Removing Trojan.Vundo, logs included!!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Killuminati

Thread Starter
Joined
Jan 16, 2006
Messages
3
Hey everybody,

I kept on getting the annoying winfixer pop ups, so I assumed i had been infected with vundo. I ran Norton Antivirus 2006, ad aware, and spybot, with no result.

So after reading countless threads on here, i downloaded Vundofix.exe

Attached is the vundofix log and the hijack this log i took right after. I just want the approval of some of the board members that I am clean of vundo, and any other malware:

Thanks for any help you guys can give me! This board is awesome.

VundoFix log:

Listing files found while scanning....

C:\WINDOWS\system32\awvst.dll
C:\WINDOWS\system32\tsvwa.ini
C:\WINDOWS\system32\tsvwa.bak1
C:\WINDOWS\system32\tsvwa.bak2

VundoFix V4.0

Listing files found while scanning....

C:\WINDOWS\system32\awvst.dll
C:\WINDOWS\system32\tsvwa.ini
C:\WINDOWS\system32\tsvwa.bak1
C:\WINDOWS\system32\tsvwa.bak2

C:\WINDOWS\system32\tsvwa.bak1
C:\WINDOWS\system32\tsvwa.bak2
C:\WINDOWS\system32\tsvwa.ini
C:\WINDOWS\system32\awvst.dll
Attempting to delete C:\WINDOWS\system32\awvst.dll
C:\WINDOWS\system32\awvst.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tsvwa.ini
C:\WINDOWS\system32\tsvwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\tsvwa.bak1
C:\WINDOWS\system32\tsvwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\tsvwa.bak2
C:\WINDOWS\system32\tsvwa.bak2 Has been deleted!

Performing Repairs to the registry.
Done!


Logfile of HijackThis v1.99.1
Scan saved at 1:05:20 PM, on 16/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Norton AntiVirus 2006\navapsvc.exe
C:\Program Files\Norton AntiVirus 2006\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.library.ubc.ca:8000
O2 - BHO: (no name) - {057A2D87-707E-FD78-03E1-689C1AFD2C4A} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus 2006\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus 2006\NavShExt.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 28
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [folshqf] C:\WINDOWS\folshqf.exe
O4 - HKLM\..\Run: [dkpmfuh] C:\WINDOWS\dkpmfuh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [virtual] winit.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunServices: [virtual] winit.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: DigiChat Applet - http://host7.digichat.com/DigiChat/DigiClasses/Client_IE.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...//www.lookingyourbest.com/inamodel/index.html
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mlslink.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - https://jvm.webmaster.com/jinstall-1_4-windows-i586.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://merlin.telus.net/wizlet/Qualifier/static/controls/WebflowActiveX.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus 2006\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus 2006\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus 2006\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 
Joined
Sep 7, 2004
Messages
49,014
Add remove programs – remove viewpoint

Fix these with HJT – mark them, close IE, click fix checked

O2 - BHO: (no name) - {057A2D87-707E-FD78-03E1-689C1AFD2C4A} - (no file)

O4 - HKLM\..\Run: [folshqf] C:\WINDOWS\folshqf.exe

O4 - HKLM\..\Run: [dkpmfuh] C:\WINDOWS\dkpmfuh.exe

O4 - HKLM\..\Run: [virtual] winit.exe

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\RunServices: [virtual] winit.exe

DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\folshqf.exe
C:\WINDOWS\dkpmfuh.exe
C:\Program Files\Viewpoint

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Empty the recycle bin
Boot

http://www.kaspersky.com/virusscanner - Online scan

When the scan is finished Save the results from the scan!

Post a new HiJackThis log along with the results from Kaspersky scan


Please give feedback on what worked/didn’t work and the current status of your system
 

Killuminati

Thread Starter
Joined
Jan 16, 2006
Messages
3
I successfully uninstalled viewpoint. When i went to fix the hijack this file, the fix relating to viewpoint was not there. Also, when I ran killbox, none of the files were found. At this point, I thought i was clean. However, after running the Kapersky scanner, it looks like I have alot of infected files. Here is the results:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, January 16, 2006 16:15:45
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 16/01/2006
Kaspersky Anti-Virus database records: 161114
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 93106
Number of viruses found: 24
Number of infected objects: 77
Number of suspicious objects: 3
Duration of the scan process: 7103 sec

Infected Object Name - Virus Name
C:\d.exe Infected: Trojan.Win32.Delf.bj
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05ED23B8.tmp Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\070362B1.tmp Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\070A36AA.tmp Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07622D7A.htm Infected: Trojan.HTML.StartPage.i
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\076E4317.htm Infected: Trojan.HTML.StartPage.i
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DEB0ECC.htm Suspicious: Exploit.HTML.Mht
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11B306C5.htm Infected: Trojan.HTML.StartPage.i
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11FE4776.exe Infected: Trojan-Downloader.Win32.Dyfuca.ak
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12017172.htm Infected: Trojan-Downloader.JS.IstBar.f
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12017172.tmp Infected: Trojan-Spy.Win32.Briss.j
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12C6743C.htm Infected: Trojan.HTML.StartPage.i
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16FB55B4.htm Infected: Trojan.HTML.StartPage.i
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\177A570D.htm Infected: Trojan.HTML.StartPage.i
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C4571E4.cla Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\216F6A82.cla Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\225C1C60.htm Infected: Trojan.HTML.StartPage.i
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24A03194.tmp Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\267248CB.cla Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28173B18.cla Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C7161BA.tmp Infected: Trojan-Downloader.Win32.Small.asy
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C7B5FAF.tmp Infected: Trojan-Downloader.Win32.Small.asy
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2CCB1154.tmp Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F111100.tmp Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\333704EF.cla Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39606403.tmp Infected: Trojan.Java.ClassLoader.ak
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39EB4681.exe Infected: Trojan-Downloader.Win32.Dyfuca.du
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39F44476.exe Infected: Trojan-Downloader.Win32.IstBar.eo
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39F86E72.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AA67D0F.tmp Infected: Trojan.Java.ClassLoader.ak
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3BB739A1.htm Infected: Trojan.HTML.StartPage.i
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CC85B56.cla Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CF11AB6.tmp Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D471CFC.htm Suspicious: Exploit.HTML.DragDrop
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D550724.js Infected: Trojan-Downloader.JS.Zapchast.b
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D5E42E3.htm Infected: Trojan-Downloader.JS.Psyme.an
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\43F5776F.cla Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\450958E4.tmp Infected: Trojan-Downloader.Java.OpenConnection.ah
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47CD22EF.htm Infected: Trojan.HTML.StartPage.i
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A656FF1.tmp Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4F0077C9.htm Infected: Trojan-Downloader.JS.IstBar.k
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\506E74A6.htm Infected: Trojan.HTML.StartPage.i
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\582E246E.htm Infected: Trojan.HTML.StartPage.i
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5AB80F57.tmp Infected: Trojan-Downloader.Win32.Small.asy
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CFB356C.cla Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\633744EE.htm Infected: Trojan.HTML.StartPage.i
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\633B10C5.htm Infected: Trojan.HTML.StartPage.i
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\645E021C.cla Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\676E7E59.htm Infected: Exploit.HTML.Mht
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\687164CC.exe Infected: P2P-Worm.Win32.Krepper.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6B8662B5.htm Infected: Trojan.HTML.StartPage.i
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D046B29.tmp Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E365E66.htm Infected: Exploit.HTML.Mht
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70883627.cla Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\714A520D.htm Suspicious: Exploit.HTML.DragDrop
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71D0752F.cla Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73245C90.cla Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74C94235.htm Infected: Exploit.HTML.Mht
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74D0162D.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74D0162D.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74D0162D.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74D0162D.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74D0162D.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78942728.tmp Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\790A0D65.tmp Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79D05144.tmp Infected: Trojan.Java.Femad
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000003.pst/Hotmail/Deleted Items/28 Feb 2004 20:49 from burnzy@interchange.ubc.ca:THANK YOU VERY /document.zip/document.jpg .pif Infected: Email-Worm.Win32.Mydoom.e
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000003.pst/Hotmail/Deleted Items/28 Feb 2004 20:49 from burnzy@interchange.ubc.ca:THANK YOU VERY /document.zip Infected: Email-Worm.Win32.Mydoom.e
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000003.pst/Hotmail/Deleted Items/27 Feb 2004 19:39 from Mail Delivery Subsystem:Returned mail: se/27 Feb 2004 19:38 to john@amazon.co.uk:jaupocqnz/your_document.zip/your_document.jpg .scr Infected: Email-Worm.Win32.Mydoom.e
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000003.pst/Hotmail/Deleted Items/27 Feb 2004 19:39 from Mail Delivery Subsystem:Returned mail: se/27 Feb 2004 19:38 to john@amazon.co.uk:jaupocqnz/your_document.zip Infected: Email-Worm.Win32.Mydoom.e
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000003.pst/Hotmail/Deleted Items/27 Feb 2004 16:32 from nate@hapke.ca:Efeywz/resume.zip/resume.txt .exe Infected: Email-Worm.Win32.Mydoom.e
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000003.pst/Hotmail/Deleted Items/27 Feb 2004 16:32 from nate@hapke.ca:Efeywz/resume.zip Infected: Email-Worm.Win32.Mydoom.e
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000003.pst/Hotmail/Deleted Items/27 Feb 2004 00:12 from sid.huff@vuw.ac.nz:Recent news/file.zip/file.exe Infected: Email-Worm.Win32.Mydoom.e
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000003.pst/Hotmail/Deleted Items/27 Feb 2004 00:12 from sid.huff@vuw.ac.nz:Recent news/file.zip Infected: Email-Worm.Win32.Mydoom.e
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000003.pst/Hotmail/Deleted Items/26 Feb 2004 21:29 from melc@interchange.ubc.ca:Motepobomnuudcmp/website.zip/website.com Infected: Email-Worm.Win32.Mydoom.e
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000003.pst/Hotmail/Deleted Items/26 Feb 2004 21:29 from melc@interchange.ubc.ca:Motepobomnuudcmp/website.zip Infected: Email-Worm.Win32.Mydoom.e
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000003.pst Infected: Email-Worm.Win32.Mydoom.e
C:\Documents and Settings\Jay\My Documents\My Received Files\bittorrent-3.4.1.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Swizzor.k
C:\Documents and Settings\Jay\My Documents\My Received Files\bittorrent-3.4.1.exe/stream Infected: Trojan-Downloader.Win32.Swizzor.k
C:\Documents and Settings\Jay\My Documents\My Received Files\bittorrent-3.4.1.exe Infected: Trojan-Downloader.Win32.Swizzor.k

Scan process completed.
 

Killuminati

Thread Starter
Joined
Jan 16, 2006
Messages
3
I successfully uninstalled viewpoint. When i went to fix the hijack this file, the fix relating to viewpoint was not there. Also, when I ran killbox, none of the files were found. At this point, I thought i was clean. However, after running the Kapersky scanner, it looks like I have alot of infected files. Here is the results of the scan, and a new hijack this scan:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, January 16, 2006 16:15:45
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 16/01/2006
Kaspersky Anti-Virus database records: 161114
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 93106
Number of viruses found: 24
Number of infected objects: 77
Number of suspicious objects: 3
Duration of the scan process: 7103 sec

Infected Object Name - Virus Name
C:\d.exe Infected: Trojan.Win32.Delf.bj
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05ED23B8.tmp Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\070362B1.tmp Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\070A36AA.tmp Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07622D7A.htm Infected: Trojan.HTML.StartPage.i
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\076E4317.htm Infected: Trojan.HTML.StartPage.i
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DEB0ECC.htm Suspicious: Exploit.HTML.Mht
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11B306C5.htm Infected: Trojan.HTML.StartPage.i
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11FE4776.exe Infected: Trojan-Downloader.Win32.Dyfuca.ak
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12017172.htm Infected: Trojan-Downloader.JS.IstBar.f
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12017172.tmp Infected: Trojan-Spy.Win32.Briss.j
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12C6743C.htm Infected: Trojan.HTML.StartPage.i
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16FB55B4.htm Infected: Trojan.HTML.StartPage.i
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\177A570D.htm Infected: Trojan.HTML.StartPage.i
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C4571E4.cla Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\216F6A82.cla Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\225C1C60.htm Infected: Trojan.HTML.StartPage.i
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24A03194.tmp Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\267248CB.cla Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28173B18.cla Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C7161BA.tmp Infected: Trojan-Downloader.Win32.Small.asy
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C7B5FAF.tmp Infected: Trojan-Downloader.Win32.Small.asy
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2CCB1154.tmp Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F111100.tmp Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\333704EF.cla Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39606403.tmp Infected: Trojan.Java.ClassLoader.ak
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39EB4681.exe Infected: Trojan-Downloader.Win32.Dyfuca.du
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39F44476.exe Infected: Trojan-Downloader.Win32.IstBar.eo
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39F86E72.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AA67D0F.tmp Infected: Trojan.Java.ClassLoader.ak
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3BB739A1.htm Infected: Trojan.HTML.StartPage.i
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CC85B56.cla Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CF11AB6.tmp Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D471CFC.htm Suspicious: Exploit.HTML.DragDrop
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D550724.js Infected: Trojan-Downloader.JS.Zapchast.b
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D5E42E3.htm Infected: Trojan-Downloader.JS.Psyme.an
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\43F5776F.cla Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\450958E4.tmp Infected: Trojan-Downloader.Java.OpenConnection.ah
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47CD22EF.htm Infected: Trojan.HTML.StartPage.i
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A656FF1.tmp Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4F0077C9.htm Infected: Trojan-Downloader.JS.IstBar.k
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\506E74A6.htm Infected: Trojan.HTML.StartPage.i
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\582E246E.htm Infected: Trojan.HTML.StartPage.i
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5AB80F57.tmp Infected: Trojan-Downloader.Win32.Small.asy
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CFB356C.cla Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\633744EE.htm Infected: Trojan.HTML.StartPage.i
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\633B10C5.htm Infected: Trojan.HTML.StartPage.i
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\645E021C.cla Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\676E7E59.htm Infected: Exploit.HTML.Mht
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\687164CC.exe Infected: P2P-Worm.Win32.Krepper.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6B8662B5.htm Infected: Trojan.HTML.StartPage.i
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D046B29.tmp Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E365E66.htm Infected: Exploit.HTML.Mht
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70883627.cla Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\714A520D.htm Suspicious: Exploit.HTML.DragDrop
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71D0752F.cla Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73245C90.cla Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74C94235.htm Infected: Exploit.HTML.Mht
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74D0162D.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74D0162D.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74D0162D.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74D0162D.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74D0162D.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78942728.tmp Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\790A0D65.tmp Infected: Trojan.Java.Femad
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79D05144.tmp Infected: Trojan.Java.Femad
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000003.pst/Hotmail/Deleted Items/28 Feb 2004 20:49 from burnzy@interchange.ubc.ca:THANK YOU VERY /document.zip/document.jpg .pif Infected: Email-Worm.Win32.Mydoom.e
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000003.pst/Hotmail/Deleted Items/28 Feb 2004 20:49 from burnzy@interchange.ubc.ca:THANK YOU VERY /document.zip Infected: Email-Worm.Win32.Mydoom.e
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000003.pst/Hotmail/Deleted Items/27 Feb 2004 19:39 from Mail Delivery Subsystem:Returned mail: se/27 Feb 2004 19:38 to john@amazon.co.uk:jaupocqnz/your_document.zip/your_document.jpg .scr Infected: Email-Worm.Win32.Mydoom.e
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000003.pst/Hotmail/Deleted Items/27 Feb 2004 19:39 from Mail Delivery Subsystem:Returned mail: se/27 Feb 2004 19:38 to john@amazon.co.uk:jaupocqnz/your_document.zip Infected: Email-Worm.Win32.Mydoom.e
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000003.pst/Hotmail/Deleted Items/27 Feb 2004 16:32 from nate@hapke.ca:Efeywz/resume.zip/resume.txt .exe Infected: Email-Worm.Win32.Mydoom.e
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000003.pst/Hotmail/Deleted Items/27 Feb 2004 16:32 from nate@hapke.ca:Efeywz/resume.zip Infected: Email-Worm.Win32.Mydoom.e
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000003.pst/Hotmail/Deleted Items/27 Feb 2004 00:12 from sid.huff@vuw.ac.nz:Recent news/file.zip/file.exe Infected: Email-Worm.Win32.Mydoom.e
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000003.pst/Hotmail/Deleted Items/27 Feb 2004 00:12 from sid.huff@vuw.ac.nz:Recent news/file.zip Infected: Email-Worm.Win32.Mydoom.e
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000003.pst/Hotmail/Deleted Items/26 Feb 2004 21:29 from melc@interchange.ubc.ca:Motepobomnuudcmp/website.zip/website.com Infected: Email-Worm.Win32.Mydoom.e
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000003.pst/Hotmail/Deleted Items/26 Feb 2004 21:29 from melc@interchange.ubc.ca:Motepobomnuudcmp/website.zip Infected: Email-Worm.Win32.Mydoom.e
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000003.pst Infected: Email-Worm.Win32.Mydoom.e
C:\Documents and Settings\Jay\My Documents\My Received Files\bittorrent-3.4.1.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Swizzor.k
C:\Documents and Settings\Jay\My Documents\My Received Files\bittorrent-3.4.1.exe/stream Infected: Trojan-Downloader.Win32.Swizzor.k
C:\Documents and Settings\Jay\My Documents\My Received Files\bittorrent-3.4.1.exe Infected: Trojan-Downloader.Win32.Swizzor.k

Scan process completed.


Logfile of HijackThis v1.99.1
Scan saved at 4:20:42 PM, on 16/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Norton AntiVirus 2006\navapsvc.exe
C:\Program Files\Norton AntiVirus 2006\IWP\NPFMntor.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.library.ubc.ca:8000
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus 2006\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus 2006\NavShExt.dll
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 28
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O16 - DPF: DigiChat Applet - http://host7.digichat.com/DigiChat/DigiClasses/Client_IE.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MT...//www.lookingyourbest.com/inamodel/index.html
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mlslink.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - https://jvm.webmaster.com/jinstall-1_4-windows-i586.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://merlin.telus.net/wizlet/Qualifier/static/controls/WebflowActiveX.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus 2006\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus 2006\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus 2006\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 
Joined
Sep 7, 2004
Messages
49,014
Empty/purge the Norton Quarantine

The log looks fine but I'd like to see the Kasperky log witho0u all of those Quarantine entries

Also

DownLoad EasyCleaner http://www.majorgeeks.com/download414.html

Use the clear files and Unnecessary files buttons – I do not recommend
using the Duplicates files button
as many dupes are there on purpose.

Not all files will delete – that is normal.

In the unnecessary button I check the top 4 entries
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top