1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Error message when starting PC

Discussion in 'Virus & Other Malware Removal' started by cadwallader, Oct 1, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. cadwallader

    cadwallader Thread Starter

    Joined:
    Sep 14, 2003
    Messages:
    131
    I'm getting an error message when I start up and I wonder if someone could please check my hijack this log and give me some advice. Thanks in advance.

    Logfile of HijackThis v1.97.2
    Scan saved at 22:45:06, on 01/10/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\VPIUHGYZ.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PQSC\PROGRAM\CPCTRAY.EXE
    C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
    C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\PROGRAM FILES\NORTON UTILITIES\SYSDOC32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\BTOPENWORLD\DIALBTIANYTIME.EXE
    C:\WINDOWS\SLLIGHTS.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.msn.com/results.aspx?cp=1252&FORM=MSNH&cp=28592&q=msn+search
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTopenworld
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [SecondChance] C:\PQSC\PROGRAM\CPCTRAY.EXE
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
    O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\NAVAPW32.EXE
    O4 - HKLM\..\Run: [igyvqkhq] vpiuhgyz.exe autorun
    O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
    O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  2. buckaroo

    buckaroo

    Joined:
    Mar 25, 2001
    Messages:
    3,334
    This item looks suspicious:

    O4 - HKLM\..\Run: [igyvqkhq] vpiuhgyz.exe autorun


    ...any idea what it may be? I don't know if you want to use HJT to whack it or maybe disable it from your msconfig startup folder and see what happens.
     
  3. cadwallader

    cadwallader Thread Starter

    Joined:
    Sep 14, 2003
    Messages:
    131
    Thanks.
    Does this seem okay now?


    Logfile of HijackThis v1.97.2
    Scan saved at 07:13:35, on 02/10/03
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PQSC\PROGRAM\CPCTRAY.EXE
    C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\PROGRAM FILES\NORTON UTILITIES\SYSDOC32.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.msn.com/results.aspx?cp=1252&FORM=MSNH&cp=28592&q=msn+search
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BTopenworld
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [SecondChance] C:\PQSC\PROGRAM\CPCTRAY.EXE
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
    O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\NAVAPW32.EXE
    O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton Utilities\NPROTECT.EXE
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
    O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
     
  4. buckaroo

    buckaroo

    Joined:
    Mar 25, 2001
    Messages:
    3,334
    The log looks fine. Did you disable that entry or use HJT to fix it? Are you still getting the error message? If so, post the entire message.
     
  5. cadwallader

    cadwallader Thread Starter

    Joined:
    Sep 14, 2003
    Messages:
    131
    I' not getting the error message, but I am getting a large influx of spam in my Outlook Express, suggesting that emails I've sent haven't been delivered because they're infected; however, they aren't emails I've sent, even though some of them (but not all) refer to addresses that I have sent emails to. Any ideas?

    Thanks again.
     
  6. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Many of todays worms pick addresses out of other people's address books and forge them to appear as if they were sent from that address.

    It doesn't mean you are infected, but that someone who has your address in their address book is.
     
  7. cadwallader

    cadwallader Thread Starter

    Joined:
    Sep 14, 2003
    Messages:
    131
    Thanks. What's worrying me is that after I've received and deleted those emails, I run Ad Aware and it catches some data miners.
     
  8. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    I beleive those references are to "tracking cookies". There should be no relationship. You will be seeing those routinely as they are used by many web sites. I don't believe they can get confidential information though, they just store information on what pages you visit or clicks you make on their sites.
     
  9. cadwallader

    cadwallader Thread Starter

    Joined:
    Sep 14, 2003
    Messages:
    131
    Thanks for all your help and advice; however, I now know that my daughter downloaded a 'microsoft' fix she received as an email and although she figured out the error of her ways and uninstalled the download, all the signs point to the swen worm. I've dowloaded the fix from symantec, but it seems unable to find anything, yet I'm still getting the emails which are exactly like those described on the symantec site.
     
  10. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    You will continue to get the e-mails, the "fix" cannot resolve that. It is not a result of the infection itself.

    If you post a "startuplist" we can see if there is any sign of swen corruption of the typical registry entries.

    Here is how you do that:

    Click Config > Misc Tools, put a check in "list minor sections", then click Generate Startuplist and copy/paste that.
     
  11. cadwallader

    cadwallader Thread Starter

    Joined:
    Sep 14, 2003
    Messages:
    131
    Sorry about this, but could you please explain how to find configuration?
    Thanks.
     
  12. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    When you open/run HijackThis you will see a "config" tab in the right bottom corner. Click that, then Misc Tools. Put a check in "list minor sections" and then click the Generate StartupList log tab
     
  13. cadwallader

    cadwallader Thread Starter

    Joined:
    Sep 14, 2003
    Messages:
    131
    Thanks again. Here goes:

    StartupList report, 05/10/03, 19:48:18
    StartupList version: 1.52
    Started from : C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
    Detected: Windows 98 SE (Win9x 4.10.2222A)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    * Showing rarely important sections
    ==================================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PQSC\PROGRAM\CPCTRAY.EXE
    C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
    C:\PROGRAM FILES\NORTON UTILITIES\SYSDOC32.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\WINDOWS\Start Menu\Programs\StartUp]
    Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
    Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ScanRegistry = c:\windows\scanregw.exe /autorun
    TaskMonitor = c:\windows\taskmon.exe
    SystemTray = SysTray.Exe
    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    SecondChance = C:\PQSC\PROGRAM\CPCTRAY.EXE
    Adaptec DirectCD = C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    WinampAgent = "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
    NPROTECT = C:\Program Files\Norton Utilities\NPROTECT.EXE
    NAV Agent = c:\PROGRA~1\NORTON~1\NAVAPW32.EXE
    CreateCD = C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    SchedulingAgent = mstask.exe
    NPROTECT = C:\Program Files\Norton Utilities\NPROTECT.EXE
    ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    MoneyAgent = "C:\Program Files\Microsoft Money\System\Money Express.exe"

    --------------------------------------------------

    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}

    [>PerUser_MSN_Clean] *
    StubPath = c:\windows\msnmgsr1.exe

    [PerUser_LinkBar_URLs] *
    StubPath = c:\windows\COMMAND\sulfnbk.exe /L

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

    [>IEPerUser] *
    StubPath = RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP

    [{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
    StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=Explorer.exe
    SCRNSAVE.EXE=
    drivers=mmsystem.dll power.drv

    --------------------------------------------------

    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present
    C:\WINDOWS\Fonts\Explorer.exe: not present

    --------------------------------------------------

    C:\WINDOWS\WININIT.INI listing:
    (Created 5/10/2003, 19:44:50)

    [Rename]
    NUL=C:\PROGRA~1\NORTON~1\UNREGCMD.EXE

    --------------------------------------------------

    C:\WINDOWS\WININIT.BAK listing:
    (Created 5/10/2003, 19:13:6)

    [Rename]
    C:\WINDOWS\SYSTEM\SYMDNS.VXD=C:\WINDOWS\SYSTEM\SYM777A.TMP
    C:\WINDOWS\SYSTEM\SYMFW.VXD=C:\WINDOWS\SYSTEM\SYM777D.TMP
    C:\WINDOWS\SYSTEM\SYMNDIS.VXD=C:\WINDOWS\SYSTEM\SYM6EB3.TMP
    C:\WINDOWS\SYSTEM\SYMREDRV.VXD=C:\WINDOWS\SYSTEM\SYM7584.TMP
    C:\WINDOWS\SYSTEM\SYMTDI.VXD=C:\WINDOWS\SYSTEM\SYM7DE9.TMP
    C:\WINDOWS\SYSTEM\SYMREDIR.DLL=C:\WINDOWS\SYSTEM\SYM7780.TMP
    C:\PROGRA~1\NORTON~1\ABOUTPLG.DLL=C:\PROGRA~1\NORTON~1\ABOUTPLG.DL^
    C:\PROGRA~1\NORTON~1\APWCMD9X.DLL=C:\PROGRA~1\NORTON~1\APWCMD9X.DL^
    C:\PROGRA~1\NORTON~1\APWUTIL.DLL=C:\PROGRA~1\NORTON~1\APWUTIL.DL^
    C:\PROGRA~1\NORTON~1\BOOTWARN.EXE=C:\PROGRA~1\NORTON~1\BOOTWARN.EX^
    C:\PROGRA~1\NORTON~1\CFGWIZ.DLL=C:\PROGRA~1\NORTON~1\CFGWIZ.DL^
    C:\PROGRA~1\NORTON~1\CFGWIZ.EXE=C:\PROGRA~1\NORTON~1\CFGWIZ.EX^
    C:\PROGRA~1\NORTON~1\DEC2.DLL=C:\PROGRA~1\NORTON~1\DEC2.DL^
    C:\PROGRA~1\NORTON~1\DEC2AMG.DLL=C:\PROGRA~1\NORTON~1\DEC2AMG.DL^
    C:\PROGRA~1\NORTON~1\DEC2ARJ.DLL=C:\PROGRA~1\NORTON~1\DEC2ARJ.DL^
    C:\PROGRA~1\NORTON~1\DEC2CAB.DLL=C:\PROGRA~1\NORTON~1\DEC2CAB.DL^
    C:\PROGRA~1\NORTON~1\DEC2EXE.DLL=C:\PROGRA~1\NORTON~1\DEC2EXE.DL^
    C:\PROGRA~1\NORTON~1\DEC2GZIP.DLL=C:\PROGRA~1\NORTON~1\DEC2GZIP.DL^
    C:\PROGRA~1\NORTON~1\DEC2HQX.DLL=C:\PROGRA~1\NORTON~1\DEC2HQX.DL^
    C:\PROGRA~1\NORTON~1\DEC2ID.DLL=C:\PROGRA~1\NORTON~1\DEC2ID.DL^
    C:\PROGRA~1\NORTON~1\DEC2LHA.DLL=C:\PROGRA~1\NORTON~1\DEC2LHA.DL^
    C:\PROGRA~1\NORTON~1\DEC2LZ.DLL=C:\PROGRA~1\NORTON~1\DEC2LZ.DL^
    C:\PROGRA~1\NORTON~1\DEC2RTF.DLL=C:\PROGRA~1\NORTON~1\DEC2RTF.DL^
    C:\PROGRA~1\NORTON~1\DEC2SS.DLL=C:\PROGRA~1\NORTON~1\DEC2SS.DL^
    C:\PROGRA~1\NORTON~1\DEC2TAR.DLL=C:\PROGRA~1\NORTON~1\DEC2TAR.DL^
    C:\PROGRA~1\NORTON~1\DEC2TNEF.DLL=C:\PROGRA~1\NORTON~1\DEC2TNEF.DL^
    C:\PROGRA~1\NORTON~1\DEC2UUE.DLL=C:\PROGRA~1\NORTON~1\DEC2UUE.DL^
    C:\PROGRA~1\NORTON~1\DEC2ZIP.DLL=C:\PROGRA~1\NORTON~1\DEC2ZIP.DL^
    C:\PROGRA~1\NORTON~1\DECSDK.DLL=C:\PROGRA~1\NORTON~1\DECSDK.DL^
    C:\PROGRA~1\NORTON~1\DEFALERT.DLL=C:\PROGRA~1\NORTON~1\DEFALERT.DL^
    C:\PROGRA~1\NORTON~1\FSLINK.DLL=C:\PROGRA~1\NORTON~1\FSLINK.DL^
    C:\PROGRA~1\NORTON~1\N32CALL.DLL=C:\PROGRA~1\NORTON~1\N32CALL.DL^
    C:\PROGRA~1\NORTON~1\N32EXCLU.DLL=C:\PROGRA~1\NORTON~1\N32EXCLU.DL^
    C:\PROGRA~1\NORTON~1\N32VLIST.DLL=C:\PROGRA~1\NORTON~1\N32VLIST.DL^
    C:\PROGRA~1\NORTON~1\NAVACTLG.DLL=C:\PROGRA~1\NORTON~1\NAVACTLG.DL^
    C:\PROGRA~1\NORTON~1\NAVAP.VXD=C:\PROGRA~1\NORTON~1\NAVAP.VX^
    C:\PROGRA~1\NORTON~1\NAVAP32.DLL=C:\PROGRA~1\NORTON~1\NAVAP32.DL^
    C:\WINDOWS\SYSTEM\NAVAPGUI.DLL=C:\WINDOWS\SYSTEM\NAVAPGUI.DL^
    C:\PROGRA~1\NORTON~1\NAVAPI.VXD=C:\PROGRA~1\NORTON~1\NAVAPI.VX^
    C:\PROGRA~1\NORTON~1\NAVAPI32.DLL=C:\PROGRA~1\NORTON~1\NAVAPI32.DL^
    C:\PROGRA~1\NORTON~1\NAVAPSCR.DLL=C:\PROGRA~1\NORTON~1\NAVAPSCR.DL^
    C:\PROGRA~1\NORTON~1\NAVAPW32.EXE=C:\PROGRA~1\NORTON~1\NAVAPW32.EX^
    C:\PROGRA~1\NORTON~1\NAVCOMUI.DLL=C:\PROGRA~1\NORTON~1\NAVCOMUI.DL^
    C:\PROGRA~1\NORTON~1\NAVDEFS.DLL=C:\PROGRA~1\NORTON~1\NAVDEFS.DL^
    C:\PROGRA~1\NORTON~1\NAVDX.EXE=C:\PROGRA~1\NORTON~1\NAVDX.EX^
    C:\PROGRA~1\NORTON~1\NAVDX.OVL=C:\PROGRA~1\NORTON~1\NAVDX.OV^
    C:\PROGRA~1\NORTON~1\NAVINOC.DLL=C:\PROGRA~1\NORTON~1\NAVINOC.DL^
    C:\PROGRA~1\NORTON~1\NAVKRNLO.VXD=C:\PROGRA~1\NORTON~1\NAVKRNLO.VX^
    C:\PROGRA~1\NORTON~1\NAVLNCH.DLL=C:\PROGRA~1\NORTON~1\NAVLNCH.DL^
    C:\PROGRA~1\NORTON~1\NAVLUCBK.DLL=C:\PROGRA~1\NORTON~1\NAVLUCBK.DL^
    C:\PROGRA~1\NORTON~1\NAVOPTS.DLL=C:\PROGRA~1\NORTON~1\NAVOPTS.DL^
    C:\PROGRA~1\NORTON~1\NAVPROXY.DLL=C:\PROGRA~1\NORTON~1\NAVPROXY.DL^
    C:\PROGRA~1\NORTON~1\NAVRESC.DLL=C:\PROGRA~1\NORTON~1\NAVRESC.DL^
    C:\PROGRA~1\NORTON~1\NAVSCAN.DLL=C:\PROGRA~1\NORTON~1\NAVSCAN.DL^
    C:\PROGRA~1\NORTON~1\NAVSHEXT.DLL=C:\PROGRA~1\NORTON~1\NAVSHEXT.DL^
    C:\PROGRA~1\NORTON~1\NAVSTATS.DLL=C:\PROGRA~1\NORTON~1\NAVSTATS.DL^
    C:\PROGRA~1\NORTON~1\NAVSTUB.EXE=C:\PROGRA~1\NORTON~1\NAVSTUB.EX^
    C:\PROGRA~1\NORTON~1\NAVTASKS.DLL=C:\PROGRA~1\NORTON~1\NAVTASKS.DL^
    C:\PROGRA~1\NORTON~1\NAVTSKWZ.DLL=C:\PROGRA~1\NORTON~1\NAVTSKWZ.DL^
    C:\PROGRA~1\NORTON~1\NAVUI.DLL=C:\PROGRA~1\NORTON~1\NAVUI.DL^
    C:\PROGRA~1\NORTON~1\NAVW32.EXE=C:\PROGRA~1\NORTON~1\NAVW32.EX^
    C:\PROGRA~1\NORTON~1\NAVWBWND.DLL=C:\PROGRA~1\NORTON~1\NAVWBWND.DL^
    C:\PROGRA~1\NORTON~1\NETBREXT.DLL=C:\PROGRA~1\NORTON~1\NETBREXT.DL^
    C:\PROGRA~1\NORTON~1\OFFICEAV.DLL=C:\PROGRA~1\NORTON~1\OFFICEAV.DL^
    C:\PROGRA~1\NORTON~1\PATCH32I.DLL=C:\PROGRA~1\NORTON~1\PATCH32I.DL^
    C:\PROGRA~1\NORTON~1\QCONRES.DLL=C:\PROGRA~1\NORTON~1\QCONRES.DL^
    C:\PROGRA~1\NORTON~1\QCONSOLE.EXE=C:\PROGRA~1\NORTON~1\QCONSOLE.EX^
    C:\PROGRA~1\NORTON~1\QSERVER.EXE=C:\PROGRA~1\NORTON~1\QSERVER.EX^
    C:\PROGRA~1\NORTON~1\QUAR32.DLL=C:\PROGRA~1\NORTON~1\QUAR32.DL^
    C:\PROGRA~1\NORTON~1\S32ALOGO.DLL=C:\PROGRA~1\NORTON~1\S32ALOGO.DL^
    C:\PROGRA~1\NORTON~1\S32INTEG.DLL=C:\PROGRA~1\NORTON~1\S32INTEG.DL^
    C:\PROGRA~1\NORTON~1\S32NAVO.DLL=C:\PROGRA~1\NORTON~1\S32NAVO.DL^
    C:\PROGRA~1\NORTON~1\SCANDLVR.DLL=C:\PROGRA~1\NORTON~1\SCANDLVR.DL^
    C:\PROGRA~1\NORTON~1\SCANDRES.DLL=C:\PROGRA~1\NORTON~1\SCANDRES.DL^
    C:\PROGRA~1\NORTON~1\SCANMGR.DLL=C:\PROGRA~1\NORTON~1\SCANMGR.DL^
    C:\PROGRA~1\NORTON~1\SDFLT32I.DLL=C:\PROGRA~1\NORTON~1\SDFLT32I.DL^
    C:\PROGRA~1\NORTON~1\SDPCK32I.DLL=C:\PROGRA~1\NORTON~1\SDPCK32I.DL^
    C:\PROGRA~1\NORTON~1\SDSND32I.DLL=C:\PROGRA~1\NORTON~1\SDSND32I.DL^
    C:\PROGRA~1\NORTON~1\SDSOK32I.DLL=C:\PROGRA~1\NORTON~1\SDSOK32I.DL^
    C:\PROGRA~1\NORTON~1\SDSTP32I.DLL=C:\PROGRA~1\NORTON~1\SDSTP32I.DL^
    C:\PROGRA~1\NORTON~1\SFSTR32I.DLL=C:\PROGRA~1\NORTON~1\SFSTR32I.DL^
    C:\PROGRA~1\NORTON~1\SMSTR32I.DLL=C:\PROGRA~1\NORTON~1\SMSTR32I.DL^
    C:\PROGRA~1\NORTON~1\SYMNAVO.DLL=C:\PROGRA~1\NORTON~1\SYMNAVO.DL^
    C:\PROGRA~1\NORTON~1\TKNV16O.DLL=C:\PROGRA~1\NORTON~1\TKNV16O.DL^
    C:\PROGRA~1\NORTON~1\TKNV32O.DLL=C:\PROGRA~1\NORTON~1\TKNV32O.DL^
    C:\PROGRA~1\NORTON~1\UNDOBOOT.EXE=C:\PROGRA~1\NORTON~1\UNDOBOOT.EX^
    C:\PROGRA~1\NORTON~1\V32SCAN.DLL=C:\PROGRA~1\NORTON~1\V32SCAN.DL^
    C:\PROGRA~1\NORTON~1\DEC2MIME.DLL=C:\PROGRA~1\NORTON~1\DEC2MIME.000
    C:\PROGRA~1\NORTON~1\SCRIPTUI.DLL=C:\PROGRA~1\NORTON~1\SCRIPTUI.000
    C:\PROGRA~1\NORTON~1\README.TXT=C:\PROGRA~1\NORTON~1\README.000

    --------------------------------------------------

    C:\AUTOEXEC.BAT listing:

    C:\PQSC\PROGRAM\CRESTORE C:\PQSC\PROGRAM\CRESTORE.CMD
    SET BLASTER=A220 I7 D1 H7 P330 T6
    SET SBPCI=C:\SBPCI
    c:\windows\COMMAND\doskey
    mode con codepage prepare=((850) c:\windows\COMMAND\ega.cpi)
    mode con codepage select=850
    keyb uk,,c:\windows\COMMAND\keyboard.sys
    SET PATH=%PATH%;C:\PROGRA~1\COMMON~1\ROXIOS~1\DLLSHA~1

    --------------------------------------------------

    C:\CONFIG.SYS listing:

    DEVICE=C:\WINDOWS\HIMEM.SYS
    DEVICE=C:\WINDOWS\EMM386.EXE
    DEVICE=C:\REALMODE\OAKCDROM.SYS /D:MSCD000
    device=c:\windows\COMMAND\display.sys con=(ega,,1)
    Country=044,850,c:\windows\COMMAND\country.sys

    --------------------------------------------------

    C:\WINDOWS\DOSSTART.BAT listing:

    c:\realmode\mouse
    c:\windows\COMMAND\mscdex /d:mscd000

    --------------------------------------------------

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden

    --------------------------------------------------

    Enumerating Browser Helper Objects:

    NAV Helper - c:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Tune-up Application Start.job
    Symantec NetDetect.job
    Norton AntiVirus - Scan my computer.job

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

    --------------------------------------------------
    End of report, 13,551 bytes
    Report generated in 0.399 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  14. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Everything there is A/OK. We'd see altered shell open entries for executable file types if Swen had been present and not properly cleaned.
     
  15. cadwallader

    cadwallader Thread Starter

    Joined:
    Sep 14, 2003
    Messages:
    131
    Thanks. So I'll probably still receive the emails and the only thing I can do there is block and delete, right?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/168878

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice