Trojans: Java/Selace.K, Java/Selace.N, and Java/Selace.O -- can't remove

View previous topic View next topic Go down

Trojans: Java/Selace.K, Java/Selace.N, and Java/Selace.O -- can't remove

Post by jgp2012 on 9th April 2010, 8:10 am

I ran MS OneCare Safety Scanner and it identified 3 Trojans named Java/Selace.K, Java/Selace.N, and Java/Selace.O.

McAfee technical support in India could not remove these Trojans. They sent a special scanner/virus remover but it would freeze at the same file number each time I ran the scan. It could never get past the same file number. I tried Microsoft Security Essentials, but it did not recognize or "see" the Trojans. McAfee also freezes at a certain point when I run a FULL scan, but it doesn't even "see" the Trojans if I run a QUICK SCAN. These Trojans are on my son's HP Desktop PC that uses Windows XP Media Edition.

Microsoft Support has not been able to resolve these issues so far.

Thanks for any help anyone can give.

jgp2012
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-04-06
Gender Gender : Male
OS OS : Windows XP and Vista Home Preium Edition
Points Points : 24448
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojans: Java/Selace.K, Java/Selace.N, and Java/Selace.O -- can't remove

Post by Belahzur on 9th April 2010, 8:43 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Trojans: Java/Selace.K, Java/Selace.N, and Java/Selace.O -- can't remove

Post by jgp2012 on 10th April 2010, 4:37 pm

OTL.Text
OTL logfile created on: 4/10/2010 2:44:25 AM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\HP_Administrator.SHAMAN\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 443.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.38 Gb Total Space | 143.49 Gb Free Space | 63.95% Space Free | Partition Type: NTFS
Drive D: | 8.49 Gb Total Space | 0.42 Gb Free Space | 4.98% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHAMAN
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/10 02:43:55 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.SHAMAN\Desktop\OTL.exe
PRC - [2010/02/21 05:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/08/07 17:15:06 | 000,311,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
PRC - [2009/08/07 17:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/05/26 23:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/11/12 00:11:12 | 000,237,568 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscGui.exe
PRC - [2005/11/12 00:11:04 | 001,064,960 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe
PRC - [2005/11/12 00:10:00 | 000,061,440 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DISCUpdateMgr.exe
PRC - [2005/11/12 00:10:00 | 000,049,152 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe
PRC - [2005/08/03 03:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/03 03:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe
PRC - [2005/05/03 22:07:32 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe


========== Modules (SafeList) ==========

MOD - [2010/04/10 02:43:55 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.SHAMAN\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/08/07 17:15:06 | 000,242,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2005/08/03 03:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)


========== Driver Services (SafeList) ==========

DRV - [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/11/11 11:14:44 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/11/11 11:14:44 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/11/11 11:14:44 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/11/11 11:14:44 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/11/11 11:14:12 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/07/09 10:51:43 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/07/09 10:51:43 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/01/24 21:15:00 | 003,535,520 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/01/23 18:41:52 | 004,145,152 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/10/20 19:01:56 | 001,095,009 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/07/29 19:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 19:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/06/17 09:33:40 | 000,872,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2005/03/09 16:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2857700694-1443985124-1909224973-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [You must be registered and logged in to see this link.] [binary data]
IE - HKU\S-1-5-21-2857700694-1443985124-1909224973-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\S-1-5-21-2857700694-1443985124-1909224973-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2857700694-1443985124-1909224973-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/03/30 15:53:49 | 000,000,000 | ---D | M]

[2006/08/22 12:41:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/08/22 12:41:54 | 000,000,680 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.png
[2006/08/22 12:41:53 | 000,001,150 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.png
[2006/08/22 12:41:53 | 000,000,356 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.png
[2006/08/22 12:41:53 | 000,000,210 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.gif
[2006/08/22 12:41:54 | 000,001,076 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.gif
[2006/08/22 12:41:53 | 000,000,088 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.gif

O1 HOSTS File: ([2009/10/23 12:20:21 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - Reg Error: Value error. File not found
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-2857700694-1443985124-1909224973-1008\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2857700694-1443985124-1909224973-1008\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2857700694-1443985124-1909224973-1008\..\Toolbar\WebBrowser: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
O4 - HKLM..\Run: [DiscUpdateManager] C:\Program Files\DISC\DISCUpdateMgr.exe (Digital Interactive Systems Corporation, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Jamison\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2857700694-1443985124-1909224973-1008\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2857700694-1443985124-1909224973-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2857700694-1443985124-1909224973-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-2857700694-1443985124-1909224973-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKU\S-1-5-21-2857700694-1443985124-1909224973-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: link = [binary data]
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} [You must be registered and logged in to see this link.] (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} [You must be registered and logged in to see this link.] (SysData Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_19)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O21 - SSODL: fobomomop - {4ac59a72-1316-41be-a95d-94c060a5d880} - CLSID or File not found.
O21 - SSODL: hukepados - {e4da5a15-7068-4ef5-938d-e3e1348aedca} - CLSID or File not found.
O21 - SSODL: pibupajid - {a3d12b6f-a959-4e60-bc0f-4b9eca005110} - CLSID or File not found.
O21 - SSODL: sidezehik - {00e98634-4093-4607-94a7-9fdcedb99f65} - CLSID or File not found.
O21 - SSODL: yapivobin - {d8c1eb09-2cd0-409b-a637-0346af10e278} - CLSID or File not found.
O22 - SharedTaskScheduler: {00e98634-4093-4607-94a7-9fdcedb99f65} - gahurihor - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {a3d12b6f-a959-4e60-bc0f-4b9eca005110} - gahurihor - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {d8c1eb09-2cd0-409b-a637-0346af10e278} - tokatiluy - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {e4da5a15-7068-4ef5-938d-e3e1348aedca} - kupuhivus - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator.SHAMAN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator.SHAMAN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/05 21:46:49 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/03/09 19:01:32 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 07:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/10 02:43:21 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.SHAMAN\Desktop\OTL.exe
[2010/04/09 20:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/04/09 20:28:08 | 000,756,776 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.SHAMAN\Desktop\OneCareCleanUp.exe
[2010/04/08 09:00:23 | 000,000,000 | ---D | C] -- C:\WINSSLog
[2010/04/07 15:46:17 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/04/05 19:07:00 | 011,862,896 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.SHAMAN\Desktop\mssefullinstall-x86fre-en-us-xp.exe
[2010/04/05 17:47:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/04/04 18:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Easy
[2010/04/03 16:57:14 | 005,294,087 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\HP_Administrator.SHAMAN\Desktop\fakealertstinger.exe
[2010/04/03 14:09:13 | 004,792,552 | ---- | C] (Hewlett-Packard Development Company, L.P. ) -- C:\Documents and Settings\HP_Administrator.SHAMAN\Desktop\sp40926.exe
[2010/03/30 15:53:24 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/03/30 15:53:14 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/30 15:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/03/30 15:52:34 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Installer
[2010/03/30 15:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/30 15:51:53 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/03/30 15:51:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/03/30 15:51:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/03/18 19:32:21 | 000,079,816 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/03/18 19:32:21 | 000,040,552 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2010/03/18 19:32:21 | 000,035,272 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/03/18 19:29:48 | 000,034,248 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys
[2010/03/18 19:25:24 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/18 19:25:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/18 19:13:47 | 000,214,664 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2009/12/21 23:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/03/26 22:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/02/01 17:18:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2008/11/17 22:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AOL
[2008/02/11 12:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/02/01 03:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2005/09/24 11:49:16 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\HP_Administrator.SHAMAN\My Documents\*.tmp files -> C:\Documents and Settings\HP_Administrator.SHAMAN\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/10 02:45:00 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2525D098-410A-478D-96E8-348ADA3C3107}.job
[2010/04/10 02:43:55 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.SHAMAN\Desktop\OTL.exe
[2010/04/10 02:24:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/04/10 00:05:00 | 000,000,330 | ---- | M] () -- C:\WINDOWS\tasks\Service Manager.job
[2010/04/09 22:36:11 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{11F92D12-0906-4BBA-840D-8B6AACB5482B}.job
[2010/04/09 20:42:38 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/09 20:37:26 | 000,000,831 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/04/09 20:37:14 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/09 20:37:01 | 011,862,896 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.SHAMAN\Desktop\mssefullinstall-x86fre-en-us-xp.exe
[2010/04/09 20:34:42 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2010/04/09 20:32:12 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/09 20:31:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/09 20:31:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/09 20:31:15 | 1005,113,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/09 20:30:41 | 005,767,168 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\ntuser.dat
[2010/04/09 20:30:41 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\ntuser.ini
[2010/04/09 20:28:25 | 000,756,776 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\HP_Administrator.SHAMAN\Desktop\OneCareCleanUp.exe
[2010/04/09 20:07:04 | 004,471,272 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\Local Settings\Application Data\IconCache.db
[2010/04/09 19:09:10 | 000,185,856 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\My Documents\McaffeE_HANGUP_DURING_SCAN.doc
[2010/04/09 19:08:21 | 000,185,856 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\My Documents\Mcaf.doc
[2010/04/08 20:30:32 | 000,000,017 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\Desktop\fakealertstinger.opt
[2010/04/08 07:50:22 | 000,317,952 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\My Documents\Virus Malware Protection Center-4-8-2012.doc
[2010/04/07 22:24:47 | 000,076,800 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\My Documents\Microsoft Trojan Removal - 4-7-2010.doc
[2010/04/07 21:06:10 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/04/05 19:22:07 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\My Documents\Microsoft Security Essentials Download.doc
[2010/04/05 17:44:37 | 000,136,704 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\My Documents\Uninstall Window Live OneCare safety scanner.doc
[2010/04/05 17:24:23 | 000,354,304 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\My Documents\SHAMAN OneCare Safety Scanner Results.doc
[2010/04/04 18:18:14 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\RegistryEasy.lie
[2010/04/04 18:17:13 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\My Documents\Registry Easy SS No.doc
[2010/04/04 18:01:32 | 000,000,758 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\Desktop\Registry Easy.lnk
[2010/04/04 13:33:21 | 000,189,440 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\My Documents\Stinger Hangup.doc
[2010/04/03 16:57:26 | 005,294,087 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\HP_Administrator.SHAMAN\Desktop\fakealertstinger.exe
[2010/04/03 14:59:12 | 000,014,508 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\My Documents\HP_Chat_Session_3_Apr_2010_14_58.html
[2010/04/03 14:09:32 | 004,792,552 | ---- | M] (Hewlett-Packard Development Company, L.P. ) -- C:\Documents and Settings\HP_Administrator.SHAMAN\Desktop\sp40926.exe
[2010/04/03 14:03:10 | 000,565,248 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\My Documents\Error Message-jutizowliDOTdll.doc
[2010/04/02 19:06:18 | 000,567,808 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\My Documents\RUNDLL-Error.doc
[2010/04/02 17:54:11 | 000,567,808 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\My Documents\RUNDLL-e.doc
[2010/04/01 22:15:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/30 22:27:40 | 000,522,292 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/30 22:27:40 | 000,439,300 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/30 22:27:40 | 000,076,200 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/30 22:27:04 | 000,201,728 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\My Documents\WD 1TB My Passport Essential SE Portable Hard Drive USB 2.doc
[2010/03/30 15:53:06 | 000,000,688 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/30 15:01:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/20 16:42:42 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/12 18:21:58 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\HP_Administrator.SHAMAN\My Documents\*.tmp files -> C:\Documents and Settings\HP_Administrator.SHAMAN\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/09 20:42:38 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/09 20:37:25 | 000,000,831 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/04/09 20:23:23 | 1005,113,344 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/09 19:09:10 | 000,185,856 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\My Documents\McaffeE_HANGUP_DURING_SCAN.doc
[2010/04/09 19:08:21 | 000,185,856 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\My Documents\Mcaf.doc
[2010/04/08 07:50:22 | 000,317,952 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\My Documents\Virus Malware Protection Center-4-8-2012.doc
[2010/04/07 22:24:46 | 000,076,800 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\My Documents\Microsoft Trojan Removal - 4-7-2010.doc
[2010/04/05 19:22:07 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\My Documents\Microsoft Security Essentials Download.doc
[2010/04/05 19:04:36 | 000,000,017 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\Desktop\fakealertstinger.opt
[2010/04/05 17:44:36 | 000,136,704 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\My Documents\Uninstall Window Live OneCare safety scanner.doc
[2010/04/05 16:39:16 | 000,354,304 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\My Documents\SHAMAN OneCare Safety Scanner Results.doc
[2010/04/04 18:18:14 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\RegistryEasy.lie
[2010/04/04 18:17:13 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\My Documents\Registry Easy SS No.doc
[2010/04/04 18:01:32 | 000,000,758 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\Desktop\Registry Easy.lnk
[2010/04/04 13:33:20 | 000,189,440 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\My Documents\Stinger Hangup.doc
[2010/04/03 14:59:11 | 000,014,508 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\My Documents\HP_Chat_Session_3_Apr_2010_14_58.html
[2010/04/02 17:54:45 | 000,567,808 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\My Documents\RUNDLL-Error.doc
[2010/04/02 17:54:10 | 000,567,808 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\My Documents\RUNDLL-e.doc
[2010/03/30 22:27:03 | 000,201,728 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\My Documents\WD 1TB My Passport Essential SE Portable Hard Drive USB 2.doc
[2010/01/19 18:38:01 | 000,001,447 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\hirstarts notes.txt
[2009/12/30 14:55:55 | 000,000,400 | ---- | C] () -- C:\WINDOWS\g_pjspur491.ini
[2009/12/25 21:38:10 | 000,038,537 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\Application Data\Comma Separated Values (Windows).ADR
[2009/12/17 23:53:27 | 002,714,456 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/09/18 22:24:27 | 000,000,178 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\Application Data\wklnhst.dat
[2009/09/06 01:05:07 | 000,065,536 | ---- | C] () -- C:\WINDOWS\ICE_JNIRegistry.dll
[2009/08/21 13:27:56 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/23 13:31:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\str.sys
[2009/04/26 17:06:33 | 005,767,168 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\ntuser.dat
[2009/03/21 13:53:29 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\PUTTY.RND
[2009/03/17 11:59:18 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\BongoSDK.10.v40.dll
[2009/03/15 21:44:21 | 000,230,607 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2009/03/15 21:26:19 | 000,058,819 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2009/03/15 21:26:11 | 000,002,244 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\Application Data\HPSU_48BitScanUpdate.log
[2009/03/15 11:55:29 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\LuResult.txt
[2009/03/14 22:10:16 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2009/03/14 22:10:15 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/03/14 20:20:04 | 000,000,146 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\Local Settings\Application Data\fusioncache.dat
[2009/03/14 20:20:00 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\ntuser.dat.LOG
[2009/03/14 20:20:00 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\HP_Administrator.SHAMAN\ntuser.ini
[2008/11/22 15:37:13 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/09/29 06:03:48 | 016,777,270 | ---- | C] () -- C:\Program Files\uv horned helm.bmp
[2008/09/29 06:02:01 | 016,777,270 | ---- | C] () -- C:\Program Files\UV celt helm.bmp
[2008/09/24 22:34:01 | 000,002,670 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2008/03/31 19:47:57 | 000,008,934 | ---- | C] () -- C:\WINDOWS\hpdj3840.ini
[2008/02/28 19:28:23 | 000,001,571 | ---- | C] () -- C:\WINDOWS\Faxcpp1.ini
[2008/02/28 19:28:23 | 000,000,422 | ---- | C] () -- C:\WINDOWS\Faxcpp.ini
[2007/12/19 22:33:00 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/04/17 22:06:02 | 000,000,107 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/01/12 03:22:41 | 000,000,091 | ---- | C] () -- C:\WINDOWS\NDH2007.INI
[2007/01/12 03:21:54 | 000,000,032 | ---- | C] () -- C:\WINDOWS\INSTAL~4.INI
[2007/01/10 08:44:26 | 001,457,024 | R--- | C] () -- C:\WINDOWS\System32\SSCProt.dll
[2006/11/22 13:34:17 | 000,000,000 | ---- | C] () -- C:\Program Files\Common Files\err.log
[2006/10/25 18:10:52 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/08/08 16:19:31 | 000,002,238 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/07/06 20:59:56 | 000,001,774 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/06/25 15:14:00 | 000,000,227 | ---- | C] () -- C:\WINDOWS\HP_CounterReport_Update_HPSU.ini
[2006/06/25 15:13:51 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/06/15 22:02:13 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/06/15 21:51:22 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/05/27 12:42:31 | 000,000,233 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2006/05/27 09:52:00 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2006/05/27 09:52:00 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2006/03/09 19:32:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/09 19:09:37 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/03/09 19:04:32 | 000,014,314 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/03/09 19:04:24 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/03/09 19:02:05 | 000,000,031 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2006/03/09 18:59:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/09 18:48:59 | 000,000,108 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/03/09 18:47:32 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/03/09 18:32:59 | 000,003,904 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/03/09 18:31:58 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/03/09 18:28:30 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/03/09 18:28:29 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/03/09 18:28:29 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/03/09 18:28:29 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/03/09 18:28:29 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/03/09 18:28:29 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/03/09 18:28:29 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/03/09 18:27:04 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/09 18:08:19 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/12/09 17:03:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/06 01:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 03:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/08/10 00:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/10 00:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/10 00:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/10 00:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/10 00:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/07/26 10:51:38 | 000,000,560 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 02:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
< End of report >

jgp2012
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-04-06
Gender Gender : Male
OS OS : Windows XP and Vista Home Preium Edition
Points Points : 24448
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojans: Java/Selace.K, Java/Selace.N, and Java/Selace.O -- can't remove

Post by jgp2012 on 10th April 2010, 5:08 pm

OTL Extras logfile created on: 4/10/2010 2:44:25 AM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\HP_Administrator.SHAMAN\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 443.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.38 Gb Total Space | 143.49 Gb Free Space | 63.95% Space Free | Partition Type: NTFS
Drive D: | 8.49 Gb Total Space | 0.42 Gb Free Space | 4.98% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHAMAN
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System -- (Digital Interactive Systems Corporation)
"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- File not found
"C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat" = C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat:*:Enabled:The Battle for Middle-earth (tm) -- ()
"C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat" = C:\Program Files\Electronic Arts\The Battle for Middle-earth (tm) II\game.dat:*:Enabled:The Battle for Middle-earth(tm) II -- (Electronic Arts Inc.)
"C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat" = C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat:*:Enabled:The Lord of the Rings, The Rise of the Witch-king -- (Electronic Arts Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\McAfee\VirusScan\mcsysmon.exe" = C:\Program Files\McAfee\VirusScan\mcsysmon.exe:*:Enabled:mcsysmon -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Autodesk\Backburner\monitor.exe" = C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\manager.exe" = C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\server.exe" = C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{172975EB-9465-4861-95B5-C7BB6D3DE62A}" = DocumentViewer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18A265FA-A1F2-413E-940E-A6A255733CA3}" = ZHelp
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 19
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}" = HP Deskjet Printer Preload
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft Visual C++ 8.0 Support DLLs
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35DD9A1D-B340-4F41-A8B0-6EEBFB119280}" = muvee autoProducer unPlugged 1.2
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3C0BAFCA-BDB8-492B-8845-DC0A4B4C1823}" = HPDeskjet5400Series
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3E386744-10FA-44b2-98C9-DF7A270DECB3}" = HP PSC & OfficeJet 5.3.A
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 1.0
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{567C23E1-7580-4185-B8C2-30805677297C}" = NewCopy_CDA
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{6084D038-3401-4C9D-A216-86E6EEA25AFB}" = ZBrush3
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}" = Character Builder
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BCAFB73-49AE-4AC4-00A1-70E4EC38BD4E}" = The Lord of the Rings, The Rise of the Witch-king
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{962E05CF-3394-496D-0091-850CF1762F6B}" = The Battle for Middle-earth (tm)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A58686F6-2ADD-4BCC-996D-311F0A39BF65}" = GeoPDF Toolbar
"{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{ABB2901A-3D0A-4F21-8324-2F13C3EFE163}" = LightScribe 1.4.62.1
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B276997E-4367-4b1b-A39C-4CAE7464337A}" = AiO_Scan_CDA
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B60E7826-F117-4d26-8165-D2DC5A494AB0}" = Fax_CDA
"{B64E3AFC-59EF-4f18-BF11-E751462450D3}" = AiOSoftwareNPI
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C83A12B9-B31B-461A-BBD4-CE9B988094F1}" = HP Photosmart Cameras 5.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D518592A-0F1E-40ca-BECB-3D3F026C6B0D}" = CameraDrivers
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D9C8DEF8-D07B-4164-BEF0-6D879A70C212}" = Microsoft Easy Assist v2
"{DAAD5187-62C5-4AD6-A526-803C18C4944D}" = HP Web Helper
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E073D315-3C54-44BF-A1B2-B5583AEA618C}" = muvee autoProducer 4.5
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}" = HP Deskjet 5400 series
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F80239D8-7811-4D5E-B033-0D0BBFE32920}" = HP DigitalMedia Archive
"{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}" = Microsoft Search Enhancement Pack
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"AT&T Yahoo! Activation" = AT&T Yahoo! Activation
"ATTToolbar" = AT&T Toolbar
"AwayMode160" = Microsoft Away Mode
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"DISCover" = DISCover
"Dundjinni" = Dundjinni
"E0998E52-9D08-4AEE-A4F5-0BB1D8537F6E" = Slingo Deluxe from HP Media Center (remove only)
"Forgotten Realms Atlas" = Forgotten Realms Atlas
"HP Deskjet 3840 Series_Driver" = HP Deskjet 3840 Series
"hp deskjet 990c series" = hp deskjet 990c series (Remove only)
"hp deskjet 990c series_Driver" = hp deskjet 990c series
"HP Document Viewer" = HP Document Viewer 5.3
"HP Game Console" = HP Game Console and games
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Photosmart for Media Center PC" = HP Photosmart for Media Center PC
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PS2" = PS2
"RealPlayer 6.0" = RealPlayer
"Registry Easy_is1" = Registry Easy v5.6
"Rhino RDK" = Rhino RDK
"View32" = View32
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2857700694-1443985124-1909224973-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.6.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/8/2010 3:07:06 AM | Computer Name = SHAMAN | Source = MsiInstaller | ID = 1008
Description = The installation of c:\WINDOWS\Installer\49f22.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 4/8/2010 3:07:06 AM | Computer Name = SHAMAN | Source = MsiInstaller | ID = 1008
Description = The installation of c:\WINDOWS\Installer\2f3c0.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 4/8/2010 3:07:06 AM | Computer Name = SHAMAN | Source = MsiInstaller | ID = 1008
Description = The installation of c:\WINDOWS\Installer\2f3c0.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 4/8/2010 3:07:06 AM | Computer Name = SHAMAN | Source = MsiInstaller | ID = 1008
Description = The installation of c:\WINDOWS\Installer\6c918.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 4/8/2010 3:07:06 AM | Computer Name = SHAMAN | Source = MsiInstaller | ID = 1008
Description = The installation of c:\WINDOWS\Installer\6c918.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 4/8/2010 3:07:06 AM | Computer Name = SHAMAN | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\27fab7d.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 4/8/2010 3:07:06 AM | Computer Name = SHAMAN | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\27fab7d.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 4/8/2010 8:35:02 PM | Computer Name = SHAMAN | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2147550906, P2 unspecified, P3 scanfile,
P4 2.1.6519.0, P5 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 4/9/2010 6:48:54 PM | Computer Name = SHAMAN | Source = McLogEvent | ID = 5051
Description =

Error - 4/9/2010 8:06:16 PM | Computer Name = SHAMAN | Source = McLogEvent | ID = 5051
Description =

[ System Events ]
Error - 4/9/2010 8:32:30 PM | Computer Name = SHAMAN | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 4/9/2010 8:32:34 PM | Computer Name = SHAMAN | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 4/9/2010 8:33:06 PM | Computer Name = SHAMAN | Source = Service Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to the following
error: %%3

Error - 4/9/2010 8:33:06 PM | Computer Name = SHAMAN | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 4/9/2010 8:33:06 PM | Computer Name = SHAMAN | Source = Service Control Manager | ID = 7001
Description = The Windows Search service depends on the Terminal Services service
which failed to start because of the following error: %%1058

Error - 4/9/2010 8:33:06 PM | Computer Name = SHAMAN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ftsata2

Error - 4/9/2010 8:33:06 PM | Computer Name = SHAMAN | Source = Service Control Manager | ID = 7001
Description = The Windows Search service depends on the Terminal Services service
which failed to start because of the following error: %%1058

Error - 4/9/2010 8:33:06 PM | Computer Name = SHAMAN | Source = Service Control Manager | ID = 7001
Description = The Windows Search service depends on the Terminal Services service
which failed to start because of the following error: %%1058

Error - 4/9/2010 8:37:34 PM | Computer Name = SHAMAN | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 4/9/2010 8:37:35 PM | Computer Name = SHAMAN | Source = Service Control Manager | ID = 7001
Description = The Windows Search service depends on the Terminal Services service
which failed to start because of the following error: %%1058


< End of report >
HP Pavilion a143On, AMD 64, ActhlonX2, Windows XP Media Center Edition

jgp2012
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-04-06
Gender Gender : Male
OS OS : Windows XP and Vista Home Preium Edition
Points Points : 24448
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojans: Java/Selace.K, Java/Selace.N, and Java/Selace.O -- can't remove

Post by Belahzur on 10th April 2010, 6:58 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-2857700694-1443985124-1909224973-1008\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O21 - SSODL: fobomomop - {4ac59a72-1316-41be-a95d-94c060a5d880} - CLSID or File not found.
    O21 - SSODL: hukepados - {e4da5a15-7068-4ef5-938d-e3e1348aedca} - CLSID or File not found.
    O21 - SSODL: pibupajid - {a3d12b6f-a959-4e60-bc0f-4b9eca005110} - CLSID or File not found.
    O21 - SSODL: sidezehik - {00e98634-4093-4607-94a7-9fdcedb99f65} - CLSID or File not found.
    O21 - SSODL: yapivobin - {d8c1eb09-2cd0-409b-a637-0346af10e278} - CLSID or File not found.
    O22 - SharedTaskScheduler: {00e98634-4093-4607-94a7-9fdcedb99f65} - gahurihor - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {a3d12b6f-a959-4e60-bc0f-4b9eca005110} - gahurihor - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {d8c1eb09-2cd0-409b-a637-0346af10e278} - tokatiluy - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {e4da5a15-7068-4ef5-938d-e3e1348aedca} - kupuhivus - Reg Error: Key error. File not found



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Selace Trojans -- Thanks

Post by jgp2012 on 10th April 2010, 10:16 pm

Belahzur,

Thanks! I'll follow your instructions (above). BTW I like your name. I won't ask how you chose it; I know you're too busy.

Thanks Again,
jgp2012

jgp2012
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2010-04-06
Gender Gender : Male
OS OS : Windows XP and Vista Home Preium Edition
Points Points : 24448
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Trojans: Java/Selace.K, Java/Selace.N, and Java/Selace.O -- can't remove

Post by Belahzur on 11th April 2010, 10:47 pm

Haha, it's from a Playstation 2 game. Goofy

Please post the OTL log when ready.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum