issues with norton

[atomic]

hello -

i had norton AV 2003. a few days ago i noticed it'd stopped scanning. the screen stays on "refreshing" and i can't click on any of the links, but it didn't seem to be frozen.

so, i uninstalled it and installed norton internet security. i have the same problems, now with antivirus and internet security. i've probably run about 10 anti-virus programs and can't find anything.

also something that i find odd... whenever i try to go to norton or mcafee or f-secure's homepages, it says they cannot connect. i tried connecting to all three of their ftp sites and noticed it was connecting me to 127.0.0.1 on all three.

i am also getting various other errors - saying java isn't turned on, my browser doesn't accept cookies... the settings haven't been touched and i don't know how or why they'd change.

can anyone help?

 

[Rollin' Rog]

Ummm, you might want to check out the new thread I just got through posting, it sure fits the description -- terminates AV, Firewalls and certain antivirus web pages.

Let's have a look at your startups too, it should show there. Get the StartupList application from the site below, run and copy/paste the results here:

http://www.lurkhere.com/~nicefiles/

 

[atomic]

i just saw that when i returned to the forums... of course i can't get to norton's website to read up on it.

i've been reading this site for about two hours & ran the startup list program about an hour ago. it's pretty long so i'll attach it.

all the norton entries really look suspicious.

 

[atomic]

oh! and another thing. i also have roxio's goback and it crashes every time i try to go back more than 3 days.

 

[cammi]

hey that's what's happening on my computer. i thought i installed it incorrectly... but after installing and uninstalling norton antivirus a few times i decided it wasn't me.

hmm.. strange... i just dl the startuplist onto my computer and it doesn't work... i mean when it goes to open up the textfile (so i can see what the startuplist says) it's blank... :S

 

[Rollin' Rog]

I've seen the Norton entries before and they are legit.

And is your computer networked? If it is, I would disconnect it.

You have one running process that has no corresponding startup:

C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\48BM772K\R-ELKERN[1].EXE

It indicates a Klez varient in the Temporary Internet Files, perhaps a web page that you have open right now.

Do a Ctrl-Alt-Del and terminate that process if you see it in the Close Programs window. Close IE and delete all your TIF cache.

It's also not a good idea to have two different Antivirus products running at the same time, they will interfere with each other. Stick with F-Prot or Norton, but don't try to run both at the same time.

There is a removal tool for the klez worm here, if you can access it, there may be hidden registry entries associated with it. If you can download it, it must be run in Safe Mode.

http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html

One thing you can try is to run msconfig and uncheck "load startup group" on the General Page. This will disable all startups including your antivirus and firewall. If you can access those web pages and files that way, then there is probably something wrong with the installation or configuration of the programs. Norton's firewall would be particularly suspect.

edit

Do a Find Files for hosts and if you find one with no extension, not hosts.sam or lmhosts.sam....rename it ghosts

This file can be abused and cause the behavior you are reporting. It associates domain names with IPs.

 

[atomic]

yep, they were ALL set to 127.0.0.1

here is the updated startup list :

StartupList report, 1/9/03, 8:03:44 PM
StartupList version: 1.50
Started from : C:\UNZIPPED\STARTUPLIST15\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\ROXIO\GOBACK\GBPOLL.EXE
C:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\CCPXYSVC.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\CFGWIZ.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\ROXIO\GOBACK\GBTRAY.EXE
C:\PROGRAM FILES\NORTON UTILITIES\SYSDOC32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\WINDOWS\TEMP\_IU14D2N.TMP
C:\UNZIPPED\STARTUPLIST15\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

TaskMonitor = c:\windows\taskmon.exe
SystemTray = SysTray.Exe
Keyboard Manager = C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
USBMMKBD = usbmmkbd.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

SpyBotSnD = C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY 1.1\SPYBOTSD.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

GoBack Polling Service = C:\Program Files\Roxio\GoBack\GBPoll.exe

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}

[>PerUser_MSN_Clean] *
StubPath = c:\windows\msnmgsr1.exe

[PerUser_LinkBar_URLs] *
StubPath = c:\windows\COMMAND\sulfnbk.exe /L

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

[>IEPerUser] *
StubPath = RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\BOUNCI~1.SCR
drivers=mmsystem.dll power.drv

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present

--------------------------------------------------

C:\WINDOWS\WININIT.INI listing:
(Created 9/1/2003, 20:2:48)

[rename]
NUL=c:\windows\TEMP\_iu14D2N.tmp

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 9/1/2003, 15:29:18)

[Rename]
C:\WINDOWS\SYSTEM\SYMSTORE.DLL=C:\WINDOWS\SYSTEM\SYM41CB.TMP
C:\WINDOWS\SYSTEM\SYMREDIR.DLL=C:\WINDOWS\SYSTEM\SYM41D2.TMP
C:\WINDOWS\SYSTEM\SYMNETI.DLL=C:\WINDOWS\SYSTEM\SYM41D5.TMP
C:\PROGRA~1\NORTON~3\ALERTAST.EXE=C:\PROGRA~1\NORTON~3\ALERTAST.EX^
C:\PROGRA~1\NORTON~3\FREINTEG.DLL=C:\PROGRA~1\NORTON~3\FREINTEG.DL^
C:\PROGRA~1\NORTON~3\HNETCORE.DLL=C:\PROGRA~1\NORTON~3\HNETCORE.DL^
C:\PROGRA~1\NORTON~3\HNETWIZ.EXE=C:\PROGRA~1\NORTON~3\HNETWIZ.EX^
C:\PROGRA~1\NORTON~3\IAMSTATS.EXE=C:\PROGRA~1\NORTON~3\IAMSTATS.EX^
C:\PROGRA~1\NORTON~3\INTROWIZ.EXE=C:\PROGRA~1\NORTON~3\INTROWIZ.EX^
C:\PROGRA~1\NORTON~3\INTRWRAP.DLL=C:\PROGRA~1\NORTON~3\INTRWRAP.DL^
C:\PROGRA~1\NORTON~3\LICALERT.DLL=C:\PROGRA~1\NORTON~3\LICALERT.DL^
C:\PROGRA~1\NORTON~3\NISFSTDL.DLL=C:\PROGRA~1\NORTON~3\NISFSTDL.DL^
C:\PROGRA~1\NORTON~3\NIS_SMUI.DLL=C:\PROGRA~1\NORTON~3\NIS_SMUI.DL^
C:\PROGRA~1\NORTON~3\NISABOUT.DLL=C:\PROGRA~1\NORTON~3\NISABOUT.DL^
C:\PROGRA~1\NORTON~3\NISEMAIL.DLL=C:\PROGRA~1\NORTON~3\NISEMAIL.DL^
C:\PROGRA~1\NORTON~3\NISFETA.DLL=C:\PROGRA~1\NORTON~3\NISFETA.DL^
C:\PROGRA~1\NORTON~3\NISFETP.DLL=C:\PROGRA~1\NORTON~3\NISFETP.DL^
C:\PROGRA~1\NORTON~3\NISLCOM.DLL=C:\PROGRA~1\NORTON~3\NISLCOM.DL^
C:\PROGRA~1\NORTON~3\NISLUCBK.DLL=C:\PROGRA~1\NORTON~3\NISLUCBK.DL^
C:\PROGRA~1\NORTON~3\NISOPTS.DLL=C:\PROGRA~1\NORTON~3\NISOPTS.DL^
C:\PROGRA~1\NORTON~3\NISPLUG.DLL=C:\PROGRA~1\NORTON~3\NISPLUG.DL^
C:\PROGRA~1\NORTON~3\NISPROD.DLL=C:\PROGRA~1\NORTON~3\NISPROD.DL^
C:\PROGRA~1\NORTON~3\PCWIZ.DLL=C:\PROGRA~1\NORTON~3\PCWIZ.DL^
C:\PROGRA~1\NORTON~3\PCWIZ.EXE=C:\PROGRA~1\NORTON~3\PCWIZ.EX^
C:\PROGRA~1\NORTON~3\RLEVEL.DLL=C:\PROGRA~1\NORTON~3\RLEVEL.DL^
C:\PROGRA~1\NORTON~3\SYMMONI.EXE=C:\PROGRA~1\NORTON~3\SYMMONI.EX^
C:\PROGRA~1\NORTON~3\SYMURL.DLL=C:\PROGRA~1\NORTON~3\SYMURL.DL^
C:\PROGRA~1\NORTON~3\TDIT_MSG.DLL=C:\PROGRA~1\NORTON~3\TDIT_MSG.DL^
C:\PROGRA~1\NORTON~3\URLUPDAT.EXE=C:\PROGRA~1\NORTON~3\URLUPDAT.EX^
C:\PROGRA~1\NORTON~3\ACDISP.DLL=C:\PROGRA~1\NORTON~3\ACDISP.DL^
C:\PROGRA~1\NORTON~3\ALESCAN.EXE=C:\PROGRA~1\NORTON~3\ALESCAN.EX^
C:\PROGRA~1\NORTON~3\ATRACK.DLL=C:\PROGRA~1\NORTON~3\ATRACK.DL^
C:\PROGRA~1\NORTON~3\CCALE.DLL=C:\PROGRA~1\NORTON~3\CCALE.DL^
C:\PROGRA~1\NORTON~3\CCANTISP.DLL=C:\PROGRA~1\NORTON~3\CCANTISP.DL^
C:\PROGRA~1\NORTON~3\CCFWRULS.DLL=C:\PROGRA~1\NORTON~3\CCFWRULS.DL^
C:\PROGRA~1\NORTON~3\CCFWSETG.DLL=C:\PROGRA~1\NORTON~3\CCFWSETG.DL^
C:\PROGRA~1\NORTON~3\CCPROXY.DLL=C:\PROGRA~1\NORTON~3\CCPROXY.DL^
C:\PROGRA~1\NORTON~3\CCPXYEVT.DLL=C:\PROGRA~1\NORTON~3\CCPXYEVT.DL^
C:\PROGRA~1\NORTON~3\CCPXYSVC.EXE=C:\PROGRA~1\NORTON~3\CCPXYSVC.EX^
C:\PROGRA~1\NORTON~3\CCRULEIO.DLL=C:\PROGRA~1\NORTON~3\CCRULEIO.DL^
C:\PROGRA~1\NORTON~3\CCSCANSP.DLL=C:\PROGRA~1\NORTON~3\CCSCANSP.DL^
C:\PROGRA~1\NORTON~3\DATAHTTP.DLL=C:\PROGRA~1\NORTON~3\DATAHTTP.DL^
C:\PROGRA~1\NORTON~3\EVTPWRAP.DLL=C:\PROGRA~1\NORTON~3\EVTPWRAP.DL^
C:\PROGRA~1\NORTON~3\FWUI.DLL=C:\PROGRA~1\NORTON~3\FWUI.DL^
C:\PROGRA~1\NORTON~3\IAMAPP.DLL=C:\PROGRA~1\NORTON~3\IAMAPP.DL^
C:\PROGRA~1\NORTON~3\IAMPW.DLL=C:\PROGRA~1\NORTON~3\IAMPW.DL^
C:\PROGRA~1\NORTON~3\LOGEXPRT.EXE=C:\PROGRA~1\NORTON~3\LOGEXPRT.EX^
C:\PROGRA~1\NORTON~3\NISADBLK.DLL=C:\PROGRA~1\NORTON~3\NISADBLK.DL^
C:\PROGRA~1\NORTON~3\NISALERT.DLL=C:\PROGRA~1\NORTON~3\NISALERT.DL^
C:\PROGRA~1\NORTON~3\NISCMNHT.DLL=C:\PROGRA~1\NORTON~3\NISCMNHT.DL^
C:\PROGRA~1\NORTON~3\NISCONFD.DLL=C:\PROGRA~1\NORTON~3\NISCONFD.DL^
C:\PROGRA~1\NORTON~3\NISEVT.DLL=C:\PROGRA~1\NORTON~3\NISEVT.DL^
C:\PROGRA~1\NORTON~3\NISUM.EXE=C:\PROGRA~1\NORTON~3\NISUM.EX^
C:\PROGRA~1\NORTON~3\NISUMPS.DLL=C:\PROGRA~1\NORTON~3\NISUMPS.DL^
C:\PROGRA~1\NORTON~3\PPROFILE.DLL=C:\PROGRA~1\NORTON~3\PPROFILE.DL^
C:\PROGRA~1\NORTON~3\PXYHTTP.DLL=C:\PROGRA~1\NORTON~3\PXYHTTP.DL^
C:\PROGRA~1\NORTON~3\PXYIM.DLL=C:\PROGRA~1\NORTON~3\PXYIM.DL^
C:\PROGRA~1\NORTON~3\PXYNNTP.DLL=C:\PROGRA~1\NORTON~3\PXYNNTP.DL^
C:\PROGRA~1\NORTON~3\STRMFILT.DLL=C:\PROGRA~1\NORTON~3\STRMFILT.DL^
C:\PROGRA~1\NORTON~3\SYMICONV.DLL=C:\PROGRA~1\NORTON~3\SYMICONV.DL^
C:\PROGRA~1\NORTON~3\TLEVEL.DLL=C:\PROGRA~1\NORTON~3\TLEVEL.DL^
C:\PROGRA~1\NORTON~3\UMCBK.DLL=C:\PROGRA~1\NORTON~3\UMCBK.DL^
C:\PROGRA~1\NORTON~3\WRAPUM.DLL=C:\PROGRA~1\NORTON~3\WRAPUM.DL^
C:\PROGRA~1\NORTON~3\NISFIRST.EXE=C:\PROGRA~1\NORTON~3\NISFIRST.EX^
C:\PROGRA~1\NORTON~3\NISRES.DLL=C:\PROGRA~1\NORTON~3\NIS44AA.TMP
C:\PROGRA~1\NORTON~2\BOOTWARN.EXE=C:\PROGRA~1\NORTON~2\BOOTWARN.EX^
C:\PROGRA~1\NORTON~2\ABOUTPLG.DLL=C:\PROGRA~1\NORTON~2\ABOUTPLG.DL^
C:\PROGRA~1\NORTON~2\APWUTIL.DLL=C:\PROGRA~1\NORTON~2\APWUTIL.DL^
C:\PROGRA~1\NORTON~2\CCIMSCAN.DLL=C:\PROGRA~1\NORTON~2\CCIMSCAN.DL^
C:\PROGRA~1\NORTON~2\CCIMSCAN.EXE=C:\PROGRA~1\NORTON~2\CCIMSCAN.EX^
C:\PROGRA~1\NORTON~2\CFGWIZ.DLL=C:\PROGRA~1\NORTON~2\CFGWIZ.DL^
C:\PROGRA~1\NORTON~2\CFGWIZ.EXE=C:\PROGRA~1\NORTON~2\CFGWIZ.EX^
C:\PROGRA~1\NORTON~2\DEC2.DLL=C:\PROGRA~1\NORTON~2\DEC2.DL^
C:\PROGRA~1\NORTON~2\DEC2AMG.DLL=C:\PROGRA~1\NORTON~2\DEC2AMG.DL^
C:\PROGRA~1\NORTON~2\DEC2ARJ.DLL=C:\PROGRA~1\NORTON~2\DEC2ARJ.DL^
C:\PROGRA~1\NORTON~2\DEC2CAB.DLL=C:\PROGRA~1\NORTON~2\DEC2CAB.DL^
C:\PROGRA~1\NORTON~2\DEC2EXE.DLL=C:\PROGRA~1\NORTON~2\DEC2EXE.DL^
C:\PROGRA~1\NORTON~2\DEC2GZIP.DLL=C:\PROGRA~1\NORTON~2\DEC2GZIP.DL^
C:\PROGRA~1\NORTON~2\DEC2HQX.DLL=C:\PROGRA~1\NORTON~2\DEC2HQX.DL^
C:\PROGRA~1\NORTON~2\DEC2ID.DLL=C:\PROGRA~1\NORTON~2\DEC2ID.DL^
C:\PROGRA~1\NORTON~2\DEC2LHA.DLL=C:\PROGRA~1\NORTON~2\DEC2LHA.DL^
C:\PROGRA~1\NORTON~2\DEC2LZ.DLL=C:\PROGRA~1\NORTON~2\DEC2LZ.DL^
C:\PROGRA~1\NORTON~2\DEC2RTF.DLL=C:\PROGRA~1\NORTON~2\DEC2RTF.DL^
C:\PROGRA~1\NORTON~2\DEC2SS.DLL=C:\PROGRA~1\NORTON~2\DEC2SS.DL^
C:\PROGRA~1\NORTON~2\DEC2TAR.DLL=C:\PROGRA~1\NORTON~2\DEC2TAR.DL^
C:\PROGRA~1\NORTON~2\DEC2TEXT.DLL=C:\PROGRA~1\NORTON~2\DEC2TEXT.DL^
C:\PROGRA~1\NORTON~2\DEC2TNEF.DLL=C:\PROGRA~1\NORTON~2\DEC2TNEF.DL^
C:\PROGRA~1\NORTON~2\DEC2UUE.DLL=C:\PROGRA~1\NORTON~2\DEC2UUE.DL^
C:\PROGRA~1\NORTON~2\DEC2ZIP.DLL=C:\PROGRA~1\NORTON~2\DEC2ZIP.DL^
C:\PROGRA~1\NORTON~2\DECSDK.DLL=C:\PROGRA~1\NORTON~2\DECSDK.DL^
C:\PROGRA~1\NORTON~2\DEFALERT.DLL=C:\PROGRA~1\NORTON~2\DEFALERT.DL^
C:\PROGRA~1\NORTON~2\N32CALL.DLL=C:\PROGRA~1\NORTON~2\N32CALL.DL^
C:\PROGRA~1\NORTON~2\N32EXCLU.DLL=C:\PROGRA~1\NORTON~2\N32EXCLU.DL^
C:\PROGRA~1\NORTON~2\N32VLIST.DLL=C:\PROGRA~1\NORTON~2\N32VLIST.DL^
C:\PROGRA~1\NORTON~2\NAVAP32.DLL=C:\PROGRA~1\NORTON~2\NAVAP32.DL^
C:\PROGRA~1\NORTON~2\NAVAPI.VXD=C:\PROGRA~1\NORTON~2\NAVAPI.VX^
C:\PROGRA~1\NORTON~2\NAVAPI32.DLL=C:\PROGRA~1\NORTON~2\NAVAPI32.DL^
C:\PROGRA~1\NORTON~2\NAVAPSCR.DLL=C:\PROGRA~1\NORTON~2\NAVAPSCR.DL^
C:\PROGRA~1\NORTON~2\NAVCOMUI.DLL=C:\PROGRA~1\NORTON~2\NAVCOMUI.DL^
C:\PROGRA~1\NORTON~2\NAVDEFS.DLL=C:\PROGRA~1\NORTON~2\NAVDEFS.DL^
C:\PROGRA~1\NORTON~2\NAVDX.EXE=C:\PROGRA~1\NORTON~2\NAVDX.EX^
C:\PROGRA~1\NORTON~2\NAVDX.OVL=C:\PROGRA~1\NORTON~2\NAVDX.OV^
C:\PROGRA~1\NORTON~2\NAVEMAIL.DLL=C:\PROGRA~1\NORTON~2\NAVEMAIL.DL^
C:\PROGRA~1\NORTON~2\NAVERROR.DLL=C:\PROGRA~1\NORTON~2\NAVERROR.DL^
C:\PROGRA~1\NORTON~2\NAVEVENT.DLL=C:\PROGRA~1\NORTON~2\NAVEVENT.DL^
C:\PROGRA~1\NORTON~2\NAVINOC.DLL=C:\PROGRA~1\NORTON~2\NAVINOC.DL^
C:\PROGRA~1\NORTON~2\NAVKRNLO.VXD=C:\PROGRA~1\NORTON~2\NAVKRNLO.VX^
C:\PROGRA~1\NORTON~2\NAVLCOM.DLL=C:\PROGRA~1\NORTON~2\NAVLCOM.DL^
C:\PROGRA~1\NORTON~2\NAVLNCH.DLL=C:\PROGRA~1\NORTON~2\NAVLNCH.DL^
C:\PROGRA~1\NORTON~2\NAVLOGV.DLL=C:\PROGRA~1\NORTON~2\NAVLOGV.DL^
C:\PROGRA~1\NORTON~2\NAVLUCBK.DLL=C:\PROGRA~1\NORTON~2\NAVLUCBK.DL^
C:\PROGRA~1\NORTON~2\NAVOPTS.DLL=C:\PROGRA~1\NORTON~2\NAVOPTS.DL^
C:\PROGRA~1\NORTON~2\NAVPROD.DLL=C:\PROGRA~1\NORTON~2\NAVPROD.DL^
C:\PROGRA~1\NORTON~2\NAVSCAN.DLL=C:\PROGRA~1\NORTON~2\NAVSCAN.DL^
C:\PROGRA~1\NORTON~2\NAVSHEXT.DLL=C:\PROGRA~1\NORTON~2\NAVSHEXT.DL^
C:\PROGRA~1\NORTON~2\NAVSTATS.DLL=C:\PROGRA~1\NORTON~2\NAVSTATS.DL^
C:\PROGRA~1\NORTON~2\NAVSTUB.EXE=C:\PROGRA~1\NORTON~2\NAVSTUB.EX^
C:\PROGRA~1\NORTON~2\NAVTASKS.DLL=C:\PROGRA~1\NORTON~2\NAVTASKS.DL^
C:\PROGRA~1\NORTON~2\NAVTSKWZ.DLL=C:\PROGRA~1\NORTON~2\NAVTSKWZ.DL^
C:\PROGRA~1\NORTON~2\NAVUI.DLL=C:\PROGRA~1\NORTON~2\NAVUI.DL^
C:\PROGRA~1\NORTON~2\NAVW32.EXE=C:\PROGRA~1\NORTON~2\NAVW32.EX^
C:\PROGRA~1\NORTON~2\NETBREXT.DLL=C:\PROGRA~1\NORTON~2\NETBREXT.DL^
C:\PROGRA~1\NORTON~2\OEHEUR.DLL=C:\PROGRA~1\NORTON~2\OEHEUR.DL^
C:\PROGRA~1\NORTON~2\OFFICEAV.DLL=C:\PROGRA~1\NORTON~2\OFFICEAV.DL^
C:\PROGRA~1\NORTON~2\PATCH32I.DLL=C:\PROGRA~1\NORTON~2\PATCH32I.DL^
C:\PROGRA~1\NORTON~2\QCONRES.DLL=C:\PROGRA~1\NORTON~2\QCONRES.DL^
C:\PROGRA~1\NORTON~2\QCONSOLE.EXE=C:\PROGRA~1\NORTON~2\QCONSOLE.EX^
C:\PROGRA~1\NORTON~2\QSPAK32.DLL=C:\PROGRA~1\NORTON~2\QSPAK32.DL^
C:\PROGRA~1\NORTON~2\QUAR32.DLL=C:\PROGRA~1\NORTON~2\QUAR32.DL^
C:\PROGRA~1\NORTON~2\S32ALOGO.DLL=C:\PROGRA~1\NORTON~2\S32ALOGO.DL^
C:\PROGRA~1\NORTON~2\S32INTEG.DLL=C:\PROGRA~1\NORTON~2\S32INTEG.DL^
C:\PROGRA~1\NORTON~2\S32NAVO.DLL=C:\PROGRA~1\NORTON~2\S32NAVO.DL^
C:\PROGRA~1\NORTON~2\SAVRT.VXD=C:\PROGRA~1\NORTON~2\SAVRT.VX^
C:\PROGRA~1\NORTON~2\SAVRT32.DLL=C:\PROGRA~1\NORTON~2\SAVRT32.DL^
C:\PROGRA~1\NORTON~2\SAVRTPEL.VXD=C:\PROGRA~1\NORTON~2\SAVRTPEL.VX^
C:\PROGRA~1\NORTON~2\SCANDLVR.DLL=C:\PROGRA~1\NORTON~2\SCANDLVR.DL^
C:\PROGRA~1\NORTON~2\SCANDRES.DLL=C:\PROGRA~1\NORTON~2\SCANDRES.DL^
C:\PROGRA~1\NORTON~2\SCANMGR.DLL=C:\PROGRA~1\NORTON~2\SCANMGR.DL^
C:\PROGRA~1\NORTON~2\SCRIPTUI.DLL=C:\PROGRA~1\NORTON~2\SCRIPTUI.DL^
C:\PROGRA~1\NORTON~2\SDFLT32I.DLL=C:\PROGRA~1\NORTON~2\SDFLT32I.DL^
C:\PROGRA~1\NORTON~2\SDPCK32I.DLL=C:\PROGRA~1\NORTON~2\SDPCK32I.DL^
C:\PROGRA~1\NORTON~2\SDSND32I.DLL=C:\PROGRA~1\NORTON~2\SDSND32I.DL^
C:\PROGRA~1\NORTON~2\SDSOK32I.DLL=C:\PROGRA~1\NORTON~2\SDSOK32I.DL^
C:\PROGRA~1\NORTON~2\SDSTP32I.DLL=C:\PROGRA~1\NORTON~2\SDSTP32I.DL^
C:\PROGRA~1\NORTON~2\SFSTR32I.DLL=C:\PROGRA~1\NORTON~2\SFSTR32I.DL^
C:\PROGRA~1\NORTON~2\SMSTR32I.DLL=C:\PROGRA~1\NORTON~2\SMSTR32I.DL^
C:\PROGRA~1\NORTON~2\SYMNAVO.DLL=C:\PROGRA~1\NORTON~2\SYMNAVO.DL^
C:\PROGRA~1\NORTON~2\TKNV16O.DLL=C:\PROGRA~1\NORTON~2\TKNV16O.DL^
C:\PROGRA~1\NORTON~2\TKNV32O.DLL=C:\PROGRA~1\NORTON~2\TKNV32O.DL^
C:\PROGRA~1\NORTON~2\UNDOBOOT.EXE=C:\PROGRA~1\NORTON~2\UNDOBOOT.EX^
C:\PROGRA~1\NORTON~2\V32SCAN.DLL=C:\PROGRA~1\NORTON~2\V32SCAN.DL^
C:\WINDOWS\SYSTEM\SAVRTGUI.DLL=C:\WINDOWS\SYSTEM\SAVRTGUI.DL^
C:\PROGRA~1\NORTON~2\APWCMD9X.DLL=C:\PROGRA~1\NORTON~2\APWCMD9X.000
C:\PROGRA~1\NORTON~2\NAVAPW32.DLL=C:\PROGRA~1\NORTON~2\NAVAPW32.000
C:\PROGRA~1\COMMON~1\SYMANT~1\CCAPP.EXE=C:\PROGRA~1\COMMON~1\SYMANT~1\CCAPP.EX^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLUI.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLUI.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCERRDSP.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCERRDSP.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCEVT.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCEVT.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCEVTMGR.EXE=C:\PROGRA~1\COMMON~1\SYMANT~1\CCEVTMGR.EX^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCLGVIEW.EXE=C:\PROGRA~1\COMMON~1\SYMANT~1\CCLGVIEW.EX^
C:\WINDOWS\SYSTEM\CCPASSWD.DLL=C:\WINDOWS\SYSTEM\CCPASSWD.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPWDSVC.EXE=C:\PROGRA~1\COMMON~1\SYMANT~1\CCPWDSVC.EX^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCREGMON.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCREGMON.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCREGVFY.EXE=C:\PROGRA~1\COMMON~1\SYMANT~1\CCREGVFY.EX^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCSHTDWN.EXE=C:\PROGRA~1\COMMON~1\SYMANT~1\CCSHTDWN.EX^
C:\WINDOWS\SYSTEM\CCTRUST.DLL=C:\WINDOWS\SYSTEM\CCTRUST.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCWEBWND.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCWEBWND.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\SRNEW.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\SRNEW.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\SROLD.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\SROLD.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCAPPHLP.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCAPPHLP.000

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

@ECHO OFF
rem
rem
rem

--------------------------------------------------

C:\CONFIG.SYS listing:

rem
rem
rem

--------------------------------------------------

C:\WINDOWS\DOSSTART.BAT listing:

@echo off
set path=c:\windows\command
mscdex.exe /d:IDECD000 /L:M
SET PROMPT=$p$g
SET TEMP=C:\windows\TEMP
SET TMP=C:\windows\TEMP
set DosOnly=1
call c:\dosboot\mousie.bat
c:\windows\smartdrv /q
c:
cd \windows

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - (no file) - {004A5840-FF59-11d2-B50D-0090271D3FD4}
(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
Maintenance-Defragment programs.job
Maintenance-Clean up Start menu.job
Maintenance-ScanDisk.job
Maintenance-Disk cleanup.job
Run Norton System Check.job
Symantec NetDetect.job
Windows Critical Update Notification.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[PWMediaSendControl Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PWACTIVEXIMGCTL.DLL
CODEBASE = http://216.249.24.141/code/PWActiveXImgCtl.CAB

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://a1540.g.akamai.net/7/1540/52...le.com/samantha/us/win/QuickTimeInstaller.exe

[BJA Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\BJA.OCX
CODEBASE = http://mirror.worldwinner.com/games/v42/bjattack/bjattack.cab

[DepHlp Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\DEPHLP.OCX
CODEBASE = http://www.worldwinner.com/games/shared/dephlp.cab

[Sol Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\SOL.OCX
CODEBASE = http://mirror.worldwinner.com/games/v40/sol/sol.cab

[Word Cubes Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\WORDCUBE.OCX
CODEBASE = http://mirror.worldwinner.com/games/v40/wordcube/wordcube.cab

[Trivia Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\TRIVIA.OCX
CODEBASE = http://mirror.worldwinner.com//games/v41/trivia/trivia.cab

[FreeCell Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\FREECELL.OCX
CODEBASE = http://mirror.worldwinner.com/games/v40/freecell/freecell.cab

[NetOnCourse Compatibility Test Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\MILIVE~1.OCX
CODEBASE = http://212.199.43.24/events/bin/comptest/milivecomptest.ocx

[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUFSI.DLL
CODEBASE = http://security1.norton.com/SSC/SharedContent/common/bin/cabsa.cab

[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\AVSNIFF.DLL
CODEBASE = http://security1.norton.com/SSC/SharedContent/vc/bin/AvSniff.cab

[NetOnCourse MILive Participant Control(MR)]
InProcServer32 = C:\WINDOWS\DOWNLO~1\MRLIVE~1.OCX
CODEBASE = http://62.219.1.103/events/bin/media/2.2.2.0-2.0.2.3/MILive.cab

[Pulse V5 ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\AXPULSE5.DLL
CODEBASE = http://www.pulse3d.com/players/english/5.2/win/PulsePlayer5.2AxWin.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37620.6693981482

[TDServer Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\TDSERVER.OCX
CODEBASE = http://www.truedoc.com/activex/tdserver.cab

[{8522F9B3-38C5-4AA4-AE40-7401F1BBC851}]
CODEBASE = http://216.65.38.226/Download_Plugin.exe

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
CODEBASE = http://a840.g.akamai.net/7/840/537/2002121801/housecall.antivirus.com/housecall/xscan53.cab

--------------------------------------------------
End of report, 21,855 bytes
Report generated in 1.542 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only



i will try to log on to symantec now... hopefully it works.

 

[Rollin' Rog]

I don't know why I'm seeing this as a running process:

C:\WINDOWS\TEMP\_IU14D2N.TMP

It might have been the download/install for Spybot.


Anyway, Spybot's a great program, but I wouldn't configure it to run automatically every startup. That can be disabled through its Settings > Settings > automation page. Just uncheck the load at startup option.

At some point it might be a good idea to do a thourough DOS clean up of your Temp and Internet caches. Here are some instructions for doing that:



Try this drill for doing a DOS level cleanup of your cache. It's more thorough than Windows.

Click Start>Shutdown>Restart in MS-DOS mode.

At the c:\windows\> prompt enter each bold line:

smartdrv
deltree tempor~1
deltree temp
deltree history
deltree locals~1\tempor~1
exit

(you may get an error message on this last one (locals~1), just skip to "exit" if you do, it just means you don't have that directory)

Enter smartdrv first or the process will take a very long time. For each deltree, confirm by entering 'y' if the target directory is correct

 

[atomic]

okay, i'll do that right now.

i went to disable the spybot program and none of the auto start methods were checked... that temp directory is still showing up in the startup list, though.

norton still isn't working properly... should i reinstall now that my computer is supposedly "clean"?

 

[Endemix]

Reinstall and you should be all done

 

[Rollin' Rog]

Ok, on second look I see the Spybot entry was comimg from the "RunOnce" key of the registry, meaning that it is no longer enabled after a reboot.

Yes it sounds like the problem is now specific to Norton. I take it you can connect to sites without a problem after renaming Hosts?

Try to have as little else running when you do the removal and reinstall. You can end-task just about everything except Explorer.

By the way I would remove this ActiveX control from your Downloaded Progam files directory, it doesn't look very copacetic to me:


{8522F9B3-38C5-4AA4-AE40-7401F1BBC851} .... plugin.exe

In fact I would remove all not clearly belonging to major vendors.