Jump to content

Need help with infection


Recommended Posts

Hello everyone.

I am new here so I am sorry if I have posted things incorrectly. My Laptop is infected with VBS/Genic Win32/zbot. I don't know what happened but I remember getting a lot of emails with very odd links.

I hve found a similar post here with the same problem: http://forums.malwarebytes.org/index.php?s...mp;#entry323877

And I am following Kahdah's instructions.

I have done the OTL scan. The OTL.txt results are here:

OTL logfile created on: 06/10/2010 18:45:32 - Run 1

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\HBHoque\Downloads

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 61.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 139.99 Gb Total Space | 32.05 Gb Free Space | 22.90% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: HBH

Current User Name: HBHoque

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\HBHoque\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)

PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)

PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)

PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)

PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation)

PRC - C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe (Motive Communications, Inc.)

PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)

PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)

PRC - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)

PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)

PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)

PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)

PRC - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)

PRC - C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

PRC - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()

========== Modules (SafeList) ==========

MOD - C:\Users\HBHoque\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found

SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)

SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)

SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (MSSQLSERVER) SQL Server (MSSQLSERVER) -- c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)

SRV - (SQLSERVERAGENT) SQL Server Agent (MSSQLSERVER) -- c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)

SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)

SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)

SRV - (MSSQLServerADHelper100) -- c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE (Microsoft Corporation)

SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)

SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)

SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)

SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)

SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)

SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)

SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)

SRV - (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE (Microsoft Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

SRV - (dsNcService) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)

SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)

SRV - (WMSvc) -- C:\Windows\System32\inetsrv\WMSvc.exe (Microsoft Corporation)

SRV - (IISADMIN) -- C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation)

SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)

SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)

SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)

SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)

SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)

SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)

SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)

SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)

SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)

SRV - (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)

SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)

SRV - (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)

SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)

SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)

SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation)

SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()

SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)

SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)

SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()

SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)

========== Driver Services (SafeList) ==========

DRV - (UIUSys) -- C:\Windows\System32\DRIVERS\UIUSYS.SYS File not found

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found

DRV - (Normandy) -- File not found

DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found

DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found

DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found

DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found

DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found

DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found

DRV - (RsFx0150) -- C:\Windows\System32\drivers\RsFx0150.sys (Microsoft Corporation)

DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation)

DRV - (dsNcAdpt) -- C:\Windows\System32\drivers\dsNcAdpt.sys (Juniper Networks)

DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)

DRV - (UMPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)

DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )

DRV - (NETw4v32) Intel

Link to post
Share on other sites

This has been pasted from the Extras.txt:

OTL Extras logfile created on: 06/10/2010 18:45:32 - Run 1

OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\HBHoque\Downloads

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 61.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 139.99 Gb Total Space | 32.05 Gb Free Space | 22.90% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: HBH

Current User Name: HBHoque

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

.txt [@ = XMLSpy.txt.2010] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02D86BB6-DB0A-45E6-854C-001A0E504419}" = rport=10244 | protocol=6 | dir=out | app=system |

"{140C9C6A-3210-4A2A-B74A-180138106899}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{19A5F2AB-4196-4738-809D-24496F8C792F}" = lport=2869 | protocol=6 | dir=in | app=system |

"{1AB2E830-EF5C-4F79-9EE9-42AE491999C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{27E90040-F864-4C79-8182-15961FD8BA13}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{2DFC67C3-AD33-41C6-A97B-38A0E44BA4E8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{359FAD79-7D7B-4159-B4AB-8C5762F319DA}" = rport=10244 | protocol=6 | dir=out | app=system |

"{4B2CB5AF-E73C-48BA-AE21-6EEEB2B89DF5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{5276E657-1A5A-4ADF-9851-97235BFBC2CE}" = lport=10244 | protocol=6 | dir=in | app=system |

"{5AD37E0C-7D9B-4177-A089-2272F03F3BE9}" = rport=10243 | protocol=6 | dir=out | app=system |

"{60837473-A1A4-451E-915D-A5D2B7A3CCF6}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |

"{674EF2A1-CA0A-4E03-8AD9-EEE971D13D3F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{6CA7C003-9F7C-4EAB-A710-02284E39E073}" = lport=10243 | protocol=6 | dir=in | app=system |

"{6CBF43C8-B762-4AD5-8A56-4EC538060C58}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{75A522D7-289D-4F97-99B9-52C8E1B49933}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{79297B79-576B-49B2-BC9F-8761105A1403}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{7DD34EC7-3EA7-4D6D-A1EA-215C3DF1878F}" = lport=10244 | protocol=6 | dir=in | app=system |

"{81957F42-FCAA-47EB-B565-3A9EAA67F82C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{89F91656-8495-46B9-AD08-7586B3A9BD8E}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |

"{8B8DF531-2163-4075-80F7-7768EC69CFB3}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{9D209D96-8588-423E-9B2F-4FAC433FD85E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{A35353CA-1E7D-44CE-9033-1763D56D6E7D}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{A8179A70-F1DD-4BE4-AA35-6EC09B291DF6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{A9B8272F-F7E7-4ECA-8021-AF5BF85640DA}" = lport=2799 | protocol=6 | dir=in | name=altova license metering port (tcp) |

"{AC093D9D-164A-41B1-9BC6-C1FBB01FFD50}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{C42224F4-A6A4-4FB1-867C-1716E26A925B}" = lport=3390 | protocol=6 | dir=in | app=system |

"{C45F214C-1963-457C-A28A-4160329F7A3B}" = lport=2799 | protocol=17 | dir=in | name=altova license metering port (udp) |

"{CB392826-48B8-439B-924F-3B2B548565D2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{CFE213B5-B78A-4874-AC97-525214BFB70C}" = lport=2869 | protocol=6 | dir=in | app=system |

"{DB32A3CC-5D04-4FA9-8029-18F42ADC58B7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{DDEACF91-3D85-4517-ACF0-BD12CCB0E29A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{E83B5E8D-390D-4C28-9371-1E361147D591}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{E9BD7C5D-716F-4378-A5BF-F3A2B0AAE776}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{EAD0947A-2E93-4093-BE46-BE5C7EEDE813}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{EF20F41C-161B-403C-B497-5B4A6A0785B1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{F13F781E-D78F-4AB0-9BE6-BA59A6544BC5}" = lport=3390 | protocol=6 | dir=in | app=system |

"{F7F3F005-55D5-44B4-A5AC-146D531C8266}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{14A215F3-7091-45A7-B950-246EF7AA9E15}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{2025DA51-6D75-4F59-AB2F-B46C5BEE49BA}" = protocol=6 | dir=in | app=c:\users\hasna begum hoque\appdata\messenger\yahoomessenger.exe |

"{21C4AAA7-FF65-437B-BB37-474813645C2A}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{21F98E0E-702E-4DC8-9A41-74AE1EDD1201}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |

"{257E3A68-E53E-4C7E-A63C-59BF65A8781B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{2BD26F2F-C15D-4597-82BB-DEEF0487571C}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |

"{2E01D158-F946-4E7F-B2E6-4CC611B1D700}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{2ED523DC-6E32-43BD-AA31-028300BF953B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{2FAE1EFC-A2B9-4955-8524-E32F21D84AB6}" = protocol=6 | dir=out | app=system |

"{321B7B79-0CA4-4B69-9A59-40C3CE83286C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{3B586266-AD09-4B5B-AF77-1E77AE85D2E9}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |

"{3E2A1EDC-2DD7-42BF-B640-E5F9E1A38B3C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{41F8141D-D254-431F-83AF-BC7264B53B64}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{439C780E-4221-4BCB-A2A8-0DB9203DC2EF}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |

"{4558788D-94AF-4FBA-88CC-7CAF3D01347A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{4CA0D617-49BC-482D-B0DC-FF6785F92FB6}" = protocol=17 | dir=in | app=c:\users\messenger\yahoomessenger.exe |

"{4D7BFEC2-8BBA-4E07-9869-431E31A6DE7D}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{623B5902-4DD8-4BBD-9680-622A26A58A4E}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{6282735C-EAB0-490B-A874-272E1D57AADE}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |

"{63CEB708-4863-4146-AF08-2DF581EDEB13}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{691E3708-36CD-4730-8C50-D4CEEB332CE0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{6EAB64B0-310D-4DCE-B55C-9B694E9E9648}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |

"{75791AD0-93A2-4AAA-A8E1-FE3D131FDE6B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{7B6444EC-8022-4F74-8EDC-F60492E04C09}" = protocol=6 | dir=in | app=c:\users\hbhoque\messenger\yahoomessenger.exe |

"{80C97C76-219B-43E3-B8BC-4C7C65B0DD61}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{860E5CF4-93B6-4C5E-991D-98D0850D655D}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |

"{89BA3EA9-3ECC-471C-AD69-DB1FCAFF08C4}" = protocol=17 | dir=in | app=c:\users\hbhoque\messenger\yahoomessenger.exe |

"{8F18C452-556C-4295-91E0-40AEA01C1F43}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{A13D44D0-68D6-48BA-B41D-BCA9F31ED87F}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |

"{A695C893-1D66-41FE-8BC4-1A44773A482D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{AA7ED198-51F3-48B7-8D14-86CB6569810B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |

"{ACEF21BC-4252-4103-9F85-0B326FE9D7D9}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{B1694D37-A4AE-45BA-A352-D82965C9EB26}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |

"{B72C196E-A8B1-49E6-9458-01B0171BD08D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{BCFE015A-9A08-4E9F-A5CB-D442F0A8F835}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{CBE5C2DC-8803-4551-B514-8E4617981608}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{D06B11AD-F290-4C84-B604-8A7DB874E1F0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{D1C3006C-E27A-4A4C-8094-C70105519D09}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |

"{D43C22AE-ACB1-4931-9489-DDD61801FBFA}" = protocol=6 | dir=in | app=c:\users\messenger\yahoomessenger.exe |

"{D5CBC0DB-6443-4D9F-B3A8-D165A082E0E6}" = protocol=17 | dir=in | app=c:\users\hasna begum hoque\appdata\messenger\yahoomessenger.exe |

"{E0FF5FAD-33D8-411B-9037-3BD95B8D974A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{E5E977AE-C4D6-43D2-A5C2-7F96BC4EF53B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{E9B42EB7-F434-4160-9EC4-E1329AC23C1E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{EBFCA662-9631-463E-BC95-299DA0A21C43}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |

"{EEB1C484-AF95-4830-8B72-2622C014599F}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |

"{F7D19579-8D6F-4765-BC90-77888437119E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{FC67ECF5-2677-415C-AAFF-5EAD7852F808}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"TCP Query User{2CCBE056-B788-436A-9F6D-C2D1D60A950A}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"TCP Query User{61F4FFA1-C5D6-462F-B9E8-61A39DBD9CD4}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |

"TCP Query User{6B05D0B4-40B2-48E0-8FD3-3D4785A67EC8}C:\program files\adobe\adobe flash cs3\flash.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe flash cs3\flash.exe |

"TCP Query User{77427027-45A8-4332-906D-7A9F1E65036D}C:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |

"TCP Query User{979B0684-42E5-44C5-B0A1-C000788447C9}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |

"TCP Query User{B4CEBC1D-26C0-47F2-BA21-52B020FCD633}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"TCP Query User{D7E1D73F-0A48-4AC1-B5E6-46929BA42770}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"TCP Query User{D93854AF-0959-49D4-B957-72410023F229}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{F4950427-2869-4A71-B983-3EE6CBA01CF7}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |

"TCP Query User{FC2BA80F-5BB6-4E54-9F23-0AFC169B8F52}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |

"UDP Query User{091EDF67-D295-4AD5-989F-736336081EF1}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |

"UDP Query User{0E3D587A-85AF-4474-A25A-1BD6A9F42CA3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{14DDA356-18A2-43FC-AFF6-872D6540975D}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"UDP Query User{4EE80C4E-B159-4B70-9E5F-1D26E00B7CBD}C:\program files\adobe\adobe flash cs3\flash.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe flash cs3\flash.exe |

"UDP Query User{53AEA94D-AD57-4804-A74A-0352E1A10EE1}C:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |

"UDP Query User{72E9600A-CEDB-4352-8F85-F3DD5996F71E}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"UDP Query User{7F2F7180-C633-4C6E-A08E-8DFB89D7DE07}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"UDP Query User{A438D572-F1CF-4CD2-947B-DA2B92FF6D3E}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |

"UDP Query User{B4678530-90F4-4E10-BE77-4B5A67C1193F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

"UDP Query User{D3271AFA-4319-4A94-9146-4699C2953A1E}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4

"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library

"{020617D7-2F72-4D02-BF59-A5CBC1761177}" = SQL Server 2008 R2 Management Studio

"{021AD585-5EEE-4B58-83BC-0AC86008EBC8}" = VAIO Media Registration Tool

"{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)

"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4

"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler

"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English

"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4

"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4

"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework

"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool

"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4

"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

"{121475F5-2598-4574-8801-8F6B3D6A99BB}" = SQL Server 2008 R2 Management Studio

"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher

"{15EFEBF6-E414-33EB-8710-A04AD1302BF8}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu

"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4

"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4

"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB

"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR

"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK

"{202FCDAA-E548-4E41-8AEA-A3CB0573FCCD}" = Absolute Beginner's Series VWD VB Lesson 14

"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0

"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs

"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en

"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting

"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1

"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java

Link to post
Share on other sites

Hi zbegum,

The security forum malware removal procedures everywhere are that You:

1. Follow the directions of the person helping You and do not deviate from that or run fixes on your own while the clean-up is in progress. Do not post in another persons's topic!!

2. Thanks for the OTL log - it is helpful BUT, I explicitly asked You to follow the instructions in the link I gave You, so please do that!!! I need to see your DDS, Gmer, and MBAM logs.

I need to see the log of the program that detected this threat!!

My Laptop is infected with VBS/Genic Win32/zbot. I don't know what happened but I remember getting a lot of emails with very odd links.

Please let me know if You are unable to run MBAM, as well.

Thanks!

Link to post
Share on other sites

I am so sorry Negster....but I really feel like crying...I think I may need to just clean my harddrive and reinstall Windows...will that get rid of every single thing?

Anyways, I have started following your instructions, while I'm doing that here is the RKU reoprt: (incase you need it)

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows Vista

Version 6.0.6001 (Service Pack 1)

Number of processors #2

==============================================

>Drivers

==============================================

0x8D000000 C:\Windows\system32\DRIVERS\igdkmd32.sys 6184960 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)

0x82234000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)

0x82234000 PnpManager 3903488 bytes

0x82234000 RAW 3903488 bytes

0x82234000 WMIxWDM 3903488 bytes

0x8CA00000 C:\Windows\system32\DRIVERS\NETw4v32.sys 2260992 bytes (Intel Corporation, Intel

Link to post
Share on other sites

I am so sorry Negster....but I really feel like crying...I think I may need to just clean my harddrive and reinstall Windows...will that get rid of every single thing?

Thanks for the RKU report and don't worry or panic! From what I can see thus far, most of the infection has already been cleaned up, and we can try to get rid of any remaining remnants!

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.