1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[Resolved] Unable to run Norton AntiVirus 2003 software

Discussion in 'Earlier Versions of Windows' started by stay1234, Jan 4, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. stay1234

    stay1234 Thread Starter

    Joined:
    Oct 26, 2002
    Messages:
    27
    I uninstalled my McAfee AntiVirus software and installed Norton AntiVirus 2003 software.

    Everything appeared to load correctly but I am unable to open the Norton software from my desktop. When I double click on the icon, nothing happens so I'm not sure whether I am covered or not.

    When I "right click" on the Norton icon and click on "open", I get the following error message:

    Windows Cannot Find
    SCAN32.EXE
    This Program is needed for opening files of type "Application".

    Please help.
     
  2. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    You may well be infected by the W32.Yaha.K Worm.
    One of the things it does is cripple your antivirus.

    Here's the Bitdefender removal tool.
    Download and run it, preferably in Safe Mode.

    Symantec has one as well

    Also please do this:

    Go to http://www.spywareinfo.com/downloads.php#startup , and download 'Startuplist'.

    Unzip, doubleclick it, and it will generate a text file that will list all running processes, all applications that are loaded automatically when you start Windows, and more.

    Go to Edit > select all, copy it and post the contents here.
     
  3. stay1234

    stay1234 Thread Starter

    Joined:
    Oct 26, 2002
    Messages:
    27
    Tony,

    I ran the Bitdefender removal tool as you suggested. Report showed "no infected files".

    Attached is the "startuplist" you requested. Thanks for your help!!

    StartupList report, 1/4/03, 8:07:30 PM
    StartupList version: 1.50
    Started from : C:\UNZIPPED\STARTUPLIST[1]\STARTUPLIST.EXE
    Detected: Windows 98 SE (Win9x 4.10.2222A)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
    C:\COMPAQ\CPQINET\CPQINET.EXE
    C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
    C:\CPQS\BWTOOLS\SCCENTER.EXE
    C:\WINDOWS\SYSTEM\LVCOMS.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\ptsnoop.exe
    C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
    C:\WINDOWS\SYSTEM\HPZTSB04.EXE
    C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
    C:\WINDOWS\SYSTEM\HPHMON03.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\PHOTO IMAGING\HPI_MONITOR.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\HP SHARE-TO-WEB\HPGS2WND.EXE
    C:\PROGRAM FILES\KAZAA\KAZAA.EXE
    C:\PROGRAM FILES\DELFIN\PROMULGATE\PGMONITR.EXE
    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\HP SHARE-TO-WEB\HPGS2WNF.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
    C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
    C:\PROGRAM FILES\EXCITE\PLATFORM\EXSHELL.EXE
    C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
    C:\WINDOWS\RunDLL.exe
    C:\PROGRAM FILES\AUDIOGALAXY SATELLITE\AGSATELLITE609.EXE
    C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\TIGER TECHNOLOGIES\DESKFLAG\DESKFLAG.EXE
    C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
    C:\WINDOWS\SYSTEM\HPHIPM09.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\UNZIPPED\STARTUPLIST[1]\STARTUPLIST.EXE
    C:\UNZIPPED\STARTUPLIST[1]\STARTUPLIST.EXE
    C:\UNZIPPED\STARTUPLIST[1]\STARTUPLIST.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\WINDOWS\Start Menu\Programs\StartUp]
    AGSatellite.lnk = C:\Program Files\Audiogalaxy Satellite\AGSatellite609.exe
    WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    DeskFlag.lnk = C:\Program Files\Tiger Technologies\DeskFlag\deskflag.exe
    America Online Tray Icon.lnk = C:\America Online 6.0\aoltray.exe
    Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ScanRegistry = c:\windows\scanregw.exe /autorun
    TaskMonitor = c:\windows\taskmon.exe
    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    SystemTray = SysTray.Exe
    CPQEASYACC = C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
    EACLEAN = C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
    CPQInet = c:\compaq\CPQInet\CpqInet.exe
    Digital Dashboard = C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
    Service Connection = c:\cpqs\bwtools\sccenter.exe
    CountrySelection = pctptt.exe
    DXM6Patch_981116 = C:\WINDOWS\p_981116.exe /Q:A
    LVComs = c:\windows\SYSTEM\LVComS.exe
    AvconsoleEXE = C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
    VsecomrEXE = C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE
    VsStatEXE = C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
    McAfeeWebScanX = C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.exe
    dlder =
    ATTRedUpate = C:\PROGRAM FILES\COMMON FILES\AT&T\REDCON\PROGRAMS\AutoUpdate.exe
    Pop-Up Stopper = "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
    zzzHPSETUP = E:\Setup.exe
    hpppta = C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON
    StillImageMonitor = C:\WINDOWS\SYSTEM\STIMON.EXE
    Explorer = C:\WINDOWS\explorer\explorer.exe
    LoadQM = loadqm.exe
    PTSNOOP = ptsnoop.exe
    SpyBotSnD = "C:\ERROR MSG. SOLUTION\SPYBOT - SEARCH & DESTROY 1.1\SPYBOTSD.EXE"
    MoviePlace = "C:\Program Files\MoviePlace\MoviePlace.exe" /H
    RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    HPDJ Taskbar Utility = C:\WINDOWS\SYSTEM\hpztsb04.exe
    HPHmon03 = C:\WINDOWS\SYSTEM\HPHMON03.EXE
    CXMon = "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
    Share-to-Web Namespace Daemon = C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
    REGSHAVE = C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    XupiterCfgLoader = C:\Program Files\Xupiter\XTCfgLoader.exe
    KAZAA = C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
    MediaLoads Installer = "C:\Program Files\DownloadWare\dw.exe" /H
    PromulGate = "C:\Program Files\DelFin\PromulGate\PgMonitr.exe"
    NAV CfgWiz = c:\PROGRA~1\NORTON~1\CFGWIZ.EXE /R
    ccApp = "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    ccRegVfy = "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    Excite Platform = C:\PROGRA~1\EXCITE\PLATFORM\ExLaunch.exe
    WinampAgent = "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
    Adaptec DirectCD = C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    CreateCD = C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

    SpyBotSnD = C:\ERROR MSG. SOLUTION\SPYBOT - SEARCH & DESTROY 1.1\SPYBOTSD.EXE

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    SchedulingAgent = mstask.exe
    Hidserv = Hidserv.exe run
    ccEvtMgr = "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
    ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    MoneyAgent = "C:\Program Files\Microsoft Money\System\Money Express.exe"
    MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
    WEBCAMRT.EXE =
    Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    AIM = C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
    Adaware Bootup = C:\PROGRAM FILES\LAVASOFT AD-AWARE\AD-AWARE.EXE /Auto /Log "C:\PROGRAM FILES\LAVASOFT AD-AWARE\"

    --------------------------------------------------

    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}

    [>PerUser_MSN_Clean] *
    StubPath = c:\windows\msnmgsr1.exe

    [PerUser_LinkBar_URLs] *
    StubPath = c:\windows\COMMAND\sulfnbk.exe /L

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

    [>IEPerUser] *
    StubPath = RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP

    [{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
    StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

    --------------------------------------------------

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=
    run=

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\3DFLOW~1.SCR
    drivers=mmsystem.dll power.drv

    --------------------------------------------------

    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present

    --------------------------------------------------

    C:\WINDOWS\WININIT.BAK listing:
    (Created 4/1/2003, 18:45:48)

    [Rename]
    NUL=C:\WINDOWS\SYSTEM\SCHANNEL.DLL
    C:\WINDOWS\SYSTEM\SCHANNEL.DLL=C:\WINDOWS\SYSTEM\SETB374.TMP
    NUL=C:\WINDOWS\SYSTEM\SCHANNEL.DLL
    C:\WINDOWS\SYSTEM\SCHANNEL.DLL=C:\WINDOWS\SYSTEM\SETB375.TMP
    C:\WINDOWS\SYSTEM\IEPEERS.DLL=C:\WINDOWS\SYSTEM\IEPEERS.RCX
    C:\WINDOWS\SYSTEM\RSASIG.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\RSASIG.DLL
    C:\WINDOWS\SYSTEM\XENROLL.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\XENROLL.DLL
    C:\WINDOWS\SYSTEM\MSCAT32.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSCAT32.DLL
    C:\WINDOWS\SYSTEM\MSSIP32.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSSIP32.DLL
    C:\WINDOWS\SYSTEM\MSSIGN32.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSSIGN32.DLL
    C:\WINDOWS\SYSTEM\CRYPTUI.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\CRYPTUI.DLL
    C:\WINDOWS\SYSTEM\CRYPTNET.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\CRYPTNET.DLL
    C:\WINDOWS\SYSTEM\CRYPTEXT.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\CRYPTEXT.DLL
    C:\WINDOWS\SYSTEM\DIGEST.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\DIGEST.DLL
    C:\WINDOWS\SYSTEM\MSXML3.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSXML3.DLL
    C:\WINDOWS\SYSTEM\WLDAP32.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\WLDAP32.DLL
    C:\WINDOWS\SYSTEM\MSTIME.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSTIME.DLL
    C:\WINDOWS\SYSTEM\MMUTILSE.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MMUTILSE.DLL
    C:\WINDOWS\SYSTEM\MSRATING.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSRATING.DLL
    C:\WINDOWS\SYSTEM\HLINK.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\HLINK.DLL
    C:\WINDOWS\SYSTEM\PROCTEXE.OCX=C:\WINDOWS\SYSTEM\IE4SETUP\PROCTEXE.OCX
    C:\WINDOWS\SYSTEM\URL.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\URL.DLL
    C:\WINDOWS\SYSTEM\IMAGEHLP.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\IMAGEHLP.DLL
    C:\PROGRA~1\INTERN~1\IEXPLORE.EXE=C:\WINDOWS\SYSTEM\IE4SETUP\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\COMCTL32.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC192.TMP
    C:\WINDOWS\SYSTEM\ADVPACK.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC195.TMP
    C:\WINDOWS\SYSTEM\MSHTML.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1A4.TMP
    C:\WINDOWS\SYSTEM\MSHTML.TLB=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1B0.TMP
    C:\WINDOWS\SYSTEM\MSHTMLED.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1B1.TMP
    C:\WINDOWS\SYSTEM\SHDOCVW.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1B2.TMP
    C:\WINDOWS\SYSTEM\SHDOCLC.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1B3.TMP
    C:\WINDOWS\SYSTEM\URLMON.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1B4.TMP
    C:\WINDOWS\SYSTEM\JSCRIPT.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1B5.TMP
    C:\WINDOWS\SYSTEM\WININET.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1B6.TMP
    C:\WINDOWS\SYSTEM\SHLWAPI.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1B7.TMP
    C:\WINDOWS\SYSTEM\PLUGIN.OCX=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1C0.TMP
    C:\WINDOWS\SYSTEM\ACTXPRXY.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1C1.TMP
    C:\WINDOWS\SYSTEM\DISPEX.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1C2.TMP
    C:\WINDOWS\SYSTEM\MLANG.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1C3.TMP
    C:\WINDOWS\SYSTEM\MSXML.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1C4.TMP
    C:\WINDOWS\SYSTEM\BROWSEUI.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1D5.TMP
    C:\WINDOWS\SYSTEM\BROWSELC.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1E0.TMP
    C:\WINDOWS\SYSTEM\SHDOC401.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1E1.TMP
    C:\WINDOWS\SYSTEM\SHD401LC.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1E2.TMP
    C:\WINDOWS\SYSTEM\SHFOLDER.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1E3.TMP
    C:\WINDOWS\SYSTEM\DXTRANS.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1E4.TMP
    C:\WINDOWS\SYSTEM\DXTMSFT.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1E5.TMP
    C:\WINDOWS\SYSTEM\INSENG.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1F1.TMP
    C:\WINDOWS\SYSTEM\MSLS31.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1F3.TMP
    NUL=C:\WINDOWS\SHELLI~1
    NUL=C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE=C:\WINDOWS\SYSTEM\SETC282.TMP
    NUL=C:\WINDOWS\SYSTEM\MSTASK.DLL
    C:\WINDOWS\SYSTEM\MSTASK.DLL=C:\WINDOWS\SYSTEM\SETC283.TMP
    NUL=C:\WINDOWS\SYSTEM\WEBCHECK.DLL
    C:\WINDOWS\SYSTEM\WEBCHECK.DLL=C:\WINDOWS\SYSTEM\SETC2B1.TMP
    NUL=C:\WINDOWS\SYSTEM\MSIDLE.DLL
    C:\WINDOWS\SYSTEM\MSIDLE.DLL=C:\WINDOWS\SYSTEM\SETC2B2.TMP
    NUL=C:\WINDOWS\SYSTEM\SENS.DLL
    C:\WINDOWS\SYSTEM\SENS.DLL=C:\WINDOWS\SYSTEM\SETC2B4.TMP
    NUL=C:\WINDOWS\SYSTEM\SENSAPI.DLL
    C:\WINDOWS\SYSTEM\SENSAPI.DLL=C:\WINDOWS\SYSTEM\SETC2B5.TMP
    NUL=C:\WINDOWS\SYSTEM\ES.DLL
    C:\WINDOWS\SYSTEM\ES.DLL=C:\WINDOWS\SYSTEM\SETC2B6.TMP
    NUL=C:\WINDOWS\SYSTEM\ESSHARED.DLL
    C:\WINDOWS\SYSTEM\ESSHARED.DLL=C:\WINDOWS\SYSTEM\SETC2B7.TMP
    NUL=C:\WINDOWS\SYSTEM\ESTIER2.DLL
    C:\WINDOWS\SYSTEM\ESTIER2.DLL=C:\WINDOWS\SYSTEM\SETC2C0.TMP
    c:\windows\SYSTEM\dispex.dll=c:\windows\SYSTEM\dispex.001
    c:\windows\SYSTEM\jscript.dll=c:\windows\SYSTEM\jscript.001
    c:\windows\SYSTEM\OLEAUT32.DLL=c:\windows\SYSTEM\OLEAUT32.001
    c:\windows\SYSTEM\OLEPRO32.DLL=c:\windows\SYSTEM\OLEPRO32.001
    c:\windows\SYSTEM\STDOLE2.TLB=c:\windows\SYSTEM\STDOLE2.001

    --------------------------------------------------

    C:\AUTOEXEC.BAT listing:

    C:\PROGRA~1\NETWOR~1\MCAFEE~1\SCAN.EXE C:\
    @IF ERRORLEVEL 1 PAUSE
    C:\ESSAUDIO.COM -BLASTER
    @ECHO OFF

    --------------------------------------------------

    C:\CONFIG.SYS listing:

    DEVICE=C:\WINDOWS\HIMEM.SYS
    DEVICE=C:\WINDOWS\EMM386.EXE NOEMS
    DOS=HIGH,UMB,AUTO
    FILESHIGH=80
    BUFFERSHIGH=40,4
    DEVICEHIGH=C:\WINDOWS\SYSTEM\CPQIDECD.SYS /D:IDECD001
    SHELL=C:\COMMAND.COM /P /E:2048

    --------------------------------------------------

    C:\WINDOWS\DOSSTART.BAT listing:

    C:\ESSAUDIO.COM -BLASTER
    @echo off
    LH C:\WINDOWS\COMMAND\MSCDEX.EXE /D:IDECD001 /M:12

    --------------------------------------------------

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden

    --------------------------------------------------

    Enumerating Browser Helper Objects:

    NAV Helper - c:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Tune-up Application Start.job
    Synchronize Time.job
    Check E-mail.job
    Maintenance-Defragment programs.job
    Maintenance-ScanDisk.job
    Maintenance-Disk cleanup.job
    Symantec NetDetect.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [HomeTsrCtrl Class]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\LOCATI~1.DLL
    CODEBASE = http://image.excite.com/sputnik/dynacat_upload/HOME/ATHMWWW/locationchange.dll

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [IPIX ActiveX Control]
    InProcServer32 = C:\WINDOWS\OCCACHE\IPIXX.OCX
    CODEBASE = http://www.ipix.com/viewers/ipixx.cab

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    [Lipstream3 Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\LPLIPS.OCX
    CODEBASE = http://lipstream.www.conxion.com/customers/excite/exciteus/fender.cab

    [ell Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\IEELL.DLL
    CODEBASE = http://aol.ea.com/downloads/games/common/ieell.cab

    [CV3 Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
    CODEBASE = http://windowsupdate.microsoft.com/R824/V31Controls/x86/w98/en/actsetup.cab

    [WTHoster Class]
    InProcServer32 = C:\WINDOWS\WT\WEBDRIVER\WTHOSTCTL.DLL
    CODEBASE = http://www.wildtangent.com/install/wdriver/racing/bmxpro/wildtangent/wtinst.cab

    [EABootStrap Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\EABTSTRP.DLL
    CODEBASE = http://aol.ea.com/downloads/games/common/boot_strap/iegils.cab

    [CFForm Runtime]
    InProcServer32 = C:\WINDOWS\SYSTEM\MSJAVA.DLL
    CODEBASE = http://www1.dcccd.edu/CFIDE/classes/CFJava.cab

    [HouseCall Control]
    InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
    CODEBASE = http://a840.g.akamai.net/7/840/537/2002092801/housecall.antivirus.com/housecall/xscan53.cab

    [Yahoo! Companion]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_0.DLL
    CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_0_2_0.cab

    [Microsoft Office Tools on the Web Control]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\OUTC.DLL
    CODEBASE = http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab

    [{BD11A280-2E73-11CF-B6CF-00AA00A74DAF}]
    CODEBASE = http://www.talkingbuddy.com/talkingbuddyinstall.exe

    [3DGreetings.com Player 2.0]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\VROOM.DLL
    CODEBASE = http://expressit.broderbund.com/Plugin/3DGreetings/vroom.CAB

    [Update Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37620.6539583333

    --------------------------------------------------
    End of report, 18,076 bytes
    Report generated in 0.723 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  4. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Wow, that's one of the most congested startup lists I've ever seen. Your computer must be as slow as molasses.

    You may have SpyBot installed, but nevertheless there's lots of spyware there, mainly due to Kazaa.

    I'd start by shutting down and uninstalling Kazaa. Reboot when you're done.

    You can always replace it by a spyware free alternative later, and regrettably it's no use trying to troubleshoot your problems while all this thrash is still installed and running.

    To start with, there's Explorer = C:\WINDOWS\explorer\explorer.exe

    This is not the Real Windows Explorer, which is C:\Windows\Explorer.exe, but the Dldr Trojan

    Do this:

    Go to Start Run, type Msconfig, and on the Startup tab, uncheck ALL of the following items:

    Service Connection
    DXM6Patch_981116
    LVcoms
    VsecomrEXE
    Dlder
    zzzHPSETUP
    Explorer
    LoadQM
    MoviePlace
    XupiterCfgLoader
    KAZAA
    MediaLoads Installer
    PromulGate
    WinampAgent
    WEBCAMRT.EXE

    Click OK, close Msconfig, and reboot.

    Now launch SpyBot, click 'Online', and search for, check, and download ALL updates.

    Run it. It will find a LOT of stuff to remove.

    Cheers,
     
  5. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    After doing all that cleaning, do this:

    Shut down Norton Antivirus, end task on all NAV files in the Ctrl-alt-delete window, and uninstall it.

    Reboot when you're asked to.

    Next, download and run Rnav.exe

    It helps remove leftover NAV registry keys.

    Now remove the NAV Program Files folder, if it's still there, and the VirusDefs folder in Program Files\Common Files\Symantec Shared.

    Now copy the contents of your NAV CD-ROM to your drive, and install NAV in Safe Mode.

    This ought to work.

    Good luck,
     
  6. stay1234

    stay1234 Thread Starter

    Joined:
    Oct 26, 2002
    Messages:
    27
    Tony,

    I did all the things you suggested to fix my NAV problem. I cleaned-up my start up list, installed the updated version of SpyBot and ran it. I also removed all NAV files (program files, registry keys, VirusDefs and Symantec Shares files).

    I then rebooted in safe mode and reinstalled the NAV 2003 software.

    Unfortunately, I still could not open software from the desktop icon or system tray icon.

    I then went to Symantec website to see if anyone else has had this problem. Per their website, they had me run an on-line scan for the [email protected] worm (which I did not have). They then recommended I edit the registry by clicking Start, Run, typing regedit and navigating to Hkey_Local_Machine\Software\Symantec\Norton AntiVirus. Once there I was to click the "NeedActivation" Value name in the right pane and hit delete. I was unable to do this as there was nothing in the right pane. I then was told to restore the NAV desktop icon to it's default values by right clicking on NAV desktop icon, clicking on properties and entering the following into the Target field: "C:\Program Files\Common Files\Symantec Shared\NMain.exe" /dat:C:\Program Files\Norton AntiVirus\navui.nsi. When I did this I received the following error
    message:

    Symantec Integrator could not initialize the current frame class. Please make sure that you did not directly run the integrator.

    I did everything they suggested, uninstalled, reinstalled in Safe Mode, etc. and still the program will not open.

    When I click on the desktop icon and click on Run Virus Scan, I still get the following error message:

    Windows Cannot Find
    SCAN32.EXE
    This program is needed for opening files of type "Application".


    Hope you can suggest something else to try. This is very upsetting/frustrating since I uninstalled my McAfee (cannot reinstall because I do not have the software -- it came on my PC)to installed the NAV 2003 software.

    Any help will be greatly appreciated. Thanks a bunch!!
     
  7. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Try this

    Download Exefix.com from this site: http://home.earthlink.net/~rmbox/Reticulated/Only_IE.html

    Doubleclick it, and it will restore the default Windows file associations for exefiles.

    Subsequently, do this:

    Copy the bold text to Notepad, save as Lnk.reg and doubleclick to enter into the registry.

    Subsequently you need to reboot.



    REGEDIT4

    [-HKEY_CLASSES_ROOT\.lnk]

    [-HKEY_CLASSES_ROOT\lnkfile]

    [HKEY_CLASSES_ROOT\.lnk]
    @="lnkfile"

    [HKEY_CLASSES_ROOT\.lnk\ShellNew]
    "Command"="RunDLL32 AppWiz.Cpl,NewLinkHere %2"

    [HKEY_CLASSES_ROOT\.lnk\ShellEx]

    [HKEY_CLASSES_ROOT\.lnk\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}]
    @="{500202A0-731E-11d0-B829-00C04FD706EC}"

    [HKEY_CLASSES_ROOT\lnkfile]
    @="Shortcut"
    "EditFlags"=dword:00000001
    "IsShortcut"=""
    "NeverShowExt"=""

    [HKEY_CLASSES_ROOT\lnkfile\CLSID]
    @="{00021401-0000-0000-C000-000000000046}"

    [HKEY_CLASSES_ROOT\lnkfile\shellex]

    [HKEY_CLASSES_ROOT\lnkfile\shellex\IconHandler]
    @="{00021401-0000-0000-C000-000000000046}"

    [HKEY_CLASSES_ROOT\lnkfile\shellex\DropHandler]
    @="{00021401-0000-0000-C000-000000000046}"

    [HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers]

    [HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\{00021401-0000-0000-C000-000000000046}]
    @=""
     
  8. stay1234

    stay1234 Thread Starter

    Joined:
    Oct 26, 2002
    Messages:
    27
    Tony,

    Wanted to let you know that I did download the Exe.com fix files and ran it.

    I also found some info on the net about how to make sure McAfee was totally uninstalled. Apparently, I had some left over stuff hanging out there . . . guess that could have been one of the reasons the NAV was not installing and running correctly.

    Anyway, to make a long story short after I got rid of all the McAfee stuff, I ended up downloading the AVG AntiVirus software off the net. While surfing the different Tech Support Guy Forums, I noticed several people discussing the McAfee, NAV and AVG AntiVirus software. Most of the people seemed to think AVG (which is free off the net with free updates) was just as good and in some cases better than McAfee or NAV so I decided I would give it a try. I downloaded it this morning and everything looks good so far . . . I was so sick of trying to get the NAV to install and run correctly . . . I'm sure you will be glad that I won't be pestering you anymore too (ha!)

    I want to thank you for helping me . . . you are simply "THE BEST"!!!! From the bottom of my heart, thank you, thank you, thank you!
     
  9. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    You're welcome! :)

    Glad to hear everything's working agin.
     
  10. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Going to pop this one back to the top for a question for Tony or stay1234......did disabling this guy:

    zzzHPSETUP

    have any ill effects and do you know what it's for?
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/111435

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice