Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Is Running Very Slow


  • This topic is locked This topic is locked
2 replies to this topic

#1 qj0hn44

qj0hn44

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:13 PM

Posted 08 January 2007 - 04:21 PM

I have followed your preparation guide in detail. After doing so, I recieved messages from some of the programs that my computer was still infected. Further, I am now prompted to reinstalled "Photo Gallery" everytime I boot up. This is a program I did not ever use in the first place, and did not know I had. Please note the following results for each of the problem programs. I bolded and underlined each new program report, and provided a brief commentary for each. I also have results from Active Scan but it won't let me post them as it makes my post too long. If you need them, I can repost them separately. Any help you can provide me on this would be greatly appreciated.




[/b]Bit Defender Results
Scanned File
Status



C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AF45329.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AF45329.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AF45329.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CDD2BE9.tmp=>(Quarantine-2)
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CDD2BE9.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CDD2BE9.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CE055E5.tmp=>(Quarantine-2)
Infected with: Trojan.Exploit.Byteverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CE055E5.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CE055E5.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13F44466.exe=>(Quarantine-2)
Infected with: Trojan.Zlob.Gen

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13F44466.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13F44466.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13FE425B.exe=>(Quarantine-2)
Suspected of: Trojan.Zlob.BY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13FE425B.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13FE425B.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15E75C40.dll=>(Quarantine-2)
Infected with: Trojan.FakeAlert.CO

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15E75C40.dll=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15E75C40.dll=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A317788.exe=>(Quarantine-2)
Suspected of: Trojan.Zlob.BY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A317788.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A317788.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A4E7168.exe=>(Quarantine-2)
Infected with: Trojan.Zlob.Gen

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A4E7168.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A4E7168.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B181012.htm=>(Quarantine-2)
Infected with: Trojan.JS.Obsq.C

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B181012.htm=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B181012.htm=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31154DBC.dll=>(Quarantine-2)
Infected with: Trojan.Renos.E

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31154DBC.dll=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31154DBC.dll=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\34183CEF.tmp=>(Quarantine-2)=>MagicApplet.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\34183CEF.tmp=>(Quarantine-2)=>MagicApplet.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\34183CEF.tmp=>(Quarantine-2)=>MagicApplet.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\34183CEF.tmp=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\34183CEF.tmp=>(Quarantine-2)=>ProxyClassLoader.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\34183CEF.tmp=>(Quarantine-2)=>ProxyClassLoader.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\34183CEF.tmp=>(Quarantine-2)=>ProxyClassLoader.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\34183CEF.tmp=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\34183CEF.tmp
Update failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36216326.htm=>(Quarantine-2)
Infected with: Trojan.Downloader.HTML.Agent.F

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36216326.htm=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36216326.htm=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41144D4E.cla=>(Quarantine-2)
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41144D4E.cla=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41144D4E.cla=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\411B2147.cla=>(Quarantine-2)
Infected with: Trojan.Exploit.Byteverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\411B2147.cla=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\411B2147.cla=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\477F13BE.anr=>(Quarantine-2)
Infected with: Exploit.Win32.MS05-002.Gen

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\477F13BE.anr=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\477F13BE.anr=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\51421DFC.tmp=>(Quarantine-2)
Infected with: Trojan.Exploit.Byteverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\51421DFC.tmp=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\51421DFC.tmp=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52D17F38.exe=>(Quarantine-2)
Infected with: Trojan.Zlob.Gen

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52D17F38.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52D17F38.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52DE272A.exe=>(Quarantine-2)
Suspected of: Trojan.Zlob.BY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52DE272A.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52DE272A.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56A6561D.exe=>(Quarantine-2)
Infected with: Trojan.Zlob.Gen

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56A6561D.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56A6561D.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56C02601.exe=>(Quarantine-2)
Infected with: Trojan.Zlob.Gen

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56C02601.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56C02601.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56C34FFD.exe=>(Quarantine-2)
Infected with: Trojan.Zlob.Gen

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56C34FFD.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56C34FFD.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\619D2930.tmp=>(Quarantine-2)=>MagicApplet.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\619D2930.tmp=>(Quarantine-2)=>MagicApplet.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\619D2930.tmp=>(Quarantine-2)=>MagicApplet.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\619D2930.tmp=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\619D2930.tmp=>(Quarantine-2)=>ProxyClassLoader.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\619D2930.tmp=>(Quarantine-2)=>ProxyClassLoader.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\619D2930.tmp=>(Quarantine-2)=>ProxyClassLoader.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\619D2930.tmp=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\619D2930.tmp
Update failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\62DF3BA4.htm=>(Quarantine-2)
Infected with: Trojan.JS.Obsq.C

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\62DF3BA4.htm=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\62DF3BA4.htm=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\62F72173.exe=>(Quarantine-2)
Suspected of: Trojan.Zlob.BY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\62F72173.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\62F72173.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6310316E.wmf=>(Quarantine-2)
Infected with: Exploit.Win32.WMF-PFV

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6310316E.wmf=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6310316E.wmf=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\631D5960.anr=>(Quarantine-2)
Infected with: Exploit.Win32.MS05-002.Gen

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\631D5960.anr=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\631D5960.anr=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6320035C.anr=>(Quarantine-2)
Infected with: Exploit.Win32.MS05-002.Gen

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6320035C.anr=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6320035C.anr=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63232D59.anr=>(Quarantine-2)
Infected with: Exploit.Win32.MS05-002.Gen

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63232D59.anr=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63232D59.anr=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\632A0151.anr=>(Quarantine-2)
Infected with: Exploit.Win32.MS05-002.Gen

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\632A0151.anr=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\632A0151.anr=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63647511.zip=>(Quarantine-2)=>BlackBox.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63647511.zip=>(Quarantine-2)=>BlackBox.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63647511.zip=>(Quarantine-2)=>BlackBox.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63647511.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\63647511.zip
Update failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\69150804.dll=>(Quarantine-2)
Infected with: Trojan.Agent.RX

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\69150804.dll=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70D15DA2.exe=>(Quarantine-2)
Suspected of: Trojan.Zlob.BY

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70D15DA2.exe=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70D15DA2.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E5A0B90.dll=>(Quarantine-2)
Infected with: Trojan.Renos.E

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E5A0B90.dll=>(Quarantine-2)
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E5A0B90.dll=>(Quarantine-2)
Deleted

C:\Documents and Settings\pimpnzez\.housecall6.6\Quarantine\arch22776.jar-68c62f3c-751ddea9.zip.bac_a03804=>(Quarantine-4)=>Colors.class
Infected with: Java.Trojan.Downloader.OpenStream.B

C:\Documents and Settings\pimpnzez\.housecall6.6\Quarantine\arch22776.jar-68c62f3c-751ddea9.zip.bac_a03804=>(Quarantine-4)=>Colors.class
Disinfection failed

C:\Documents and Settings\pimpnzez\.housecall6.6\Quarantine\arch22776.jar-68c62f3c-751ddea9.zip.bac_a03804=>(Quarantine-4)=>Colors.class
Deleted

C:\Documents and Settings\pimpnzez\.housecall6.6\Quarantine\arch22776.jar-68c62f3c-751ddea9.zip.bac_a03804=>(Quarantine-4)
Updated

C:\Documents and Settings\pimpnzez\.housecall6.6\Quarantine\arch22776.jar-68c62f3c-751ddea9.zip.bac_a03804
Update failed

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-352f55f0-1dffa8f5.class
Infected with: Trojan.Downloader.Java.Openstream.Y

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-352f55f0-1dffa8f5.class
Disinfection failed

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-352f55f0-1dffa8f5.class
Deleted

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-1f9b708b-4615f854.zip=>Beyond.class
Infected with: Java.Trojan.ClassLoader.K

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-1f9b708b-4615f854.zip=>Beyond.class
Disinfection failed

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-1f9b708b-4615f854.zip=>Beyond.class
Deleted

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-1f9b708b-4615f854.zip
Updated

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-32075939-7cebd52b.zip=>Beyond.class
Infected with: Java.Trojan.ClassLoader.K

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-32075939-7cebd52b.zip=>Beyond.class
Disinfection failed

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-32075939-7cebd52b.zip=>Beyond.class
Deleted

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-32075939-7cebd52b.zip
Updated

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-3c0efa2b-21c67a5d.zip=>Beyond.class
Infected with: Java.Trojan.ClassLoader.K

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-3c0efa2b-21c67a5d.zip=>Beyond.class
Disinfection failed

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-3c0efa2b-21c67a5d.zip=>Beyond.class
Deleted

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-3c0efa2b-21c67a5d.zip
Updated

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-6198e311-40227775.zip=>Beyond.class
Infected with: Java.Trojan.ClassLoader.K

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-6198e311-40227775.zip=>Beyond.class
Disinfection failed

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-6198e311-40227775.zip=>Beyond.class
Deleted

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-6198e311-40227775.zip
Updated

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-6649d43f-79f4653b.zip=>Beyond.class
Infected with: Java.Trojan.ClassLoader.K

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-6649d43f-79f4653b.zip=>Beyond.class
Disinfection failed

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-6649d43f-79f4653b.zip=>Beyond.class
Deleted

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-6649d43f-79f4653b.zip
Updated

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.jar-31224f6f-28fda6c0.zip=>Beyond.class
Infected with: Java.Trojan.Downloader.OpenStream.Q

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.jar-31224f6f-28fda6c0.zip=>Beyond.class
Disinfection failed

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.jar-31224f6f-28fda6c0.zip=>Beyond.class
Deleted

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arc.jar-31224f6f-28fda6c0.zip
Updated

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms0311.jar-24ad084f-53f4c9a1.zip=>SuperMSClassLoader.class
Infected with: Exploit.Java.BytVerify.Q

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms0311.jar-24ad084f-53f4c9a1.zip=>SuperMSClassLoader.class
Disinfection failed

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms0311.jar-24ad084f-53f4c9a1.zip=>SuperMSClassLoader.class
Deleted

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms0311.jar-24ad084f-53f4c9a1.zip
Updated

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\p.jar-1bc4f036-111eec3b.zip=>BlackBox.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\p.jar-1bc4f036-111eec3b.zip=>BlackBox.class
Disinfection failed

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\p.jar-1bc4f036-111eec3b.zip=>BlackBox.class
Deleted

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\p.jar-1bc4f036-111eec3b.zip
Updated

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\p.jar-1bc4f036-111eec3b.zip=>Beyond.class
Infected with: Java.Trojan.Exploit.Bytverify2.Gen

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\p.jar-1bc4f036-111eec3b.zip=>Beyond.class
Disinfection failed

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\p.jar-1bc4f036-111eec3b.zip=>Beyond.class
Deleted

C:\Documents and Settings\pimpnzez\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\p.jar-1bc4f036-111eec3b.zip
Updated



Mcafee Stinger[/b] - I ran this scan several times. I checked the box of the problems it found and clicked delete / rename as applicable and then rebooted my computer as directed. When I reran the scan the same errors cam up. Here is the Stinger scan results:



McAfee® Rootkit Detective 1.0 Beta scan report
On 08-01-2007 at 10:24:08
OS-Version 5.1.2600
Service Pack 2.0
====================================

Object-Type: SSDT-hook
Object-Name: ZwAlertResumeThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwAlertThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwAllocateVirtualMemory
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwConnectPort
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwCreateFile
Object-Path: C:\WINDOWS\SYSTEM32\windrvNT.sys

Object-Type: SSDT-hook
Object-Name: ZwCreateKey
Object-Path: C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS

Object-Type: SSDT-hook
Object-Name: ZwCreateMutant
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwCreateThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwDeleteKey
Object-Path: C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS

Object-Type: SSDT-hook
Object-Name: ZwDeleteValueKey
Object-Path: C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS

Object-Type: SSDT-hook
Object-Name: ZwFreeVirtualMemory
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwImpersonateAnonymousToken
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwImpersonateThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwMapViewOfSection
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwOpenEvent
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwOpenFile
Object-Path: C:\WINDOWS\SYSTEM32\windrvNT.sys

Object-Type: SSDT-hook
Object-Name: ZwOpenProcessToken
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwOpenThreadToken
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwQueryDirectoryFile
Object-Path: C:\WINDOWS\SYSTEM32\windrvNT.sys

Object-Type: SSDT-hook
Object-Name: ZwQueryInformationProcess
Object-Path: C:\WINDOWS\SYSTEM32\windrvNT.sys

Object-Type: SSDT-hook
Object-Name: ZwResumeThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwSetContextThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwSetInformationFile
Object-Path: C:\WINDOWS\SYSTEM32\windrvNT.sys

Object-Type: SSDT-hook
Object-Name: ZwSetInformationProcess
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwSetInformationThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwSetValueKey
Object-Path: C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS

Object-Type: SSDT-hook
Object-Name: ZwSuspendProcess
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwSuspendThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwTerminateProcess
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwTerminateThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwUnmapViewOfSection
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwWriteVirtualMemory
Object-Path: (NULL)

Object-Type: Registry-key
Object-Name: DataINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data
Status: Hidden

Object-Type: Registry-key
Object-Name: a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771 System Provider\*Local Machine*\Data
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Status: Hidden

Object-Type: Registry-key
Object-Name: 00000000-0000-0000-0000-000000000000 System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000
Status: Hidden

Object-Type: Registry-key
Object-Name: {6340E680-FF06-435f-8767-B79D88AEBD4D}ystem Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000\{6340E680-FF06-435f-8767-B79D88AEBD4D}
Status: Hidden

Object-Type: Registry-value
Object-Name: Item Data
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000\{6340E680-FF06-435f-8767-B79D88AEBD4D}
Status: Hidden

Object-Type: Registry-value
Object-Name: Display String
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000
Status: Hidden

Object-Type: Registry-value
Object-Name: Display String
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Status: Hidden

Object-Type: Registry-key
Object-Name: Data 2RE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2
Status: Hidden

Object-Type: Registry-key
Object-Name: WindowsE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2\Windows
Status: Hidden

Object-Type: Registry-value
Object-Name: Value
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2\Windows
Status: Hidden

Object-Type: File/Folder
Object-Name: System Idle Process
Pid: n/a
Object-Path: System Idle Process
Status: Visible

Object-Type: File/Folder
Object-Name: sccfg.sys
Pid: n/a
Object-Path: C:\sccfg.sys
Status: Hidden

Object-Type: Process
Object-Name: System
Pid: 4
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: scardsvr.exe
Pid: 520
Object-Path: C:\WINDOWS\SYSTEM32\scardsvr.exe
Status: Visible

Object-Type: Process
Object-Name: ctfmon.exe
Pid: 2576
Object-Path: C:\WINDOWS\SYSTEM32\ctfmon.exe
Status: Visible

Object-Type: Process
Object-Name: wcescomm.exe
Pid: 2588
Object-Path: C:\Program Files\Microsoft ActiveSync\wcescomm.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1316
Object-Path: C:\WINDOWS\SYSTEM32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1572
Object-Path: C:\WINDOWS\SYSTEM32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: NPROTECT.EXE
Pid: 292
Object-Path: C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
Status: Visible

Object-Type: Process
Object-Name: ati2evxx.exe
Pid: 1068
Object-Path: C:\WINDOWS\SYSTEM32\ati2evxx.exe
Status: Visible

Object-Type: Process
Object-Name: MDM.EXE
Pid: 812
Object-Path: C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Status: Visible

Object-Type: Process
Object-Name: 1XConfig.exe
Pid: 556
Object-Path: C:\WINDOWS\SYSTEM32\1XConfig.exe
Status: Visible

Object-Type: Process
Object-Name: csrss.exe
Pid: 816
Object-Path: C:\WINDOWS\SYSTEM32\csrss.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1084
Object-Path: C:\WINDOWS\SYSTEM32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: AppSvc32.exe
Pid: 1852
Object-Path: C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
Status: Visible

Object-Type: Process
Object-Name: acrotray.exe
Pid: 2624
Object-Path: C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Status: Visible

Object-Type: Process
Object-Name: NOPDB.exe
Pid: 1604
Object-Path: C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.exe
Status: Visible

Object-Type: Process
Object-Name: winlogon.exe
Pid: 840
Object-Path: C:\WINDOWS\SYSTEM32\winlogon.exe
Status: Visible

Object-Type: Process
Object-Name: EXCEL.EXE
Pid: 3404
Object-Path: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
Status: Visible

Object-Type: Process
Object-Name: wdfmgr.exe
Pid: 2136
Object-Path: C:\WINDOWS\SYSTEM32\wdfmgr.exe
Status: Visible

Object-Type: Process
Object-Name: hpqtra08.exe
Pid: 2668
Object-Path: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Status: Visible

Object-Type: Process
Object-Name: OUTLOOK.EXE
Pid: 364
Object-Path: C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1648
Object-Path: C:\WINDOWS\SYSTEM32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: services.exe
Pid: 884
Object-Path: C:\WINDOWS\SYSTEM32\services.exe
Status: Visible

Object-Type: Process
Object-Name: ApntEx.exe
Pid: 2680
Object-Path: C:\Program Files\Apoint\ApntEx.exe
Status: Visible

Object-Type: Process
Object-Name: HPZipm12.exe
Pid: 1400
Object-Path: C:\WINDOWS\SYSTEM32\HPZipm12.exe
Status: Visible

Object-Type: Process
Object-Name: AluSchedulerSvc
Pid: 636
Object-Path: C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
Status: Visible

Object-Type: Process
Object-Name: lsass.exe
Pid: 896
Object-Path: C:\WINDOWS\SYSTEM32\lsass.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1164
Object-Path: C:\WINDOWS\SYSTEM32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: ati2evxx.exe
Pid: 1688
Object-Path: C:\WINDOWS\SYSTEM32\ati2evxx.exe
Status: Visible

Object-Type: Process
Object-Name: ZCfgSvc.exe
Pid: 1948
Object-Path: C:\WINDOWS\SYSTEM32\ZCfgSvc.exe
Status: Visible

Object-Type: Process
Object-Name: BAsfIpM.exe
Pid: 676
Object-Path: C:\WINDOWS\SYSTEM32\BAsfIpM.exe
Status: Visible

Object-Type: Process
Object-Name: Apoint.exe
Pid: 2476
Object-Path: C:\Program Files\Apoint\Apoint.exe
Status: Visible

Object-Type: Process
Object-Name: spoolsv.exe
Pid: 1964
Object-Path: C:\WINDOWS\SYSTEM32\spoolsv.exe
Status: Visible

Object-Type: Process
Object-Name: sqlservr.exe
Pid: 1200
Object-Path: C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
Status: Visible

Object-Type: Process
Object-Name: explorer.exe
Pid: 2992
Object-Path: C:\WINDOWS\Explorer.EXE
Status: Visible

Object-Type: Process
Object-Name: atiptaxx.exe
Pid: 2488
Object-Path: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Status: Visible

Object-Type: Process
Object-Name: hpqgalry.exe
Pid: 3512
Object-Path: C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
Status: Visible

Object-Type: Process
Object-Name: RegSrvc.exe
Pid: 1476
Object-Path: C:\WINDOWS\SYSTEM32\RegSrvc.exe
Status: Visible

Object-Type: Process
Object-Name: DSentry.exe
Pid: 2504
Object-Path: C:\WINDOWS\SYSTEM32\DSentry.exe
Status: Visible

Object-Type: Process
Object-Name: alg.exe
Pid: 1224
Object-Path: C:\WINDOWS\SYSTEM32\alg.exe
Status: Visible

Object-Type: Process
Object-Name: explorer.exe
Pid: 2268
Object-Path: C:\WINDOWS\explorer.exe
Status: Visible

Object-Type: Process
Object-Name: Directcd.exe
Pid: 2524
Object-Path: C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
Status: Visible

Object-Type: Process
Object-Name: S24EvMon.exe
Pid: 1504
Object-Path: C:\WINDOWS\SYSTEM32\S24EvMon.exe
Status: Visible

Object-Type: Process
Object-Name: MSASCui.exe
Pid: 2532
Object-Path: C:\Program Files\Windows Defender\MSASCui.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1764
Object-Path: C:\WINDOWS\SYSTEM32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: rapimgr.exe
Pid: 3048
Object-Path: C:\PROGRA~1\MI3AA1~1\rapimgr.exe
Status: Visible

Object-Type: Process
Object-Name: WINWORD.EXE
Pid: 3816
Object-Path: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
Status: Visible

Object-Type: Process
Object-Name: smss.exe
Pid: 744
Object-Path: C:\WINDOWS\SYSTEM32\smss.exe
Status: Visible

Object-Type: Process
Object-Name: MsMpEng.exe
Pid: 1260
Object-Path: C:\Program Files\Windows Defender\MsMpEng.exe
Status: Visible

Object-Type: Process
Object-Name: CCAPP.EXE
Pid: 2544
Object-Path: C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
Status: Visible

Object-Type: Process
Object-Name: CCSVCHST.EXE
Pid: 1776
Object-Path: C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
Status: Visible

Object-Type: Process
Object-Name: Rootkit_Detecti
Pid: 3572
Object-Path: C:\Documents and Settings\pimpnzez\Desktop\McafeeRootkitDetective\Rootkit_Detective.exe
Status: Visible

Scan complete. Found hidden Processes and Files: 1 .
Total files scanned: 163107
McAfee® Rootkit Detective 1.0 Beta scan report
On 08-01-2007 at 12:08:35
OS-Version 5.1.2600
Service Pack 2.0
====================================

Object-Type: SSDT-hook
Object-Name: ZwAlertResumeThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwAlertThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwAllocateVirtualMemory
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwConnectPort
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwCreateFile
Object-Path: C:\WINDOWS\SYSTEM32\windrvNT.sys

Object-Type: SSDT-hook
Object-Name: ZwCreateKey
Object-Path: C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS

Object-Type: SSDT-hook
Object-Name: ZwCreateMutant
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwCreateThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwDeleteKey
Object-Path: C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS

Object-Type: SSDT-hook
Object-Name: ZwDeleteValueKey
Object-Path: C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS

Object-Type: SSDT-hook
Object-Name: ZwFreeVirtualMemory
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwImpersonateAnonymousToken
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwImpersonateThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwMapViewOfSection
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwOpenEvent
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwOpenFile
Object-Path: C:\WINDOWS\SYSTEM32\windrvNT.sys

Object-Type: SSDT-hook
Object-Name: ZwOpenProcessToken
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwOpenThreadToken
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwQueryDirectoryFile
Object-Path: C:\WINDOWS\SYSTEM32\windrvNT.sys

Object-Type: SSDT-hook
Object-Name: ZwQueryInformationProcess
Object-Path: C:\WINDOWS\SYSTEM32\windrvNT.sys

Object-Type: SSDT-hook
Object-Name: ZwResumeThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwSetContextThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwSetInformationFile
Object-Path: C:\WINDOWS\SYSTEM32\windrvNT.sys

Object-Type: SSDT-hook
Object-Name: ZwSetInformationProcess
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwSetInformationThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwSetValueKey
Object-Path: C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS

Object-Type: SSDT-hook
Object-Name: ZwSuspendProcess
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwSuspendThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwTerminateProcess
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwTerminateThread
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwUnmapViewOfSection
Object-Path: (NULL)

Object-Type: SSDT-hook
Object-Name: ZwWriteVirtualMemory
Object-Path: (NULL)

Object-Type: Registry-key
Object-Name: DataINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data
Status: Hidden

Object-Type: Registry-key
Object-Name: a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771 System Provider\*Local Machine*\Data
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Status: Hidden

Object-Type: Registry-key
Object-Name: 00000000-0000-0000-0000-000000000000 System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000
Status: Hidden

Object-Type: Registry-key
Object-Name: {6340E680-FF06-435f-8767-B79D88AEBD4D}ystem Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000\{6340E680-FF06-435f-8767-B79D88AEBD4D}
Status: Hidden

Object-Type: Registry-value
Object-Name: Item Data
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000\{6340E680-FF06-435f-8767-B79D88AEBD4D}
Status: Hidden

Object-Type: Registry-value
Object-Name: Display String
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771\00000000-0000-0000-0000-000000000000
Status: Hidden

Object-Type: Registry-value
Object-Name: Display String
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Status: Hidden

Object-Type: Registry-key
Object-Name: Data 2RE\Microsoft\Protected Storage System Provider\*Local Machine*\Data\a5c5c2e4-6bee-4ef9-a0f5-f76a07cce771
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2
Status: Hidden

Object-Type: Registry-key
Object-Name: WindowsE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2\Windows
Status: Hidden

Object-Type: Registry-value
Object-Name: Value
Object-Path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Protected Storage System Provider\*Local Machine*\Data 2\Windows
Status: Hidden

Object-Type: File/Folder
Object-Name: System Idle Process
Pid: n/a
Object-Path: System Idle Process
Status: Visible

Object-Type: File/Folder
Object-Name: sccfg.sys
Pid: n/a
Object-Path: C:\sccfg.sys
Status: Hidden

Object-Type: Process
Object-Name: System
Pid: 4
Object-Path:
Status: Visible

Object-Type: Process
Object-Name: scardsvr.exe
Pid: 520
Object-Path: C:\WINDOWS\SYSTEM32\scardsvr.exe
Status: Visible

Object-Type: Process
Object-Name: ctfmon.exe
Pid: 2576
Object-Path: C:\WINDOWS\SYSTEM32\ctfmon.exe
Status: Visible

Object-Type: Process
Object-Name: wcescomm.exe
Pid: 2588
Object-Path: C:\Program Files\Microsoft ActiveSync\wcescomm.exe
Status: Visible

Object-Type: Process
Object-Name: explorer.exe
Pid: 1568
Object-Path: C:\WINDOWS\explorer.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1316
Object-Path: C:\WINDOWS\SYSTEM32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1572
Object-Path: C:\WINDOWS\SYSTEM32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: NPROTECT.EXE
Pid: 292
Object-Path: C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
Status: Visible

Object-Type: Process
Object-Name: ati2evxx.exe
Pid: 1068
Object-Path: C:\WINDOWS\SYSTEM32\ati2evxx.exe
Status: Visible

Object-Type: Process
Object-Name: MDM.EXE
Pid: 812
Object-Path: C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Status: Visible

Object-Type: Process
Object-Name: 1XConfig.exe
Pid: 556
Object-Path: C:\WINDOWS\SYSTEM32\1XConfig.exe
Status: Visible

Object-Type: Process
Object-Name: csrss.exe
Pid: 816
Object-Path: C:\WINDOWS\SYSTEM32\csrss.exe
Status: Visible

Object-Type: Process
Object-Name: symlcsvc.exe
Pid: 564
Object-Path: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Status: Visible

Object-Type: Process
Object-Name: iexplore.exe
Pid: 2356
Object-Path: C:\Program Files\Internet Explorer\iexplore.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1084
Object-Path: C:\WINDOWS\SYSTEM32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: AppSvc32.exe
Pid: 1852
Object-Path: C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
Status: Visible

Object-Type: Process
Object-Name: acrotray.exe
Pid: 2624
Object-Path: C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Status: Visible

Object-Type: Process
Object-Name: SYMUNDO.EXE
Pid: 320
Object-Path: C:\Program Files\Common Files\Symantec Shared\SYMUNDO.EXE
Status: Visible

Object-Type: Process
Object-Name: NOPDB.exe
Pid: 1604
Object-Path: C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.exe
Status: Visible

Object-Type: Process
Object-Name: winlogon.exe
Pid: 840
Object-Path: C:\WINDOWS\SYSTEM32\winlogon.exe
Status: Visible

Object-Type: Process
Object-Name: SL101.tmp
Pid: 3144
Object-Path: C:\DOCUME~1\pimpnzez\LOCALS~1\Temp\SL101.tmp
Status: Visible

Object-Type: Process
Object-Name: wdfmgr.exe
Pid: 2136
Object-Path: C:\WINDOWS\SYSTEM32\wdfmgr.exe
Status: Visible

Object-Type: Process
Object-Name: hpqtra08.exe
Pid: 2668
Object-Path: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Status: Visible

Object-Type: Process
Object-Name: OUTLOOK.EXE
Pid: 364
Object-Path: C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
Status: Visible

Object-Type: Process
Object-Name: OBC.exe
Pid: 876
Object-Path: C:\Program Files\Norton SystemWorks Basic Edition\OBC.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1648
Object-Path: C:\WINDOWS\SYSTEM32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: services.exe
Pid: 884
Object-Path: C:\WINDOWS\SYSTEM32\services.exe
Status: Visible

Object-Type: Process
Object-Name: ApntEx.exe
Pid: 2680
Object-Path: C:\Program Files\Apoint\ApntEx.exe
Status: Visible

Object-Type: Process
Object-Name: HPZipm12.exe
Pid: 1400
Object-Path: C:\WINDOWS\SYSTEM32\HPZipm12.exe
Status: Visible

Object-Type: Process
Object-Name: AluSchedulerSvc
Pid: 636
Object-Path: C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
Status: Visible

Object-Type: Process
Object-Name: wuauclt.exe
Pid: 3964
Object-Path: C:\WINDOWS\system32\wuauclt.exe
Status: Visible

Object-Type: Process
Object-Name: msiexec.exe
Pid: 2428
Object-Path: C:\WINDOWS\system32\msiexec.exe
Status: Visible

Object-Type: Process
Object-Name: lsass.exe
Pid: 896
Object-Path: C:\WINDOWS\SYSTEM32\lsass.exe
Status: Visible

Object-Type: Process
Object-Name: svchost.exe
Pid: 1164
Object-Path: C:\WINDOWS\SYSTEM32\svchost.exe
Status: Visible

Object-Type: Process
Object-Name: ati2evxx.exe
Pid: 1688
Object-Path: C:\WINDOWS\SYSTEM32\ati2evxx.exe
Status: Visible

Object-Type: Process
Object-Name: ZCfgSvc.exe
Pid: 1948
Object-Path: C:\WINDOWS\SYSTEM32\ZCfgSvc.exe
Status: Visible

Object-Type: Process
Object-Name: wuauclt.exe
Pid: 3484
Object-Path: C:\WINDOWS\SYSTEM32\wuauclt.exe
Status: Visible

Object-Type: Process
Object-Name: BAsfIpM.exe
Pid: 676
Object-Path: C:\WINDOWS\SYSTEM32\BAsfIpM.exe
Status: Visible

Object-Type: Process
Object-Name: spoolsv.exe
Pid: 1964
Object-Path: C:\WINDOWS\SYSTEM32\spoolsv.exe
Status: Visible

Object-Type: Process
Object-Name: Apoint.exe
Pid: 2476
Object-Path: C:\Program Files\Apoint\Apoint.exe
Status: Visible

Object-Type: Process
Object-Name: NDP1.1sp1-KB867
Pid: 3756
Object-Path: C:\WINDOWS\SoftwareDistribution\Download\Install\NDP1.1sp1-KB867460-X86.exe
Status: Visible

Object-Type: Process
Object-Name: sqlservr.exe
Pid: 1200
Object-Path: C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
Status: Visible

Object-Type: Process
Object-Name: hpqgalry.exe
Pid: 3512
Object-Path: C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
Status: Visible

Object-Type: Process
Object-Name: atiptaxx.exe
Pid: 2488
Object-Path: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Status: Visible

Object-Type: Process
Object-Name: msiexec.exe
Pid: 3008
Object-Path: C:\WINDOWS\system32\MsiExec.exe
Status: Visible

Object-Type: Process
Object-Name: RegSrvc.exe
Pid: 1476
Object-Path: C:\WINDOWS\SYSTEM32\RegSrvc.exe
Status: Visible

Object-Type: Process
Object-Name: alg.exe
Pid: 1224
Object-Path: C:\WINDOWS\SYSTEM32\alg.exe
Status: Visible

Object-Type: Process
Object-Name: DSentry.exe
Pid: 2504
Object-Path: C:\WINDOWS\SYSTEM32\DSentry.exe
Status: Visible

Object-Type: Process
Object-Name: explorer.exe
Pid: 2268
Object-Path: C:\WINDOWS\explorer.exe
Status: Visible

Object-Type: Process
Object-Name: Directcd.exe
Pid: 2524
Object-Path: C:\Program Fil

BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:13 PM

Posted 12 January 2007 - 08:21 AM

Welcome to the BleepingComputer forum. We are currently studying your log and will have instructions for you shortly. Thank you for your patience.

During the cleaning process, if any other issues arise, please let us know.
If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post a HijackThis log. I need the log to analyze your problems.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:08:13 PM

Posted 30 January 2007 - 08:23 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users