Jump to content

WOW ComboFix quarantined 20MB! HELP...or give up?


Recommended Posts

I've been in front of computer screen many many hours in the past few days and I am in a state of confusion now. Wife computer just showed 47MB quarantined....

2012-01-17 18:54:16 . 2012-01-17 18:54:16 2,182 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-{D31B16D3-CD08-49D8-996C-C356FE810848}.reg.dat

2012-01-17 18:54:03 . 2012-01-17 18:54:03 638 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-QuickTime Task.reg.dat

2012-01-17 18:54:02 . 2012-01-17 18:54:02 700 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-InstallIQUpdater.reg.dat

2012-01-17 18:54:02 . 2012-01-17 18:54:02 756 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-chromium.reg.dat

2012-01-17 18:54:02 . 2012-01-17 18:54:02 766 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Akamai NetSession Interface.reg.dat

2012-01-17 18:40:24 . 2012-01-17 18:40:24 13,692 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2012-01-17 18:34:02 . 2012-01-17 18:34:02 51 ----a-w- C:\Qoobox\Quarantine\catchme.log

2012-01-12 22:03:57 . 2008-08-01 22:44:50 10,730 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\hol_ball_crd_fh_4p_inside_a_lo_res.jpg.vir

2010-12-13 16:12:33 . 2010-12-13 16:12:33 1,454 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\setup.ini.vir

2010-12-13 16:12:32 . 2009-09-30 23:45:42 492,629 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\miniavi.avg.vir

2010-12-13 16:12:32 . 2010-01-19 23:43:47 142,495 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\microavi.avg.vir

2010-12-13 16:12:24 . 2009-07-26 01:28:34 6,061,540 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\avi7.avg.vir

2010-12-13 16:12:24 . 2010-10-12 05:31:28 431,944 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\setup.exe.vir

2010-12-13 16:12:24 . 2010-10-06 15:24:24 285,024 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\avgntdumpx.exe.vir

2010-12-13 16:12:24 . 2010-09-24 18:40:54 237,408 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\avgrunasx.exe.vir

2010-12-13 16:12:24 . 2010-10-21 00:40:42 3,156,320 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\avgmfapx.exe.vir

2010-12-13 16:12:24 . 2010-05-11 14:35:32 865,280 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\htmlayout.dll.vir

2010-12-13 16:12:24 . 2010-10-21 00:40:43 675,168 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\avgmfarx.dll.vir

2010-12-13 16:12:23 . 2010-10-21 03:56:29 62 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfavera.txt.vir

2010-12-13 16:12:23 . 2010-10-21 03:56:29 62 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfaverx.txt.vir

2010-12-13 16:12:23 . 2010-12-13 16:12:48 668 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfaconf.txt.vir

2010-12-13 16:12:23 . 2010-10-21 00:27:09 121,658 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfazt.lns.vir

2010-12-13 16:12:23 . 2010-10-21 00:27:09 125,928 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfaus.lns.vir

2010-12-13 16:12:23 . 2010-10-21 00:27:09 121,250 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfazh.lns.vir

2010-12-13 16:12:23 . 2010-10-21 00:27:09 138,023 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfasp.lns.vir

2010-12-13 16:12:23 . 2010-10-21 00:27:09 135,392 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfatr.lns.vir

2010-12-13 16:12:23 . 2010-10-21 00:27:09 181,616 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfaru.lns.vir

2010-12-13 16:12:23 . 2010-10-21 00:27:09 134,545 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfasc.lns.vir

2010-12-13 16:12:23 . 2010-10-21 00:27:09 138,909 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfask.lns.vir

2010-12-13 16:12:23 . 2010-10-21 00:27:09 137,417 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfapl.lns.vir

2010-12-13 16:12:23 . 2010-10-21 00:27:09 138,345 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfapt.lns.vir

2010-12-13 16:12:23 . 2010-10-21 00:27:09 135,659 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfanl.lns.vir

2010-12-13 16:12:23 . 2010-10-21 00:27:09 134,955 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfapb.lns.vir

2010-12-13 16:12:23 . 2010-10-21 00:27:09 130,818 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfams.lns.vir

2010-12-13 16:12:23 . 2010-10-21 00:27:09 142,352 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfako.lns.vir

2010-12-13 16:12:23 . 2010-10-21 00:27:09 154,630 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfajp.lns.vir

2010-12-13 16:12:23 . 2010-10-21 00:27:09 139,104 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfait.lns.vir

2010-12-13 16:12:23 . 2010-10-21 00:27:09 138,275 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfahu.lns.vir

2010-12-13 16:12:23 . 2010-10-21 00:27:09 129,351 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfaid.lns.vir

2010-12-13 16:12:23 . 2010-10-21 00:27:09 125,932 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfain.lns.vir

2010-12-13 16:12:23 . 2010-10-21 00:27:09 141,783 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfage.lns.vir

2010-12-13 16:12:23 . 2010-10-21 00:27:09 142,121 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfafr.lns.vir

2010-12-13 16:12:23 . 2010-10-21 00:27:09 130,169 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfada.lns.vir

2010-12-13 16:12:23 . 2010-10-21 00:27:09 138,735 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfaes.lns.vir

2010-12-13 16:12:23 . 2010-10-21 00:27:09 132,594 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\mfacz.lns.vir

2010-12-13 16:12:23 . 2010-09-14 07:48:20 22,462 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_zt.htm.vir

2010-12-13 16:12:23 . 2010-09-14 07:48:20 21,970 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_zh.htm.vir

2010-12-13 16:12:23 . 2010-09-13 06:34:34 26,118 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_us.htm.vir

2010-12-13 16:12:23 . 2010-09-14 07:48:20 32,355 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_tr.htm.vir

2010-12-13 16:12:23 . 2010-09-13 06:34:34 30,997 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_sp.htm.vir

2010-12-13 16:12:23 . 2010-09-13 06:34:34 37,302 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_sk.htm.vir

2010-12-13 16:12:23 . 2010-09-13 06:34:34 53,177 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_ru.htm.vir

2010-12-13 16:12:23 . 2010-09-13 06:34:34 27,604 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_sc.htm.vir

2010-12-13 16:12:23 . 2010-09-13 06:34:34 33,353 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_pt.htm.vir

2010-12-13 16:12:22 . 2010-09-13 06:34:34 31,512 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_pl.htm.vir

2010-12-13 16:12:22 . 2010-09-13 06:34:34 29,766 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_nl.htm.vir

2010-12-13 16:12:22 . 2010-09-13 06:34:34 33,146 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_pb.htm.vir

2010-12-13 16:12:22 . 2010-09-14 07:48:20 29,245 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_ms.htm.vir

2010-12-13 16:12:22 . 2010-09-14 07:48:20 32,601 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_jp.htm.vir

2010-12-13 16:12:22 . 2010-09-14 07:48:20 28,458 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_ko.htm.vir

2010-12-13 16:12:22 . 2010-09-13 06:34:34 31,500 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_it.htm.vir

2010-12-13 16:12:22 . 2010-09-13 06:34:34 26,118 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_in.htm.vir

2010-12-13 16:12:22 . 2010-09-14 07:48:20 29,375 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_id.htm.vir

2010-12-13 16:12:22 . 2010-09-13 06:34:34 42,572 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_hu.htm.vir

2010-12-13 16:12:22 . 2010-09-13 06:34:34 30,196 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_ge.htm.vir

2010-12-13 16:12:22 . 2010-09-13 06:34:34 34,309 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_fr.htm.vir

2010-12-13 16:12:22 . 2010-09-13 06:34:34 31,241 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_es.htm.vir

2010-12-13 16:12:22 . 2010-09-17 09:05:40 28,062 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_cz.htm.vir

2010-12-13 16:12:22 . 2010-09-13 06:34:34 29,994 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Temp\AVG\license_da.htm.vir

2006-10-19 03:47:22 . 2006-10-19 03:47:22 2,450,944 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET7B.tmp.vir

2006-10-19 03:47:20 . 2006-10-19 03:47:20 937,984 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET74.tmp.vir

2006-10-19 03:47:18 . 2006-10-19 03:47:18 757,248 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET6D.tmp.vir

2006-10-19 03:47:18 . 2006-10-19 03:47:18 222,208 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET6F.tmp.vir

2006-10-19 03:47:18 . 2006-10-19 03:47:18 37,376 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET86.tmp.vir

2006-10-19 03:47:16 . 2006-10-19 03:47:16 321,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET84.tmp.vir

2006-10-19 03:47:16 . 2006-10-19 03:47:16 175,616 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SET89.tmp.vir

From what I can tell it looks like "they" are using my computer to edit jpg files and WHOKNOWZ what else. Some kind of "shim engine" to work on a tablet with arabic & european form shape setting. GPO being edited remotely and remote request lines to upload NT AUTHORITY user profile into cach...but noted it would take long time..

the netmsg.dll strings has 4 "system not secure" messages then a help paragraph to go to the netlogon.log to get the 2 identities and ip. Also references the file location for netlogon.bak. Well the log was empty and I went to the registry to find the bak file and increase the log size parameters and I could not edit the registry even though I am logged in as Administrator...plus there was no bak entry in the registry or it had been deleted. I am posting from chromeboook and I do not want to hook up computer to internet. I need opinions on how to proceed.

Link to post
Share on other sites

  • 1 month later...
  • 2 weeks later...
  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.