Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How screwed am I?


  • This topic is locked This topic is locked
6 replies to this topic

#1 Russ1981

Russ1981

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 06 January 2015 - 06:03 AM

I ran a scan with ComboFix and apparently my computer was extremely infected, and I'm afraid important system files may have been quarantined. Can that even happen without my computer refusing to work? Are these safe to delete? Here's my log:

 

2015-01-05 10:01:42 . 2015-01-05 10:01:42              126 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233}.reg.dat
2015-01-05 10:01:42 . 2015-01-05 10:01:42              198 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-BHO-{95B7759C-8C7F-4BF1-B163-73684A933233}.reg.dat
2015-01-05 09:59:50 . 2015-01-05 09:59:50            5,048 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2015-01-05 09:55:58 . 2015-01-05 09:55:58               51 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2014-08-27 22:25:00 . 2014-08-27 22:24:52           12,016 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\067732982b391ad9.fb.vir
2014-08-25 20:43:01 . 2014-08-25 20:42:52           12,016 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\732e1eb598fe7917.fb.vir
2014-08-12 02:55:54 . 2014-08-12 02:55:44           12,016 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\b5a158c9ab0763fc.fb.vir
2014-06-22 22:04:54 . 2014-06-22 22:04:45           12,236 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\24a413506578f4af.fb.vir
2014-04-28 02:05:09 . 2014-04-28 02:05:02           11,886 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\829612ab545db038.fb.vir
2014-03-21 01:09:22 . 2014-03-21 01:09:15           11,886 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\510803ded1177762.fb.vir
2014-03-02 20:54:18 . 2014-03-02 20:53:42           11,886 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\107091c6a25a1e86.fb.vir
2014-01-08 17:32:17 . 2014-01-08 17:32:06           11,007 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\f074b4d59a7b4553.fb.vir
2013-12-09 02:05:40 . 2013-12-09 02:05:32           11,007 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\4a93d910f69ebfa9.fb.vir
2013-11-11 00:18:45 . 2013-11-11 00:18:29           10,988 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\31378d96a7a41c13.fb.vir
2013-10-02 02:47:26 . 2013-10-02 02:47:18           10,988 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\b21aaeb8db11ec78.fb.vir
2013-09-28 13:37:30 . 2013-09-28 13:37:21           10,988 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\42949815c0f28059.fb.vir
2013-08-17 09:55:24 . 2014-08-27 22:24:52              577 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\95f567698be8a182.fb.vir
2013-08-17 09:55:24 . 2014-08-27 22:24:52              636 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\26c630d098e22dd5.fb.vir
2013-08-17 09:55:23 . 2013-08-17 09:55:11           10,805 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\f4648086c6bc5959.fb.vir
2013-08-16 19:19:45 . 2013-08-16 19:19:50               85 ----a-w-  C:\Qoobox\Quarantine\C\Windows\wininit.ini.vir
2013-08-15 13:02:27 . 2013-08-15 13:02:21            9,992 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\33d99d88c7d6a0df.fb.vir
2013-08-13 22:46:01 . 2013-06-14 11:58:44           22,298 ----a-w-  C:\Qoobox\Quarantine\C\Users\Russ\AppData\Local\Slick Savings\coupons.crx.vir
2013-07-30 11:19:54 . 2013-07-30 11:19:47            9,992 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\e153748d92958e32.fb.vir
2013-07-24 22:35:42 . 2013-08-13 22:46:01              354 ----a-w-  C:\Qoobox\Quarantine\C\prefs.js.vir
2013-06-27 12:09:22 . 2013-06-27 12:09:14            9,913 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\dd99d470fd657bbc.fb.vir
2013-05-21 06:18:12 . 2013-08-15 13:02:21            1,652 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\5c54eb1a1655b076.fb.vir
2013-05-21 06:18:12 . 2013-05-21 06:18:04              627 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\c4e10d1be905349b.fb.vir
2013-05-21 06:18:12 . 2013-08-15 13:02:21              586 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\881b3593316772f0.fb.vir
2013-05-21 06:18:12 . 2013-08-15 13:02:21              663 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\7614bd6cfa99e546.fb.vir
2013-05-21 06:18:12 . 2013-08-15 13:02:21              668 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\691f14230153a9e1.fb.vir
2013-05-21 06:18:12 . 2013-08-15 13:02:21            1,071 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\613e8ce7ab7106af.fb.vir
2013-05-21 06:18:12 . 2013-08-15 13:02:21              661 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\49fbbc5a8678d502.fb.vir
2013-05-21 06:18:12 . 2013-08-15 13:02:21              366 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\f2cda51fd108941f.fb.vir
2013-05-21 06:18:12 . 2013-08-15 13:02:21              622 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\227113dfa1ca894d.fb.vir
2013-05-21 06:18:12 . 2013-08-15 13:02:21              628 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\77664b6ccc36be9f.fb.vir
2013-05-21 06:18:11 . 2013-08-15 13:02:21              577 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\98657d0579ae1930.fb.vir
2013-05-21 06:18:11 . 2013-08-15 13:02:21              636 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\6cb409d7ac73d9f1.fb.vir
2013-05-21 06:18:11 . 2013-08-15 13:02:21              365 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\f34d8db84131d925.fb.vir
2013-05-21 06:18:11 . 2013-08-15 13:02:21              627 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\d5c0f4e7bbe35bf3.fb.vir
2013-05-21 06:18:11 . 2013-08-15 13:02:21              567 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\633a76311867bd11.fb.vir
2013-05-21 06:18:11 . 2013-08-15 13:02:21            1,022 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\d9ca663388d21ec0.fb.vir
2013-05-21 06:18:11 . 2013-08-15 13:02:21            1,291 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\075884af680ff6dc.fb.vir
2013-05-21 06:18:11 . 2013-05-21 06:18:05           10,257 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\54e7fffc94e00735.fb.vir
2013-01-30 18:38:43 . 2014-08-27 22:24:52              639 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\590ba23ce359fd0c.fb.vir
2013-01-30 18:38:43 . 2014-08-27 22:24:52              630 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\272512937d9e61a4.fb.vir
2013-01-30 18:38:43 . 2014-08-27 22:24:52              398 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\6c59ac5e7e7a3ad0.fb.vir
2013-01-30 18:38:43 . 2014-08-27 22:24:52              627 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\651c5d3cdbfb8bd1.fb.vir
2013-01-30 18:38:43 . 2014-08-27 22:24:52            1,045 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\d201ef9910cd39de.fb.vir
2013-01-30 18:38:43 . 2014-08-27 22:24:52              586 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\c4d28dca2e7648be.fb.vir
2013-01-30 18:38:43 . 2014-08-27 22:24:52              663 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\c1fa887b03019701.fb.vir
2013-01-30 18:38:43 . 2014-08-27 22:24:52              668 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\6d03dad1035885d3.fb.vir
2013-01-30 18:38:42 . 2014-08-27 22:24:52            1,071 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\f998975c9cc711ee.fb.vir
2013-01-30 18:38:42 . 2014-08-27 22:24:52              661 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\32c84fe32bb74d60.fb.vir
2013-01-30 18:38:42 . 2014-08-27 22:24:52              366 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\ad10a52aff5e038d.fb.vir
2013-01-30 18:38:42 . 2014-08-27 22:24:52              622 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\287204568329e189.fb.vir
2013-01-30 18:38:42 . 2014-08-27 22:24:52              628 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\31a0997e9a5b5eb3.fb.vir
2013-01-30 18:38:42 . 2014-08-27 22:24:52              365 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\610289e025a3ee9a.fb.vir
2013-01-30 18:38:42 . 2014-08-27 22:24:52              627 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\d79b9dfe81484ec4.fb.vir
2013-01-30 18:38:42 . 2014-08-27 22:24:52              567 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\d2e94710a5708128.fb.vir
2013-01-30 18:38:42 . 2014-08-27 22:24:52            1,022 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\3917078cb68ec657.fb.vir
2013-01-30 18:38:42 . 2014-08-27 22:24:52            1,291 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\28bc8f716fd76a47.fb.vir
2013-01-30 18:38:42 . 2013-01-30 18:38:16           10,511 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\cache\dda3dcc7868e0b6c.fb.vir
 


BC AdBot (Login to Remove)

 


m

#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:47 AM

Posted 07 January 2015 - 05:13 PM

Hey my friend,
please post the full log. :)



Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Russ1981

Russ1981
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 07 January 2015 - 07:31 PM

The log from ComboFix isn't good enough? Those are the files I'm worried about.



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:47 AM

Posted 08 January 2015 - 10:52 AM

No, that's not the full log.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:47 AM

Posted 12 January 2015 - 10:12 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:47 AM

Posted 08 February 2015 - 06:39 AM

User returned.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,875 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:47 AM

Posted 12 February 2015 - 04:24 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users