worm guard 4

Discussion in 'WormGuard' started by Mr.Blaze, Mar 24, 2003.

Thread Status:
Not open for further replies.
  1. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    lo i got worm guard lol now im protected from every nasty lol

    ok 2 qustions how do you update it i see no update button lol

    2nd i cant enable protection i can install it

    but when i click on test it say protection not enabled or something like that lol
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Heya Blaze
    congratulations with your WormGuard.
    What you downloaded now is probably 3.1, saying version 4.
    After installing first click the "install" and after the "test"
    Why wouldn't it install, is it the evaluation version?

    Updating is not done collective, people add what they think necessary in this version. Tassie and others posted some practicle lists for that. WG doesn't look for names in the first place, also for code.
    With such lists it is for instance not really helpfull to add a name I-Worm.Nasty if it's working file is named nasty.scr so then you add the nasty.scr name in the list, or you could decide to block all .scr in the left screen. Gavin has explained this in those threads.
    Not sure if in the next version there would come an update databases option.

    Have fun with your WG!
     
  3. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :eek:wait a minute you mean to tell me there no data base for knowen worms for this software

    :eek:no updates

    so this more for security experts who know what there doing and are up on new worms definitions?

    no it registerd

    no more evaluation it even have my name at the top

    i instaled protection look
     

    Attached Files:

  4. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    now look
     

    Attached Files:

  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi Mr.Blaze,

    Could you try for me:
    - Click Install Protection
    - Click Done
    - Restart WormGuard
    - Test

    WG is as newby friendly as they get. No fuss updating, it just recognizes worms by their behaviour.
    "Wormguard analyses files generically using heuristic and intelligent rule-sets rather than relying on signatures for known worms."

    Regards,

    Pieter
     
  6. FanJ

    FanJ Guest

    Hi Blaze,

    Pieter is right, there is no need for you to update anything in WormGuard. Once it is working, it will do its job for you.
    Now we have to find a way that it will work for you. Maybe we need the help from Wayne/Gavin/Jason to get it solved for you.
    At the WormGuard site you can find more info about what WormGuard can do for you.
    I will give you some examples what it does:

    1. Protect/warn you about files with a double extension.
    Example:
    You get an attachment via email with extension txt.
    Let's say the file is: foryou.txt
    You think "hey, that's OK, just a text-file".
    But some nasty worms are capable to hide the real extension. It could have been:
    foryou.txt.exe
    Do you see the double extension?
    And now it is not so harmless anymore, cause it is in fact an exe file that might do some nasty things on your machine.
    WormGuard wiil protect/warn you if you have such a file with double extension.

    2. Protect/warn for files with Excessively Spaced Filenames.
    This nasty for example:
    readme.txt .exe
    Do you see the strange thing?
    If you only take a quick view, the file seems to be readme.txt
    But when you have a closer look, you will see that after the extension txt comes a large space and then another extension: exe
    Oops, that is not so innocent!
    WormGuard will protect/warn in such a case.

    3. Files with extension HTA, JSE, SHA, SHS, VBE
    Such files are capable to do harm to your system.
    You will see them mentioned in the list Blocked file types.
    See my screenshot.
    WormGuard will protect/warn you in such cases.
    Some people might want to add their own file types into that list.
    That's all up to the user.
    When you're still a bit new to WormGuard, just leave that list as it came by default.
    WormGuard will do its work for you.

    4.
    There are lots more nasty things that WormGuard will protect you against.
    I only wanted to give you some examples
     

    Attached Files:

  7. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :DYUP GUYS I DID WHAT YOU SAID STILL NOTHING :doubt:KINDA STRANGE IS MY PC IMUNE TO WORMS LOL
     
  8. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Now you say something Blaze! Did you sneeze your flu over the system?
    Are you sure your system was clean (virus/worm/trojan free) when you installed WG? Is anything blocking it, like a registry protection, system restore, such things?
    Did you take such protection down and closed any AV/AT maybe also the firewall (not a bad idea with ZAPro) at installing WG, so after you can activate all those things and create a new restore point?
     
  9. FanJ

    FanJ Guest

    Hi Blaze,

    Some things you could try:

    What happens if you "disable" HTAstop?
    See here: http://www.nsclean.com/htastop.html

    You could try to un-install and install WormGuard again:
    1. Download WormGuard again.
    2. Make sure your ZAPro does not start up with Windows.
    3. Reboot.
    4. Close every running program, disable HTAstop and RegProt.
    5. Un-install WormGuard.
    6. Reboot.
    7. Close again every running program.
    8. Install WormGuard again.
    9. Open WormGuard, click Install and then Test. What happens?
    10. Make sure your ZAPro starts up again with Windows.
    11. Reboot.


    I hope the DiamondCS-team will also jump in to try to solve it.
     
  10. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Hi Blaze, do you have any registry programs which may block access to settings being written or read to the registry? Did you install Wormguard with your anti-virus programs disabled? I recommend reinstalling it from scratch making sure no other programs are running.

    Get back to us if that doesn't work.
    -Jason-
     
  11. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :eek:WOW OMG OMG I CANT BELIVE IT IM STOMPED

    i did everything fan j said and jason wow still dont work protection on test fails

    i uninstalled dimond regstry protection allowed hta apps turn on active scripting And javascript

    uninstall worm guard wipe evry trace out disabled nav auto ptotect shutdowen boclean turn off evrything reinstall worm guard and key

    install worm guard protection re did test and still fail

    wow i dont get it scratch scratch head im lost maybe it my pc im useing windows me gate way pc it has system restore and goback and a million other things lol
     
  12. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Blaze, can you try Wormguard on another machine you have to see if it works on that one? I suspect it is some software on your machine causing a conflict with Wormguard in some way. List all your software you currently have installed.
    -Jason-
     
  13. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Blazy, i hope you meant you disabled HTAstop, TSOstop and all those kind of registry blockages and protections. NAV, the whole lot.
    I didn't even remember if i ever installed for instance TSOstop when my system was very troublesome, so i grabbed it from the site to disable it to make sure it was really off and since all went so much better! I wouldn't enable HTAstop for instance, as that function is included in your WG already.
    ActiveX and JS you can keep on as WG protects you for malicious code.
    Please disable all those millions of protections for your registry, especially the regprot, disable system restore and goback, reboot, install WG, reboot, press install, test, hope all works then, after one by one enable the protection you must and press the test again after each one.
    I'm not sure if on a winME system it could be helpfull to first install WG and after your ZAPro.
    You didn't try the installed version as it is after windows reboot in the safe mode did you? (just to get rid of those millions of blockages for the moment)

    Edited:
    Think you have Hijackthis already to display all your progs?
    Or grab it again at http://www.tomcoyote.org/hjt/
    Thinking: this does only display all startup, there is such a nice tool to list all the system including installed programs: Belarc comes to mind, http://www.belarc.com/free_download.html
    you might like to send Jason or Gavin the whole output page from your system. (i read it in the browser and just click file > email to myself or wherever appropriate)
     
  14. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :DWILL AFTER SEVRAL ATTEMPTS I JUST GAVE UP AND REINSTALLED EVERYTHING BUT HERE LIST OF MY STUFF

    Logfile of HijackThis v1.92.1
    Scan saved at 5:21:10 PM, on 3/26/2003
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\PROGRAM FILES\E-BOOK SYSTEMS\FLIPALBUM 5 PRO\FPLAUNCH.DLL
    O2 - BHO: (no name) - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\PROGRAM FILES\COMMON FILES\JUSTDO\JD2002.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
    O4 - HKLM\..\Run: [POINTER] point32.exe
    O4 - HKLM\..\Run: [BOCleanautostart] C:\PROGRA~1\NSCLEAN\BOCLEAN\BOCLEAN.EXE
    O4 - HKLM\..\Run: [RegProt] c:\regprot\regprot.exe /start
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Adaptec\GoBack\GBPoll.exe
    O4 - HKLM\..\RunServices: [ProtectBOC] BOCSEC.EXE
    O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
    O8 - Extra context menu item: Download with Go!Zilla - file://C:\PROGRAM FILES\GO!ZILLA\download-with-gozilla.html
    O8 - Extra context menu item: &NeoTrace It! - C:\Program Files\NeoTracePro\NTXcontext.htm
    O8 - Extra context menu item: Sothink SWF Decompiler - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm
    O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\PROGRAM FILES\COMMON FILES\JUSTDO\IECatcher.DLL/FlashCatcher.htm
    O8 - Extra context menu item: &Check Spelling - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLCHECK.HTM
    O8 - Extra context menu item: &ieSpell Options - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLOPTION.HTM
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: SWFDecompiler (HKLM)
    O9 - Extra 'Tools' menuitem: Sothink SWF Decompiler (HKLM)
    O9 - Extra button: Flash Catcher (HKLM)
    O9 - Extra 'Tools' menuitem: Flash Catcher (HKLM)
    O9 - Extra button: ieSpell (HKLM)
    O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
    O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
    O9 - Extra button: NeoTrace It! (HKCU)
    O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compuserve.com/chat/RTCChat.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37593.496087963
    O16 - DPF: {D670D0B3-05AB-4115-9F87-D983EF1AC747} (AOL Downloader Plugin) - http://pak01.pictures.aol.com/ygp/aol/plugin/download/YGPPicDownload.1.0.9.14.cab
    O16 - DPF: {1CC506A7-1B8D-11D4-BDD5-0060977007E0} (CrazyTalk Player) - http://plug-in.reallusion.com/CrazyTalk.cab
    O16 - DPF: {609C619E-0E29-11D6-8AB8-0010A404A3DE} (FlashBookViewer Control) - http://www.eztools-software.com/downloads/flshbkvw.cab
    O16 - DPF: {32634F75-03FF-11D4-B346-00C04FA06E32} (LifeFX Player, version 2.50) - http://betamirror2.lifefx.com/FaceOfTheInternet/lfxplr.cab
    O16 - DPF: {637BB540-6ABA-11D4-901D-00D0090CB3BC} (FMClass Class) - http://www.flashants.com/codebase/fmplayer.cab

    you know guys not to seem harsh i love the software that gav and wayne and jason provide but how good is software in order to run it or to install it you have to shut off or uninstall vital security applications

    i mean disable nav uninstall this and that kill system restore and undo goback

    i mean reallyy think about it pounder on it

    goback and system rstore to extramly vital programs

    not to mention replaceing it with worm guard that hasnt been updated for a year lol from a newby point of view this dosent seem like a practical ideal.

    dont get me wrong i love the software i truely do i love gav wayne jason and my budy fan j but

    pleas look what your asking from every newby not just me

    pounder on it

    think as a newby

    your told to kill everything that has been saveing your but and basicly saying this does the job of all that lol but it hasnt been updated for a year lol

    then later reinstall stuff lol

    i dont know it just seem really wrong lol

    thx for your help i really alprechiate it ill go install it on another pc see if it my pc or i just got a bad copy no clue
     
  15. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,874
    Location:
    New England
    Hi Blaze !

    I do understand what you are saying, especially as far as what is being asked of newby's - lol.

    But, most of the more complex software packages ask the users to temporarily disable products like AVs and firewalls, and sometimes other products, in order to get a clean install. This is because some of this software links pretty deep into the system and it needs a clear shot at the system, but, these are only to be disabled while installing.

    Now, I'm afraid I could only guess as to why the Wormguard installation can't set up the right hook, (or whatever it is that makes the product work), but perhaps others will see a possible conflict in the list you've just provided.

    Let's give them a chance to review it and take another shot when they provide another suggestion. Okay? :)
     
  16. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :Dwill when you put it like that ok lol
     
  17. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,874
    Location:
    New England
  18. FanJ

    FanJ Guest

    Hi Blaze,

    I apologize for getting you in this whole thing: sorry !!!
    I guess it might be better to wait for the new version of WormGuard, the real version 4, and then try again.

    I hope you were able to get your system running in the way you did and were liking it.

    I agree with LowWaterMark:
    "But, most of the more complex software packages ask the users to temporarily disable products like AVs and firewalls, and sometimes other products, in order to get a clean install. This is because some of this software links pretty deep into the system and it needs a clear shot at the system, but, these are only to be disabled while installing."

    I always use that golden rule:
    Whenever I install a new program, I close my Internet-connection, I close every running program using their icons near the clock, then I hit Contrl-Alt-Del and I shut-down there every program except Explorer and Systray (and you have to hit that Contrl-Alt-Del several times before every thing is really stopped). Only then I install a new program.
    And for someone who is using ZAPro, before you do all that, you have to remove the checkmark in its checkbox where it states that ZAPro will start-up with Windows, and then you have to reboot. Only then ZAPro is really shut-down. And then you can go on with shutting down the other programs.
    And when you're finally finished, you have to put that checkmark in the ZAPro box again to make ZAPro start-up with Windows, and then reboot. Only then ZAPro will be running in the right way again.

    In my humble opinion this golden rule is the only right way to install a new program.
    And, as LowWaterMark already posted, "temporarily disabling" other programs is something else than "un-installing" them.

    Anyhow, I apologize for all the troubles !!!!!

    Sorry Blaze !
    Jan.
     
  19. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :Dlol fan j you dont ever need to say sorry to me i know you will enough that you want the very best for every ones happyness

    if anything the fault lays on me for oversecuring my pc with wilders free app section lol

    im sure paul has seen my ip there a million times helping myself to his freeby section lol :D

    my pc has gain whight from so much dowenloading at wilders lol
     
  20. FanJ

    FanJ Guest

  21. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi Blaze,
    i said to disable everything, after the install and testing to enable one by one and test each time the WG test button.
    The moment we would have heard from you that all was back perfect the recommendation would have been to make from that point a new restore point and whatever you can do in goback.
    You listed here the running programs i suppose, not the Autostart part which comes under the part you posted here.
    It's one of the reasons i asked if you with the current situation rebooting in safe mode would be able to get to WG and see if it would pass the "test protection" button that way. If it will start at all and does start you have your own proof there is a blockage in your software.
    I think at the install to disable the whole of NAV, BOClean, RegProt, HTAstop, and all the other registry protectors. You have bunches of them!
    You have TDS with the process list in which you can kill bunches except for the kernel and a few more you know you need till you close TDS itself too.
    Nobody told you to uninstall or reinstall anything, just disabling temporary, get WG in and working and enable what you need/want.
    Can we have a look at your autostart listing too please?
     
  22. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :Dmy auto start to how i do that lol my pc feel so naked and exposed now lol
     
  23. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi Mr.Blaze,

    In HijackThis click Config > Misc Tools > generate Startuplist.
    It will produce a .txt file, paste its contents into your next post.
    That's what I think Jooske wants to look at.

    Regards,

    Pieter
     
  24. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :Dyou mean this
    tartupList report, 3/27/2003, 1:38:09 AM
    StartupList version: 1.52
    Started from : C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE
    Detected: Windows ME (Win9x 4.90.3000)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    * Using default options
    ==================================================

    Running processes:

    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\PROGRAM FILES\ADAPTEC\GOBACK\GBPOLL.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\INTERNAT.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
    C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\NSCLEAN\BOCLEAN\BOCLEAN.EXE
    C:\REGPROT\REGPROT.EXE
    C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
    C:\PROGRAM FILES\NSCLEAN\BOCLEAN\BOCSEC.EXE
    C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
    C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
    C:\PROGRAM FILES\JUNO\BIN\JUNO.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\GO!ZILLA\GOZILLA.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\WINDOWS\Start Menu\Programs\StartUp]
    Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
    TaskMonitor = C:\WINDOWS\taskmon.exe
    SystemTray = SysTray.Exe
    Hidserv = Hidserv.exe run
    NAV Agent = C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
    POINTER = point32.exe
    BOCleanautostart = C:\PROGRA~1\NSCLEAN\BOCLEAN\BOCLEAN.EXE
    RegProt = c:\regprot\regprot.exe /start

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    *StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
    ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
    GoBack Polling Service = C:\Program Files\Adaptec\GoBack\GBPoll.exe
    ProtectBOC = BOCSEC.EXE

    --------------------------------------------------

    C:\WINDOWS\WININIT.BAK listing:
    (Created 24/3/2003, 23:57:20)

    [rename]
    NUL=C:\WINDOWS\TEMP\_iu14D2N.tmp

    --------------------------------------------------

    C:\AUTOEXEC.BAT listing:

    SET PATH=C:\WINDOWS\SYSTEM;C:\WINDOWS;C:\WINDOWS\COMMAND;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG
    SET windir=C:\WINDOWS
    SET winbootdir=C:\WINDOWS
    SET COMSPEC=C:\WINDOWS\COMMAND.COM
    SET PROMPT=$p$g
    SET TEMP=C:\WINDOWS\TEMP
    SET TMP=C:\WINDOWS\TEMP

    --------------------------------------------------

    C:\WINDOWS\WINSTART.BAT listing:

    C:\WINDOWS\tmpcpyis.bat

    --------------------------------------------------


    Enumerating Browser Helper Objects:

    NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
    (no name) - C:\PROGRAM FILES\E-BOOK SYSTEMS\FLIPALBUM 5 PRO\FPLAUNCH.DLL - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25}
    (no name) - C:\PROGRAM FILES\COMMON FILES\JUSTDO\JD2002.DLL - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Tune-up Application Start.job
    PCHealth Scheduler for Data Collection.job
    Symantec NetDetect.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [CV3 Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\WUV3IS.DLL
    CODEBASE = http://windowsupdate.microsoft.com/R1024/V31Controls/x86/mil/en/actsetup.cab

    [ForumChat]
    InProcServer32 = C:\WINDOWS\SYSTEM\MSJAVA.DLL
    CODEBASE = http://objects.compuserve.com/chat/RTCChat.cab

    [Shockwave ActiveX Control]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

    [Shockwave Flash Object]
    InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\SWFLASH.OCX
    CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

    [Update Class]
    InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
    CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37593.496087963

    [AOL Downloader Plugin]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YGPPICDOWNLOAD.DLL
    CODEBASE = http://pak01.pictures.aol.com/ygp/aol/plugin/download/YGPPicDownload.1.0.9.14.cab

    [CrazyTalk Player]
    InProcServer32 = C:\WINDOWS\SYSTEM\CRAZYT~1.DLL
    CODEBASE = http://plug-in.reallusion.com/CrazyTalk.cab

    [FlashBookViewer Control]
    InProcServer32 = C:\WINDOWS\SYSTEM\FLSHBKVW.DLL
    CODEBASE = http://www.eztools-software.com/downloads/flshbkvw.cab

    [LifeFX Player, version 2.50]
    InProcServer32 = C:\PROGRAM FILES\LIFEFX\LFX250.DLL
    CODEBASE = http://betamirror2.lifefx.com/FaceOfTheInternet/lfxplr.cab

    [FMClass Class]
    InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\FMPLAYER.DLL
    CODEBASE = http://www.flashants.com/codebase/fmplayer.cab

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL
    UPnPMonitor: C:\WINDOWS\SYSTEM\UPNPUI.DLL
    AUHook: C:\WINDOWS\SYSTEM\AUHOOK.DLL

    --------------------------------------------------
    End of report, 6,284 bytes
    Report generated in 0.310 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only

    ps mt computer wants to know if it can put pants back on or does it need to turn its head and cough lol
     
  25. FanJ

    FanJ Guest

    I can imagine the computer feels naked ;)
    Let him (or is it her?) put pants, shoes and hat back on !
     
Thread Status:
Not open for further replies.