Trojan:W32/Krap.B

View previous topic View next topic Go down

Trojan:W32/Krap.B

Post by erica2193 on 21st March 2010, 7:40 pm

How do I get rid of this virus??
I tried going into the processes and deleting it there, but if it's there - it isn't called the same thing.
I also tried malwarebytes but it says I don't have a virus - when my other antivirus software does!
Please help!

erica2193
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-03-21
OS OS : windows vista
Points Points : 24608
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan:W32/Krap.B

Post by chiaz on 21st March 2010, 8:30 pm

Hi erica2193,
Welcome.

A few things before we start....
1. Please Read All Instructions Carefully.
2. If you don't understand something, stop and ask! Don't keep going on.
3. Please do not run any other tools or scans whilst I am helping you.
4. If you have to go away for an extended period of time, let me know.
5. Please continue to respond until I give you the "All Clear".
(Just because you can't see a problem doesn't mean it isn't there)


First please download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

chiaz
Intermediate
Intermediate

Posts Posts : 126
Joined Joined : 2010-03-16
Gender Gender : Male
OS OS : Vista
Points Points : 26563
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan:W32/Krap.B

Post by erica2193 on 22nd March 2010, 10:08 pm

Hi again sorry I have not responded my Internet is not working on my computer right now I'm not sure why.. So if you have any recommendations about that so I can download that thing you mentioned!

erica2193
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-03-21
OS OS : windows vista
Points Points : 24608
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan:W32/Krap.B

Post by erica2193 on 23rd March 2010, 1:25 am

OTL logfile created on: 22/03/2010 7:19:00 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Erica\Documents
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 252.17 Gb Free Space | 88.98% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.11 Gb Free Space | 48.55% Space Free | Partition Type: NTFS
Drive E: | 6.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ERICA-PC
Current User Name: Erica
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/22 19:18:46 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Erica\Documents\OTL.exe
PRC - [2009/12/09 12:49:20 | 000,619,616 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\Anti-Virus\fssm32.exe
PRC - [2009/12/09 12:49:14 | 000,480,352 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32.exe
PRC - [2009/09/26 23:45:33 | 000,277,104 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2009/09/26 23:26:16 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/05/24 12:15:18 | 001,938,696 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2009/05/24 12:15:18 | 000,095,496 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2009/05/24 12:14:58 | 002,360,584 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/02 04:58:26 | 000,055,904 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe
PRC - [2009/03/02 04:57:44 | 000,162,456 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\common\FNRB32.exe
PRC - [2009/03/02 04:57:44 | 000,101,016 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\common\FIH32.exe
PRC - [2009/03/02 04:57:22 | 000,232,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\common\FSMB32.EXE
PRC - [2009/03/02 04:57:20 | 000,182,936 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\common\FSM32.EXE
PRC - [2009/03/02 04:57:20 | 000,117,400 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\common\FSMA32.EXE
PRC - [2009/03/02 04:57:16 | 000,125,592 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\common\FCH32.EXE
PRC - [2009/03/02 04:57:14 | 000,408,160 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\common\FAMEH32.EXE
PRC - [2009/03/02 04:56:06 | 000,604,768 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\FSGUI\fsguidll.exe
PRC - [2009/03/02 04:52:02 | 000,043,680 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\Anti-Virus\fsqh.exe
PRC - [2009/03/02 04:52:00 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe
PRC - [2009/03/02 04:51:48 | 000,349,280 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\Anti-Virus\fsav32.exe
PRC - [2009/03/02 04:49:38 | 000,490,080 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\F-Secure\FSAUA\program\fsaua.exe
PRC - [2009/02/04 20:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/01/09 12:49:08 | 000,405,639 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/12/02 21:41:54 | 003,882,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe


========== Modules (SafeList) ==========

MOD - [2010/03/22 19:18:46 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Erica\Documents\OTL.exe
MOD - [2009/04/10 23:28:20 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/24 19:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009/04/06 12:03:00 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)
SRV:64bit: - [2009/04/06 12:02:30 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/24 12:14:58 | 002,360,584 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/29 21:39:56 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009/03/02 04:58:26 | 000,055,904 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2009/03/02 04:57:44 | 000,162,456 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\F-Secure\Common\FNRB32.EXE -- (F-Secure Network Request Broker)
SRV - [2009/03/02 04:57:20 | 000,117,400 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/03/02 04:53:46 | 000,819,808 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\F-Secure\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2009/03/02 04:52:00 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2009/03/02 04:49:38 | 000,490,080 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\F-Secure\FSAUA\program\fsaua.exe -- (FSAUA)
SRV - [2006/11/02 07:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 00:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 00:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/05/25 06:51:00 | 000,207,872 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/04/06 13:32:08 | 010,276,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/04/06 13:27:30 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA013Ufd.sys -- (OA013Ufd)
DRV:64bit: - [2009/04/06 13:27:28 | 000,311,456 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA013Vid.sys -- (OA013Vid)
DRV:64bit: - [2009/04/06 12:47:28 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2009/04/06 12:25:22 | 000,069,120 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\rtstor64.sys -- (RTSTOR)
DRV:64bit: - [2009/04/06 12:18:52 | 000,225,328 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/04/06 12:03:18 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/03/02 04:53:40 | 000,092,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fsdfw.sys -- (FSFW)
DRV:64bit: - [2009/03/02 04:53:10 | 000,044,288 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fses.sys -- (FSES)
DRV:64bit: - [2009/02/22 06:56:54 | 001,148,416 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/12/30 20:00:22 | 000,172,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2008/09/24 19:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\facap.sys -- (FACAP)
DRV:64bit: - [2008/01/20 20:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2008/01/20 20:46:51 | 000,017,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2007/11/14 02:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2006/11/02 01:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV - [2009/12/09 12:49:35 | 000,162,912 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2009/03/02 04:56:32 | 000,057,600 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\F-Secure\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/03/02 04:52:12 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\F-Secure\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2009/03/02 04:52:12 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files (x86)\F-Secure\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2009/03/02 04:52:08 | 000,012,896 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2006/09/18 15:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 15:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe File not found
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; Trident\4.0; File not found
O4 - Startup: C:\Users\Erica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} [You must be registered and logged in to see this link.] (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.154.132.68 75.154.132.100
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8cbd058d-9de9-11de-b90f-0025644daae8}\Shell\AutoRun\command - "" = AcroRd32.exe fluidseal.pdf
O33 - MountPoints2\{8cbd058d-9de9-11de-b90f-0025644daae8}\Shell\open\command - "" = AcroRd32.exe fluidseal.pdf
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/22 19:18:44 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Erica\Documents\OTL.exe
[2010/03/21 03:29:58 | 000,000,000 | ---D | C] -- C:\Users\Erica\AppData\Roaming\Malwarebytes
[2010/03/21 03:29:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/03/21 03:29:51 | 000,022,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/03/21 03:29:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/03/21 03:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/03/18 21:46:07 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshhttp.dll
[2010/03/18 21:46:07 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshhttp.dll
[2010/03/18 21:46:02 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpapi.dll
[2010/03/18 21:46:01 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\httpapi.dll
[2010/03/16 00:03:06 | 000,000,000 | ---D | C] -- C:\Users\Erica\AppData\Local\{B0D8C0E3-60BE-4843-A6BF-AA5411F4B4FD}
[2010/02/24 19:07:52 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/02/24 19:07:52 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/02/24 19:07:40 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/02/24 19:07:40 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/02/24 19:07:39 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010/02/24 19:07:39 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010/02/24 19:07:37 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/02/24 19:07:37 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010/02/24 19:07:37 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/02/24 19:07:37 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/02/24 19:07:37 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/02/24 19:07:36 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/02/24 19:07:36 | 000,460,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2010/02/24 19:07:36 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/02/24 19:07:36 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/02/24 19:07:36 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdrm.dll
[2010/02/24 19:07:36 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/02/24 19:07:36 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010/02/24 19:07:36 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/02/24 19:07:36 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/02/24 19:07:00 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2010/02/24 19:07:00 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2010/02/24 19:06:59 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010/02/24 19:06:59 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/02/24 19:06:58 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/02/24 19:06:58 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/22 19:19:36 | 002,097,152 | -HS- | M] () -- C:\Users\Erica\NTUSER.DAT
[2010/03/22 19:18:46 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Erica\Documents\OTL.exe
[2010/03/22 19:10:47 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/22 19:10:47 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/22 19:10:40 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6A9A6BCE-96B9-46FF-BDBD-161AE4EFFF9C}.job
[2010/03/22 19:07:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/22 15:10:53 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job
[2010/03/21 03:44:50 | 000,700,604 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/21 03:44:50 | 000,606,524 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/21 03:44:50 | 000,108,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/21 03:39:42 | 000,000,434 | ---- | M] () -- C:\Windows\tasks\MalwareRemovalBot System Startup.job
[2010/03/21 03:39:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/21 03:39:17 | 4257,599,488 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/21 03:38:38 | 000,524,288 | -HS- | M] () -- C:\Users\Erica\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/03/21 03:38:38 | 000,065,536 | -HS- | M] () -- C:\Users\Erica\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010/03/21 03:38:37 | 000,000,000 | -H-- | M] () -- C:\Users\Erica\AppData\Local\IconCache.db
[2010/03/21 03:29:56 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/21 03:14:04 | 000,000,120 | ---- | M] () -- C:\Users\Erica\AppData\Local\Lzuhet.dat
[2010/03/21 00:08:56 | 000,000,000 | ---- | M] () -- C:\Users\Erica\AppData\Local\Lyivohapuv.bin
[2010/03/18 21:47:21 | 000,000,240 | ---- | M] () -- C:\Windows\win.ini
[2010/03/15 23:59:25 | 000,000,020 | ---- | M] () -- C:\Users\Erica\AppData\Roaming\zeovbl.dat
[2010/03/14 14:28:45 | 000,000,146 | ---- | M] () -- C:\Users\Erica\webct_upload_applet.properties
[2010/03/01 11:03:14 | 000,071,064 | ---- | M] () -- C:\Users\Erica\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/01 04:16:57 | 000,305,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/21 03:29:56 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/21 03:22:01 | 000,000,434 | ---- | C] () -- C:\Windows\tasks\MalwareRemovalBot System Startup.job
[2010/03/16 00:03:07 | 000,000,120 | ---- | C] () -- C:\Users\Erica\AppData\Local\Lzuhet.dat
[2010/03/16 00:03:07 | 000,000,000 | ---- | C] () -- C:\Users\Erica\AppData\Local\Lyivohapuv.bin
[2010/03/15 23:59:24 | 000,000,020 | ---- | C] () -- C:\Users\Erica\AppData\Roaming\zeovbl.dat
[2009/10/12 14:32:28 | 000,000,732 | ---- | C] () -- C:\Users\Erica\AppData\Local\d3d9caps64.dat
[2009/08/25 22:24:56 | 000,033,920 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2009/08/25 22:24:50 | 000,707,636 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/08/25 21:27:51 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/25 21:27:32 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/08/25 20:37:46 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/25 19:21:10 | 000,000,000 | ---- | C] () -- C:\Users\Erica\AppData\Roaming\wklnhst.dat
[2009/08/17 21:20:14 | 000,000,680 | ---- | C] () -- C:\Users\Erica\AppData\Local\d3d9caps.dat
[2009/08/17 19:17:02 | 000,006,144 | ---- | C] () -- C:\Users\Erica\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/24 12:15:44 | 000,088,840 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2009/05/24 12:15:20 | 000,059,144 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2009/05/24 12:14:38 | 000,234,248 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
< End of report >

erica2193
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-03-21
OS OS : windows vista
Points Points : 24608
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan:W32/Krap.B

Post by erica2193 on 23rd March 2010, 1:26 am

OTL Extras logfile created on: 22/03/2010 7:19:04 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Erica\Documents
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 252.17 Gb Free Space | 88.98% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.11 Gb Free Space | 48.55% Space Free | Partition Type: NTFS
Drive E: | 6.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ERICA-PC
Current User Name: Erica
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 01 5D EE F0 00 26 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19B18E0A-C3EC-4872-9636-37D0BCB9CCB1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{866C38BB-578A-4502-ACF9-6737804CFEC5}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{092C3D17-E6B1-4457-A078-D565DB36CF74}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{0B20426E-E817-4DDF-BA67-386EED602AAB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{26276606-199E-4E6E-BCF6-BAF557EA441D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{78156A22-BA30-4B76-9F85-1E4B950D9270}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{95D986DC-90BD-4A01-9D2B-EF7B7254B381}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{C3892856-1A82-42DE-92D1-538A4FD05EFA}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{D39835FB-9B33-4DF5-BD5B-082D989DBAA2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D855B980-EC1D-4DB4-9880-AFC067D54813}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{DF25F303-6A01-48B8-A126-BF8C877D9FD8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"TCP Query User{EC329A13-9702-406D-9AB4-768C7FAF3A56}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{4F910B30-D56C-43CF-A722-2388BE1E2115}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E51BCCB3-C820-46A8-9277-391E9DB49D7A}" = FastAccess
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Creative OA013" = Integrated Webcam Driver (1.00.04.0310)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 15
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"F-Secure Anti-Virus" = F-Secure Client Security - Virus & Spy Protection
"F-Secure E-mail Scanning" = F-Secure Client Security - E-Mail Scanning
"F-Secure HIPS" = F-Secure Client Security - System Control
"F-Secure Protocol Scanner" = F-Secure Client Security - Web Traffic Scanning
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/01/2010 11:40:46 PM | Computer Name = Erica-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 4 2010-01-12 20:40:45-06:00 erica-pc Erica-PC\Erica F-Secure
Anti-Virus Scanning of \DEVICE\HARDDISKVOLUME3\PROGRAM FILES\WINDOWS PHOTO GALLERY\WINDOWSPHOTOGALLERY.EXE
was aborted due to exceeded scanning time limit. The file may be in use or reading
it was too slow (e.g. network connection was under stress).

Error - 16/01/2010 5:20:30 AM | Computer Name = Erica-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 5 2010-01-16 02:20:30-06:00 erica-pc Erica-PC\Erica F-Secure
Anti-Virus Malicious code found in file C:\Users\Erica\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Low\Content.IE5\D8ZDKKNA\google[1]. Infection: Trojan.JS.Iframe.hw


Error - 16/01/2010 5:48:46 AM | Computer Name = Erica-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 6 2010-01-16 02:48:46-06:00 erica-pc ERICA-PC\Erica F-Secure
Anti-Virus Manual scanning was finished - workstation was found infected!

Error - 16/01/2010 12:52:13 PM | Computer Name = Erica-PC | Source = WinMgmt | ID = 10
Description =

Error - 17/01/2010 4:18:36 PM | Computer Name = Erica-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 19/01/2010 11:01:39 PM | Computer Name = Erica-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 1 2010-01-19 20:01:39-06:00 erica-pc Erica-PC\Erica F-Secure
Anti-Virus Scanning of \DEVICE\HARDDISKVOLUME3\USERS\ERICA\APPDATA\LOCAL\MICROSOFT\WINDOWS\GAMEEXPLORER\{48DE2B25-A3A2-4121-808D-5DD991D9FEBB}\PLAYTASKS\0\DESKTOP.INI
was aborted due to exceeded scanning time limit. The file may be in use or reading
it was too slow (e.g. network connection was under stress).

Error - 21/01/2010 10:02:49 PM | Computer Name = Erica-PC | Source = WinMgmt | ID = 10
Description =

Error - 22/01/2010 6:00:16 AM | Computer Name = Erica-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 22/01/2010 6:00:16 AM | Computer Name = Erica-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 22/01/2010 6:00:17 AM | Computer Name = Erica-PC | Source = Windows Search Service | ID = 3013
Description =

[ System Events ]
Error - 28/08/2009 12:04:11 AM | Computer Name = Erica-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:45:50 PM on 27/08/2009 was unexpected.

Error - 28/08/2009 12:14:57 AM | Computer Name = Erica-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 28/08/2009 12:14:57 AM | Computer Name = Erica-PC | Source = F-Secure Gatekeeper | ID = 327681
Description =

Error - 31/08/2009 8:06:17 PM | Computer Name = Erica-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.103 for the Network Card with network
address 00225FD2E790 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 03/09/2009 11:13:32 AM | Computer Name = Erica-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 00225FD2E790 has been denied by the DHCP server 1.1.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 03/09/2009 2:11:16 PM | Computer Name = Erica-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 172.20.244.208 for the Network Card with network
address 00225FD2E790 has been denied by the DHCP server 1.1.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 04/09/2009 10:08:31 AM | Computer Name = Erica-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 00225FD2E790 has been denied by the DHCP server 1.1.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 04/09/2009 7:01:57 PM | Computer Name = Erica-PC | Source = F-Secure Gatekeeper | ID = 327681
Description =

Error - 08/09/2009 10:52:14 AM | Computer Name = Erica-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 00225FD2E790 has been denied by the DHCP server 1.1.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 09/09/2009 11:02:45 AM | Computer Name = Erica-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 00225FD2E790 has been denied by the DHCP server 1.1.1.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

erica2193
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-03-21
OS OS : windows vista
Points Points : 24608
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojan:W32/Krap.B

Post by chiaz on 23rd March 2010, 4:36 am

Please run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:

:files
C:\Windows\tasks\MalwareRemovalBot System Startup.job

:Commands
[emptytemp]
[Reboot]

Then click the Run Fix button at the top.
Let the program run unhindered, reboot the PC when it is done. Post the generated log later in your reply.

================

Next, please go to [You must be registered and logged in to see this link.] , click on Browse, and upload the following file for analysis:

C:\Users\Erica\AppData\Local\Lzuhet.dat

Then click Submit. Allow the file to be scanned, and then please Copy/Paste the results here for me to see.

Repeat this for these 2 files:
C:\Users\Erica\AppData\Local\Lyivohapuv.bin
C:\Users\Erica\AppData\Roaming\zeovbl.dat

If Jotti is busy, please go to [You must be registered and logged in to see this link.].


In your next reply, please post:
(1) OTS Fix log
(2) Jotti/VirusTotal results

chiaz
Intermediate
Intermediate

Posts Posts : 126
Joined Joined : 2010-03-16
Gender Gender : Male
OS OS : Vista
Points Points : 26563
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum