Error message when starting PC

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

cadwallader

Thread Starter
Joined
Sep 14, 2003
Messages
131
I'm getting an error message when I start up and I wonder if someone could please check my hijack this log and give me some advice. Thanks in advance.

Logfile of HijackThis v1.97.2
Scan saved at 22:45:06, on 01/10/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\VPIUHGYZ.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PQSC\PROGRAM\CPCTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\NORTON UTILITIES\SYSDOC32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\BTOPENWORLD\DIALBTIANYTIME.EXE
C:\WINDOWS\SLLIGHTS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.msn.com/results.aspx?cp=1252&FORM=MSNH&cp=28592&q=msn+search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTopenworld
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SecondChance] C:\PQSC\PROGRAM\CPCTRAY.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [igyvqkhq] vpiuhgyz.exe autorun
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
 
Joined
Mar 25, 2001
Messages
3,334
This item looks suspicious:

O4 - HKLM\..\Run: [igyvqkhq] vpiuhgyz.exe autorun


...any idea what it may be? I don't know if you want to use HJT to whack it or maybe disable it from your msconfig startup folder and see what happens.
 

cadwallader

Thread Starter
Joined
Sep 14, 2003
Messages
131
Thanks.
Does this seem okay now?


Logfile of HijackThis v1.97.2
Scan saved at 07:13:35, on 02/10/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PQSC\PROGRAM\CPCTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\NORTON UTILITIES\SYSDOC32.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.msn.com/results.aspx?cp=1252&FORM=MSNH&cp=28592&q=msn+search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTopenworld
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SecondChance] C:\PQSC\PROGRAM\CPCTRAY.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
 
Joined
Mar 25, 2001
Messages
3,334
The log looks fine. Did you disable that entry or use HJT to fix it? Are you still getting the error message? If so, post the entire message.
 

cadwallader

Thread Starter
Joined
Sep 14, 2003
Messages
131
I' not getting the error message, but I am getting a large influx of spam in my Outlook Express, suggesting that emails I've sent haven't been delivered because they're infected; however, they aren't emails I've sent, even though some of them (but not all) refer to addresses that I have sent emails to. Any ideas?

Thanks again.
 
Joined
Dec 9, 2000
Messages
45,855
Many of todays worms pick addresses out of other people's address books and forge them to appear as if they were sent from that address.

It doesn't mean you are infected, but that someone who has your address in their address book is.
 

cadwallader

Thread Starter
Joined
Sep 14, 2003
Messages
131
Thanks. What's worrying me is that after I've received and deleted those emails, I run Ad Aware and it catches some data miners.
 
Joined
Dec 9, 2000
Messages
45,855
I beleive those references are to "tracking cookies". There should be no relationship. You will be seeing those routinely as they are used by many web sites. I don't believe they can get confidential information though, they just store information on what pages you visit or clicks you make on their sites.
 

cadwallader

Thread Starter
Joined
Sep 14, 2003
Messages
131
Thanks for all your help and advice; however, I now know that my daughter downloaded a 'microsoft' fix she received as an email and although she figured out the error of her ways and uninstalled the download, all the signs point to the swen worm. I've dowloaded the fix from symantec, but it seems unable to find anything, yet I'm still getting the emails which are exactly like those described on the symantec site.
 
Joined
Dec 9, 2000
Messages
45,855
You will continue to get the e-mails, the "fix" cannot resolve that. It is not a result of the infection itself.

If you post a "startuplist" we can see if there is any sign of swen corruption of the typical registry entries.

Here is how you do that:

Click Config > Misc Tools, put a check in "list minor sections", then click Generate Startuplist and copy/paste that.
 
Joined
Dec 9, 2000
Messages
45,855
When you open/run HijackThis you will see a "config" tab in the right bottom corner. Click that, then Misc Tools. Put a check in "list minor sections" and then click the Generate StartupList log tab
 

cadwallader

Thread Starter
Joined
Sep 14, 2003
Messages
131
Thanks again. Here goes:

StartupList report, 05/10/03, 19:48:18
StartupList version: 1.52
Started from : C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PQSC\PROGRAM\CPCTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\NORTON UTILITIES\SYSDOC32.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = c:\windows\scanregw.exe /autorun
TaskMonitor = c:\windows\taskmon.exe
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SecondChance = C:\PQSC\PROGRAM\CPCTRAY.EXE
Adaptec DirectCD = C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
WinampAgent = "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
NPROTECT = C:\Program Files\Norton Utilities\NPROTECT.EXE
NAV Agent = c:\PROGRA~1\NORTON~1\NAVAPW32.EXE
CreateCD = C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
NPROTECT = C:\Program Files\Norton Utilities\NPROTECT.EXE
ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MoneyAgent = "C:\Program Files\Microsoft Money\System\Money Express.exe"

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}

[>PerUser_MSN_Clean] *
StubPath = c:\windows\msnmgsr1.exe

[PerUser_LinkBar_URLs] *
StubPath = c:\windows\COMMAND\sulfnbk.exe /L

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

[>IEPerUser] *
StubPath = RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

C:\WINDOWS\WININIT.INI listing:
(Created 5/10/2003, 19:44:50)

[Rename]
NUL=C:\PROGRA~1\NORTON~1\UNREGCMD.EXE

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 5/10/2003, 19:13:6)

[Rename]
C:\WINDOWS\SYSTEM\SYMDNS.VXD=C:\WINDOWS\SYSTEM\SYM777A.TMP
C:\WINDOWS\SYSTEM\SYMFW.VXD=C:\WINDOWS\SYSTEM\SYM777D.TMP
C:\WINDOWS\SYSTEM\SYMNDIS.VXD=C:\WINDOWS\SYSTEM\SYM6EB3.TMP
C:\WINDOWS\SYSTEM\SYMREDRV.VXD=C:\WINDOWS\SYSTEM\SYM7584.TMP
C:\WINDOWS\SYSTEM\SYMTDI.VXD=C:\WINDOWS\SYSTEM\SYM7DE9.TMP
C:\WINDOWS\SYSTEM\SYMREDIR.DLL=C:\WINDOWS\SYSTEM\SYM7780.TMP
C:\PROGRA~1\NORTON~1\ABOUTPLG.DLL=C:\PROGRA~1\NORTON~1\ABOUTPLG.DL^
C:\PROGRA~1\NORTON~1\APWCMD9X.DLL=C:\PROGRA~1\NORTON~1\APWCMD9X.DL^
C:\PROGRA~1\NORTON~1\APWUTIL.DLL=C:\PROGRA~1\NORTON~1\APWUTIL.DL^
C:\PROGRA~1\NORTON~1\BOOTWARN.EXE=C:\PROGRA~1\NORTON~1\BOOTWARN.EX^
C:\PROGRA~1\NORTON~1\CFGWIZ.DLL=C:\PROGRA~1\NORTON~1\CFGWIZ.DL^
C:\PROGRA~1\NORTON~1\CFGWIZ.EXE=C:\PROGRA~1\NORTON~1\CFGWIZ.EX^
C:\PROGRA~1\NORTON~1\DEC2.DLL=C:\PROGRA~1\NORTON~1\DEC2.DL^
C:\PROGRA~1\NORTON~1\DEC2AMG.DLL=C:\PROGRA~1\NORTON~1\DEC2AMG.DL^
C:\PROGRA~1\NORTON~1\DEC2ARJ.DLL=C:\PROGRA~1\NORTON~1\DEC2ARJ.DL^
C:\PROGRA~1\NORTON~1\DEC2CAB.DLL=C:\PROGRA~1\NORTON~1\DEC2CAB.DL^
C:\PROGRA~1\NORTON~1\DEC2EXE.DLL=C:\PROGRA~1\NORTON~1\DEC2EXE.DL^
C:\PROGRA~1\NORTON~1\DEC2GZIP.DLL=C:\PROGRA~1\NORTON~1\DEC2GZIP.DL^
C:\PROGRA~1\NORTON~1\DEC2HQX.DLL=C:\PROGRA~1\NORTON~1\DEC2HQX.DL^
C:\PROGRA~1\NORTON~1\DEC2ID.DLL=C:\PROGRA~1\NORTON~1\DEC2ID.DL^
C:\PROGRA~1\NORTON~1\DEC2LHA.DLL=C:\PROGRA~1\NORTON~1\DEC2LHA.DL^
C:\PROGRA~1\NORTON~1\DEC2LZ.DLL=C:\PROGRA~1\NORTON~1\DEC2LZ.DL^
C:\PROGRA~1\NORTON~1\DEC2RTF.DLL=C:\PROGRA~1\NORTON~1\DEC2RTF.DL^
C:\PROGRA~1\NORTON~1\DEC2SS.DLL=C:\PROGRA~1\NORTON~1\DEC2SS.DL^
C:\PROGRA~1\NORTON~1\DEC2TAR.DLL=C:\PROGRA~1\NORTON~1\DEC2TAR.DL^
C:\PROGRA~1\NORTON~1\DEC2TNEF.DLL=C:\PROGRA~1\NORTON~1\DEC2TNEF.DL^
C:\PROGRA~1\NORTON~1\DEC2UUE.DLL=C:\PROGRA~1\NORTON~1\DEC2UUE.DL^
C:\PROGRA~1\NORTON~1\DEC2ZIP.DLL=C:\PROGRA~1\NORTON~1\DEC2ZIP.DL^
C:\PROGRA~1\NORTON~1\DECSDK.DLL=C:\PROGRA~1\NORTON~1\DECSDK.DL^
C:\PROGRA~1\NORTON~1\DEFALERT.DLL=C:\PROGRA~1\NORTON~1\DEFALERT.DL^
C:\PROGRA~1\NORTON~1\FSLINK.DLL=C:\PROGRA~1\NORTON~1\FSLINK.DL^
C:\PROGRA~1\NORTON~1\N32CALL.DLL=C:\PROGRA~1\NORTON~1\N32CALL.DL^
C:\PROGRA~1\NORTON~1\N32EXCLU.DLL=C:\PROGRA~1\NORTON~1\N32EXCLU.DL^
C:\PROGRA~1\NORTON~1\N32VLIST.DLL=C:\PROGRA~1\NORTON~1\N32VLIST.DL^
C:\PROGRA~1\NORTON~1\NAVACTLG.DLL=C:\PROGRA~1\NORTON~1\NAVACTLG.DL^
C:\PROGRA~1\NORTON~1\NAVAP.VXD=C:\PROGRA~1\NORTON~1\NAVAP.VX^
C:\PROGRA~1\NORTON~1\NAVAP32.DLL=C:\PROGRA~1\NORTON~1\NAVAP32.DL^
C:\WINDOWS\SYSTEM\NAVAPGUI.DLL=C:\WINDOWS\SYSTEM\NAVAPGUI.DL^
C:\PROGRA~1\NORTON~1\NAVAPI.VXD=C:\PROGRA~1\NORTON~1\NAVAPI.VX^
C:\PROGRA~1\NORTON~1\NAVAPI32.DLL=C:\PROGRA~1\NORTON~1\NAVAPI32.DL^
C:\PROGRA~1\NORTON~1\NAVAPSCR.DLL=C:\PROGRA~1\NORTON~1\NAVAPSCR.DL^
C:\PROGRA~1\NORTON~1\NAVAPW32.EXE=C:\PROGRA~1\NORTON~1\NAVAPW32.EX^
C:\PROGRA~1\NORTON~1\NAVCOMUI.DLL=C:\PROGRA~1\NORTON~1\NAVCOMUI.DL^
C:\PROGRA~1\NORTON~1\NAVDEFS.DLL=C:\PROGRA~1\NORTON~1\NAVDEFS.DL^
C:\PROGRA~1\NORTON~1\NAVDX.EXE=C:\PROGRA~1\NORTON~1\NAVDX.EX^
C:\PROGRA~1\NORTON~1\NAVDX.OVL=C:\PROGRA~1\NORTON~1\NAVDX.OV^
C:\PROGRA~1\NORTON~1\NAVINOC.DLL=C:\PROGRA~1\NORTON~1\NAVINOC.DL^
C:\PROGRA~1\NORTON~1\NAVKRNLO.VXD=C:\PROGRA~1\NORTON~1\NAVKRNLO.VX^
C:\PROGRA~1\NORTON~1\NAVLNCH.DLL=C:\PROGRA~1\NORTON~1\NAVLNCH.DL^
C:\PROGRA~1\NORTON~1\NAVLUCBK.DLL=C:\PROGRA~1\NORTON~1\NAVLUCBK.DL^
C:\PROGRA~1\NORTON~1\NAVOPTS.DLL=C:\PROGRA~1\NORTON~1\NAVOPTS.DL^
C:\PROGRA~1\NORTON~1\NAVPROXY.DLL=C:\PROGRA~1\NORTON~1\NAVPROXY.DL^
C:\PROGRA~1\NORTON~1\NAVRESC.DLL=C:\PROGRA~1\NORTON~1\NAVRESC.DL^
C:\PROGRA~1\NORTON~1\NAVSCAN.DLL=C:\PROGRA~1\NORTON~1\NAVSCAN.DL^
C:\PROGRA~1\NORTON~1\NAVSHEXT.DLL=C:\PROGRA~1\NORTON~1\NAVSHEXT.DL^
C:\PROGRA~1\NORTON~1\NAVSTATS.DLL=C:\PROGRA~1\NORTON~1\NAVSTATS.DL^
C:\PROGRA~1\NORTON~1\NAVSTUB.EXE=C:\PROGRA~1\NORTON~1\NAVSTUB.EX^
C:\PROGRA~1\NORTON~1\NAVTASKS.DLL=C:\PROGRA~1\NORTON~1\NAVTASKS.DL^
C:\PROGRA~1\NORTON~1\NAVTSKWZ.DLL=C:\PROGRA~1\NORTON~1\NAVTSKWZ.DL^
C:\PROGRA~1\NORTON~1\NAVUI.DLL=C:\PROGRA~1\NORTON~1\NAVUI.DL^
C:\PROGRA~1\NORTON~1\NAVW32.EXE=C:\PROGRA~1\NORTON~1\NAVW32.EX^
C:\PROGRA~1\NORTON~1\NAVWBWND.DLL=C:\PROGRA~1\NORTON~1\NAVWBWND.DL^
C:\PROGRA~1\NORTON~1\NETBREXT.DLL=C:\PROGRA~1\NORTON~1\NETBREXT.DL^
C:\PROGRA~1\NORTON~1\OFFICEAV.DLL=C:\PROGRA~1\NORTON~1\OFFICEAV.DL^
C:\PROGRA~1\NORTON~1\PATCH32I.DLL=C:\PROGRA~1\NORTON~1\PATCH32I.DL^
C:\PROGRA~1\NORTON~1\QCONRES.DLL=C:\PROGRA~1\NORTON~1\QCONRES.DL^
C:\PROGRA~1\NORTON~1\QCONSOLE.EXE=C:\PROGRA~1\NORTON~1\QCONSOLE.EX^
C:\PROGRA~1\NORTON~1\QSERVER.EXE=C:\PROGRA~1\NORTON~1\QSERVER.EX^
C:\PROGRA~1\NORTON~1\QUAR32.DLL=C:\PROGRA~1\NORTON~1\QUAR32.DL^
C:\PROGRA~1\NORTON~1\S32ALOGO.DLL=C:\PROGRA~1\NORTON~1\S32ALOGO.DL^
C:\PROGRA~1\NORTON~1\S32INTEG.DLL=C:\PROGRA~1\NORTON~1\S32INTEG.DL^
C:\PROGRA~1\NORTON~1\S32NAVO.DLL=C:\PROGRA~1\NORTON~1\S32NAVO.DL^
C:\PROGRA~1\NORTON~1\SCANDLVR.DLL=C:\PROGRA~1\NORTON~1\SCANDLVR.DL^
C:\PROGRA~1\NORTON~1\SCANDRES.DLL=C:\PROGRA~1\NORTON~1\SCANDRES.DL^
C:\PROGRA~1\NORTON~1\SCANMGR.DLL=C:\PROGRA~1\NORTON~1\SCANMGR.DL^
C:\PROGRA~1\NORTON~1\SDFLT32I.DLL=C:\PROGRA~1\NORTON~1\SDFLT32I.DL^
C:\PROGRA~1\NORTON~1\SDPCK32I.DLL=C:\PROGRA~1\NORTON~1\SDPCK32I.DL^
C:\PROGRA~1\NORTON~1\SDSND32I.DLL=C:\PROGRA~1\NORTON~1\SDSND32I.DL^
C:\PROGRA~1\NORTON~1\SDSOK32I.DLL=C:\PROGRA~1\NORTON~1\SDSOK32I.DL^
C:\PROGRA~1\NORTON~1\SDSTP32I.DLL=C:\PROGRA~1\NORTON~1\SDSTP32I.DL^
C:\PROGRA~1\NORTON~1\SFSTR32I.DLL=C:\PROGRA~1\NORTON~1\SFSTR32I.DL^
C:\PROGRA~1\NORTON~1\SMSTR32I.DLL=C:\PROGRA~1\NORTON~1\SMSTR32I.DL^
C:\PROGRA~1\NORTON~1\SYMNAVO.DLL=C:\PROGRA~1\NORTON~1\SYMNAVO.DL^
C:\PROGRA~1\NORTON~1\TKNV16O.DLL=C:\PROGRA~1\NORTON~1\TKNV16O.DL^
C:\PROGRA~1\NORTON~1\TKNV32O.DLL=C:\PROGRA~1\NORTON~1\TKNV32O.DL^
C:\PROGRA~1\NORTON~1\UNDOBOOT.EXE=C:\PROGRA~1\NORTON~1\UNDOBOOT.EX^
C:\PROGRA~1\NORTON~1\V32SCAN.DLL=C:\PROGRA~1\NORTON~1\V32SCAN.DL^
C:\PROGRA~1\NORTON~1\DEC2MIME.DLL=C:\PROGRA~1\NORTON~1\DEC2MIME.000
C:\PROGRA~1\NORTON~1\SCRIPTUI.DLL=C:\PROGRA~1\NORTON~1\SCRIPTUI.000
C:\PROGRA~1\NORTON~1\README.TXT=C:\PROGRA~1\NORTON~1\README.000

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

C:\PQSC\PROGRAM\CRESTORE C:\PQSC\PROGRAM\CRESTORE.CMD
SET BLASTER=A220 I7 D1 H7 P330 T6
SET SBPCI=C:\SBPCI
c:\windows\COMMAND\doskey
mode con codepage prepare=((850) c:\windows\COMMAND\ega.cpi)
mode con codepage select=850
keyb uk,,c:\windows\COMMAND\keyboard.sys
SET PATH=%PATH%;C:\PROGRA~1\COMMON~1\ROXIOS~1\DLLSHA~1

--------------------------------------------------

C:\CONFIG.SYS listing:

DEVICE=C:\WINDOWS\HIMEM.SYS
DEVICE=C:\WINDOWS\EMM386.EXE
DEVICE=C:\REALMODE\OAKCDROM.SYS /D:MSCD000
device=c:\windows\COMMAND\display.sys con=(ega,,1)
Country=044,850,c:\windows\COMMAND\country.sys

--------------------------------------------------

C:\WINDOWS\DOSSTART.BAT listing:

c:\realmode\mouse
c:\windows\COMMAND\mscdex /d:mscd000

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

NAV Helper - c:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
Symantec NetDetect.job
Norton AntiVirus - Scan my computer.job

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
End of report, 13,551 bytes
Report generated in 0.399 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
 
Joined
Dec 9, 2000
Messages
45,855
Everything there is A/OK. We'd see altered shell open entries for executable file types if Swen had been present and not properly cleaned.
 

cadwallader

Thread Starter
Joined
Sep 14, 2003
Messages
131
Thanks. So I'll probably still receive the emails and the only thing I can do there is block and delete, right?
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top