL : 8.1.6.1 127347 Bytes 5/18/2010 12:38:29 AESBX.DLL : 8.1.3.1 254324 Bytes 5/18/2010 12:38:33 AERDL.DLL : 8.1.4.6 541043 Bytes 5/18/2010 12:38:28 AEPACK.DLL : 8.2.1.1 426358 Bytes 3/19/2010 17:34:51 AEOFFICE.DLL : 8.1.1.0 201081 Bytes 5/18/2010 12:38:27 AEHEUR.DLL : 8.1.1.27 2670967 Bytes 5/18/2010 12:38:26 AEHELP.DLL : 8.1.11.3 242039 Bytes 4/1/2010 21:05:25 AEGEN.DLL : 8.1.3.9 377203 Bytes 5/18/2010 12:38:18 AEEMU.DLL : 8.1.2.0 393588 Bytes 5/18/2010 12:38:16 AECORE.DLL : 8.1.15.3 192886 Bytes 5/18/2010 12:38:15 AEBB.DLL : 8.1.1.0 53618 Bytes 5/18/2010 12:38:14 AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38 AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 17:03:35 AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 21:47:40 AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 17:35:46 AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 17:39:51 AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 17:22:13 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 14:53:30 SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58 AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56 NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20 RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 19:14:29 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, Process scan........................: on Extended process scan...............: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: Wednesday, May 19, 2010 13:32 Starting search for hidden objects. HKEY_USERS\S-1-5-21-460463297-704316826-2195380584-1005\Software\Microsoft\Office\12.0\Outlook\Catalog\c:\documents and settings\collections\local settings\application data\microsoft\outlook\outlook.pst [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\RNG\seed [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Search\Gather\Windows\SystemIndex\notificationlogcheckpoint [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\geyekrcofrtofb\main [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\geyekrcofrtofb\modules [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\geyekrcofrtofb\start [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\geyekrcofrtofb\type [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\geyekrcofrtofb\group [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\geyekrcofrtofb\group \systemroot\system32\drivers\geyekrjyxlioak.sys C:\WINDOWS\system32\drivers\geyekrjyxlioak.sys [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UACd.sys\modules [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UACd.sys\start [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UACd.sys\type [NOTE] The registry entry is invisible. \systemroot\system32\drivers\UACrfshxduptxvmlkbik.sys C:\WINDOWS\system32\drivers\UACrfshxduptxvmlkbik.sys [NOTE] The registry entry is invisible. HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NtmsSvc\Config\Standalone\drivelist [NOTE] The registry entry is invisible. The scan of running processes will be started Scan process 'rsmsink.exe' - '31' Module(s) have been scanned Scan process 'OUTLOOK.EXE' - '117' Module(s) have been scanned Scan process 'msdtc.exe' - '42' Module(s) have been scanned Scan process 'dllhost.exe' - '61' Module(s) have been scanned Scan process 'dllhost.exe' - '47' Module(s) have been scanned Scan process 'vssvc.exe' - '50' Module(s) have been scanned Scan process 'avscan.exe' - '72' Module(s) have been scanned Scan process 'avcenter.exe' - '63' Module(s) have been scanned Scan process 'mbam.exe' - '48' Module(s) have been scanned Scan process 'mbamgui.exe' - '26' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '57' Module(s) have been scanned Scan process 'ctfmon.exe' - '27' Module(s) have been scanned Scan process 'explorer.exe' - '135' Module(s) have been scanned Scan process 'alg.exe' - '35' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '57' Module(s) have been scanned Scan process 'sprtsvc.exe' - '60' Module(s) have been scanned Scan process 'McciCMService.exe' - '27' Module(s) have been scanned Scan process 'mbamservice.exe' - '41' Module(s) have been scanned Scan process 'avshadow.exe' - '26' Module(s) have been scanned Scan process 'hnm_svc.exe' - '57' Module(s) have been scanned Scan process 'avguard.exe' - '53' Module(s) have been scanned Scan process 'svchost.exe' - '36' Module(s) have been scanned Scan process 'sched.exe' - '48' Module(s) have been scanned Scan process 'spoolsv.exe' - '82' Module(s) have been scanned Scan process 'svchost.exe' - '41' Module(s) have been scanned Scan process 'svchost.exe' - '34' Module(s) have been scanned Scan process 'svchost.exe' - '168' Module(s) have been scanned Scan process 'svchost.exe' - '41' Module(s) have been scanned Scan process 'svchost.exe' - '55' Module(s) have been scanned Scan process 'lsass.exe' - '65' Module(s) have been scanned Scan process 'services.exe' - '27' Module(s) have been scanned Scan process 'winlogon.exe' - '76' Module(s) have been scanned Scan process 'csrss.exe' - '14' Module(s) have been scanned Scan process 'smss.exe' - '2' Module(s) have been scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '1174' files ). Starting the file scan: Begin scan in 'C:\' C:\Program Files\BellSouth\HelpCenter\ATT_SST_Installer.exe [0] Archive type: NSIS --> ProgramFilesDir/MotiveClient.exe [WARNING] The file could not be written! C:\Qoobox\Quarantine\C\Documents and Settings\Collections\ATT_SST_Installer.exe.vir [0] Archive type: NSIS --> ProgramFilesDir/PreCheck.html [WARNING] The file could not be written! [WARNING] The file could not be written! C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ws2ifsl.sys.vir [DETECTION] Is the TR/Patched.Gen Trojan C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP517\A0061736.exe [DETECTION] Is the TR/Trash.Gen Trojan C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP517\A0061758.sys [DETECTION] Is the TR/Patched.Gen Trojan C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP517\A0061811.exe [0] Archive type: NSIS --> ProgramFilesDir/PreCheck.html [WARNING] The file could not be written! [WARNING] The file could not be written! Beginning disinfection: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP517\A0061758.sys [DETECTION] Is the TR/Patched.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '470ce7bc.qua'. C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP517\A0061736.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '5f9bc81c.qua'. C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ws2ifsl.sys.vir [DETECTION] Is the TR/Patched.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '0dc692b7.qua'. End of the scan: Wednesday, May 19, 2010 15:58 Used time: 2:25:48 Hour(s) The scan has been done completely. 11662 Scanned directories 290052 Files were scanned 3 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 3 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 290049 Files not concerned 4695 Archives were scanned 5 Warnings 3 Notes 494673 Objects were scanned with rootkit scan 15 Hidden objects were found Malware Found 1: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4117 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 5/19/2010 4:07:19 PM mbam-log-2010-05-19 (16-07-19).txt Scan type: Full scan (C:\|) Objects scanned: 283110 Time elapsed: 2 hour(s), 38 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP517\A0061736.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.