Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

about blank & elite toolbar


  • Please log in to reply
1 reply to this topic

#1 sneezil

sneezil

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:31 PM

Posted 16 May 2005 - 08:11 AM

[FONT=Geneva]Hi all ... new to this .... i need help if you can... here is the last log i ran .... i am not computer stupid ... but far from knowing enough to overcome this nightmare... i have been working on this for a week now ... got rid of over 1300 spyware over the week .. but cant get rid of the rest ....have norton antivirus/internet security and spysweeper currently installed....


Logfile of HijackThis v1.99.1
Scan saved at 11:39:51 PM, on 5/15/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\CPQDIAG\CPQDFWAG.EXE
C:\WINDOWS\CPQALERT.EXE
C:\DMI\WIN32\BIN\WIN32SL.EXE
C:\WINDOWS\CPQDMI.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMPAQ\CPQWEBDMI\WEBDMI.EXE
C:\PROGRAM FILES\COMPAQ\LCRMS\LCRMS.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\ISSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PROMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\MXOALDR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\WEBROOT\POP-UP WASHER\POPUPWASHER.EXE
C:\PVSW\BIN\W3DBSMGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\ADBLOCKING\NSMDTR.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.radioshack.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=server1.huntel.net:80;https=server1.huntel.net:80;ftp=server1.huntel.net:80;gopher=server1.huntel.net:80
O2 - BHO: Popup Killer - {4A3A071E-F913-4eee-AE15-AEFFA16FB6BC} - C:\PROGRAM FILES\WEBROOT\POP-UP WASHER\VAPOPUPKILLER.DLL
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [DashSignHoleBib] C:\Windows\Application Data\Axissettingsdashsign\listbend.exe
O4 - HKLM\..\Run: [qtsT37X] OPEUPAPI.EXE
O4 - HKLM\..\Run: [SpybotSnD] "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE" /autocheck
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\cpqdiag\CpqDfwAg.exe
O4 - HKLM\..\RunServices: [CPQALERT] CpqAlert.Exe
O4 - HKLM\..\RunServices: [Win32SL] c:\dmi\win32\bin\Win32sl.exe -i -p -r
O4 - HKLM\..\RunServices: [CPQDMI] CPQDMI.EXE
O4 - HKLM\..\RunServices: [CpqWebDmi] C:\Program Files\COMPAQ\CpqWebDMI\WebDmi.Exe
O4 - HKLM\..\RunServices: [LCRMS] C:\PROGRAM FILES\COMPAQ\LCRMS\LCRMS.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ISSVC] "C:\Program Files\Norton Internet Security\ISSVC.exe"
O4 - HKLM\..\RunServices: [ccProxy] C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - HKCU\..\Run: [PopUpWasher] C:\PROGRA~1\WEBROOT\POP-UP~1\PopUpWasher.exe
O4 - Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\W3dbsmgr.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\PROGRA~1\WINZIP\wzqkpick.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/SSC/SharedCont...c/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = microlnk.com
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 63.173.164.10,63.173.164.129


Also ... no clue if this will help either but here is my startup log.....
StartupList report, 5/15/05, 11:43:43 PM
StartupList version: 1.52
Started from : C:\MY DOCUMENTS\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\CPQDIAG\CPQDFWAG.EXE
C:\WINDOWS\CPQALERT.EXE
C:\DMI\WIN32\BIN\WIN32SL.EXE
C:\WINDOWS\CPQDMI.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMPAQ\CPQWEBDMI\WEBDMI.EXE
C:\PROGRAM FILES\COMPAQ\LCRMS\LCRMS.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\ISSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PROMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\MXOALDR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\WEBROOT\POP-UP WASHER\POPUPWASHER.EXE
C:\PVSW\BIN\W3DBSMGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\ADBLOCKING\NSMDTR.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\MY DOCUMENTS\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\W3dbsmgr.exe
WinZip Quick Pick.lnk = C:\PROGRA~1\WINZIP\wzqkpick.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
SystemTray = SysTray.Exe
Promon.exe = Promon.exe
EM_EXEC = C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
LoadQM = loadqm.exe
mdac_runonce = C:\WINDOWS\SYSTEM\runonce.exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
MXO Auto Loader = C:\WINDOWS\MXOALDR.EXE
DashSignHoleBib = C:\Windows\Application Data\Axissettingsdashsign\listbend.exe
qtsT37X = OPEUPAPI.EXE
SpybotSnD = "C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE" /autocheck
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Symantec Core LC = C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

CPQDFWAG = C:\WINDOWS\cpqdiag\CpqDfwAg.exe
CPQALERT = CpqAlert.Exe
Win32SL = c:\dmi\win32\bin\Win32sl.exe -i -p -r
CPQDMI = CPQDMI.EXE
CpqWebDmi = C:\Program Files\COMPAQ\CpqWebDMI\WebDmi.Exe
LCRMS = C:\PROGRAM FILES\COMPAQ\LCRMS\LCRMS.EXE
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = C:\WINDOWS\SYSTEM\mstask.exe
KB891711 = C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
ccEvtMgr = "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ccSetMgr = "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
ISSVC = "C:\Program Files\Norton Internet Security\ISSVC.exe"
ccProxy = C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

H/PC Connection Agent = "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
SpySweeper = "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
PopUpWasher = C:\PROGRA~1\WEBROOT\POP-UP~1\PopUpWasher.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll

--------------------------------------------------

C:\WINDOWS\WININIT.INI listing:
(Created 15/5/2005, 23:35:36)

[rename]

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 15/5/2005, 21:18:34)

[Rename]
C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCAPP.EXE=C:\PROGRA~1\COMMON~1\SYMANT~1\CCAPP.EX^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCDEC.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCDEC.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCERRDSP.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCERRDSP.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCEVTMGR.EXE=C:\PROGRA~1\COMMON~1\SYMANT~1\CCEVTMGR.EX^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCINST.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCINST.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCL30.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCL30.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCLGVIEW.EXE=C:\PROGRA~1\COMMON~1\SYMANT~1\CCLGVIEW.EX^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCLOGIN.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCLOGIN.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROD.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROD.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROSUB.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROSUB.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPWD.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCPWD.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPWDSVC.EXE=C:\PROGRA~1\COMMON~1\SYMANT~1\CCPWDSVC.EX^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCSCAN.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCSCAN.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCSET.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCSET.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETMGR.EXE=C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETMGR.EX^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCVRTRST.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCVRTRST.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCWEBWND.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCWEBWND.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\ECMLDR32.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\ECMLDR32.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\DEFUTDCD.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\DEFUTDCD.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\DECOMP~1\DEC2.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\DECOMP~1\DEC2.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\DECOMP~1\DEC2AMG.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\DECOMP~1\DEC2AMG.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\DECOMP~1\DEC2ARJ.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\DECOMP~1\DEC2ARJ.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\DECOMP~1\DEC2CAB.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\DECOMP~1\DEC2CAB.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\DECOMP~1\DEC2GZIP.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\DECOMP~1\DEC2GZIP.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\DECOMP~1\DEC2ID.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\DECOMP~1\DEC2ID.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\DECOMP~1\DEC2LHA.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\DECOMP~1\DEC2LHA.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\DECOMP~1\DEC2LZ.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\DECOMP~1\DEC2LZ.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\DECOMP~1\DEC2RAR.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\DECOMP~1\DEC2RAR.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\DECOMP~1\DEC2RTF.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\DECOMP~1\DEC2RTF.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\DECOMP~1\DEC2SS.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\DECOMP~1\DEC2SS.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\DECOMP~1\DEC2TAR.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\DECOMP~1\DEC2TAR.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\DECOMP~1\DEC2TEXT.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\DECOMP~1\DEC2TEXT.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\DECOMP~1\DEC2TNEF.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\DECOMP~1\DEC2TNEF.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\DECOMP~1\DEC2ZIP.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\DECOMP~1\DEC2ZIP.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\DECOMP~1\DECSDK.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\DECOMP~1\DECSDK.DL^
C:\WINDOWS\SYSTEM\SYMREDIR.DLL=C:\WINDOWS\SYSTEM\TBM11D3.TMP
C:\WINDOWS\SYSTEM\SYMNETI.DLL=C:\WINDOWS\SYSTEM\TBM11D5.TMP
C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSRVC.EXE=C:\PROGRA~1\COMMON~1\SYMANT~1\TBM11E2.TMP
C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IDSAUX.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IDSAUX.___
C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\SYMIDSLU.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\SYMIDSLU.___
C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASADDRBK.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASADDRBK.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASADIPLG.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASADIPLG.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASAEMSCN.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASAEMSCN.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASAUADIM.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASAUADIM.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASBALIST.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASBALIST.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASCOMPBR.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASCOMPBR.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASENGAB.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASENGAB.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASENGBAY.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASENGBAY.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASENGBWL.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASENGBWL.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASENGLNG.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASENGLNG.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASENGUR.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASENGUR.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASFILTER.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASFILTER.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASLOADER.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASLOADER.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASLOGHLP.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASLOGHLP.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASLUCBK.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASLUCBK.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASLWRAP.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASLWRAP.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASOEHOOK.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASOEHOOK.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASOELNCH.EXE=C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASOELNCH.EX^
C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASSETHLP.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASSETHLP.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASSPMEVT.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASSPMEVT.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASSPMLOG.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASSPMLOG.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASUNIPLG.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASUNIPLG.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASWEMSCN.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASWEMSCN.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASYAHPXY.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASYAHPXY.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\EUDOHELP.EXE=C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\EUDOHELP.EX^
C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\EUDOPLUG.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\EUDOPLUG.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\FRESPAM.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\FRESPAM.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\MSOUPLUG.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\MSOUPLUG.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\NASPLUG.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\NASPLUG.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\SYMSPAM.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\SYMSPAM.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\OPTIONS\ASOPTS.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\OPTIONS\ASOPTS.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\OPTIONS\EMLOPTS.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\OPTIONS\EMLOPTS.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\OPTIONS\LUOPTS.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\OPTIONS\LUOPTS.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\OPTIONS\OPTIONS.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\OPTIONS\OPTIONS.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\OPTIONS\UIHELPER.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\OPTIONS\UIHELPER.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCCHARCV.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCCHARCV.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EXE=C:\PROGRA~1\COMMON~1\SYMANT~1\CCPROXY.EX^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPXYINS.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCPXYINS.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPXYEVT.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCPXYEVT.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\DPHTML.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\DPHTML.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\DPHTTP.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\DPHTTP.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\DPJS.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\DPJS.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\DPVBS.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\DPVBS.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\PXYHTTP.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\PXYHTTP.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\ABOUTPLG.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\ABOUTPLG.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\APWCMD9X.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\APWCMD9X.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\APWUTIL.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\APWUTIL.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\AVCOMPBR.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\AVCOMPBR.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\BOOTWARN.EXE=C:\PROGRA~1\NORTON~2\NORTON~1\BOOTWARN.EX^
C:\PROGRA~1\NORTON~2\NORTON~1\CCAVMAIL.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\CCAVMAIL.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\CCIMSCAN.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\CCIMSCAN.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\CCIMSCN.EXE=C:\PROGRA~1\NORTON~2\NORTON~1\CCIMSCN.EX^
C:\PROGRA~1\NORTON~2\NORTON~1\DEFALERT.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\DEFALERT.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\N32CALL.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\N32CALL.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\N32EXCLU.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\N32EXCLU.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\NAVAP32.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\NAVAP32.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\NAVAPSCR.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\NAVAPSCR.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\NAVAPW32.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\NAVAPW32.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\NAVCFGWZ.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\NAVCFGWZ.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\NAVCOMUI.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\NAVCOMUI.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\NAVDX.EXE=C:\PROGRA~1\NORTON~2\NORTON~1\NAVDX.EX^
C:\PROGRA~1\NORTON~2\NORTON~1\NAVDX.OVL=C:\PROGRA~1\NORTON~2\NORTON~1\NAVDX.OV^
C:\PROGRA~1\NORTON~2\NORTON~1\NAVERROR.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\NAVERROR.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\NAVEVENT.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\NAVEVENT.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\NAVKRNLO.VXD=C:\PROGRA~1\NORTON~2\NORTON~1\NAVKRNLO.VX^
C:\PROGRA~1\NORTON~2\NORTON~1\NAVLCOM.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\NAVLCOM.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\NAVLNCH.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\NAVLNCH.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\NAVLOGV.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\NAVLOGV.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\NAVLUCBK.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\NAVLUCBK.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\NAVOPTS.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\NAVOPTS.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\NAVPROD.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\NAVPROD.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\NAVSHEXT.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\NAVSHEXT.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\NAVSTATS.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\NAVSTATS.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\NAVSTUB.EXE=C:\PROGRA~1\NORTON~2\NORTON~1\NAVSTUB.EX^
C:\PROGRA~1\NORTON~2\NORTON~1\NAVTASKS.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\NAVTASKS.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\NAVTSKWZ.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\NAVTSKWZ.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\NAVUI.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\NAVUI.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\NAVUIHTM.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\NAVUIHTM.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\NAVW32.EXE=C:\PROGRA~1\NORTON~2\NORTON~1\NAVW32.EX^
C:\PROGRA~1\NORTON~2\NORTON~1\NAVWNT.EXE=C:\PROGRA~1\NORTON~2\NORTON~1\NAVWNT.EX^
C:\PROGRA~1\NORTON~2\NORTON~1\NETBREXT.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\NETBREXT.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\OEHEUR.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\OEHEUR.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\OFFICEAV.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\OFFICEAV.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\OPSCAN.EXE=C:\PROGRA~1\NORTON~2\NORTON~1\OPSCAN.EX^
C:\PROGRA~1\NORTON~2\NORTON~1\PATCH25D.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\PATCH25D.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\PROBEGSE.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\PROBEGSE.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\PTCHINST.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\PTCHINST.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\QCONRES.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\QCONRES.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\QCONSOLE.EXE=C:\PROGRA~1\NORTON~2\NORTON~1\QCONSOLE.EX^
C:\PROGRA~1\NORTON~2\NORTON~1\QSPAK32.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\QSPAK32.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\QUAR32.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\QUAR32.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\S32INTEG.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\S32INTEG.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\S32NAVO.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\S32NAVO.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\SAVRT32.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\SAVRT32.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\SAVRT.VXD=C:\PROGRA~1\NORTON~2\NORTON~1\SAVRT.VX^
C:\PROGRA~1\NORTON~2\NORTON~1\SAVRTPEL.VXD=C:\PROGRA~1\NORTON~2\NORTON~1\SAVRTPEL.VX^
C:\PROGRA~1\NORTON~2\NORTON~1\SAVSCAN.EXE=C:\PROGRA~1\NORTON~2\NORTON~1\SAVSCAN.EX^
C:\PROGRA~1\NORTON~2\NORTON~1\SCANDLVR.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\SCANDLVR.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\SCANDRES.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\SCANDRES.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\SCANMGR.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\SCANMGR.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\SCRIPTUI.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\SCRIPTUI.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\SDPCK32I.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\SDPCK32I.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\SDSND32I.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\SDSND32I.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\SDSOK32I.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\SDSOK32I.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\SDSTP32I.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\SDSTP32I.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\STATUSHP.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\STATUSHP.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\SYMNAVO.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\SYMNAVO.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\TKNV16O.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\TKNV16O.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\TKNV32O.DLL=C:\PROGRA~1\NORTON~2\NORTON~1\TKNV32O.DL^
C:\PROGRA~1\NORTON~2\NORTON~1\UNDOBOOT.EXE=C:\PROGRA~1\NORTON~2\NORTON~1\UNDOBOOT.EX^
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SCRAUTH.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SCRAUTH.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SCRTRUST.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SCRTRUST.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SCRBLOCK.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SCRBLOCK.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBSERV.EXE=C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBSERV.EX^

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET TZ=CT
SET UUPCSYSRC=C:\UUPC\UUPC.RC
SET UUPCUSRRC=C:\UUPC\MANAGER.RC
PATH=%PATH%;C:\UUPC\NTBIN
PATH=%PATH%;C:\UUPC\NTBIN;
SET PERVASIVE_PATH="C:\PVSW\BIN"
SET PATH=%PATH%;c:\DMI\WIN32\BIN
SET WIN32DMIPATH=c:\dmi\win32
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;"C:\PVSW\BIN;%PATH%"
Set tvdumpflags=10
SET PATH=%PATH%;C:\RSC32\BIN

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\PROGRAM FILES\WEBROOT\POP-UP WASHER\VAPOPUPKILLER.DLL - {4A3A071E-F913-4eee-AE15-AEFFA16FB6BC}
Norton Internet Security - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll - {9ECB9560-04F9-4bbc-943D-298DDF1699E1}
NAV Helper - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
Symantec NetDetect.job
Norton AntiVirus - Scan my computer.job
85B030D76C7A2BD8.job

--------------------------------------------------

Enumerating Download Program Files:

[CV3 Class]
InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
CODEBASE = http://windowsupdate.microsoft.com/R957/V3...en/actsetup.cab

[sys Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PCPITSTOP.DLL
CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUFSI.DLL
CODEBASE = http://security1.norton.com/SSC/SharedCont...c/bin/cabsa.cab

[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\AVSNIFF.DLL
CODEBASE = http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/...7882.4644212963

[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUFSI.DLL
CODEBASE = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

[SysData Class]
InProcServer32 = C:\WINDOWS\DOWNLO~1\SYSINFO.DLL
CODEBASE = http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL

--------------------------------------------------
End of report, 22,749 bytes
Report generated in 0.103 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


thank you soooooooooooooo much for any help or assistance ya'll can provide!!

Take Care!!

Sneez

BC AdBot (Login to Remove)

 


m

#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:31 PM

Posted 17 May 2005 - 01:11 PM

Hi sneezil and welcome to the BC forums. I am curious about a couple of these files so I would like you to check them out.

We need to make sure all hidden files are showing so please:
  • Open My Computer.
  • Select the View menu and click Folder Options.
  • Select the View tab.
  • In the Hidden files section select Show all files.
  • Click OK.
Go to the Jotti's malware scan page and use the buttons at the top of the page to browse to this file(s) on your hard drive and submit it for a scan:C:\Windows\Application Data\Axissettingsdashsign\listbend.exe
OPEUPAPI.EXE (this will most likely be located in c:\windows or c:\windows\system)

Several scanning engines will be used to check the file for any threats. Please post the results of the scans back here.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users