• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
SubHuman

IE very slow... HJT log included

17 posts in this topic

Greetings humans and other miscellaneous life forms!

 

Subhuman here with an ernest plea for assistance. I'm under a death threat from the wife and kids (those little darlings) to fix our (their) computer. Please help save Subhuman and in return I'll name the next child/grandchild after you.... or a monetary donation to spywareinfo.... your choice!

 

Here's the poop!

About a week ago Internet Explorer began taking a long time, about 3 to 5 minutes, to download web pages. The same thing is happening with Netscape. We have 2 profiles (logins) on this XP box, mine (John) and my wife's (Sheila). The same problem exists in both profiles. In Task Manager I've noticed that the CPU is at 100% while accessing websites and stays at about 30% at other times. Seems a bit high.

 

A few months ago I had problems with about:blank and numerous popups but thanks to you good folks at spywareinfo I was able to fix all that. I've been using Adaware, Spybot, & Cookie Wall for a few months and everything has been working fine, till now. I have oodles of websites listed in the IE restricted sights list thanks to IE-Spyad. I also keep my Norton Antivirus and Firewall up to date. My Windows updates are current.

 

I read the spywareinfo FAQ and followed those directions... Adaware, Spybot, CWShredder, HiJackThis, etc. But still have problems. Adaware and CWShredder came up clean. Spybot found something to do with MS Works and I fixed it. I'm attaching below the HiJackThis log for the 2 profiles (John & Sheila). Good Luck!

 

Thanks for helping!

Subhuman (aka John)

 

John's HJT Log

Logfile of HijackThis v1.97.7

Scan saved at 10:48:03 AM, on 5/30/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Real\RealJukebox\tsystray.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

C:\Program Files\Norton Personal Firewall\IAMAPP.EXE

C:\WINDOWS\DELLMMKB.EXE

C:\Program Files\AnalogX\CookieWall\cookie.exe

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\SETI@home\SETI@home.exe

C:\Program Files\Iomega\AutoDisk\AD2KClient.exe

C:\Palm\HOTSYNC.EXE

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\Belkin Sentry Bulldog\MUPS.exe

C:\Program Files\Netropa\OSD.exe

C:\WINDOWS\Nhksrv.exe

C:\WINDOWS\System32\PackethSvc.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\PROGRA~1\Iomega\System32\ActivityDisk.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton Personal Firewall\NISUM.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Norton Personal Firewall\SymProxySvc.exe

C:\Program Files\Belkin Sentry Bulldog\upsd.exe

C:\Program Files\Norton Personal Firewall\NISSERV.EXE

C:\Documents and Settings\John\My Documents\HJT1\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.netscape.com

N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.yahoo.com/"); (C:\Program Files\Netscape\Users\desf1926@bellsouth.net\prefs.js)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [RealJukeboxSystray] "C:\Program Files\Real\RealJukebox\tsystray.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE

O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE

O4 - HKLM\..\Run: [CookieWall] C:\Program Files\AnalogX\CookieWall\cookie.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

O4 - HKCU\..\Run: [seticlient] C:\Program Files\SETI@home\SETI@home.exe -min

O4 - HKCU\..\Run: [iomega Active Disk] C:\Program Files\Iomega\AutoDisk\AD2KClient.exe

O4 - HKCU\..\Run: [AIM] C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: America Online 6.0 Tray Icon.lnk = C:\Program Files\America Online 6.0\aoltray.exe

O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: MUPS.lnk = C:\Program Files\Belkin Sentry Bulldog\MUPS.exe

O9 - Extra button: Researcher (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: MoneySide (HKLM)

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

************

 

Sheila's HJT Log

Logfile of HijackThis v1.97.7

Scan saved at 11:09:19 AM, on 5/30/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Nhksrv.exe

C:\WINDOWS\System32\PackethSvc.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\PROGRA~1\Iomega\System32\ActivityDisk.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton Personal Firewall\NISUM.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Norton Personal Firewall\SymProxySvc.exe

C:\Program Files\Belkin Sentry Bulldog\upsd.exe

C:\Program Files\Norton Personal Firewall\NISSERV.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\Real\RealJukebox\tsystray.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

C:\Program Files\Norton Personal Firewall\IAMAPP.EXE

C:\WINDOWS\DELLMMKB.EXE

C:\Program Files\AnalogX\CookieWall\cookie.exe

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Palm\HOTSYNC.EXE

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\Belkin Sentry Bulldog\MUPS.exe

C:\Program Files\Netropa\OSD.exe

C:\Documents and Settings\Sheila\My Documents\HJT2\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.netscape.com

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [RealJukeboxSystray] "C:\Program Files\Real\RealJukebox\tsystray.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE

O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE

O4 - HKLM\..\Run: [CookieWall] C:\Program Files\AnalogX\CookieWall\cookie.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: America Online 6.0 Tray Icon.lnk = C:\Program Files\America Online 6.0\aoltray.exe

O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: MUPS.lnk = C:\Program Files\Belkin Sentry Bulldog\MUPS.exe

O9 - Extra button: Researcher (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: MoneySide (HKLM)

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab

O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

Share this post


Link to post
Share on other sites

Your logs are clean. (only 1 was needed because it's the same machine)

 

Clear Temp/Temporary Internet Files/History

 

Run Defrag

 

Disable some of those startup items,.

 

NHKSRV is sometimes responsible for literally eating up CPU cycles, up to 90% CPU usage sometimes. So, although NHKSRV is effectively a security feature, you may need to disable it and possibly completely disable hotkey support altogether. To disable, go to "Control Panel \ Services" in WinNT4, or "Control Panel \ Administrative Tools \ Services" in Win2000/XP to set this service to "Manual".

 

Please let me know if this helped.

Share this post


Link to post
Share on other sites

dolphins...

 

Just tried all your suggestions, but alas no affect. After restarting the computer the browser is as slow as it was before. By the way, the problem seems only to affect IE and Netscape. I am able to do my Symantec updates, or email, or download other data just as quickly as ever. The only slow down is associated with the browsers. My Bellsouth Fastaccess DSL is working fine.

 

What do I try next???

 

Anyone???

 

Thanks,

SubHuman (aka John)

Share this post


Link to post
Share on other sites

You are running 2 different versions of Norton AV, So you either recently upgraded to XP or you had the wrong version of Norton AV installed from the start. You must completely Uninstall any AV before installing a new one or it will cause many problems not unlike what your experiencing now.

 

C:\Program Files\Norton AntiVirus\navapsvc.exe = NT/2000/XP

 

C:\PROGRA~1\NORTON~1\navapw32.exe = 95/98/me

 

I don't know which versions your running but there is an Uninstall tool for How to uninstall Norton AntiVirus 2003

Share this post


Link to post
Share on other sites

Thanks for the advice!

I installed Mozilla Firefox as you suggested but, unfortunately I'm having the same problem with it that I am with IE and Netscape. The download was very quick but, its taking several minutes for any web page to load.

 

I looked into the issue of the 2 Norton anti-virus applications running. When I bought my Dell about a year and a half ago it had the usual 90 day free trial of Norton 2002 installed. I subsequently ordered the full version and have been using it ever since without any problem. I never did have the Norton AV for 95/98/ME as far as I know on my machine. When I disabled the navapw32.exe in Task Manager the system tray icon disappeared. I'm wondering if both navapw32 and navapsvc might be required for NAV 2002. Do you think its a good time to uninstall what I have and load NIS 2004?

 

What ever is causing me this problem has got to be fairly recent. I've been having the browser slowdown problem for only a couple of weeks now.

 

Do you folks know of any application I can run that will show me what process is actually consuming my CPU (and I assume slowing me down) when on the internet?

 

Thanks again for all your help!

SubHuman (aka John)

Share this post


Link to post
Share on other sites

Ok lets dig a little deeper.

Can you please generate a startup list with Hijackthis.

go to config/misc tools.

Under the startuplist button check both boxes.

Hit the startuplist button and copy and paste the results here.

Share this post


Link to post
Share on other sites

Thanks for the quick attention Shadowwar! I'm leaving the office in a few minutes and will get this for you as soon as I get home. Please check back here in about an hour.

 

Thanks again!

SubHuman (aka John)

Share this post


Link to post
Share on other sites

Shadowwar...

 

Here's the startup list from HiJackThis that you asked for. Good Luck!

 

dolphins...

 

Thanks for the post about the updates to Norton. I'll check it out.

 

Thanks for the help!

SubHuman (aka John)

 

 

StartupList report, 6/2/2004, 6:08:43 PM

StartupList version: 1.52

Started from : C:\Documents and Settings\John\My Documents\HJT1\HijackThis.EXE

Detected: Windows XP SP1 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)

* Using default options

* Including empty and uninteresting sections

* Showing rarely important sections

==================================================

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Real\RealJukebox\tsystray.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

C:\Program Files\Norton Personal Firewall\IAMAPP.EXE

C:\WINDOWS\DELLMMKB.EXE

C:\Program Files\AnalogX\CookieWall\cookie.exe

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\SETI@home\SETI@home.exe

C:\Program Files\Iomega\AutoDisk\AD2KClient.exe

C:\Palm\HOTSYNC.EXE

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\Netropa\OSD.exe

C:\Program Files\Belkin Sentry Bulldog\MUPS.exe

C:\WINDOWS\System32\PackethSvc.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\PROGRA~1\Iomega\System32\ActivityDisk.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton Personal Firewall\NISUM.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Norton Personal Firewall\SymProxySvc.exe

C:\Program Files\Belkin Sentry Bulldog\upsd.exe

C:\Program Files\Norton Personal Firewall\NISSERV.EXE

C:\Documents and Settings\John\My Documents\HJT1\HijackThis.exe

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Startup:

[C:\Documents and Settings\John\Start Menu\Programs\Startup]

*No files*

 

Shell folders AltStartup:

*Folder not found*

 

User shell folders Startup:

*Folder not found*

 

User shell folders AltStartup:

*Folder not found*

 

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader

 

.exe

America Online 6.0 Tray Icon.lnk = C:\Program Files\America Online 6.0\aoltray.exe

Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe

HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE

Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

Microsoft Works Calendar Reminders.lnk = ?

MUPS.lnk = C:\Program Files\Belkin Sentry Bulldog\MUPS.exe

 

Shell folders Common AltStartup:

*Folder not found*

 

User shell folders Common Startup:

*Folder not found*

 

User shell folders Alternate Common Startup:

*Folder not found*

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

 

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

 

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

*Registry value not found*

 

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

RealJukeboxSystray = "C:\Program Files\Real\RealJukebox\tsystray.exe"

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

nwiz = nwiz.exe /install

NAV Agent = C:\PROGRA~1\NORTON~1\navapw32.exe

Iomega Startup Options = C:\Program Files\Iomega\Common\ImgStart.exe

Iomega Drive Icons = C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

iamapp = C:\Program Files\Norton Personal Firewall\IAMAPP.EXE

DellTouch = C:\WINDOWS\DELLMMKB.EXE

CookieWall = C:\Program Files\AnalogX\CookieWall\cookie.exe

AdaptecDirectCD = "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*No values found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

Symantec NetDriver Monitor = C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE

seticlient = C:\Program Files\SETI@home\SETI@home.exe -min

Iomega Active Disk = C:\Program Files\Iomega\AutoDisk\AD2KClient.exe

AIM = C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

 

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

[OptionalComponents]

*No values found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No subkeys found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

Autorun entries in Registry subkeys of:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

 

--------------------------------------------------

 

File association entry for .EXE:

HKEY_CLASSES_ROOT\exefile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .COM:

HKEY_CLASSES_ROOT\comfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .BAT:

HKEY_CLASSES_ROOT\batfile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .PIF:

HKEY_CLASSES_ROOT\piffile\shell\open\command

 

(Default) = "%1" %*

 

--------------------------------------------------

 

File association entry for .SCR:

HKEY_CLASSES_ROOT\scrfile\shell\open\command

 

(Default) = "%1" /S

 

--------------------------------------------------

 

File association entry for .HTA:

HKEY_CLASSES_ROOT\htafile\shell\open\command

 

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

 

--------------------------------------------------

 

Enumerating Active Setup stub paths:

HKLM\Software\Microsoft\Active Setup\Installed Components

(* = disabled by HKCU twin)

 

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

StubPath = C:\WINDOWS\INF\unregmp2.exe /ShowWMP

 

[>{26923b43-4d38-484f-9b9e-de460746276c}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

 

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *

StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *

StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT

 

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *

StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32

 

\themeui.dll

 

[{306D6C21-C1B6-4629-986C-E59E1875B8AF}]

StubPath = "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll"

 

,ShowIconsUser

 

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

 

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install

 

.PerUser.NT

 

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.

 

PerUser

 

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *

StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

 

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *

StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

 

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *

StubPath = regsvr32.exe /s /n /i:U shell32.dll

 

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *

StubPath = %SystemRoot%\system32\ie4uinit.exe

 

--------------------------------------------------

 

Enumerating ICQ Agent Autostart apps:

HKCU\Software\Mirabilis\ICQ\Agent\Apps

 

*Registry key not found*

 

--------------------------------------------------

 

Load/Run keys from C:\WINDOWS\WIN.INI:

 

load=*INI section not found*

run=*INI section not found*

 

Load/Run keys from Registry:

 

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=Explorer.exe

SCRNSAVE.EXE=*Registry value not found*

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

Checking for EXPLORER.EXE instances:

 

C:\WINDOWS\Explorer.exe: PRESENT!

 

C:\Explorer.exe: not present

C:\WINDOWS\Explorer\Explorer.exe: not present

C:\WINDOWS\System\Explorer.exe: not present

C:\WINDOWS\System32\Explorer.exe: not present

C:\WINDOWS\Command\Explorer.exe: not present

C:\WINDOWS\Fonts\Explorer.exe: not present

 

--------------------------------------------------

 

Checking for superhidden extensions:

 

.lnk: HIDDEN! (arrow overlay: yes)

.pif: HIDDEN! (arrow overlay: yes)

.exe: not hidden

.com: not hidden

.bat: not hidden

.hta: not hidden

.scr: not hidden

.shs: HIDDEN!

.shb: HIDDEN!

.vbs: not hidden

.vbe: not hidden

.wsh: not hidden

.scf: HIDDEN! (arrow overlay: NO!)

.url: HIDDEN! (arrow overlay: yes)

.js: not hidden

.jse: not hidden

 

--------------------------------------------------

 

Verifying REGEDIT.EXE integrity:

 

- Regedit.exe found in C:\WINDOWS

- .reg open command is normal (regedit.exe %1)

- Company name OK: 'Microsoft Corporation'

- Original filename OK: 'REGEDIT.EXE'

- File description: 'Registry Editor'

 

Registry check passed

 

--------------------------------------------------

 

Enumerating Browser Helper Objects:

 

NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B

 

084872}

(no name) - C:\Program Files\Microsoft Money\System\mnyviewer.dll - {FDD3B846-8D59-4ffb-8758-

 

209B6AD74ACC}

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

Symantec NetDetect.job

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[Microsoft XML Parser for Java]

CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab

OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

 

[HouseCall Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx

CODEBASE = http://a840.g.akamai.net/7/840/537/2003120....com/housecall/

 

xscan53.cab

 

[shutterfly Picture Upload Plugin]

InProcServer32 = C:\WINDOWS\DOWNLO~1\SFUPLO~1.OCX

CODEBASE = http://web1.shutterfly.com/downloads/Uploader.cab

 

[symantec RuFSI Registry Information Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll

CODEBASE = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

 

[ActiveDataInfo Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\SymAData.dll

CODEBASE = https://www-secure.symantec.com/techsupp/ac...ta/SymAData.cab

 

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx

CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

[ActiveDataObj Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\ActiveData.dll

CODEBASE = https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

 

--------------------------------------------------

 

Enumerating Winsock LSP files:

 

NameSpace #1: C:\WINDOWS\System32\mswsock.dll

NameSpace #2: C:\WINDOWS\System32\winrnr.dll

NameSpace #3: C:\WINDOWS\System32\mswsock.dll

Protocol #1: C:\WINDOWS\system32\mswsock.dll

Protocol #2: C:\WINDOWS\system32\mswsock.dll

Protocol #3: C:\WINDOWS\system32\mswsock.dll

Protocol #4: C:\WINDOWS\system32\rsvpsp.dll

Protocol #5: C:\WINDOWS\system32\rsvpsp.dll

Protocol #6: C:\WINDOWS\system32\mswsock.dll

Protocol #7: C:\WINDOWS\system32\mswsock.dll

Protocol #8: C:\WINDOWS\system32\mswsock.dll

Protocol #9: C:\WINDOWS\system32\mswsock.dll

Protocol #10: C:\WINDOWS\system32\mswsock.dll

Protocol #11: C:\WINDOWS\system32\mswsock.dll

Protocol #12: C:\WINDOWS\system32\mswsock.dll

Protocol #13: C:\WINDOWS\system32\mswsock.dll

Protocol #14: C:\WINDOWS\system32\mswsock.dll

Protocol #15: C:\WINDOWS\system32\mswsock.dll

Protocol #16: C:\WINDOWS\system32\mswsock.dll

Protocol #17: C:\WINDOWS\system32\mswsock.dll

 

--------------------------------------------------

 

Enumerating Windows NT/2000/XP services

 

abp480n5: \SystemRoot\System32\DRIVERS\ABP480N5.SYS (disabled)

Intel® 82801 Audio Driver Install Service (WDM): system32\drivers\ac97intc.sys (manual start)

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)

adpu160m: \SystemRoot\System32\DRIVERS\adpu160m.sys (disabled)

Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)

AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)

Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)

Compaq AGP Bus Filter: \SystemRoot\System32\DRIVERS\agpCPQ.sys (disabled)

Aha154x: \SystemRoot\System32\DRIVERS\aha154x.sys (disabled)

aic78u2: \SystemRoot\System32\DRIVERS\aic78u2.sys (disabled)

aic78xx: \SystemRoot\System32\DRIVERS\aic78xx.sys (disabled)

Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)

Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)

AliIde: \SystemRoot\System32\DRIVERS\aliide.sys (disabled)

ALI AGP Bus Filter: \SystemRoot\System32\DRIVERS\alim1541.sys (disabled)

AMD AGP Bus Filter Driver: \SystemRoot\System32\DRIVERS\amdagp.sys (disabled)

amsint: \SystemRoot\System32\DRIVERS\amsint.sys (disabled)

Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

asc: \SystemRoot\System32\DRIVERS\asc.sys (disabled)

asc3350p: \SystemRoot\System32\DRIVERS\asc3350p.sys (disabled)

asc3550: \SystemRoot\System32\DRIVERS\asc3550.sys (disabled)

RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)

Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)

ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)

Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)

Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual

 

start)

Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

C-DillaCdaC11BA: C:\WINDOWS\System32\drivers\CDAC11BA.EXE (autostart)

cbidf: \SystemRoot\System32\DRIVERS\cbidf2k.sys (disabled)

cd20xrnt: \SystemRoot\System32\DRIVERS\cd20xrnt.sys (disabled)

CdaC15BA: \??\C:\WINDOWS\System32\drivers\CdaC15BA.SYS (autostart)

CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)

Indexing Service: C:\WINDOWS\System32\cisvc.exe (manual start)

ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)

CmdIde: \SystemRoot\System32\DRIVERS\cmdide.sys (disabled)

Microsoft Composite Battery Driver: System32\DRIVERS\compbatt.sys (system)

COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-

 

00805FC79235} (manual start)

Cpqarray: \SystemRoot\System32\DRIVERS\cpqarray.sys (disabled)

Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

dac2w2k: \SystemRoot\System32\DRIVERS\dac2w2k.sys (disabled)

dac960nt: \SystemRoot\System32\DRIVERS\dac960nt.sys (disabled)

DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Disk Driver: System32\DRIVERS\disk.sys (system)

DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver: System32\DRIVERS\DM9PCI5.SYS (manual start)

Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual

 

start)

dmboot: System32\drivers\dmboot.sys (disabled)

dmio: System32\drivers\dmio.sys (disabled)

dmload: System32\drivers\dmload.sys (disabled)

Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)

DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)

dpti2o: \SystemRoot\System32\DRIVERS\dpti2o.sys (disabled)

Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)

3Com EtherLink XL 90XB/C Adapter Driver: System32\DRIVERS\el90xbc5.sys (manual start)

Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Event Log: %SystemRoot%\system32\services.exe (autostart)

COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)

Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)

Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)

Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)

Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)

HCF_MSFT: System32\DRIVERS\HCF_MSFT.sys (manual start)

Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

HID UPS Battery Driver: System32\DRIVERS\HidBatt.sys (manual start)

Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)

hpn: \SystemRoot\System32\DRIVERS\hpn.sys (disabled)

hpt3xx: \SystemRoot\System32\DRIVERS\hpt3xx.sys (disabled)

i2omp: \SystemRoot\System32\DRIVERS\i2omp.sys (disabled)

i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)

Imapi: system32\drivers\ImapiRox.sys (system)

IMAPI CD-Burning COM Service: C:\WINDOWS\System32\ImapiRox.exe (manual start)

ini910u: \SystemRoot\System32\DRIVERS\ini910u.sys (disabled)

IntelIde: System32\DRIVERS\intelide.sys (system)

Iomega Devices Disk Filter Services: System32\DRIVERS\iomdisk.sys (system)

Iomega Activity Disk2: "C:\PROGRA~1\Iomega\System32\ActivityDisk.exe" (autostart)

IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)

IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)

IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)

IPSEC driver: System32\DRIVERS\ipsec.sys (system)

IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)

PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)

Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)

Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)

Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)

Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)

Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)

mraid35x: \SystemRoot\System32\DRIVERS\mraid35x.sys (disabled)

WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)

MRXSMB: System32\DRIVERS\mrxsmb.sys (system)

Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)

DellTouch: System32\DRIVERS\msikbd2k.sys (manual start)

Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)

Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)

Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)

Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)

NAVAP: \??\C:\WINDOWS\System32\Drivers\NAVAP.SYS (manual start)

Norton AntiVirus Auto Protect Service: C:\Program Files\Norton AntiVirus\navapsvc.exe (

 

autostart)

NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20040528.009\NAVENG.Sys (manual start)

NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20040528.009\NavEx15.Sys (manual start)

Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)

NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)

Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)

NetBIOS Interface: System32\DRIVERS\netbios.sys (system)

NetBT: System32\DRIVERS\netbt.sys (system)

Network DDE: %SystemRoot%\system32\netdde.exe (manual start)

Network DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start)

Net Logon: %SystemRoot%\System32\lsass.exe (manual start)

Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Netropa NHK Server: %SystemRoot%\Nhksrv.exe (disabled)

Norton Personal Firewall Service: C:\Program Files\Norton Personal Firewall\NISSERV.EXE (

 

autostart)

Norton Personal Firewall Accounts Manager: C:\Program Files\Norton Personal Firewall\NISUM.EXE

 

(manual start)

Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)

Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

nv: System32\DRIVERS\nv4_mini.sys (manual start)

nv4: System32\DRIVERS\nv4_mini.sys (manual start)

NVIDIA Display Driver Service: %SystemRoot%\System32\nvsvc32.exe (autostart)

IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)

IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)

Intel PentiumIII Processor Driver: System32\DRIVERS\p3.sys (system)

Virtual NIC Service: C:\WINDOWS\System32\PackethSvc.exe (autostart)

PalmUSBD: system32\drivers\PalmUSBD.sys (manual start)

Parallel port driver: System32\DRIVERS\parport.sys (manual start)

PCI Bus Driver: System32\DRIVERS\pci.sys (system)

PCIIde: \SystemRoot\System32\DRIVERS\pciide.sys (disabled)

perc2: \SystemRoot\System32\DRIVERS\perc2.sys (disabled)

perc2hib: \SystemRoot\System32\DRIVERS\perc2hib.sys (disabled)

Plug and Play: %SystemRoot%\system32\services.exe (autostart)

IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)

Iomega Parallel Port Filter Driver: System32\DRIVERS\ppa.sys (system)

WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)

Processor Driver: System32\DRIVERS\processr.sys (system)

Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)

QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)

Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)

ql1080: \SystemRoot\System32\DRIVERS\ql1080.sys (disabled)

Ql10wnt: \SystemRoot\System32\DRIVERS\ql10wnt.sys (disabled)

ql12160: \SystemRoot\System32\DRIVERS\ql12160.sys (disabled)

ql1240: \SystemRoot\System32\DRIVERS\ql1240.sys (disabled)

ql1280: \SystemRoot\System32\DRIVERS\ql1280.sys (disabled)

Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)

Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual

 

start)

WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)

Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)

Direct Parallel: System32\DRIVERS\raspti.sys (manual start)

Rdbss: System32\DRIVERS\rdbss.sys (system)

RDPCDD: System32\DRIVERS\RDPCDD.sys (system)

Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)

Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)

Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)

Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)

Rio800 driver: System32\Drivers\Rio8Drv.sys (manual start)

Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)

Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)

QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)

Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)

ScriptBlocking Service: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)

Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)

Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)

Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Secdrv: System32\DRIVERS\secdrv.sys (manual start)

Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)

Serial port driver: System32\DRIVERS\serial.sys (system)

Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS): %SystemRoot%\System32

 

\svchost.exe -k netsvcs (manual start)

Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

SIS AGP Bus Filter: \SystemRoot\System32\DRIVERS\sisagp.sys (disabled)

smwdm: system32\drivers\smwdm.sys (manual start)

Symantec Network Drivers Service: C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (

 

manual start)

Sparrow: \SystemRoot\System32\DRIVERS\sparrow.sys (disabled)

Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)

Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)

System Restore Filter Driver: System32\DRIVERS\sr.sys (system)

System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Srv: System32\DRIVERS\srv.sys (manual start)

SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)

Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (manual start)

Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)

Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)

MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{B0A2456C-F1A2-47D

 

9-8A39-CB9111F04968} (manual start)

symc810: \SystemRoot\System32\DRIVERS\symc810.sys (disabled)

symc8xx: \SystemRoot\System32\DRIVERS\symc8xx.sys (disabled)

SYMDNS: \??\C:\WINDOWS\System32\Drivers\SYMDNS.SYS (manual start)

SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)

SYMFW: \??\C:\WINDOWS\System32\Drivers\SYMFW.SYS (manual start)

SYMIDS: \??\C:\WINDOWS\System32\Drivers\SYMIDS.SYS (manual start)

SYMIDSCO: \??\C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS (manual start)

SYMNDIS: \??\C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (manual start)

Norton Personal Firewall Proxy Service: C:\Program Files\Norton Personal Firewall\SymProxySvc.

 

exe (autostart)

SYMREDRV: \??\C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (manual start)

SYMTDI: \??\C:\WINDOWS\System32\Drivers\SYMTDI.SYS (autostart)

sym_hi: \SystemRoot\System32\DRIVERS\sym_hi.sys (disabled)

sym_u3: \SystemRoot\System32\DRIVERS\sym_u3.sys (disabled)

Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)

Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)

Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)

Terminal Device Driver: System32\DRIVERS\termdd.sys (system)

Terminal Services: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

TosIde: \SystemRoot\System32\DRIVERS\toside.sys (disabled)

Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)

ultra: \SystemRoot\System32\DRIVERS\ultra.sys (disabled)

Microcode Update Driver: System32\DRIVERS\update.sys (manual start)

Upload Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual

 

start)

Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)

UPS - UPSentry Service: "C:\Program Files\Belkin Sentry Bulldog\upsd.exe" (autostart)

Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start)

Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual

 

start)

VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)

VIA AGP Bus Filter: \SystemRoot\System32\DRIVERS\viaagp.sys (disabled)

ViaIde: \SystemRoot\System32\DRIVERS\viaide.sys (disabled)

Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)

Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)

WAN Network Driver: System32\DRIVERS\wandrv.sys (manual start)

Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)

WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)

Winachcf: System32\DRIVERS\winachcf.sys (manual start)

Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)

Portable Media Serial Number: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)

Automatic Updates: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)

Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)

 

 

--------------------------------------------------

 

Enumerating Windows NT logon/logoff scripts:

*No scripts set to run*

 

Windows NT checkdisk command:

BootExecute = autocheck autochk *

 

Windows NT 'Wininit.ini':

PendingFileRenameOperations: *Registry value not found*

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\System32\webcheck.dll

SysTray: C:\WINDOWS\System32\stobject.dll

 

--------------------------------------------------

End of report, 35,805 bytes

Report generated in 0.438 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

Share this post


Link to post
Share on other sites

well startuplist looks clean. I see nothing wrong with the exception of a lot of services disabled.

Share this post


Link to post
Share on other sites

Dolphins & Shadowwar.....

 

I think I've got my problem solved. And Dolphins a special thanks to you! Thanks for pointing me to the forums at www.dslreports.com which talked about problems with Symantec Norton Personal Firewall 2002. It looks like Symantec may have included software updates intended for their Norton Personal Firewall 2004 in the liveupdates for Norton Personal Firewall 2002 on or about 12 May, 2004. Thats about when my own problems began. I run liveupdate for my Norton Anti-Virus 2002 and Firewall 2002 about every week or two and most likely got stung by Symantec's error. I disabled my Firewall and my problems immediately disappeared. Except, of course, now I'm not fully protected, but I can always get another firewall. I hope Symantec comes out with a fix for this soon or I (and I'm sure others) will have to find an alternate firewall.

 

Again, my thanks to Dolphins, Shadowwar, and spywareinfo.com for all the help!

A donation to spywareinfo.com is on the way.

 

Thanks,

SubHuman (aka John)

Share this post


Link to post
Share on other sites

OK, now that your all fixed :bounce:

 

Don't run without a software firewall unless your behind a router or you'll be posting logs that may not be so easy to fix. There are a few free ones here-> http://www.wilders.org/firewalls.htm take your pick.

 

Make sure you completely delete NPW before installing a new one.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0