PDA

View Full Version : Lagging Cursor and Missing Restore Points



gjc123
2009-01-24, 01:59
Hi,

The slow mouse cursor started a few days ago. Since then I've run Bit Defender, Kaspersky and Spybot. Bit Defender detected some viruses in my D: drive which is the restore drive on my HP machine. Supposedly it only contains the data to do a complete reinstall of my OS. So I thought I'd do a restore. When I opened the restore panel there were only 3 restore points starting from about the time my slow cursor problem started. Prior to this, there were many restore points. There is no check block to "Show more than 5 restore points" because there is only three in the list.

I'm stumpped. I suspect some sort of virus. Other than running anti virus scans, I don't have much experience tracking down virus problems (if that is the problem). Does anyone one have any ideas or suggestions.

I have pasted the S&D log and the report from Bit Defender below. I tried to attach them but the file size exceeded the max.



I appreciate your time and consideration.

Thanks in advance,

Greg

--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-09-16 TeaTimer.exe (1.6.3.25)
2009-01-22 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-10-22 advcheck.dll (1.6.2.13)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2009-01-13 Includes\Adware.sbi
2009-01-20 Includes\AdwareC.sbi
2009-01-15 Includes\Cookies.sbi
2009-01-06 Includes\Dialer.sbi
2009-01-13 Includes\DialerC.sbi
2009-01-13 Includes\HeavyDuty.sbi
2008-11-18 Includes\Hijackers.sbi
2009-01-13 Includes\HijackersC.sbi
2008-12-09 Includes\Keyloggers.sbi
2009-01-20 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2008-11-18 Includes\Malware.sbi
2009-01-21 Includes\MalwareC.sbi
2008-12-16 Includes\PUPS.sbi
2009-01-20 Includes\PUPSC.sbi
2009-01-13 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2009-01-20 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2009-01-20 Includes\Spyware.sbi
2009-01-13 Includes\SpywareC.sbi
2008-06-03 Includes\Tracks.uti
2009-01-21 Includes\Trojans.sbi
2009-01-21 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll


--- System information ---
Windows Vista (Build: 6001) Service Pack 1 (6.0.6001)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)


--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Adobe Photo Downloader
command: "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
file: C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe
size: 67488
MD5: BCCB77572408155F984A02F9BFFDF225

Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 392845E8D49B5F0E81AAC4D795000A8C

Located: HK_LM:Run, BlackBerryAutoUpdate
command: C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
file: C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
size: 615696
MD5: 5134D42A5C3EC541663FBACBCB98B689

Located: HK_LM:Run, CloneCDTray
command: "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
file: C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
size: 57344
MD5: D7779335B0EBC0A7B9C7D0E1105EA078

Located: HK_LM:Run, GrooveMonitor
command: "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
file: C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
size: 33648
MD5: 35DCD380D4D579D8B8EA91D5D8AE444C

Located: HK_LM:Run, HP Software Update
command: C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
file: C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: B93C4070F24E46B0097648C276B5039E

Located: HK_LM:Run, hpsysdrv
command: c:\hp\support\hpsysdrv.exe
file: c:\hp\support\hpsysdrv.exe
size: 65536
MD5: 9A4322EE420D6FACD4D4B1FF6CB856B1

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
file: C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 290088
MD5: E6A4E341E4304B34AA280D3E73818C90

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files (x86)\QuickTime\QTTask.exe
size: 413696
MD5: 9C9B6807425CEF840C117654D8B033D1

Located: HK_LM:Run, RoxWatchTray
command: "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
file: C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
size: 236016
MD5: E512C8C8FB093221BB667250F253EBE9

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe"
file: C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe
size: 132760
MD5: 689C6EA7A17B3AE0F2A0151465EF311E

Located: HK_LM:Run, VirtualCloneDrive
command: "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
file: C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
size: 52168
MD5: 9F3287A1CAF6E365ED2B39BB8D44B0EA

Located: HK_CU:Run, Sidebar
where: S-1-5-19...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6

Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-19...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 83E4A5435B0FA6AD0166722621A04725

Located: HK_CU:Run, Sidebar
where: S-1-5-20...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6

Located: HK_CU:Run, WindowsWelcomeCenter
where: S-1-5-20...
command: rundll32.exe oobefldr.dll,ShowWelcomeCenter
file: C:\Windows\system32\oobefldr.dll
size: 2153472
MD5: 83E4A5435B0FA6AD0166722621A04725

Located: HK_CU:Run, ehTray.exe
where: S-1-5-21-3952876259-3837631635-2926744360-1000...
command: C:\Windows\ehome\ehTray.exe
file: C:\Windows\ehome\ehTray.exe
size: 138240
MD5: 65437DAD4F238EA9549408A783002222

Located: HK_CU:Run, Google Update
where: S-1-5-21-3952876259-3837631635-2926744360-1000...
command: "C:\Users\dad\AppData\Local\Google\Update\GoogleUpdate.exe" /c
file: C:\Users\dad\AppData\Local\Google\Update\GoogleUpdate.exe
size: 133104
MD5: 626A24ED1228580B9518C01930936DF9

Located: HK_CU:Run, ISUSPM
where: S-1-5-21-3952876259-3837631635-2926744360-1000...
command: "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
file: C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
size: 205480
MD5: 23518AA08D8B22CD27AA54FC21D0AC87

Located: HK_CU:Run, LightScribe Control Panel
where: S-1-5-21-3952876259-3837631635-2926744360-1000...
command: C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
file: C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
size: 2363392
MD5: 4A9295C9BE22739D030AB072E9A0B169

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-3952876259-3837631635-2926744360-1000...
command: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
size: 1833296
MD5: 63B3FF83B87AFCEBA89CED54695DA0F6

Located: Startup (common), Google Calendar Sync.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
file: C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
size: 546288
MD5: F61C52DC14E28DAF9C7EED5E200545F5

Located: Startup (common), HP Digital Imaging Monitor.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
file: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
size: 210520
MD5: 1BA45CDEF852381DA4A95D056DDB4B48

Located: Startup (common), Logitech SetPoint.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Logitech\SetPoint\SetPoint.exe
file: C:\Program Files\Logitech\SetPoint\SetPoint.exe
size: 1200144
MD5: FEF4B7A9BBD3AC934F52A3BCA33312FD

Located: Startup (common), Windows Home Server.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe
file: C:\Windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe
size: 649064
MD5: 1E3C0B82CA037B0208BE4F536BE3DA65

Located: Startup (common), WinZip Quick Pick.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\WinZip\WZQKPICK.EXE
file: C:\Program Files (x86)\WinZip\WZQKPICK.EXE
size: 122880
MD5: 6613E98493EC4A94395955B17F836CF9

Located: Startup (user), Adobe Gamma.lnk
where: C:\Users\dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: C2FF17734176CD15221C10044EF0BA1A

Located: Startup (user), OneNote 2007 Screen Clipper and Launcher.lnk
where: C:\Users\dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
file: C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
size: 101440
MD5: 9D0EEBDA40D5C33BC63FB8BB984F7681



--- Browser helper object list ---
{02478D38-C3F9-4efb-9B51-7695ECA05670} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 10/22/2006 11:08:42 PM
Date (last access): 12/17/2008 10:40:40 PM
Date (last write): 10/22/2006 11:08:42 PM
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~2\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 1/22/2009 9:22:12 PM
Date (last access): 1/22/2009 9:26:08 PM
Date (last write): 9/15/2008 2:25:44 PM
Filesize: 1562960
Attributes: readonly hidden sysfile archive
MD5: 35F73F1936BDE91F1B6995510A61E7A8
CRC32: BE6A5D15
Version: 1.6.2.14

{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} (Symantec NCO BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Symantec NCO BHO
CLSID name: Symantec NCO BHO
Path: C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\
Long name: CoIEPlg.dll
Short name:
Date (created): 12/18/2008 1:54:52 AM
Date (last access): 12/18/2008 1:54:52 AM
Date (last write): 12/11/2008 10:28:18 PM
Filesize: 344944
Attributes: readonly archive
MD5: 7078FE5A40CA6EFEB491BB88263988AB
CRC32: CF5816EB
Version: 2009.2.0.8

{6D53EC84-6AAE-4787-AEEE-F4628F01010C} (Symantec Intrusion Prevention)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Symantec Intrusion Prevention
CLSID name: Symantec Intrusion Prevention
Path: C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\
Long name: IPSBHO.dll
Short name:
Date (created): 12/18/2008 1:54:54 AM
Date (last access): 12/18/2008 1:54:54 AM
Date (last write): 12/17/2008 9:26:22 AM
Filesize: 107896
Attributes: readonly archive
MD5: FE17553789F8A318DCAF1811FFA021C4
CRC32: 9A61ED05
Version: 9.0.0.172

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Groove GFS Browser Helper
Path: C:\Program Files (x86)\Microsoft Office\Office12\
Long name: GrooveShellExtensions.dll
Short name: GRA8E1~1.DLL
Date (created): 8/24/2007 7:01:22 AM
Date (last access): 12/17/2008 1:42:34 PM
Date (last write): 8/24/2007 7:01:22 AM
Filesize: 2212224
Attributes: archive
MD5: 32C4927E013C018A13D8DFBDA4148812
CRC32: 9A9F3D8B
Version: 12.0.6211.1000

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files (x86)\Java\jre1.6.0_01\bin\
Long name: ssv.dll
Short name:
Date (created): 5/10/2008 12:37:08 PM
Date (last access): 4/7/2007 3:16:26 AM
Date (last write): 4/7/2007 4:56:44 AM
Filesize: 501400
Attributes: archive
MD5: CF2AB814CFF79B489402D5D2DD910BF1
CRC32: 3B66C222
Version: 6.0.10.7

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 2/22/2008 3:24:38 PM
Date (last access): 12/22/2008 10:02:20 AM
Date (last write): 2/22/2008 3:24:38 PM
Filesize: 401968
Attributes: archive
MD5: E393F5B7D090DF8370452916FFE92F9A
CRC32: 684A21B5
Version: 5.0.744.4

{AA102584-3B97-47e7-B9BC-75D54C110A7D} (Tunebite_WebRipPlugin Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Tunebite_WebRipPlugin Class
Path: C:\Program Files (x86)\RapidSolution\Tunebite\plugins\IE\
Long name: TB_WebRipIePlugin.dll
Short name: TB_WEB~1.DLL
Date (created): 12/18/2008 10:17:24 AM
Date (last access): 12/30/2008 8:11:50 PM
Date (last write): 12/18/2008 10:17:24 AM
Filesize: 144688
Attributes: archive
MD5: 07C9AD4C23AF5AD5AD4B00962F2005A4
CRC32: 555271F7
Version: 1.3.6900.0



--- ActiveX list ---
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool)
DPF name:
CLSID name: Office Genuine Advantage Validation Tool
Installer: C:\Windows\Downloaded Program Files\OGAControl.inf
Codebase: http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
Path: C:\Windows\SysWow64\
Long name: OGACheckControl.DLL
Short name: OGACHE~1.DLL
Date (created): 2/4/2008 6:23:10 PM
Date (last access): 2/4/2008 6:23:10 PM
Date (last write): 2/4/2008 6:23:10 PM
Filesize: 693792
Attributes: archive
MD5: D1346A4683E98836E2FE003859E5DC0D
CRC32: DF1DBA7A
Version: 1.6.28.0

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\Windows\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\SysWow64\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 3/20/2008 6:06:36 PM
Date (last access): 3/20/2008 6:06:36 PM
Date (last write): 3/20/2008 6:06:36 PM
Filesize: 1480232
Attributes: archive
MD5: E058C4821D48E0A67F6069CB50818D44
CRC32: 3513AE02
Version: 1.7.69.2

{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control)
DPF name:
CLSID name: BDSCANONLINE Control
Installer: C:\Windows\Downloaded Program Files\oscan8.inf
Codebase: http://download.bitdefender.com/resources/scan8/oscan8.cab
description:
classification: Legitimate
known filename: oscan8.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\DOWNLO~1\
Long name: oscan82.ocx
Short name:
Date (created): 2/26/2008 3:59:18 PM
Date (last access): 2/26/2008 3:59:18 PM
Date (last write): 2/26/2008 3:59:18 PM
Filesize: 487424
Attributes: archive
MD5: 230A39D8950142CF2C94A5C1E567E95E
CRC32: A546A5BB
Version: 1.0.0.1

{73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class)
DPF name:
CLSID name: GMNRev Class
Installer: C:\Windows\Downloaded Program Files\setup.inf
Codebase: http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
Path: C:\Program Files (x86)\HP\Common\
Long name: HPGMNRev.dll
Short name:
Date (created): 7/29/2008 2:47:04 PM
Date (last access): 12/17/2008 4:01:40 PM
Date (last write): 7/29/2008 2:47:04 PM
Filesize: 198448
Attributes: archive
MD5: D118AAAB43BFAB719B2F185C3D556E54
CRC32: 4FA69970
Version: 8.7.13.0

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_01
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Java\jre1.6.0_01\bin\
Long name: npjpi160_01.dll
Short name: NPJPI1~1.DLL
Date (created): 4/7/2007 3:16:26 AM
Date (last access): 4/7/2007 3:16:26 AM
Date (last write): 4/7/2007 4:56:44 AM
Filesize: 132760
Attributes: archive
MD5: 37ABBBB50894F9F566E7323EE4611216
CRC32: 8DBDF625
Version: 6.0.0.7

{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_01
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi160_01.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files (x86)\Java\jre1.6.0_01\bin\
Long name: ssv.dll
Short name:
Date (created): 5/10/2008 12:37:08 PM
Date (last access): 4/7/2007 3:16:26 AM
Date (last write): 4/7/2007 4:56:44 AM
Filesize: 501400
Attributes: archive
MD5: CF2AB814CFF79B489402D5D2DD910BF1
CRC32: 3B66C222
Version: 6.0.10.7

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_01
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files (x86)\Java\jre1.6.0_01\bin\
Long name: npjpi160_01.dll
Short name: NPJPI1~1.DLL
Date (created): 4/7/2007 3:16:26 AM
Date (last access): 4/7/2007 3:16:26 AM
Date (last write): 4/7/2007 4:56:44 AM
Filesize: 132760
Attributes: archive
MD5: 37ABBBB50894F9F566E7323EE4611216
CRC32: 8DBDF625
Version: 6.0.0.7



--- Process list ---
PID: 0 ( 0) [System]
PID: 3612 (2340) C:\Program Files (x86)\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
size: 115560
MD5: 98A2B9AC86ACC0AD0869407A929D03CE
PID: 3956 (2216) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
size: 178712
MD5: 1992E7E8BC448CEBA62DC698098C0BD2
PID: 3976 (2216) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
size: 2363392
MD5: 4A9295C9BE22739D030AB072E9A0B169
PID: 3928 (2216) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
size: 205480
MD5: 23518AA08D8B22CD27AA54FC21D0AC87
PID: 4808 (2216) C:\Users\dad\AppData\Local\Google\Update\GoogleUpdate.exe
size: 133104
MD5: 626A24ED1228580B9518C01930936DF9
PID: 4296 (2216) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
size: 1833296
MD5: 63B3FF83B87AFCEBA89CED54695DA0F6
PID: 4364 (4316) C:\hp\support\hpsysdrv.exe
size: 65536
MD5: 9A4322EE420D6FACD4D4B1FF6CB856B1
PID: 4376 (4316) C:\Program Files (x86)\Java\jre1.6.0_01\bin\jusched.exe
size: 132760
MD5: 689C6EA7A17B3AE0F2A0151465EF311E
PID: 4388 (4316) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
size: 49152
MD5: B93C4070F24E46B0097648C276B5039E
PID: 4516 (4316) C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe
size: 67488
MD5: BCCB77572408155F984A02F9BFFDF225
PID: 4536 (2216) C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
size: 546288
MD5: F61C52DC14E28DAF9C7EED5E200545F5
PID: 4896 (4316) C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 290088
MD5: E6A4E341E4304B34AA280D3E73818C90
PID: 4916 (4316) C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
size: 615696
MD5: 5134D42A5C3EC541663FBACBCB98B689
PID: 4944 (2216) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
size: 210520
MD5: 1BA45CDEF852381DA4A95D056DDB4B48
PID: 4984 (4316) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
size: 52168
MD5: 9F3287A1CAF6E365ED2B39BB8D44B0EA
PID: 4412 (2216) C:\Program Files (x86)\WinZip\WZQKPICK.EXE
size: 122880
MD5: 6613E98493EC4A94395955B17F836CF9
PID: 4564 (2216) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
size: 101440
MD5: 9D0EEBDA40D5C33BC63FB8BB984F7681
PID: 2780 (5012) C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
size: 77824
MD5: A74CC542AAD9FE70AE65E6104C48CAD6
PID: 3736 (4944) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
size: 271960
MD5: 85E7BB8A103644085C5C665481022E56
PID: 4644 (2360) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
size: 307704
MD5: 8DA0A66CB74FCBB393038E37E0F691BA
PID: 5612 (2216) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
size: 4891472
MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855
PID: 4 ( 0) System
PID: 568 ( 4) smss.exe
PID: 644 ( 632) csrss.exe
PID: 684 ( 632) wininit.exe
size: 96768
PID: 704 ( 692) csrss.exe
PID: 740 ( 684) services.exe
size: 279040
PID: 752 ( 684) lsass.exe
PID: 760 ( 684) lsm.exe
size: 229888
PID: 912 ( 740) svchost.exe
size: 21504
PID: 956 ( 740) nvvsvc.exe
PID: 988 ( 740) svchost.exe
size: 21504
PID: 360 ( 740) svchost.exe
size: 21504
PID: 384 ( 740) svchost.exe
size: 21504
PID: 588 ( 740) svchost.exe
size: 21504
PID: 904 ( 692) winlogon.exe
size: 314880
PID: 708 ( 360) audiodg.exe
size: 88064
PID: 372 ( 740) svchost.exe
size: 21504
PID: 1040 ( 740) SLsvc.exe
PID: 1088 ( 740) svchost.exe
size: 21504
PID: 1164 ( 740) LBTServ.exe
PID: 1244 ( 740) svchost.exe
size: 21504
PID: 1492 ( 740) spoolsv.exe
PID: 1516 ( 740) svchost.exe
size: 21504
PID: 1832 ( 956) rundll32.exe
size: 44544
PID: 1368 ( 740) PhotoshopElementsFileAgent.exe
PID: 2016 ( 740) AppleMobileDeviceService.exe
PID: 1076 ( 740) mDNSResponder.exe
PID: 1032 ( 740) svchost.exe
size: 21504
PID: 1236 ( 740) HPBtnSrv.exe
PID: 2192 ( 740) svchost.exe
size: 21504
PID: 2204 ( 740) IAANTmon.exe
PID: 2232 ( 740) LSSrvc.exe
PID: 2256 ( 740) sqlservr.exe
PID: 2300 ( 740) NBService.exe
PID: 2320 ( 740) svchost.exe
size: 21504
PID: 2340 ( 740) ccSvcHst.exe
PID: 2444 ( 740) svchost.exe
size: 21504
PID: 2456 ( 740) svchost.exe
size: 21504
PID: 3004 ( 588) taskeng.exe
size: 169472
PID: 1064 ( 740) sqlwriter.exe
PID: 1416 ( 740) svchost.exe
size: 21504
PID: 3032 ( 740) svchost.exe
size: 21504
PID: 1232 ( 740) SearchIndexer.exe
size: 439808
PID: 1072 ( 740) WHSConnector.exe
PID: 3164 ( 384) WUDFHost.exe
PID: 3836 ( 740) svchost.exe
size: 21504
PID: 2764 ( 588) C:\WINDOWS\System32\taskeng.exe
size: 169472
MD5: 5F109032CE46B7184ED9E50F9FE8489E
PID: 1012 ( 384) C:\WINDOWS\System32\dwm.exe
PID: 2216 ( 872) C:\WINDOWS\explorer.exe
size: 3080704
MD5: BBD8E74F23D7605CB0CDB57A1B25D826
PID: 320 (2216) C:\WINDOWS\RAVCpl64.exe
size: 6430208
MD5: EB87F06EADD74EE6AF4E2569B2427736
PID: 632 (2216) C:\WINDOWS\System32\rundll32.exe
size: 44544
MD5: 4B555106290BD117334E9A08761C035A
PID: 3892 (2216) C:\Program Files\Logitech\SetPoint\LBTWiz.exe
size: 47632
MD5: D367880271B7BC406657922B5C3C0AAA
PID: 4288 (2216) C:\WINDOWS\ehome\ehtray.exe
size: 138240
MD5: 65437DAD4F238EA9549408A783002222
PID: 4932 (2216) C:\Program Files\Windows Media Player\wmpnscfg.exe
size: 239104
MD5: B6A7E7F43234BFA6A8E6CC4110CB9448
PID: 5012 (2216) C:\Program Files\Logitech\SetPoint\SetPoint.exe
size: 1200144
MD5: FEF4B7A9BBD3AC934F52A3BCA33312FD
PID: 4132 ( 912) C:\WINDOWS\ehome\ehmsas.exe
size: 47104
MD5: F2C56E2FB83F06831F9565E77C48078D
PID: 4124 ( 740) wmpnetwk.exe
PID: 4352 (2216) C:\Program Files\Windows Home Server\WHSTrayApp.exe
size: 649064
MD5: 1E3C0B82CA037B0208BE4F536BE3DA65
PID: 4580 ( 912) C:\WINDOWS\System32\wbem\unsecapp.exe
PID: 4624 ( 740) iPodService.exe
PID: 4680 ( 912) WmiPrvSE.exe
PID: 3620 (5012) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
size: 243216
MD5: 80215CFAA752F8681BD3753E4BCF4A9D
PID: 2776 ( 740) HPHC_Service.exe
PID: 3644 ( 740) svchost.exe
size: 21504


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 1/23/2009 6:41:34 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.com/webhp?rls=ig
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cndt
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 10: MSAFD RfComm [Bluetooth]
GUID: {9FC48064-7298-43E4-B7BD-181F2089792A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Bluetooth
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD RfComm [Bluetooth]

Namespace Provider 0: @%SystemRoot%\system32\nlasvc.dll,-1000
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\system32\NLAapi.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 4: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 5: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 6: Bluetooth Namespace
GUID: {06AA63E0-7D60-41FF-AFB2-3EE6D2D9392D}
Filename: %SystemRoot%\system32\wshbth.dll
Description: Bluetooth
DB filename: %SystemRoot%\system32\wshbth.dll
DB protocol: Bluetooth-Namespace



BitDefender Online Scanner







Scan report generated at: Thu, Jan 22, 2009 - 09:43:05









Scan path: C:\;D:\;E:\;F:\;G:\;I:\;J:\;K:\;L:\;M:\;















Statistics

Time


03:32:50

Files


1348527

Folders


41023

Boot Sectors


0

Archives


25268

Packed Files


145994







Results

Identified Viruses


3

Infected Files


3

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


3







Engines Info

Virus Definitions


2572001

Engine build


AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins


17

Archive plugins


45

Unpack plugins


7

E-mail plugins


6

System plugins


4







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

D:\hp\apps\APP18571\src\data2.cab=>(IShield Module 1521)


Infected with: Gen:Trojan.Heur.GM.8808004900

D:\hp\apps\APP18571\src\data2.cab=>(IShield Module 1521)


Disinfection failed

D:\hp\apps\APP18571\src\data2.cab=>(IShield Module 1521)


Deleted

D:\hp\apps\APP18571\src\data2.cab


Update failed

tashi
2009-01-24, 02:27
Hello,

Please see the stickied procedure for this forum: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Start a new topic providing the HJT log, this one has been closed as helpers look for threads without a response.

Regards. :)