1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

issues with norton

Discussion in 'Virus & Other Malware Removal' started by atomic, Jan 9, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. atomic

    atomic Thread Starter

    Joined:
    Jan 9, 2003
    Messages:
    5
    hello -

    i had norton AV 2003. a few days ago i noticed it'd stopped scanning. the screen stays on "refreshing" and i can't click on any of the links, but it didn't seem to be frozen.

    so, i uninstalled it and installed norton internet security. i have the same problems, now with antivirus and internet security. i've probably run about 10 anti-virus programs and can't find anything.

    also something that i find odd... whenever i try to go to norton or mcafee or f-secure's homepages, it says they cannot connect. i tried connecting to all three of their ftp sites and noticed it was connecting me to 127.0.0.1 on all three.

    i am also getting various other errors - saying java isn't turned on, my browser doesn't accept cookies... the settings haven't been touched and i don't know how or why they'd change.

    can anyone help?
     
  2. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Ummm, you might want to check out the new thread I just got through posting, it sure fits the description -- terminates AV, Firewalls and certain antivirus web pages.

    Let's have a look at your startups too, it should show there. Get the StartupList application from the site below, run and copy/paste the results here:

    http://www.lurkhere.com/~nicefiles/
     
  3. atomic

    atomic Thread Starter

    Joined:
    Jan 9, 2003
    Messages:
    5
    i just saw that when i returned to the forums... of course i can't get to norton's website to read up on it.

    i've been reading this site for about two hours & ran the startup list program about an hour ago. it's pretty long so i'll attach it.

    all the norton entries really look suspicious.
     

    Attached Files:

  4. atomic

    atomic Thread Starter

    Joined:
    Jan 9, 2003
    Messages:
    5
    oh! and another thing. i also have roxio's goback and it crashes every time i try to go back more than 3 days.
     
  5. cammi

    cammi

    Joined:
    Jan 9, 2003
    Messages:
    560
    hey that's what's happening on my computer. i thought i installed it incorrectly... but after installing and uninstalling norton antivirus a few times i decided it wasn't me. :p

    hmm.. strange... i just dl the startuplist onto my computer and it doesn't work... i mean when it goes to open up the textfile (so i can see what the startuplist says) it's blank... :S
     
  6. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    I've seen the Norton entries before and they are legit.

    And is your computer networked? If it is, I would disconnect it.

    You have one running process that has no corresponding startup:

    C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\48BM772K\R-ELKERN[1].EXE

    It indicates a Klez varient in the Temporary Internet Files, perhaps a web page that you have open right now.

    Do a Ctrl-Alt-Del and terminate that process if you see it in the Close Programs window. Close IE and delete all your TIF cache.

    It's also not a good idea to have two different Antivirus products running at the same time, they will interfere with each other. Stick with F-Prot or Norton, but don't try to run both at the same time.

    There is a removal tool for the klez worm here, if you can access it, there may be hidden registry entries associated with it. If you can download it, it must be run in Safe Mode.

    http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html

    One thing you can try is to run msconfig and uncheck "load startup group" on the General Page. This will disable all startups including your antivirus and firewall. If you can access those web pages and files that way, then there is probably something wrong with the installation or configuration of the programs. Norton's firewall would be particularly suspect.

    edit

    Do a Find Files for hosts and if you find one with no extension, not hosts.sam or lmhosts.sam....rename it ghosts

    This file can be abused and cause the behavior you are reporting. It associates domain names with IPs.
     
  7. atomic

    atomic Thread Starter

    Joined:
    Jan 9, 2003
    Messages:
    5
    yep, they were ALL set to 127.0.0.1

    here is the updated startup list :

    StartupList report, 1/9/03, 8:03:44 PM
    StartupList version: 1.50
    Started from : C:\UNZIPPED\STARTUPLIST15\STARTUPLIST.EXE
    Detected: Windows 98 SE (Win9x 4.10.2222A)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\ROXIO\GOBACK\GBPOLL.EXE
    C:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE
    C:\WINDOWS\SYSTEM\MSGLOOP.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
    C:\PROGRAM FILES\NORTON INTERNET SECURITY\CCPXYSVC.EXE
    C:\WINDOWS\SYSTEM\MSG32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
    C:\WINDOWS\SYSTEM\USBMMKBD.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\CFGWIZ.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
    C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
    C:\PROGRAM FILES\ROXIO\GOBACK\GBTRAY.EXE
    C:\PROGRAM FILES\NORTON UTILITIES\SYSDOC32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\AIM95\AIM.EXE
    C:\WINDOWS\TEMP\_IU14D2N.TMP
    C:\UNZIPPED\STARTUPLIST15\STARTUPLIST.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\WINDOWS\Start Menu\Programs\StartUp]
    GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    TaskMonitor = c:\windows\taskmon.exe
    SystemTray = SysTray.Exe
    Keyboard Manager = C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
    USBMMKBD = usbmmkbd.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

    SpyBotSnD = C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY 1.1\SPYBOTSD.EXE

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    GoBack Polling Service = C:\Program Files\Roxio\GoBack\GBPoll.exe

    --------------------------------------------------

    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}

    [>PerUser_MSN_Clean] *
    StubPath = c:\windows\msnmgsr1.exe

    [PerUser_LinkBar_URLs] *
    StubPath = c:\windows\COMMAND\sulfnbk.exe /L

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

    [>IEPerUser] *
    StubPath = RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP

    [{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
    StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

    [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
    StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

    --------------------------------------------------

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=
    run=

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\BOUNCI~1.SCR
    drivers=mmsystem.dll power.drv

    --------------------------------------------------

    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present

    --------------------------------------------------

    C:\WINDOWS\WININIT.INI listing:
    (Created 9/1/2003, 20:2:48)

    [rename]
    NUL=c:\windows\TEMP\_iu14D2N.tmp

    --------------------------------------------------

    C:\WINDOWS\WININIT.BAK listing:
    (Created 9/1/2003, 15:29:18)

    [Rename]
    C:\WINDOWS\SYSTEM\SYMSTORE.DLL=C:\WINDOWS\SYSTEM\SYM41CB.TMP
    C:\WINDOWS\SYSTEM\SYMREDIR.DLL=C:\WINDOWS\SYSTEM\SYM41D2.TMP
    C:\WINDOWS\SYSTEM\SYMNETI.DLL=C:\WINDOWS\SYSTEM\SYM41D5.TMP
    C:\PROGRA~1\NORTON~3\ALERTAST.EXE=C:\PROGRA~1\NORTON~3\ALERTAST.EX^
    C:\PROGRA~1\NORTON~3\FREINTEG.DLL=C:\PROGRA~1\NORTON~3\FREINTEG.DL^
    C:\PROGRA~1\NORTON~3\HNETCORE.DLL=C:\PROGRA~1\NORTON~3\HNETCORE.DL^
    C:\PROGRA~1\NORTON~3\HNETWIZ.EXE=C:\PROGRA~1\NORTON~3\HNETWIZ.EX^
    C:\PROGRA~1\NORTON~3\IAMSTATS.EXE=C:\PROGRA~1\NORTON~3\IAMSTATS.EX^
    C:\PROGRA~1\NORTON~3\INTROWIZ.EXE=C:\PROGRA~1\NORTON~3\INTROWIZ.EX^
    C:\PROGRA~1\NORTON~3\INTRWRAP.DLL=C:\PROGRA~1\NORTON~3\INTRWRAP.DL^
    C:\PROGRA~1\NORTON~3\LICALERT.DLL=C:\PROGRA~1\NORTON~3\LICALERT.DL^
    C:\PROGRA~1\NORTON~3\NISFSTDL.DLL=C:\PROGRA~1\NORTON~3\NISFSTDL.DL^
    C:\PROGRA~1\NORTON~3\NIS_SMUI.DLL=C:\PROGRA~1\NORTON~3\NIS_SMUI.DL^
    C:\PROGRA~1\NORTON~3\NISABOUT.DLL=C:\PROGRA~1\NORTON~3\NISABOUT.DL^
    C:\PROGRA~1\NORTON~3\NISEMAIL.DLL=C:\PROGRA~1\NORTON~3\NISEMAIL.DL^
    C:\PROGRA~1\NORTON~3\NISFETA.DLL=C:\PROGRA~1\NORTON~3\NISFETA.DL^
    C:\PROGRA~1\NORTON~3\NISFETP.DLL=C:\PROGRA~1\NORTON~3\NISFETP.DL^
    C:\PROGRA~1\NORTON~3\NISLCOM.DLL=C:\PROGRA~1\NORTON~3\NISLCOM.DL^
    C:\PROGRA~1\NORTON~3\NISLUCBK.DLL=C:\PROGRA~1\NORTON~3\NISLUCBK.DL^
    C:\PROGRA~1\NORTON~3\NISOPTS.DLL=C:\PROGRA~1\NORTON~3\NISOPTS.DL^
    C:\PROGRA~1\NORTON~3\NISPLUG.DLL=C:\PROGRA~1\NORTON~3\NISPLUG.DL^
    C:\PROGRA~1\NORTON~3\NISPROD.DLL=C:\PROGRA~1\NORTON~3\NISPROD.DL^
    C:\PROGRA~1\NORTON~3\PCWIZ.DLL=C:\PROGRA~1\NORTON~3\PCWIZ.DL^
    C:\PROGRA~1\NORTON~3\PCWIZ.EXE=C:\PROGRA~1\NORTON~3\PCWIZ.EX^
    C:\PROGRA~1\NORTON~3\RLEVEL.DLL=C:\PROGRA~1\NORTON~3\RLEVEL.DL^
    C:\PROGRA~1\NORTON~3\SYMMONI.EXE=C:\PROGRA~1\NORTON~3\SYMMONI.EX^
    C:\PROGRA~1\NORTON~3\SYMURL.DLL=C:\PROGRA~1\NORTON~3\SYMURL.DL^
    C:\PROGRA~1\NORTON~3\TDIT_MSG.DLL=C:\PROGRA~1\NORTON~3\TDIT_MSG.DL^
    C:\PROGRA~1\NORTON~3\URLUPDAT.EXE=C:\PROGRA~1\NORTON~3\URLUPDAT.EX^
    C:\PROGRA~1\NORTON~3\ACDISP.DLL=C:\PROGRA~1\NORTON~3\ACDISP.DL^
    C:\PROGRA~1\NORTON~3\ALESCAN.EXE=C:\PROGRA~1\NORTON~3\ALESCAN.EX^
    C:\PROGRA~1\NORTON~3\ATRACK.DLL=C:\PROGRA~1\NORTON~3\ATRACK.DL^
    C:\PROGRA~1\NORTON~3\CCALE.DLL=C:\PROGRA~1\NORTON~3\CCALE.DL^
    C:\PROGRA~1\NORTON~3\CCANTISP.DLL=C:\PROGRA~1\NORTON~3\CCANTISP.DL^
    C:\PROGRA~1\NORTON~3\CCFWRULS.DLL=C:\PROGRA~1\NORTON~3\CCFWRULS.DL^
    C:\PROGRA~1\NORTON~3\CCFWSETG.DLL=C:\PROGRA~1\NORTON~3\CCFWSETG.DL^
    C:\PROGRA~1\NORTON~3\CCPROXY.DLL=C:\PROGRA~1\NORTON~3\CCPROXY.DL^
    C:\PROGRA~1\NORTON~3\CCPXYEVT.DLL=C:\PROGRA~1\NORTON~3\CCPXYEVT.DL^
    C:\PROGRA~1\NORTON~3\CCPXYSVC.EXE=C:\PROGRA~1\NORTON~3\CCPXYSVC.EX^
    C:\PROGRA~1\NORTON~3\CCRULEIO.DLL=C:\PROGRA~1\NORTON~3\CCRULEIO.DL^
    C:\PROGRA~1\NORTON~3\CCSCANSP.DLL=C:\PROGRA~1\NORTON~3\CCSCANSP.DL^
    C:\PROGRA~1\NORTON~3\DATAHTTP.DLL=C:\PROGRA~1\NORTON~3\DATAHTTP.DL^
    C:\PROGRA~1\NORTON~3\EVTPWRAP.DLL=C:\PROGRA~1\NORTON~3\EVTPWRAP.DL^
    C:\PROGRA~1\NORTON~3\FWUI.DLL=C:\PROGRA~1\NORTON~3\FWUI.DL^
    C:\PROGRA~1\NORTON~3\IAMAPP.DLL=C:\PROGRA~1\NORTON~3\IAMAPP.DL^
    C:\PROGRA~1\NORTON~3\IAMPW.DLL=C:\PROGRA~1\NORTON~3\IAMPW.DL^
    C:\PROGRA~1\NORTON~3\LOGEXPRT.EXE=C:\PROGRA~1\NORTON~3\LOGEXPRT.EX^
    C:\PROGRA~1\NORTON~3\NISADBLK.DLL=C:\PROGRA~1\NORTON~3\NISADBLK.DL^
    C:\PROGRA~1\NORTON~3\NISALERT.DLL=C:\PROGRA~1\NORTON~3\NISALERT.DL^
    C:\PROGRA~1\NORTON~3\NISCMNHT.DLL=C:\PROGRA~1\NORTON~3\NISCMNHT.DL^
    C:\PROGRA~1\NORTON~3\NISCONFD.DLL=C:\PROGRA~1\NORTON~3\NISCONFD.DL^
    C:\PROGRA~1\NORTON~3\NISEVT.DLL=C:\PROGRA~1\NORTON~3\NISEVT.DL^
    C:\PROGRA~1\NORTON~3\NISUM.EXE=C:\PROGRA~1\NORTON~3\NISUM.EX^
    C:\PROGRA~1\NORTON~3\NISUMPS.DLL=C:\PROGRA~1\NORTON~3\NISUMPS.DL^
    C:\PROGRA~1\NORTON~3\PPROFILE.DLL=C:\PROGRA~1\NORTON~3\PPROFILE.DL^
    C:\PROGRA~1\NORTON~3\PXYHTTP.DLL=C:\PROGRA~1\NORTON~3\PXYHTTP.DL^
    C:\PROGRA~1\NORTON~3\PXYIM.DLL=C:\PROGRA~1\NORTON~3\PXYIM.DL^
    C:\PROGRA~1\NORTON~3\PXYNNTP.DLL=C:\PROGRA~1\NORTON~3\PXYNNTP.DL^
    C:\PROGRA~1\NORTON~3\STRMFILT.DLL=C:\PROGRA~1\NORTON~3\STRMFILT.DL^
    C:\PROGRA~1\NORTON~3\SYMICONV.DLL=C:\PROGRA~1\NORTON~3\SYMICONV.DL^
    C:\PROGRA~1\NORTON~3\TLEVEL.DLL=C:\PROGRA~1\NORTON~3\TLEVEL.DL^
    C:\PROGRA~1\NORTON~3\UMCBK.DLL=C:\PROGRA~1\NORTON~3\UMCBK.DL^
    C:\PROGRA~1\NORTON~3\WRAPUM.DLL=C:\PROGRA~1\NORTON~3\WRAPUM.DL^
    C:\PROGRA~1\NORTON~3\NISFIRST.EXE=C:\PROGRA~1\NORTON~3\NISFIRST.EX^
    C:\PROGRA~1\NORTON~3\NISRES.DLL=C:\PROGRA~1\NORTON~3\NIS44AA.TMP
    C:\PROGRA~1\NORTON~2\BOOTWARN.EXE=C:\PROGRA~1\NORTON~2\BOOTWARN.EX^
    C:\PROGRA~1\NORTON~2\ABOUTPLG.DLL=C:\PROGRA~1\NORTON~2\ABOUTPLG.DL^
    C:\PROGRA~1\NORTON~2\APWUTIL.DLL=C:\PROGRA~1\NORTON~2\APWUTIL.DL^
    C:\PROGRA~1\NORTON~2\CCIMSCAN.DLL=C:\PROGRA~1\NORTON~2\CCIMSCAN.DL^
    C:\PROGRA~1\NORTON~2\CCIMSCAN.EXE=C:\PROGRA~1\NORTON~2\CCIMSCAN.EX^
    C:\PROGRA~1\NORTON~2\CFGWIZ.DLL=C:\PROGRA~1\NORTON~2\CFGWIZ.DL^
    C:\PROGRA~1\NORTON~2\CFGWIZ.EXE=C:\PROGRA~1\NORTON~2\CFGWIZ.EX^
    C:\PROGRA~1\NORTON~2\DEC2.DLL=C:\PROGRA~1\NORTON~2\DEC2.DL^
    C:\PROGRA~1\NORTON~2\DEC2AMG.DLL=C:\PROGRA~1\NORTON~2\DEC2AMG.DL^
    C:\PROGRA~1\NORTON~2\DEC2ARJ.DLL=C:\PROGRA~1\NORTON~2\DEC2ARJ.DL^
    C:\PROGRA~1\NORTON~2\DEC2CAB.DLL=C:\PROGRA~1\NORTON~2\DEC2CAB.DL^
    C:\PROGRA~1\NORTON~2\DEC2EXE.DLL=C:\PROGRA~1\NORTON~2\DEC2EXE.DL^
    C:\PROGRA~1\NORTON~2\DEC2GZIP.DLL=C:\PROGRA~1\NORTON~2\DEC2GZIP.DL^
    C:\PROGRA~1\NORTON~2\DEC2HQX.DLL=C:\PROGRA~1\NORTON~2\DEC2HQX.DL^
    C:\PROGRA~1\NORTON~2\DEC2ID.DLL=C:\PROGRA~1\NORTON~2\DEC2ID.DL^
    C:\PROGRA~1\NORTON~2\DEC2LHA.DLL=C:\PROGRA~1\NORTON~2\DEC2LHA.DL^
    C:\PROGRA~1\NORTON~2\DEC2LZ.DLL=C:\PROGRA~1\NORTON~2\DEC2LZ.DL^
    C:\PROGRA~1\NORTON~2\DEC2RTF.DLL=C:\PROGRA~1\NORTON~2\DEC2RTF.DL^
    C:\PROGRA~1\NORTON~2\DEC2SS.DLL=C:\PROGRA~1\NORTON~2\DEC2SS.DL^
    C:\PROGRA~1\NORTON~2\DEC2TAR.DLL=C:\PROGRA~1\NORTON~2\DEC2TAR.DL^
    C:\PROGRA~1\NORTON~2\DEC2TEXT.DLL=C:\PROGRA~1\NORTON~2\DEC2TEXT.DL^
    C:\PROGRA~1\NORTON~2\DEC2TNEF.DLL=C:\PROGRA~1\NORTON~2\DEC2TNEF.DL^
    C:\PROGRA~1\NORTON~2\DEC2UUE.DLL=C:\PROGRA~1\NORTON~2\DEC2UUE.DL^
    C:\PROGRA~1\NORTON~2\DEC2ZIP.DLL=C:\PROGRA~1\NORTON~2\DEC2ZIP.DL^
    C:\PROGRA~1\NORTON~2\DECSDK.DLL=C:\PROGRA~1\NORTON~2\DECSDK.DL^
    C:\PROGRA~1\NORTON~2\DEFALERT.DLL=C:\PROGRA~1\NORTON~2\DEFALERT.DL^
    C:\PROGRA~1\NORTON~2\N32CALL.DLL=C:\PROGRA~1\NORTON~2\N32CALL.DL^
    C:\PROGRA~1\NORTON~2\N32EXCLU.DLL=C:\PROGRA~1\NORTON~2\N32EXCLU.DL^
    C:\PROGRA~1\NORTON~2\N32VLIST.DLL=C:\PROGRA~1\NORTON~2\N32VLIST.DL^
    C:\PROGRA~1\NORTON~2\NAVAP32.DLL=C:\PROGRA~1\NORTON~2\NAVAP32.DL^
    C:\PROGRA~1\NORTON~2\NAVAPI.VXD=C:\PROGRA~1\NORTON~2\NAVAPI.VX^
    C:\PROGRA~1\NORTON~2\NAVAPI32.DLL=C:\PROGRA~1\NORTON~2\NAVAPI32.DL^
    C:\PROGRA~1\NORTON~2\NAVAPSCR.DLL=C:\PROGRA~1\NORTON~2\NAVAPSCR.DL^
    C:\PROGRA~1\NORTON~2\NAVCOMUI.DLL=C:\PROGRA~1\NORTON~2\NAVCOMUI.DL^
    C:\PROGRA~1\NORTON~2\NAVDEFS.DLL=C:\PROGRA~1\NORTON~2\NAVDEFS.DL^
    C:\PROGRA~1\NORTON~2\NAVDX.EXE=C:\PROGRA~1\NORTON~2\NAVDX.EX^
    C:\PROGRA~1\NORTON~2\NAVDX.OVL=C:\PROGRA~1\NORTON~2\NAVDX.OV^
    C:\PROGRA~1\NORTON~2\NAVEMAIL.DLL=C:\PROGRA~1\NORTON~2\NAVEMAIL.DL^
    C:\PROGRA~1\NORTON~2\NAVERROR.DLL=C:\PROGRA~1\NORTON~2\NAVERROR.DL^
    C:\PROGRA~1\NORTON~2\NAVEVENT.DLL=C:\PROGRA~1\NORTON~2\NAVEVENT.DL^
    C:\PROGRA~1\NORTON~2\NAVINOC.DLL=C:\PROGRA~1\NORTON~2\NAVINOC.DL^
    C:\PROGRA~1\NORTON~2\NAVKRNLO.VXD=C:\PROGRA~1\NORTON~2\NAVKRNLO.VX^
    C:\PROGRA~1\NORTON~2\NAVLCOM.DLL=C:\PROGRA~1\NORTON~2\NAVLCOM.DL^
    C:\PROGRA~1\NORTON~2\NAVLNCH.DLL=C:\PROGRA~1\NORTON~2\NAVLNCH.DL^
    C:\PROGRA~1\NORTON~2\NAVLOGV.DLL=C:\PROGRA~1\NORTON~2\NAVLOGV.DL^
    C:\PROGRA~1\NORTON~2\NAVLUCBK.DLL=C:\PROGRA~1\NORTON~2\NAVLUCBK.DL^
    C:\PROGRA~1\NORTON~2\NAVOPTS.DLL=C:\PROGRA~1\NORTON~2\NAVOPTS.DL^
    C:\PROGRA~1\NORTON~2\NAVPROD.DLL=C:\PROGRA~1\NORTON~2\NAVPROD.DL^
    C:\PROGRA~1\NORTON~2\NAVSCAN.DLL=C:\PROGRA~1\NORTON~2\NAVSCAN.DL^
    C:\PROGRA~1\NORTON~2\NAVSHEXT.DLL=C:\PROGRA~1\NORTON~2\NAVSHEXT.DL^
    C:\PROGRA~1\NORTON~2\NAVSTATS.DLL=C:\PROGRA~1\NORTON~2\NAVSTATS.DL^
    C:\PROGRA~1\NORTON~2\NAVSTUB.EXE=C:\PROGRA~1\NORTON~2\NAVSTUB.EX^
    C:\PROGRA~1\NORTON~2\NAVTASKS.DLL=C:\PROGRA~1\NORTON~2\NAVTASKS.DL^
    C:\PROGRA~1\NORTON~2\NAVTSKWZ.DLL=C:\PROGRA~1\NORTON~2\NAVTSKWZ.DL^
    C:\PROGRA~1\NORTON~2\NAVUI.DLL=C:\PROGRA~1\NORTON~2\NAVUI.DL^
    C:\PROGRA~1\NORTON~2\NAVW32.EXE=C:\PROGRA~1\NORTON~2\NAVW32.EX^
    C:\PROGRA~1\NORTON~2\NETBREXT.DLL=C:\PROGRA~1\NORTON~2\NETBREXT.DL^
    C:\PROGRA~1\NORTON~2\OEHEUR.DLL=C:\PROGRA~1\NORTON~2\OEHEUR.DL^
    C:\PROGRA~1\NORTON~2\OFFICEAV.DLL=C:\PROGRA~1\NORTON~2\OFFICEAV.DL^
    C:\PROGRA~1\NORTON~2\PATCH32I.DLL=C:\PROGRA~1\NORTON~2\PATCH32I.DL^
    C:\PROGRA~1\NORTON~2\QCONRES.DLL=C:\PROGRA~1\NORTON~2\QCONRES.DL^
    C:\PROGRA~1\NORTON~2\QCONSOLE.EXE=C:\PROGRA~1\NORTON~2\QCONSOLE.EX^
    C:\PROGRA~1\NORTON~2\QSPAK32.DLL=C:\PROGRA~1\NORTON~2\QSPAK32.DL^
    C:\PROGRA~1\NORTON~2\QUAR32.DLL=C:\PROGRA~1\NORTON~2\QUAR32.DL^
    C:\PROGRA~1\NORTON~2\S32ALOGO.DLL=C:\PROGRA~1\NORTON~2\S32ALOGO.DL^
    C:\PROGRA~1\NORTON~2\S32INTEG.DLL=C:\PROGRA~1\NORTON~2\S32INTEG.DL^
    C:\PROGRA~1\NORTON~2\S32NAVO.DLL=C:\PROGRA~1\NORTON~2\S32NAVO.DL^
    C:\PROGRA~1\NORTON~2\SAVRT.VXD=C:\PROGRA~1\NORTON~2\SAVRT.VX^
    C:\PROGRA~1\NORTON~2\SAVRT32.DLL=C:\PROGRA~1\NORTON~2\SAVRT32.DL^
    C:\PROGRA~1\NORTON~2\SAVRTPEL.VXD=C:\PROGRA~1\NORTON~2\SAVRTPEL.VX^
    C:\PROGRA~1\NORTON~2\SCANDLVR.DLL=C:\PROGRA~1\NORTON~2\SCANDLVR.DL^
    C:\PROGRA~1\NORTON~2\SCANDRES.DLL=C:\PROGRA~1\NORTON~2\SCANDRES.DL^
    C:\PROGRA~1\NORTON~2\SCANMGR.DLL=C:\PROGRA~1\NORTON~2\SCANMGR.DL^
    C:\PROGRA~1\NORTON~2\SCRIPTUI.DLL=C:\PROGRA~1\NORTON~2\SCRIPTUI.DL^
    C:\PROGRA~1\NORTON~2\SDFLT32I.DLL=C:\PROGRA~1\NORTON~2\SDFLT32I.DL^
    C:\PROGRA~1\NORTON~2\SDPCK32I.DLL=C:\PROGRA~1\NORTON~2\SDPCK32I.DL^
    C:\PROGRA~1\NORTON~2\SDSND32I.DLL=C:\PROGRA~1\NORTON~2\SDSND32I.DL^
    C:\PROGRA~1\NORTON~2\SDSOK32I.DLL=C:\PROGRA~1\NORTON~2\SDSOK32I.DL^
    C:\PROGRA~1\NORTON~2\SDSTP32I.DLL=C:\PROGRA~1\NORTON~2\SDSTP32I.DL^
    C:\PROGRA~1\NORTON~2\SFSTR32I.DLL=C:\PROGRA~1\NORTON~2\SFSTR32I.DL^
    C:\PROGRA~1\NORTON~2\SMSTR32I.DLL=C:\PROGRA~1\NORTON~2\SMSTR32I.DL^
    C:\PROGRA~1\NORTON~2\SYMNAVO.DLL=C:\PROGRA~1\NORTON~2\SYMNAVO.DL^
    C:\PROGRA~1\NORTON~2\TKNV16O.DLL=C:\PROGRA~1\NORTON~2\TKNV16O.DL^
    C:\PROGRA~1\NORTON~2\TKNV32O.DLL=C:\PROGRA~1\NORTON~2\TKNV32O.DL^
    C:\PROGRA~1\NORTON~2\UNDOBOOT.EXE=C:\PROGRA~1\NORTON~2\UNDOBOOT.EX^
    C:\PROGRA~1\NORTON~2\V32SCAN.DLL=C:\PROGRA~1\NORTON~2\V32SCAN.DL^
    C:\WINDOWS\SYSTEM\SAVRTGUI.DLL=C:\WINDOWS\SYSTEM\SAVRTGUI.DL^
    C:\PROGRA~1\NORTON~2\APWCMD9X.DLL=C:\PROGRA~1\NORTON~2\APWCMD9X.000
    C:\PROGRA~1\NORTON~2\NAVAPW32.DLL=C:\PROGRA~1\NORTON~2\NAVAPW32.000
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCAPP.EXE=C:\PROGRA~1\COMMON~1\SYMANT~1\CCAPP.EX^
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DL^
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLUI.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLUI.DL^
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCERRDSP.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCERRDSP.DL^
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCEVT.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCEVT.DL^
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCEVTMGR.EXE=C:\PROGRA~1\COMMON~1\SYMANT~1\CCEVTMGR.EX^
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCLGVIEW.EXE=C:\PROGRA~1\COMMON~1\SYMANT~1\CCLGVIEW.EX^
    C:\WINDOWS\SYSTEM\CCPASSWD.DLL=C:\WINDOWS\SYSTEM\CCPASSWD.DL^
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPWDSVC.EXE=C:\PROGRA~1\COMMON~1\SYMANT~1\CCPWDSVC.EX^
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCREGMON.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCREGMON.DL^
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCREGVFY.EXE=C:\PROGRA~1\COMMON~1\SYMANT~1\CCREGVFY.EX^
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCSHTDWN.EXE=C:\PROGRA~1\COMMON~1\SYMANT~1\CCSHTDWN.EX^
    C:\WINDOWS\SYSTEM\CCTRUST.DLL=C:\WINDOWS\SYSTEM\CCTRUST.DL^
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCWEBWND.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCWEBWND.DL^
    C:\PROGRA~1\COMMON~1\SYMANT~1\SRNEW.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\SRNEW.DL^
    C:\PROGRA~1\COMMON~1\SYMANT~1\SROLD.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\SROLD.DL^
    C:\PROGRA~1\COMMON~1\SYMANT~1\CCAPPHLP.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCAPPHLP.000

    --------------------------------------------------

    C:\AUTOEXEC.BAT listing:

    @ECHO OFF
    rem
    rem
    rem

    --------------------------------------------------

    C:\CONFIG.SYS listing:

    rem
    rem
    rem

    --------------------------------------------------

    C:\WINDOWS\DOSSTART.BAT listing:

    @echo off
    set path=c:\windows\command
    mscdex.exe /d:IDECD000 /L:M
    SET PROMPT=$p$g
    SET TEMP=C:\windows\TEMP
    SET TMP=C:\windows\TEMP
    set DosOnly=1
    call c:\dosboot\mousie.bat
    c:\windows\smartdrv /q
    c:
    cd \windows

    --------------------------------------------------

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden

    --------------------------------------------------

    Enumerating Browser Helper Objects:

    (no name) - (no file) - {004A5840-FF59-11d2-B50D-0090271D3FD4}
    (no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Tune-up Application Start.job
    Maintenance-Defragment programs.job
    Maintenance-Clean up Start menu.job
    Maintenance-ScanDisk.job
    Maintenance-Disk cleanup.job
    Run Norton System Check.job
    Symantec NetDetect.job
    Windows Critical Update Notification.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [PWMediaSendControl Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PWACTIVEXIMGCTL.DLL
    CODEBASE = http://216.249.24.141/code/PWActiveXImgCtl.CAB

    [{41F17733-B041-4099-A042-B518BB6A408C}]
    CODEBASE = http://a1540.g.akamai.net/7/1540/52...le.com/samantha/us/win/QuickTimeInstaller.exe

    [BJA Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\BJA.OCX
    CODEBASE = http://mirror.worldwinner.com/games/v42/bjattack/bjattack.cab

    [DepHlp Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\DEPHLP.OCX
    CODEBASE = http://www.worldwinner.com/games/shared/dephlp.cab

    [Sol Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\SOL.OCX
    CODEBASE = http://mirror.worldwinner.com/games/v40/sol/sol.cab

    [Word Cubes Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\WORDCUBE.OCX
    CODEBASE = http://mirror.worldwinner.com/games/v40/wordcube/wordcube.cab

    [Trivia Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\TRIVIA.OCX
    CODEBASE = http://mirror.worldwinner.com//games/v41/trivia/trivia.cab

    [FreeCell Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\FREECELL.OCX
    CODEBASE = http://mirror.worldwinner.com/games/v40/freecell/freecell.cab

    [NetOnCourse Compatibility Test Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\MILIVE~1.OCX
    CODEBASE = http://212.199.43.24/events/bin/comptest/milivecomptest.ocx

    [Symantec RuFSI Registry Information Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUFSI.DLL
    CODEBASE = http://security1.norton.com/SSC/SharedContent/common/bin/cabsa.cab

    [Symantec AntiVirus scanner]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\AVSNIFF.DLL
    CODEBASE = http://security1.norton.com/SSC/SharedContent/vc/bin/AvSniff.cab

    [NetOnCourse MILive Participant Control(MR)]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\MRLIVE~1.OCX
    CODEBASE = http://62.219.1.103/events/bin/media/2.2.2.0-2.0.2.3/MILive.cab

    [Pulse V5 ActiveX Control]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\AXPULSE5.DLL
    CODEBASE = http://www.pulse3d.com/players/english/5.2/win/PulsePlayer5.2AxWin.cab

    [Update Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37620.6693981482

    [TDServer Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\TDSERVER.OCX
    CODEBASE = http://www.truedoc.com/activex/tdserver.cab

    [{8522F9B3-38C5-4AA4-AE40-7401F1BBC851}]
    CODEBASE = http://216.65.38.226/Download_Plugin.exe

    [HouseCall Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
    CODEBASE = http://a840.g.akamai.net/7/840/537/2002121801/housecall.antivirus.com/housecall/xscan53.cab

    --------------------------------------------------
    End of report, 21,855 bytes
    Report generated in 1.542 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only



    i will try to log on to symantec now... hopefully it works.
     
  8. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    I don't know why I'm seeing this as a running process:

    C:\WINDOWS\TEMP\_IU14D2N.TMP

    It might have been the download/install for Spybot.


    Anyway, Spybot's a great program, but I wouldn't configure it to run automatically every startup. That can be disabled through its Settings > Settings > automation page. Just uncheck the load at startup option.

    At some point it might be a good idea to do a thourough DOS clean up of your Temp and Internet caches. Here are some instructions for doing that:



    Try this drill for doing a DOS level cleanup of your cache. It's more thorough than Windows.

    Click Start>Shutdown>Restart in MS-DOS mode.

    At the c:\windows\> prompt enter each bold line:

    smartdrv
    deltree tempor~1
    deltree temp
    deltree history
    deltree locals~1\tempor~1
    exit


    (you may get an error message on this last one (locals~1), just skip to "exit" if you do, it just means you don't have that directory)

    Enter smartdrv first or the process will take a very long time. For each deltree, confirm by entering 'y' if the target directory is correct
     
  9. atomic

    atomic Thread Starter

    Joined:
    Jan 9, 2003
    Messages:
    5
    okay, i'll do that right now.

    i went to disable the spybot program and none of the auto start methods were checked... that temp directory is still showing up in the startup list, though.

    norton still isn't working properly... should i reinstall now that my computer is supposedly "clean"?
     
  10. Endemix

    Endemix Guest

    Reinstall and you should be all done :)
     
  11. Rollin' Rog

    Rollin' Rog

    Joined:
    Dec 9, 2000
    Messages:
    45,855
    Ok, on second look I see the Spybot entry was comimg from the "RunOnce" key of the registry, meaning that it is no longer enabled after a reboot.

    Yes it sounds like the problem is now specific to Norton. I take it you can connect to sites without a problem after renaming Hosts?

    Try to have as little else running when you do the removal and reinstall. You can end-task just about everything except Explorer.

    By the way I would remove this ActiveX control from your Downloaded Progam files directory, it doesn't look very copacetic to me:


    {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} .... plugin.exe

    In fact I would remove all not clearly belonging to major vendors.
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - issues norton
  1. Talshere
    Replies:
    1
    Views:
    650
  2. DebbyR
    Replies:
    2
    Views:
    727
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/112390

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice