Virus I think

knowledgepower1

I have done this Browntoa...no luck still

knowledgepower1

Saqib I'm doing this now...I have run Mbam alreadyyesterday

knowledgepower1

Saqib here it is....

========== FILES ==========
File move failed. c:\windows\SYSTEM32\DRIVERS\3c67c1f5.sys scheduled to be moved on reboot.
File move failed. c:\windows\SYSTEM32\DRIVERS\76275edc.sys scheduled to be moved on reboot.
File move failed. c:\windows\SYSTEM32\DRIVERS\78af9614.sys scheduled to be moved on reboot.
File move failed. c:\windows\SYSTEM32\DRIVERS\b316a6ed.sys scheduled to be moved on reboot.
File move failed. c:\windows\SYSTEM32\DRIVERS\d672bae.sys scheduled to be moved on reboot.
LoadLibrary failed for c:\windows\SYSTEM32\fefecbbaafcbb.dll
c:\windows\SYSTEM32\fefecbbaafcbb.dll NOT unregistered.
File move failed. c:\windows\SYSTEM32\fefecbbaafcbb.dll scheduled to be moved on reboot.
File/Folder c:\windows\system32\qoMeCroN.dll not found.
File/Folder c:\windows\system32\ccc.dll not found.
c:\windows\system32\72ba74fdc4a237f9f42cf1539bdffcb7.sys moved successfully.
File/Folder c:\windows\SYSTEM32\72ba74fdc4a237f9f42cf1539bdffcb7.sys not found.
File/Folder c:\windows\SYSTEM32\14cc20b99dcde2d8e0efa1ecdea62755.TMP not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\!!279205d3-301b-4610-a11a-278d86ad835f}\\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fefecbbaafcbb\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{AF0BE91A-D92D-44F5-9581-64F629762E5A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF0BE91A-D92D-44F5-9581-64F629762E5A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\System\controlset004\Services\3c67c1f5\\ not found.
Registry key HKEY_LOCAL_MACHINE\System\controlset004\Services\76275edc\\ not found.
Registry key HKEY_LOCAL_MACHINE\System\controlset004\Services\b316a6ed\\ not found.
Registry key HKEY_LOCAL_MACHINE\System\controlset004\Services\d672bae\\ not found.
========== SERVICES/DRIVERS ==========
Service 72ba74fdc4a237f9f42cf1539bdffcb7 stopped successfully.
Service 72ba74fdc4a237f9f42cf1539bdffcb7 deleted successfully.
Unable to stop service [emptytemp] .

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12212008_163529
Files moved on Reboot...
File c:\windows\SYSTEM32\DRIVERS\3c67c1f5.sys not found!
File c:\windows\SYSTEM32\DRIVERS\76275edc.sys not found!
File c:\windows\SYSTEM32\DRIVERS\78af9614.sys not found!
File c:\windows\SYSTEM32\DRIVERS\b316a6ed.sys not found!
File c:\windows\SYSTEM32\DRIVERS\d672bae.sys not found!
LoadLibrary failed for c:\windows\SYSTEM32\fefecbbaafcbb.dll
c:\windows\SYSTEM32\fefecbbaafcbb.dll NOT unregistered.
File move failed. c:\windows\SYSTEM32\fefecbbaafcbb.dll scheduled to be moved on reboot.

Marty_J

Can't you just back your stuff up and reinstall Windows?

I realise it's not exactly an elegant solution, but you've been trying for a week now and I can't help but think you would have been finished a week ago if you had just done that.

knowledgepower1

hello Marty,I thought it would be easy to just clean and go but as it is I have to go and buy an external hard drive(which I wasnt really planning for) and do the back up.
It so amazing to see how people go out of their ways to help[ people.
Big ups to Saqib and Browntoa!!!

Browntoa

I'm waiting as you are in the middle of something with Saqib

SaqibQ

Hi,

We're almost there...

1. Launch Malwarebytes' Anti-Malware

• Select the Update tab, and click on Check for Updates. Make sure Malwarebytes.org is the selected option under Update mirror.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\\Documents and Settings\\Username\\Application Data\\Malwarebytes\\Malwarebytes' Anti-Malware\\Logs\\mbam-log-date (time).txt

2. Run ComboFix using these instructions:

Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.

"%userprofile%\desktop\combofix.exe" /killall

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

3. Please post the following...

Malwarebtyes log
ComboFix log

Let me know if you can download HijackThis now.

knowledgepower1

ok I'm on it

knowledgepower1

I will do the combofix now

Malwarebytes' Anti-Malware 1.31
Database version: 1528
Windows 5.1.2600 Service Pack 2
12/21/2008 5:59:27 PM
mbam-log-2008-12-21 (17-59-27).txt
Scan type: Full Scan (A:\|C:\|D:\|E:\|)
Objects scanned: 96710
Time elapsed: 29 minute(s), 32 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 12
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\orb.ta (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\orb.ta.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\!!21eeb010-57f3-11dd-b116-dad055d89593} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\!!1b7f9329-aaf9-4e34-8ecf-c363fd3c60cf} (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{F2C083AD-8607-4F10-9B31-A2D9ABF57742}\RP185\A0048628.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F2C083AD-8607-4F10-9B31-A2D9ABF57742}\RP185\A0048635.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F2C083AD-8607-4F10-9B31-A2D9ABF57742}\RP185\A0048644.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F2C083AD-8607-4F10-9B31-A2D9ABF57742}\RP185\A0048645.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F2C083AD-8607-4F10-9B31-A2D9ABF57742}\RP185\A0048651.DLL (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F2C083AD-8607-4F10-9B31-A2D9ABF57742}\RP189\A0049854.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rs32net.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jkse73hedfdgf.dll.vir (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jmvtcofc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\porcqk.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\5f519e34.sys.vir (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\Tunde\Application Data\gadcom\gadcom.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.

Marty_J

knowledgepower1 wrote: »

hello Marty,I thought it would be easy to just clean and go but as it is I have to go and buy an external hard drive(which I wasnt really planning for) and do the back up.
It so amazing to see how people go out of their ways to help[ people.
Big ups to Saqib and Browntoa!!!

Well I hope all your hard work pays off...and big ups indeed!