Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Virus won’t allow me to run MBAM and get on internet, also shut down m

Started by happy01 , Aug 25 2011 08:38 AM

Please log in to reply

#16
happy01

Posted 26 August 2011 - 02:45 PM

Member

Topic Starter
Member
54 posts

THe link works for me now.

I don't think I used autoruns correctly. I just ran it. I have to figure out how to use it to stop those processes.

Yes CF did delete george.exe, autoruns.exe. and antizeroacess.exe from the desktop.

I am using a IMB thinkpad

I am trying to connect wirelessly most the time. But I have tried with the Ethernet cable just recently and it still cannot acquire the network address.

I am now connected wirelessly on my other laptop, but the thinkpad will not connect.

I have an IBM THinkpas Type 2668 – E16 Product ID 2668e16 it is a T43

I have 2 particitions a C & D drive

For some reason I can’t get into the recovery counsel. It is just a black screen. I have done this process before on another computer, but not this one. I can’t get to C promt in the recovery counsel.

#17
RKinner

Posted 26 August 2011 - 03:01 PM

Malware Expert

Expert
24,625 posts

I'll talk to the designer about CF's strange behavior. If the link works for you now, please download the file and copy it and the latest version of combofix to the desktop. Call it paul.exe this time. Then drag the downloaded file over to paul.exe and let go. It should install the recovery console for you. Then see if you can get into the recovery console and do
map

To use Autoruns just run it and then go through the tabs until you find one of the files on the list being called and uncheck it. We want to keep the infected files from running until we find out for sure if they are infected. Most of them are stuff we can live without. The except is the intel wireless. I'll see if I can find a replacement for you.

#18
RKinner

Posted 26 August 2011 - 03:41 PM

Malware Expert

Expert
24,625 posts

The designer says something is very strange about your system. The files that it removed aren't on the desktop or at least they shouldn't be.

d:\documents and settings\Desktop\

is where the files were:

Your usual desktop would be:

d:\documents and settings\YourUserName\Desktop\

So either your username is invisible or something weird is going on.

I think we need to back away from Windows and scan it from the outside.

See if you can make an AVG Rescue CD per the instructions:

http://www.geekstogo...ost__p__1913777

Then use it to boot off of and scan your sick PC. See what it finds.

Ron

#19
happy01

Posted 26 August 2011 - 04:17 PM

Member

Topic Starter
Member
54 posts

I unchecked everything on autoruns then hit the close “x” button in the right corner. Then I ran autoruns again and nothing was checked this time. I named combofix paul.exe on the flash drive, copied it to the desktop, copied the windows link to the desktop, then dropped the link onto combofix (paul.exe) and it automatically ran. I agreed to the Combofix user agreement and it ran (I did all of this in safe mode)

I still can’t get into system recovery. It is just a black screen with a blinking curser in the upper left corner. I hit 1, enter, other keys and nothing happens. Just sits there.

Below is my latest log

ComboFix 11-08-27.01 - User 08/26/2011 17:39:33.8.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.790 [GMT -4:00]
Running from: d:\documents and settings\Desktop\paul.exe
Command switches used :: d:\documents and settings\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Trend Micro OfficeScan Enterprise Client Firewall *Enabled* {9EFC479D-082C-471E-BB2E-DB50CFB21926}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\documents and settings\Desktop\autoruns.exe
d:\documents and settings\Desktop\paul.exe
d:\documents and settings\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-26 to 2011-08-26 )))))))))))))))))))))))))))))))
.
.
2011-08-26 17:23 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-08-26 14:45 . 2011-08-26 14:45 -------- d-sh--w- d:\documents and settings\LocalService.NT AUTHORITY.000
2011-08-26 14:45 . 2011-08-26 14:45 -------- d-sh--w- d:\documents and settings\NetworkService.NT AUTHORITY.000
2011-08-26 14:43 . 2011-08-26 14:43 -------- d-----w- c:\windows\system32\wbem\Repository
2011-08-26 14:42 . 2011-08-26 14:42 -------- d-----w- d:\documents and settings\All Users\Application Data\Avira
2011-08-26 14:42 . 2011-08-26 14:42 -------- d-----w- c:\windows\system32\save$$updater
2011-08-26 14:42 . 2011-08-26 14:42 -------- d-----w- c:\windows\system32\(null)
2011-08-26 14:42 . 2011-08-26 14:42 -------- d-----w- c:\program files\Avira
2011-08-25 02:45 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-25 02:45 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-24 00:45 . 2011-08-24 00:45 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-24 00:45 . 2011-08-24 00:45 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-08-24 00:45 . 2011-08-24 00:45 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-08-24 00:45 . 2011-08-24 00:45 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-08-24 00:45 . 2011-08-24 00:45 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-08-24 00:45 . 2011-08-24 00:45 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-08-24 00:45 . 2011-08-24 00:45 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-08-24 00:45 . 2011-08-24 00:45 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-08-15 01:05 . 2011-08-15 01:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-11 01:31 . 2006-10-18 18:05 232448 ----a-w- c:\windows\system32\mp3fhg.acm
2011-08-11 01:31 . 2011-07-16 14:17 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-08-11 01:31 . 2011-06-24 14:44 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2011-08-11 01:31 . 2011-06-24 14:28 650752 ----a-w- c:\windows\system32\xvidcore.dll
2011-08-11 01:31 . 2010-11-03 18:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2011-08-11 01:31 . 2011-08-08 08:00 74752 ----a-w- c:\windows\system32\ff_vfw.dll
2011-08-11 00:54 . 2011-08-11 00:54 -------- d-----w- d:\documents and settings\User\Application Data\Media Player Classic
2011-08-11 00:50 . 2005-05-26 19:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2011-08-11 00:48 . 2011-08-11 00:48 -------- d-----w- c:\windows\Logs
2011-08-11 00:47 . 2011-08-11 00:47 -------- d-----w- c:\program files\Media Player Classic - Home Cinema
2011-08-10 18:49 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-10 18:49 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-09 03:20 . 2011-03-02 10:43 175616 ----a-w- c:\windows\system32\unrar.dll
2011-08-02 00:42 . 2011-08-02 00:42 -------- d-----w- d:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-21 04:00 . 2005-04-27 13:16 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS
2011-07-15 13:29 . 2005-06-28 01:12 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2005-06-28 01:12 10496 ------w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2005-06-27 22:24 139656 ------w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2005-06-28 01:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2005-06-28 01:12 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2005-06-28 01:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2005-06-28 01:11 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2005-06-28 01:12 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2005-06-28 01:12 1858944 ------w- c:\windows\system32\win32k.sys
2011-08-24 00:45 . 2011-08-24 00:45 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-26_17.39.59 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-25 14:53 . 2011-08-26 20:27 214452 c:\windows\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-02-14 512000]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2006-02-14 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\katrack.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0090404]
IME File REG_SZ MSTCICJA.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0080404]
IME File REG_SZ MSTCIPHA.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200412]
Ime File REG_SZ IMEKR70.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0100804]
IME File REG_SZ WINWB86.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0110804]
IME File REG_SZ WINWB98.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e00e0804]
IME File REG_SZ IMSC40A.IME
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200411]
Ime File REG_SZ IMJP9.IME
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Visual Studio\\COMMON\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\IBM\\Updater\\ucsmb.exe"=
"c:\\WINDOWS\\keyacc32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AirPort\\APAgent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\inetsrv\\inetinfo.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5353:UDP"= 5353:UDP:Bonjour
.
R3 TPM11;NSC Integrated Trusted Platform Module 1.1;c:\windows\system32\drivers\nsctpm11.sys [8/2/2005 6:00 PM 14336]
R4 TPDiskPM;TPDiskPM;c:\windows\system32\drivers\TPDiskPM.sys [6/27/2005 6:49 PM 14848]
R4 TPInput;TPInput;c:\windows\system32\drivers\TPInput.sys [6/27/2005 6:49 PM 6784]
S4 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
S4 smi2;smi2;c:\program files\SMI2\smi2.sys [8/2/2005 5:47 PM 3968]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Sacred Heart University
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.10.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - d:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\2x311ay5.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Notify-AutorunsDisabled - notifyf2.dll tphklock.dll WgaLogon.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-26 17:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.redbook]
"ImagePath"="\*"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(264)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\tphklock.dll
.
Completion time: 2011-08-26 17:56:31
ComboFix-quarantined-files.txt 2011-08-26 21:56
ComboFix2.txt 2011-08-26 19:15
ComboFix3.txt 2011-08-26 18:00
ComboFix4.txt 2011-08-26 17:45
.
Pre-Run: 18,785,759,232 bytes free
Post-Run: 18,750,025,728 bytes free
.
- - End Of File - - 04B955BF107527587E84F5D3DDD360F4

#20
happy01

Posted 26 August 2011 - 04:33 PM

Member

Topic Starter
Member
54 posts

I got the AVG rescue CD working, but it says the internet is unavailable, I don't have an ethernet cable here and won't have access to one until Monday. But will let you know how it goes.

#21
RKinner

Posted 26 August 2011 - 06:55 PM

Malware Expert

Expert
24,625 posts

With everything turned off you might have a chance with Avast.

Download and Save the free Avast installer.

http://www.avast.com...ivirus-download

Note the file size. Move it to the sick PC. Verify the file size doesn't suddenly shrink.
(I don't think you can uninstall Avira but if you can that would be good. Then Reboot )

Install Avast.
Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It should take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?

Ron

#22
happy01

Posted 26 August 2011 - 08:31 PM

Member

Topic Starter
Member
54 posts

I actually uninstalled Avira earlier today. I scanned the first drive with AVG and it found 36 viruses. I renamed them according to the instructions. I am scanning the 2nd partition now, there is another small partition to scan as well. Unfortunately, I am in New York, and a hurricane is hitting us tomorrow, so I will let you know how everything goes. I may not be able to respond until Monday. Thanks for all your help. I will post what happens in a day or two.

Thank you.

#23
RKinner

Posted 26 August 2011 - 08:52 PM

Malware Expert

Expert
24,625 posts

The news from the AVG scan is good. At least it sees the infection. I'd run it again and see if it finds any more.

I'm still concerned about your desktop not being a subfolder of your user name. Perhaps you should create a new login with admin powers and use that. Presumably CF will then stop removing files from the desktop.

I understand about hurricanes. I used to live in Melbourne Beach FL. Don't expect to have power by Monday. We usually lost it for a week to 10 days. Telephone service is funny. You will sometimes have it for 6 - 8 hours after a hurricane then it will go away as the batteries on the repeaters run out. Forget cell phones. Everyone will try to use them so you will never get a signal even if the tower doesn't fall down. Cable also will go out for up to 12 days. Satellite TV still works but you may have to repoint the dish (assuming you have power) so it's a good idea to make some marks on the mount to make it easier.

When you back on line - if it's been so long they have locked - you can just PM me and I will unlock it.

Ron

#24
happy01

Posted 26 August 2011 - 09:33 PM

Member

Topic Starter
Member
54 posts

I actually grew up in Vero Beach. Lived there and south florida for 28 years. Been through a few hurricanes. I am not too worried.

The 2nd scan finished and found more infections. I am scanning the smaller drive now. I renamed all the files. Should I find them and delete them?

I am going to try Avast with the new login and admin powers when this last scan is finished.

thanks

#25
RKinner

Posted 26 August 2011 - 10:33 PM

Malware Expert

Expert
24,625 posts

I think I would keep scanning with AVG until it came up clean. (I assume it is not just detecting the files that it found the first time and renamed is it?) I think we can have it delete the files. Then go to Avast.

My wife lived in Vero for 10 years. She want to know where you lived exactly. She was actually in Winter Beach out in the sticks on the river.

#26
happy01

Posted 26 August 2011 - 10:45 PM

Member

Topic Starter
Member
54 posts

I lived in a neighborhood called River Shores almost in Ft. Pierce. Just off US 1. I went to St. Helens and graduated from Vero Beach High School in 1996. I was a bit south of Winter Beach. What school did she go to?

Mike

#27
RKinner

Posted 26 August 2011 - 11:12 PM

Malware Expert

Expert
24,625 posts

She lived down there during her first marriage. Her ex is a lawyer down there. She went to Miami Central (class of 1964) so you wouldn't know her.

#28
happy01

Posted 28 August 2011 - 03:54 PM

Member

Topic Starter
Member
54 posts

I ran Avast. I don't see a log for it. I did it overnight, but before I went to bed, I saw that it said it had found at least 1 virus. I also ran the AVG disk until it said I didn't have any viruses left. I set up a new account called Happy. I still cannot connect to the internet. I am trying wirelessly and it cannot acquire the network address. I am connected on my other laptop wirelessly (don't have ethernet connection right now, but will have tomorrow or Tuesday to try.) Where should I go from here?

Thanks

#29
RKinner

Posted 28 August 2011 - 04:00 PM

Malware Expert

Expert
24,625 posts

Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. It's not something you can cut and paste but it should tell you if it found any viruses.

Could you get the file:
C:\Qoobox\ComboFix-quarantined-files.txt

and copy and paste it or attach it to your next reply? The CF designer tells me it probably deleted the infected files.

Ron

#30
happy01

Posted 28 August 2011 - 06:02 PM

Member

Topic Starter
Member
54 posts

I see in the Virus Chest a file called 297441164:vir:1936213486.exe located at C:\Qoobox\Quarantine\C\Windows.

The virus is called Win32:Patched-WQ [Trj]

Here is the file requested

2022-04-03 08:02:24 . 2011-08-25 02:33:57 25,600 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB51577$\2358753809\U\@80000000.vir
2022-04-02 06:30:50 . 2011-08-25 02:33:57 33,280 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB51577$\2358753809\U\@800000c0.vir
2022-04-02 06:30:45 . 2011-08-25 02:33:52 1,536 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB51577$\2358753809\U\@000000cf.vir
2022-03-29 03:32:16 . 2011-08-25 02:33:54 41,360 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB51577$\2358753809\U\@00000001.vir
2022-03-27 23:41:24 . 2011-08-25 02:33:52 2,048 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB51577$\2358753809\U\@000000cb.vir
2022-03-27 23:41:24 . 2011-08-25 02:33:55 27,648 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB51577$\2358753809\U\@800000cb.vir
2022-03-27 23:41:24 . 2011-08-25 02:33:55 27,648 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB51577$\2358753809\U\@800000cf.vir
2022-03-26 00:03:45 . 2011-08-25 02:33:52 2,560 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB51577$\2358753809\U\@000000c0.vir
2011-08-26 21:53:36 . 2011-08-26 21:53:36 6,914 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Notify-AutorunsDisabled.reg.dat
2011-08-26 21:51:47 . 2011-08-26 21:51:58 9,057,698 ----a-w- C:\Qoobox\Quarantine\D\av7.zip
2011-08-26 21:51:47 . 2011-08-26 21:16:24 4,608,744 ----a-w- C:\Qoobox\Quarantine\D\Documents and Settings\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe.vir
2011-08-26 21:51:47 . 2011-08-26 21:16:36 4,187,178 ----a-w- C:\Qoobox\Quarantine\D\Documents and Settings\Desktop\paul.exe.vir
2011-08-26 19:10:24 . 2011-08-26 19:10:28 4,575,016 ----a-w- C:\Qoobox\Quarantine\D\av6.zip
2011-08-26 19:10:24 . 2011-08-26 18:36:42 731,000 ----a-w- C:\Qoobox\Quarantine\D\Documents and Settings\Desktop\autoruns.exe.vir
2011-08-26 19:10:24 . 2011-08-26 18:45:24 4,184,273 ----a-w- C:\Qoobox\Quarantine\D\Documents and Settings\Desktop\george.exe.vir
2011-08-26 19:10:24 . 2011-08-26 18:35:44 167,864 ----a-w- C:\Qoobox\Quarantine\D\Documents and Settings\Desktop\antizeroaccess.exe.vir
2011-08-26 17:57:57 . 2011-08-26 17:57:57 4,180,128 ----a-w- C:\Qoobox\Quarantine\D\av5.zip
2011-08-26 17:44:10 . 2011-08-26 17:44:10 732 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Sun Download Manager 2.0 (web).reg.dat
2011-08-26 17:44:10 . 2011-08-26 17:44:10 1,888 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-SyncBack_is1.reg.dat
2011-08-26 17:39:55 . 2011-08-26 17:39:55 5,195,703 ----a-w- C:\Qoobox\Quarantine\D\av4.zip
2011-08-26 17:39:54 . 2011-08-25 14:20:36 446,464 ----a-w- C:\Qoobox\Quarantine\D\Documents and Settings\Desktop\TFC.exe.vir
2011-08-26 17:39:53 . 2011-08-25 14:08:36 580,096 ----a-w- C:\Qoobox\Quarantine\D\Documents and Settings\Desktop\OTL.exe.vir
2011-08-26 17:39:50 . 2011-08-26 17:40:28 4,184,273 ----a-w- C:\Qoobox\Quarantine\D\Documents and Settings\Desktop\ComboFix.exe.vir
2011-08-26 17:36:29 . 2011-08-26 17:36:29 222 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB51577$\_3210891230_.zip
2011-08-26 17:35:19 . 2011-08-26 17:35:19 410 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_8c97ba11.reg.dat
2011-08-26 17:35:12 . 2011-08-26 21:48:58 6,362 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-08-26 17:18:50 . 2011-08-26 21:37:19 969 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-08-26 14:45:03 . 2011-08-26 15:23:08 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\297441164.vir
2011-08-25 03:14:16 . 2011-08-26 17:17:17 43,408 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\c_74222.nl_.vir
2011-08-25 02:39:30 . 2011-08-26 15:26:21 2,540 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB51577$\2358753809\loader.tlb.vir
2011-08-25 02:33:57 . 2011-08-26 17:15:25 25,600 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\assembly\GAC_MSIL\desktop.ini.vir
2011-08-25 02:29:01 . 2011-08-25 03:14:19 2,048 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB51577$\2358753809\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}.vir
2011-08-25 02:29:01 . 2011-08-25 03:14:19 162,816 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB51577$\2358753809\L\iosaepys.vir
2009-11-12 21:33:00 . 2009-11-12 21:33:00 545,568 ----a-w- C:\Qoobox\Quarantine\C\Program Files\iPod\bin\iPodService.exe.vir
2009-08-27 01:10:55 . 2009-05-13 20:48:22 109,568 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Avira\AntiVir Desktop\sched.exe.vir
2009-07-09 16:22:18 . 2009-07-09 16:22:18 144,712 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe.vir
2008-12-12 15:17:38 . 2008-12-12 15:17:38 238,888 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Bonjour\mDNSResponder.exe.vir
2006-04-14 15:44:58 . 2006-04-14 15:44:58 544,768 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Intel\Wireless\Bin\S24EvMon.exe.vir
2006-04-14 15:43:02 . 2006-04-14 15:43:02 114,753 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Intel\Wireless\Bin\EvtEng.exe.vir
2006-04-14 15:42:26 . 2006-04-14 15:42:26 221,184 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Intel\Wireless\Bin\RegSrvc.exe.vir
2005-08-02 23:12:44 . 2005-08-02 23:12:44 81,920 ----a-w- C:\Qoobox\Quarantine\C\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe.vir
2005-08-02 23:02:20 . 2005-08-02 23:02:20 1,372,160 ----a-w- C:\Qoobox\Quarantine\C\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe.vir
2005-07-05 04:46:45 . 2005-06-07 01:26:22 40,960 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\TpKmpSVC.exe.vir
2005-07-05 04:46:06 . 2005-06-20 16:15:00 77,824 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\TPHDEXLG.EXE.vir
2005-06-28 01:13:00 . 2005-11-11 05:33:00 73,782 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ibmpmsvc.exe.vir
2005-06-28 01:12:57 . 2006-01-22 02:38:18 380,928 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Ati2evxx.exe.vir
2005-06-28 01:12:08 . 2008-04-13 19:21:00 162,816 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\netbt.sys.vir
2005-06-28 01:11:40 . 2004-08-04 15:00:00 43,408 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\c_74222.nls.vir
2005-06-27 22:54:21 . 2002-09-20 18:50:10 45,056 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Analog Devices\SoundMAX\SMAgent.exe.vir
2005-06-27 22:26:02 . 2009-08-06 23:24:06 53,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\wuauclt.exe.vir
2005-06-27 18:22:22 . 2008-04-13 18:40:27 57,600 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\redbook.sys.vir
2005-06-27 18:22:22 . 2008-04-13 18:40:27 57,600 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\redbook.sys.vir_
2003-03-19 09:55:54 . 2003-03-19 09:55:54 339,968 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE.vir
1998-06-24 04:00:00 . 1998-06-24 04:00:00 369,696 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\comct332.ocx.vir