[Resolved] Unable to run Norton AntiVirus 2003 software

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

stay1234

Thread Starter
Joined
Oct 26, 2002
Messages
27
I uninstalled my McAfee AntiVirus software and installed Norton AntiVirus 2003 software.

Everything appeared to load correctly but I am unable to open the Norton software from my desktop. When I double click on the icon, nothing happens so I'm not sure whether I am covered or not.

When I "right click" on the Norton icon and click on "open", I get the following error message:

Windows Cannot Find
SCAN32.EXE
This Program is needed for opening files of type "Application".

Please help.
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
You may well be infected by the W32.Yaha.K Worm.
One of the things it does is cripple your antivirus.

Here's the Bitdefender removal tool.
Download and run it, preferably in Safe Mode.

Symantec has one as well

Also please do this:

Go to http://www.spywareinfo.com/downloads.php#startup , and download 'Startuplist'.

Unzip, doubleclick it, and it will generate a text file that will list all running processes, all applications that are loaded automatically when you start Windows, and more.

Go to Edit > select all, copy it and post the contents here.
 

stay1234

Thread Starter
Joined
Oct 26, 2002
Messages
27
Tony,

I ran the Bitdefender removal tool as you suggested. Report showed "no infected files".

Attached is the "startuplist" you requested. Thanks for your help!!

StartupList report, 1/4/03, 8:07:30 PM
StartupList version: 1.50
Started from : C:\UNZIPPED\STARTUPLIST[1]\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\PROGRAM FILES\COMPAQ\DIGITAL DASHBOARD\DEVGULP.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\HPZTSB04.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\WINDOWS\SYSTEM\HPHMON03.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\PHOTO IMAGING\HPI_MONITOR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\PROGRAM FILES\KAZAA\KAZAA.EXE
C:\PROGRAM FILES\DELFIN\PROMULGATE\PGMONITR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\PHOTOSMART\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
C:\PROGRAM FILES\EXCITE\PLATFORM\EXSHELL.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\AUDIOGALAXY SATELLITE\AGSATELLITE609.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\TIGER TECHNOLOGIES\DESKFLAG\DESKFLAG.EXE
C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
C:\WINDOWS\SYSTEM\HPHIPM09.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\STARTUPLIST[1]\STARTUPLIST.EXE
C:\UNZIPPED\STARTUPLIST[1]\STARTUPLIST.EXE
C:\UNZIPPED\STARTUPLIST[1]\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
AGSatellite.lnk = C:\Program Files\Audiogalaxy Satellite\AGSatellite609.exe
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
DeskFlag.lnk = C:\Program Files\Tiger Technologies\DeskFlag\deskflag.exe
America Online Tray Icon.lnk = C:\America Online 6.0\aoltray.exe
Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = c:\windows\scanregw.exe /autorun
TaskMonitor = c:\windows\taskmon.exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SystemTray = SysTray.Exe
CPQEASYACC = C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
EACLEAN = C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
CPQInet = c:\compaq\CPQInet\CpqInet.exe
Digital Dashboard = C:\Program Files\Compaq\Digital Dashboard\DevGulp.exe
Service Connection = c:\cpqs\bwtools\sccenter.exe
CountrySelection = pctptt.exe
DXM6Patch_981116 = C:\WINDOWS\p_981116.exe /Q:A
LVComs = c:\windows\SYSTEM\LVComS.exe
AvconsoleEXE = C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
VsecomrEXE = C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE
VsStatEXE = C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
McAfeeWebScanX = C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.exe
dlder =
ATTRedUpate = C:\PROGRAM FILES\COMMON FILES\AT&T\REDCON\PROGRAMS\AutoUpdate.exe
Pop-Up Stopper = "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
zzzHPSETUP = E:\Setup.exe
hpppta = C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan\hpppta.exe /ICON
StillImageMonitor = C:\WINDOWS\SYSTEM\STIMON.EXE
Explorer = C:\WINDOWS\explorer\explorer.exe
LoadQM = loadqm.exe
PTSNOOP = ptsnoop.exe
SpyBotSnD = "C:\ERROR MSG. SOLUTION\SPYBOT - SEARCH & DESTROY 1.1\SPYBOTSD.EXE"
MoviePlace = "C:\Program Files\MoviePlace\MoviePlace.exe" /H
RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
HPDJ Taskbar Utility = C:\WINDOWS\SYSTEM\hpztsb04.exe
HPHmon03 = C:\WINDOWS\SYSTEM\HPHMON03.EXE
CXMon = "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
Share-to-Web Namespace Daemon = C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
REGSHAVE = C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
XupiterCfgLoader = C:\Program Files\Xupiter\XTCfgLoader.exe
KAZAA = C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
MediaLoads Installer = "C:\Program Files\DownloadWare\dw.exe" /H
PromulGate = "C:\Program Files\DelFin\PromulGate\PgMonitr.exe"
NAV CfgWiz = c:\PROGRA~1\NORTON~1\CFGWIZ.EXE /R
ccApp = "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy = "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
Excite Platform = C:\PROGRA~1\EXCITE\PLATFORM\ExLaunch.exe
WinampAgent = "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
Adaptec DirectCD = C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
CreateCD = C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

SpyBotSnD = C:\ERROR MSG. SOLUTION\SPYBOT - SEARCH & DESTROY 1.1\SPYBOTSD.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
Hidserv = Hidserv.exe run
ccEvtMgr = "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MoneyAgent = "C:\Program Files\Microsoft Money\System\Money Express.exe"
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
WEBCAMRT.EXE =
Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
AIM = C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
Adaware Bootup = C:\PROGRAM FILES\LAVASOFT AD-AWARE\AD-AWARE.EXE /Auto /Log "C:\PROGRAM FILES\LAVASOFT AD-AWARE\"

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}

[>PerUser_MSN_Clean] *
StubPath = c:\windows\msnmgsr1.exe

[PerUser_LinkBar_URLs] *
StubPath = c:\windows\COMMAND\sulfnbk.exe /L

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

[>IEPerUser] *
StubPath = RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\3DFLOW~1.SCR
drivers=mmsystem.dll power.drv

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 4/1/2003, 18:45:48)

[Rename]
NUL=C:\WINDOWS\SYSTEM\SCHANNEL.DLL
C:\WINDOWS\SYSTEM\SCHANNEL.DLL=C:\WINDOWS\SYSTEM\SETB374.TMP
NUL=C:\WINDOWS\SYSTEM\SCHANNEL.DLL
C:\WINDOWS\SYSTEM\SCHANNEL.DLL=C:\WINDOWS\SYSTEM\SETB375.TMP
C:\WINDOWS\SYSTEM\IEPEERS.DLL=C:\WINDOWS\SYSTEM\IEPEERS.RCX
C:\WINDOWS\SYSTEM\RSASIG.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\RSASIG.DLL
C:\WINDOWS\SYSTEM\XENROLL.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\XENROLL.DLL
C:\WINDOWS\SYSTEM\MSCAT32.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSCAT32.DLL
C:\WINDOWS\SYSTEM\MSSIP32.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSSIP32.DLL
C:\WINDOWS\SYSTEM\MSSIGN32.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSSIGN32.DLL
C:\WINDOWS\SYSTEM\CRYPTUI.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\CRYPTUI.DLL
C:\WINDOWS\SYSTEM\CRYPTNET.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\CRYPTNET.DLL
C:\WINDOWS\SYSTEM\CRYPTEXT.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\CRYPTEXT.DLL
C:\WINDOWS\SYSTEM\DIGEST.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\DIGEST.DLL
C:\WINDOWS\SYSTEM\MSXML3.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSXML3.DLL
C:\WINDOWS\SYSTEM\WLDAP32.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\WLDAP32.DLL
C:\WINDOWS\SYSTEM\MSTIME.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSTIME.DLL
C:\WINDOWS\SYSTEM\MMUTILSE.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MMUTILSE.DLL
C:\WINDOWS\SYSTEM\MSRATING.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\MSRATING.DLL
C:\WINDOWS\SYSTEM\HLINK.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\HLINK.DLL
C:\WINDOWS\SYSTEM\PROCTEXE.OCX=C:\WINDOWS\SYSTEM\IE4SETUP\PROCTEXE.OCX
C:\WINDOWS\SYSTEM\URL.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\URL.DLL
C:\WINDOWS\SYSTEM\IMAGEHLP.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\IMAGEHLP.DLL
C:\PROGRA~1\INTERN~1\IEXPLORE.EXE=C:\WINDOWS\SYSTEM\IE4SETUP\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\COMCTL32.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC192.TMP
C:\WINDOWS\SYSTEM\ADVPACK.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC195.TMP
C:\WINDOWS\SYSTEM\MSHTML.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1A4.TMP
C:\WINDOWS\SYSTEM\MSHTML.TLB=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1B0.TMP
C:\WINDOWS\SYSTEM\MSHTMLED.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1B1.TMP
C:\WINDOWS\SYSTEM\SHDOCVW.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1B2.TMP
C:\WINDOWS\SYSTEM\SHDOCLC.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1B3.TMP
C:\WINDOWS\SYSTEM\URLMON.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1B4.TMP
C:\WINDOWS\SYSTEM\JSCRIPT.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1B5.TMP
C:\WINDOWS\SYSTEM\WININET.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1B6.TMP
C:\WINDOWS\SYSTEM\SHLWAPI.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1B7.TMP
C:\WINDOWS\SYSTEM\PLUGIN.OCX=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1C0.TMP
C:\WINDOWS\SYSTEM\ACTXPRXY.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1C1.TMP
C:\WINDOWS\SYSTEM\DISPEX.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1C2.TMP
C:\WINDOWS\SYSTEM\MLANG.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1C3.TMP
C:\WINDOWS\SYSTEM\MSXML.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1C4.TMP
C:\WINDOWS\SYSTEM\BROWSEUI.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1D5.TMP
C:\WINDOWS\SYSTEM\BROWSELC.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1E0.TMP
C:\WINDOWS\SYSTEM\SHDOC401.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1E1.TMP
C:\WINDOWS\SYSTEM\SHD401LC.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1E2.TMP
C:\WINDOWS\SYSTEM\SHFOLDER.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1E3.TMP
C:\WINDOWS\SYSTEM\DXTRANS.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1E4.TMP
C:\WINDOWS\SYSTEM\DXTMSFT.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1E5.TMP
C:\WINDOWS\SYSTEM\INSENG.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1F1.TMP
C:\WINDOWS\SYSTEM\MSLS31.DLL=C:\WINDOWS\SYSTEM\IE4SETUP\ACMC1F3.TMP
NUL=C:\WINDOWS\SHELLI~1
NUL=C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE=C:\WINDOWS\SYSTEM\SETC282.TMP
NUL=C:\WINDOWS\SYSTEM\MSTASK.DLL
C:\WINDOWS\SYSTEM\MSTASK.DLL=C:\WINDOWS\SYSTEM\SETC283.TMP
NUL=C:\WINDOWS\SYSTEM\WEBCHECK.DLL
C:\WINDOWS\SYSTEM\WEBCHECK.DLL=C:\WINDOWS\SYSTEM\SETC2B1.TMP
NUL=C:\WINDOWS\SYSTEM\MSIDLE.DLL
C:\WINDOWS\SYSTEM\MSIDLE.DLL=C:\WINDOWS\SYSTEM\SETC2B2.TMP
NUL=C:\WINDOWS\SYSTEM\SENS.DLL
C:\WINDOWS\SYSTEM\SENS.DLL=C:\WINDOWS\SYSTEM\SETC2B4.TMP
NUL=C:\WINDOWS\SYSTEM\SENSAPI.DLL
C:\WINDOWS\SYSTEM\SENSAPI.DLL=C:\WINDOWS\SYSTEM\SETC2B5.TMP
NUL=C:\WINDOWS\SYSTEM\ES.DLL
C:\WINDOWS\SYSTEM\ES.DLL=C:\WINDOWS\SYSTEM\SETC2B6.TMP
NUL=C:\WINDOWS\SYSTEM\ESSHARED.DLL
C:\WINDOWS\SYSTEM\ESSHARED.DLL=C:\WINDOWS\SYSTEM\SETC2B7.TMP
NUL=C:\WINDOWS\SYSTEM\ESTIER2.DLL
C:\WINDOWS\SYSTEM\ESTIER2.DLL=C:\WINDOWS\SYSTEM\SETC2C0.TMP
c:\windows\SYSTEM\dispex.dll=c:\windows\SYSTEM\dispex.001
c:\windows\SYSTEM\jscript.dll=c:\windows\SYSTEM\jscript.001
c:\windows\SYSTEM\OLEAUT32.DLL=c:\windows\SYSTEM\OLEAUT32.001
c:\windows\SYSTEM\OLEPRO32.DLL=c:\windows\SYSTEM\OLEPRO32.001
c:\windows\SYSTEM\STDOLE2.TLB=c:\windows\SYSTEM\STDOLE2.001

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

C:\PROGRA~1\NETWOR~1\MCAFEE~1\SCAN.EXE C:\
@IF ERRORLEVEL 1 PAUSE
C:\ESSAUDIO.COM -BLASTER
@ECHO OFF

--------------------------------------------------

C:\CONFIG.SYS listing:

DEVICE=C:\WINDOWS\HIMEM.SYS
DEVICE=C:\WINDOWS\EMM386.EXE NOEMS
DOS=HIGH,UMB,AUTO
FILESHIGH=80
BUFFERSHIGH=40,4
DEVICEHIGH=C:\WINDOWS\SYSTEM\CPQIDECD.SYS /D:IDECD001
SHELL=C:\COMMAND.COM /P /E:2048

--------------------------------------------------

C:\WINDOWS\DOSSTART.BAT listing:

C:\ESSAUDIO.COM -BLASTER
@echo off
LH C:\WINDOWS\COMMAND\MSCDEX.EXE /D:IDECD001 /M:12

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

NAV Helper - c:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
Synchronize Time.job
Check E-mail.job
Maintenance-Defragment programs.job
Maintenance-ScanDisk.job
Maintenance-Disk cleanup.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[HomeTsrCtrl Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\LOCATI~1.DLL
CODEBASE = http://image.excite.com/sputnik/dynacat_upload/HOME/ATHMWWW/locationchange.dll

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[IPIX ActiveX Control]
InProcServer32 = C:\WINDOWS\OCCACHE\IPIXX.OCX
CODEBASE = http://www.ipix.com/viewers/ipixx.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[Lipstream3 Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\LPLIPS.OCX
CODEBASE = http://lipstream.www.conxion.com/customers/excite/exciteus/fender.cab

[ell Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\IEELL.DLL
CODEBASE = http://aol.ea.com/downloads/games/common/ieell.cab

[CV3 Class]
InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
CODEBASE = http://windowsupdate.microsoft.com/R824/V31Controls/x86/w98/en/actsetup.cab

[WTHoster Class]
InProcServer32 = C:\WINDOWS\WT\WEBDRIVER\WTHOSTCTL.DLL
CODEBASE = http://www.wildtangent.com/install/wdriver/racing/bmxpro/wildtangent/wtinst.cab

[EABootStrap Class]
InProcServer32 = C:\WINDOWS\SYSTEM\EABTSTRP.DLL
CODEBASE = http://aol.ea.com/downloads/games/common/boot_strap/iegils.cab

[CFForm Runtime]
InProcServer32 = C:\WINDOWS\SYSTEM\MSJAVA.DLL
CODEBASE = http://www1.dcccd.edu/CFIDE/classes/CFJava.cab

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
CODEBASE = http://a840.g.akamai.net/7/840/537/2002092801/housecall.antivirus.com/housecall/xscan53.cab

[Yahoo! Companion]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YCOMP5_0_2_0.DLL
CODEBASE = http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_0_2_0.cab

[Microsoft Office Tools on the Web Control]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\OUTC.DLL
CODEBASE = http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab

[{BD11A280-2E73-11CF-B6CF-00AA00A74DAF}]
CODEBASE = http://www.talkingbuddy.com/talkingbuddyinstall.exe

[3DGreetings.com Player 2.0]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\VROOM.DLL
CODEBASE = http://expressit.broderbund.com/Plugin/3DGreetings/vroom.CAB

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37620.6539583333

--------------------------------------------------
End of report, 18,076 bytes
Report generated in 0.723 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
Wow, that's one of the most congested startup lists I've ever seen. Your computer must be as slow as molasses.

You may have SpyBot installed, but nevertheless there's lots of spyware there, mainly due to Kazaa.

I'd start by shutting down and uninstalling Kazaa. Reboot when you're done.

You can always replace it by a spyware free alternative later, and regrettably it's no use trying to troubleshoot your problems while all this thrash is still installed and running.

To start with, there's Explorer = C:\WINDOWS\explorer\explorer.exe

This is not the Real Windows Explorer, which is C:\Windows\Explorer.exe, but the Dldr Trojan

Do this:

Go to Start Run, type Msconfig, and on the Startup tab, uncheck ALL of the following items:

Service Connection
DXM6Patch_981116
LVcoms
VsecomrEXE
Dlder
zzzHPSETUP
Explorer
LoadQM
MoviePlace
XupiterCfgLoader
KAZAA
MediaLoads Installer
PromulGate
WinampAgent
WEBCAMRT.EXE

Click OK, close Msconfig, and reboot.

Now launch SpyBot, click 'Online', and search for, check, and download ALL updates.

Run it. It will find a LOT of stuff to remove.

Cheers,
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
After doing all that cleaning, do this:

Shut down Norton Antivirus, end task on all NAV files in the Ctrl-alt-delete window, and uninstall it.

Reboot when you're asked to.

Next, download and run Rnav.exe

It helps remove leftover NAV registry keys.

Now remove the NAV Program Files folder, if it's still there, and the VirusDefs folder in Program Files\Common Files\Symantec Shared.

Now copy the contents of your NAV CD-ROM to your drive, and install NAV in Safe Mode.

This ought to work.

Good luck,
 

stay1234

Thread Starter
Joined
Oct 26, 2002
Messages
27
Tony,

I did all the things you suggested to fix my NAV problem. I cleaned-up my start up list, installed the updated version of SpyBot and ran it. I also removed all NAV files (program files, registry keys, VirusDefs and Symantec Shares files).

I then rebooted in safe mode and reinstalled the NAV 2003 software.

Unfortunately, I still could not open software from the desktop icon or system tray icon.

I then went to Symantec website to see if anyone else has had this problem. Per their website, they had me run an on-line scan for the [email protected] worm (which I did not have). They then recommended I edit the registry by clicking Start, Run, typing regedit and navigating to Hkey_Local_Machine\Software\Symantec\Norton AntiVirus. Once there I was to click the "NeedActivation" Value name in the right pane and hit delete. I was unable to do this as there was nothing in the right pane. I then was told to restore the NAV desktop icon to it's default values by right clicking on NAV desktop icon, clicking on properties and entering the following into the Target field: "C:\Program Files\Common Files\Symantec Shared\NMain.exe" /dat:C:\Program Files\Norton AntiVirus\navui.nsi. When I did this I received the following error
message:

Symantec Integrator could not initialize the current frame class. Please make sure that you did not directly run the integrator.

I did everything they suggested, uninstalled, reinstalled in Safe Mode, etc. and still the program will not open.

When I click on the desktop icon and click on Run Virus Scan, I still get the following error message:

Windows Cannot Find
SCAN32.EXE
This program is needed for opening files of type "Application".


Hope you can suggest something else to try. This is very upsetting/frustrating since I uninstalled my McAfee (cannot reinstall because I do not have the software -- it came on my PC)to installed the NAV 2003 software.

Any help will be greatly appreciated. Thanks a bunch!!
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
Try this

Download Exefix.com from this site: http://home.earthlink.net/~rmbox/Reticulated/Only_IE.html

Doubleclick it, and it will restore the default Windows file associations for exefiles.

Subsequently, do this:

Copy the bold text to Notepad, save as Lnk.reg and doubleclick to enter into the registry.

Subsequently you need to reboot.



REGEDIT4

[-HKEY_CLASSES_ROOT\.lnk]

[-HKEY_CLASSES_ROOT\lnkfile]

[HKEY_CLASSES_ROOT\.lnk]
@="lnkfile"

[HKEY_CLASSES_ROOT\.lnk\ShellNew]
"Command"="RunDLL32 AppWiz.Cpl,NewLinkHere %2"

[HKEY_CLASSES_ROOT\.lnk\ShellEx]

[HKEY_CLASSES_ROOT\.lnk\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}]
@="{500202A0-731E-11d0-B829-00C04FD706EC}"

[HKEY_CLASSES_ROOT\lnkfile]
@="Shortcut"
"EditFlags"=dword:00000001
"IsShortcut"=""
"NeverShowExt"=""

[HKEY_CLASSES_ROOT\lnkfile\CLSID]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\lnkfile\shellex]

[HKEY_CLASSES_ROOT\lnkfile\shellex\IconHandler]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\lnkfile\shellex\DropHandler]
@="{00021401-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers]

[HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\{00021401-0000-0000-C000-000000000046}]
@=""
 

stay1234

Thread Starter
Joined
Oct 26, 2002
Messages
27
Tony,

Wanted to let you know that I did download the Exe.com fix files and ran it.

I also found some info on the net about how to make sure McAfee was totally uninstalled. Apparently, I had some left over stuff hanging out there . . . guess that could have been one of the reasons the NAV was not installing and running correctly.

Anyway, to make a long story short after I got rid of all the McAfee stuff, I ended up downloading the AVG AntiVirus software off the net. While surfing the different Tech Support Guy Forums, I noticed several people discussing the McAfee, NAV and AVG AntiVirus software. Most of the people seemed to think AVG (which is free off the net with free updates) was just as good and in some cases better than McAfee or NAV so I decided I would give it a try. I downloaded it this morning and everything looks good so far . . . I was so sick of trying to get the NAV to install and run correctly . . . I'm sure you will be glad that I won't be pestering you anymore too (ha!)

I want to thank you for helping me . . . you are simply "THE BEST"!!!! From the bottom of my heart, thank you, thank you, thank you!
 

TonyKlein

Malware Specialist
Joined
Aug 26, 2001
Messages
10,392
You're welcome! :)

Glad to hear everything's working agin.
 

~Candy~

Retired Administrator
Joined
Jan 27, 2001
Messages
103,706
Going to pop this one back to the top for a question for Tony or stay1234......did disabling this guy:

zzzHPSETUP

have any ill effects and do you know what it's for?
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top