how-to block ads
|
|
Uniqs:
10135 |
Share Topic
 |
 |
|
|
|
| sudden slow browsing - CPU flat out Hello
I have a weird problem. Since 2 days my internet browsing is dismal. I have taskmanager running at the moment and every time I open a website, CPU usage shoots to 100%. I haven't done anything recently and everything worked fine 2 days ago.
Speed Tests and traceroutes/pings are normal, no lag.
I checked the hijack this thing and there are no processes which haven't been on my PC for more than 2 months.
Here is some logs:
Tracing route to www.google.akadns.net [66.102.9.99]
over a maximum of 30 hops:
1 9 ms 7 ms 49 ms 10.85.0.1
2 7 ms 7 ms 8 ms gsr01-cr.blueyonder.co.uk [62.30.112.33]
3 10 ms 12 ms 10 ms tele1-cro-pos.telewest.net [194.117.136.34]
4 9 ms 9 ms 10 ms 194.117.136.174
5 9 ms 9 ms 10 ms 195.66.226.125
6 20 ms 20 ms 19 ms 216.239.49.254
7 21 ms 20 ms 20 ms 64.233.174.42
8 24 ms 24 ms 24 ms 64.233.174.10
9 21 ms 21 ms 22 ms 66.102.9.99
Trace complete.
Logfile of HijackThis v1.97.7
Scan saved at 22:29:03, on 19/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\NILaunch.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmNT.exe
C:\Program Files\lotus\organize\easyclip.exe
C:\Program Files\lotus\smartctr\smartctr.exe
C:\Program Files\lotus\smartctr\suitest.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\KeirNet\K9\K9.exe
C:\Program Files\Norton Personal Firewall\ATRACK.EXE
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Sabine\Desktop\Software to install\Blueyonder Tools\HijackThis.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Startup: Launch K9.lnk = C:\Program Files\KeirNet\K9\K9.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.LNK = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmNT.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Lotus Organizer EasyClip.lnk = C:\Program Files\lotus\organize\easyclip.exe
O4 - Global Startup: Lotus QuickStart.lnk = C:\Program Files\lotus\wordpro\ltsstart.exe
O4 - Global Startup: Lotus SmartCenter.lnk = C:\Program Files\lotus\smartctr\smartctr.exe
O4 - Global Startup: Lotus SuiteStart.lnk = C:\Program Files\lotus\smartctr\suitest.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - »download.macromedia.com/pub/shoc···r/sw.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - »software-dl.real.com/07a32242051···E601.cab
O16 - DPF: {7CA3D0A3-7E2E-4AAB-A75E-FAB8ECA8BD95} (Skilljam Game Player Object) - »skill.skilljam.com/ssp/SSP.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - »v4.windowsupdate.microsoft.com/C···96527778
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - »fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - »us.dl1.yimg.com/download.yahoo.c···_3us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - »download.macromedia.com/pub/shoc···lash.cab
C:\Documents and Settings\Sabine>netstat
Active Connections
Proto Local Address Foreign Address State
C:\Documents and Settings\Sabine> | | |
|
 jvmorrisI Am The Man Who Was Not There.Premium,MVM
join:2001-04-03
Reston, VA | Looks to me like you're running NPF 2002. That alone is likely to be the source of your symptoms -- unless you've gotten one of the LiveUpdates that actually works with NPF 2002. See the other threads here.
--
Regards, Joseph V. Morris | |
| But everything was working fine until 2 days ago ?
Norton was no problem. It just happened 2 days ago, that everything went slow. That's what I can't understand. | |
| Found the cause. Apparently the Redirect update from last week messed up people's PC's, and I am not the only one and 2002 is not the only version affected.....
I have asked Symantec for an update as to when it will be fixed, allthough they will probably try and fob me off, as 2002 is no longer supported....
Now, does anyone know a work around which doesn't switch off my Firewall or Virus scanner ?
All else failing, will the System Restore function in XP save my day here ? Could I just go back to a day before the update and it would be gone ?
Task manager shows symproxsvc.exe to suck up all available CPU power, which then leads to crashes and slow browsing.
Cheers
Mad | |
jvmorrisI Am The Man Who Was Not There.Premium,MVM
join:2001-04-03
Reston, VA
1 edit | said by madpiano:
Found the cause. Apparently the Redirect update from last week messed up people's PC's, and I am not the only one and 2002 is not the only version affected.....
Well, we already knew the first part and I think the second part is incorrect. As far as I have been able to ascertain only people running NIS/NPF 2002 are affected. People running NIS/NPF 2003/2004 seem to have escaped unscathed and those running only NAV 2002 are apparently also unaffected by the 12 May 2004 LiveUpdate.
quote:
I have asked Symantec for an update as to when it will be fixed, allthough they will probably try and fob me off, as 2002 is no longer supported....
I've seen one poster (another forum or newsgroup who did manage to get a response out of Symantec about a week ago. What he was told was no more active (i.e., live) tech support. The KnowledgeBase is still there and Symantec itself publicly stated that it was releasing a 'fix' for the vulnerabilities discovered by eEYE that also affected NIS/NPF 2002. (And, incidentally, they do know about this problem and are supposedly working on a fix for NIS/NPF 2002.)
quote:
Now, does anyone know a work around which doesn't switch off my Firewall or Virus scanner ?
Actually, when I first saw this post, I was hoping that you were going to tell us that you'd found that the 19 May LiveUpdate had contained a fix for the problem, but I see you're not saying that. 
As far as I know, no one has heard anything from Symantec to the effect that a fix has yet been released or will be shortly. Also, there's a direct question to this effect over at »Is if FIXED yet?? where you'll note there's also no direct response from any end-user either. Now, I have heard of several people who've resolved this problem: • Some simply switched to another software firewall (these were mostly people with existing subscriptions to NIS/NPF 2002 -- some of which are apparently scheduled to run up through just about this time next year). These guys are mad and have had it; they feel that Symantec simply took their money. • Some have simply disabled NIS/NPF 2002 in the interim while waiting for a solution. (I do not recommend this approach unless you've at least got a NAT router out front, and you'd best be running memory-resident, up-to-date AV/AT software in the interim, even then.) • Some have done the uninstall/reinstall routine for NIS/NPF 2002 and simply ignored the NIS/NPF Program Updates that they are finding when they run LiveUpdate. (They'll accept most of the others, however, but I'm not sure whether they're taking the Redirector Updates or not.) • And, of course, there are some individuals that are simply throwing good money after bad (even if they have currently active support subscriptions which they've just paid for) and are running out and buying NIS/NPF 2004 (something I would refuse to do simply on principle, but I'm sure Symantec loves it). I think that covers the gamut of 'fixes' that I've heard.
quote:
All else failing, will the System Restore function in XP save my day here ? Could I just go back to a day before the update and it would be gone ?
Oops, forgot that one. Yes, some people have indicated success with that approach also, but of course that's only available to people running Win XP, I believe; no joy for the Win 9x/ME users.
quote:
Task manager shows symproxsvc.exe to suck up all available CPU power, which then leads to crashes and slow browsing.
Quite frankly, you need to run something like Process Explorer from SysInternals in order to figure out just what is really sucking up the cycles when this happens.
Let's see . . . what else? There is actually some question as to whether Win 9X/ME users running NIS/NPF 2002 were ever vulnerable to the eEYE vulnerabilities in the first place. Both eEYE and Symantec only identify SYMDNS.SYS as the compromised executable. On Win 9X/ME, that file does not exist, only SYMDNS.VXD. And, at the moment, it appears that AtGuard (at least 3.22.11) is also not vulnerable to these exploits.
At the moment, that's all I know.
--
Regards,
Joseph V. Morris | |
 keith2468Premium,MVM
join:2001-02-03
Winnipeg, MB | reply to madpiano
There is a version of CoolWebSearch that has that effect.
If you go through the steps here »Security »I think my computer is infected or hijacked. What should I do? you will remove it (assuming that it is not one of the more recent versions of CWS) and most any other known malware.
If you still have problems afterwards, please post a fresh HJT log.
--
(Virus&Hijacking FAQ+Submit suspected malware+Security FAQ) | |
keith2468Premium,MVM
join:2001-02-03
Winnipeg, MB | reply to madpiano
I think JVM is onto something. You should skip my suggestion, unless it turns out that it isn't a NAV issue. | |
 sonofjayMission Accomplished - Bush May 1, 2003Premium,MVM
join:2001-05-14
North Attleboro, MA
kudos:1
 ·Earthlink Cable ..
| Well add me to the list of people seeing symproxysvc.exe chew up 100% CPU and cause really slow browsing.
I'm running NIS 2002 on WinXP. Anyone have any definitive information as to what the problem is or if it will be fixed?
Thanks!
-S
--
The war is over?? | |
jvmorrisI Am The Man Who Was Not There.Premium,MVM
join:2001-04-03
Reston, VA | said by sonofjay:
Well add me to the list of people seeing symproxysvc.exe chew up 100% CPU and cause really slow browsing.
I'm running NIS 2002 on WinXP. Anyone have any definitive information as to what the problem is or if it will be fixed?
See »Re: There are times in life when . . . .
If you're going to try it, it would be interesting to know what a File | Find ... on SYM*.* yields both before and after the LiveUpdate, especially files with new dates.
--
Regards, Joseph V. Morris | |
sonofjayMission Accomplished - Bush May 1, 2003Premium,MVM
join:2001-05-14
North Attleboro, MA
kudos:1 Reviews:
·Earthlink Cable ..
| There are no LUs available. I have already applied both and the symproxysvc.exe is still chewing up 97-100% CPU.
Has anyone gotten any info from Symantec or found a way to manually correct this? Web browsing in this current state is not bearable.
Thanks!
--
The war is over?? | |
jvmorrisI Am The Man Who Was Not There.Premium,MVM
join:2001-04-03
Reston, VA | Okay, let me rephrase prior query:
It would be interesting to know what a File | Find ... on SYM*.* yields for File Created and File Last Modified dates, also same information for SNDMON.EXE .(There are others who've indicated that LiveUpdate found nothing waiting, so it's sort of important to know what you've got at the moment.)
--
Regards, Joseph V. Morris | |
sonofjayMission Accomplished - Bush May 1, 2003Premium,MVM
join:2001-05-14
North Attleboro, MA
kudos:1 Reviews:
·Earthlink Cable ..
| Sorry, I misunderstood what you were asking for  .
Here's what I have:
SYMDATASVC.DLL, Norton Internet Security 4.0.3.104, 63144 bytes
2002-02-18 13:06:06, SHA1: B6FA7C39FA4E72046B7D59330E60D1EC9307B860
SYMICONV.DLL, Norton Internet Security 4.0.3.104, 607912 bytes
2002-02-18 13:07:02, SHA1: 6F4B846006FDB06A6031CCFDCCB445AC4E12D7BA
SYMPROXY.DLL, Norton Internet Security 4.0.3.104, 104104 bytes
2002-02-18 13:06:12, SHA1: 5003CAB20F5707BFD929C688A80F430B3C140F22
SYMPROXYALERT.DLL, Norton Internet Security 4.0.3.104, 71336 bytes
2002-02-18 13:06:18, SHA1: 0BA248AE572E232BD8659AAEF510250D40C31246
SYMPROXYSVC.EXE, Norton Internet Security 4.0.3.104, 54952 bytes
2002-02-18 13:02:46, SHA1: 54964A03DC8A420501B764CAF0F211BC3EC025AE
SYMURL.DLL, Norton Internet Security 4.0.3.105, 124584 bytes
2002-03-01 11:20:10, SHA1: 86FD41963EB464B5CAA0C3488F645775BE301C1C
SYMWBWND.DLL, Norton Internet Security 4.0.3.104, 145064 bytes
2002-02-18 13:06:28, SHA1: FF981BFF79D53C64965251C7CEBE6FB867ECE039
Sndmon.exe
location C:\Program Files\Symantec\LiveUpdate
85.1 KB (87,184 bytes)
Sunday, May 23, 2004, 12:32:52 PM
Friday, May 21, 2004, 2:59:46 PM
--
The war is over?? | |
jvmorrisI Am The Man Who Was Not There.Premium,MVM
join:2001-04-03
Reston, VA | Something is missing! Where's the famous SYMDNS.* file? (That's purportedly what started all this nonsense.)
--
Regards, Joseph V. Morris | |
sonofjayMission Accomplished - Bush May 1, 2003Premium,MVM
join:2001-05-14
North Attleboro, MA
kudos:1 Reviews:
·Earthlink Cable ..
| Sorry, maybe there is an easier way to get the file info but I just used the NisSettings.exe and manually got the info for SNDMon.exe. Here's the info on SYMDNS.* (I only found one)
symdns.sys
version 5.3.1.54
location C:\WINDOWS\system32\drivers
10.7 KB (11,008 bytes)
Thursday, May 13, 2004, 9:25:08 PM
Thursday, May 13, 2004, 9:25:08 PM
Sndmon.exe
version 5.3.1.9
location C:\Program Files\Symantec\LiveUpdate
85.1 KB (87,184 bytes)
Sunday, May 23, 2004, 12:32:52 PM
Friday, May 21, 2004, 2:59:46 PM
--
The war is over?? | |
jvmorrisI Am The Man Who Was Not There.Premium,MVM
join:2001-04-03
Reston, VA | Okay, your sndmon.exe file is the same as people who have NIS/NPF 2002 working, so that doesn't seem to be the problem (same situation in a different thread at Wilders, incidentally).
I'm sorry, I'm getting confused between what's posted in what thread, so I didn't give you sufficient instructions last time.
We are fairly certain that, whatever is causing the problem, it is some file not routinely found by NIS Settings. If you check you'll notice that all the files you listed are quite old and that's what other people who've now resolved the problem have also noted. So, it's located in some other obscure Norton or Symantec directory (of which you've probably got about half a dozen scattered around your C: drive). As a working hypothesis, the next thing is to find a file, probably SYM*.*, located somewhere on the drive that shows a Date Modified after 1 May 2004 (but presumably before 24 May 2004). The way to find these files is to use Start | File | Find ... or Start | Search | Files ... , depending on your OS, and then search for the wildcard filename SYM*.* . You should find a lot of files, some of which you've already displayed above and have date modified information well before the most recent LiveUpdates -- so you can ignore those. Specifically, we're probably looking for something with a 2004 date. If you find such files, we need to know • the FileName, • the FileSize (to the BYTE, not the number expressed in KB), • the FileCreated date, • the FileModified date, and • FileVersion information (off the second tab) for each such file. You get this by right-clicking on the file(s) listed in the search/find display and then selected Properties in the pop-up menu that then appears. You're going to have to write it down, because it doesn't copy and paste easily -- be careful, every digit is important.
We can then check what you find against what someone else has and possibly identify the source of the problem.
Unfortunately probably is the operative word here; it may turn out to be some other obscure Symantec/Norton file that does not begin with SYM; Symantec is not saying and we're still looking for the source of the problem.
--
Regards, Joseph V. Morris | |
 blkkatLive OnPremium
join:2002-11-20
Juneau, AK | JV Morris I do not hve NIS or NPF but I am having the same problem. Panda and Nav both show me virus free and I am sitting behind a Internet Sharing Box with NAT enabled.I am also running NSW 2003.Any idea's?
--
| |
jvmorrisI Am The Man Who Was Not There.Premium,MVM
join:2001-04-03
Reston, VA | That one is beyond me. I would strongly recommend that you start a new thread for NSW 2003, identify the OS you're using, and detail the precise symptoms that you are experiencing.
However, are you sure that your problems are not related to the DDos Attacks currently ongoing against a number of HTML-based security forums?
I haven't even had a chance to check out »www.incidents.org so far today, so I have to admit I'm not uptodate on what may be happening out there in general.
--
Regards, Joseph V. Morris | |
sonofjayMission Accomplished - Bush May 1, 2003Premium,MVM
join:2001-05-14
North Attleboro, MA
kudos:1 Reviews:
·Earthlink Cable ..
| Thanks jvmorris!
Do you have a link to the other forum that covers this problem? I'd like to read up on it too.
SymantecRootInstaller.exe
2.0.39.0
C:\Program Files\Symantec\LiveUpdate
197 KB (201,880 bytes)
Saturday, May 17, 2003, 10:27:23 PM
Friday, January 02, 2004, 3:20:24 PM
SymantecRootInstaller.log
C:\Program Files\Symantec\LiveUpdate
42 bytes (42 bytes)
Monday, January 19, 2004, 10:33:39 PM
Monday, January 19, 2004, 10:33:39 PM
symaveng.cat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub
7.94 KB (8,137 bytes)
Tuesday, April 13, 2004, 4:00:00 AM
Tuesday, April 13, 2004, 4:00:00 AM
symaveng.inf
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub
899 bytes (899 bytes)
Tuesday, April 13, 2004, 4:00:00 AM
Tuesday, April 13, 2004, 4:00:00 AM
SymRedir.cat
C:\WINDOWS\system32\drivers
20 bytes (20 bytes)
Thursday, May 13, 2004, 9:14:24 PM
Thursday, May 13, 2004, 9:14:24 PM
SymRedir.inf
C:\WINDOWS\system32\drivers
1.10 KB (1,133 bytes)
Thursday, May 13, 2004, 9:14:24 PM
Thursday, May 13, 2004, 9:14:24 PM
symdns.sys
5.3.1.54
C:\WINDOWS\system32\drivers
10.7 KB (11,008 bytes)
Thursday, May 13, 2004, 9:25:08 PM
Thursday, May 13, 2004, 9:25:08 PM
symndis.sys
5.3.1.54
C:\WINDOWS\system32\drivers
50.3 KB (51,552 bytes)
Thursday, May 13, 2004, 9:25:12 PM
Thursday, May 13, 2004, 9:25:12 PM
SymIDSCo.sys
5.3.1.54
C:\WINDOWS\system32\drivers
166 KB (170,208 bytes)
Thursday, May 13, 2004, 9:25:16 PM
Thursday, May 13, 2004, 9:25:16 PM
symredrv.sys
5.3.1.54
C:\WINDOWS\system32\drivers
15.9 KB (16,288 bytes)
Thursday, May 13, 2004, 9:25:16 PM
Thursday, May 13, 2004, 9:25:16 PM
symtdi.sys
5.3.1.54
C:\WINDOWS\system32\drivers
257 KB (263,744 bytes)
Thursday, May 13, 2004, 9:25:18 PM
Thursday, May 13, 2004, 9:25:18 PM
SymRedir.dll
5.3.1.54
C:\WINDOWS\system32
113 KB (115,936 bytes)
Thursday, May 13, 2004, 9:25:20 PM
Thursday, May 13, 2004, 9:25:20 PM
SymNeti.dll
5.3.1.54
C:\WINDOWS\system32
493 KB (505,056 bytes)
Thursday, May 13, 2004, 9:25:22 PM
Thursday, May 13, 2004, 9:25:22 PM
SymFW.sys
5.3.1.55
C:\WINDOWS\system32\drivers
162 KB (166,048 bytes)
Sunday, May 23, 2004, 2:23:10 PM
Tuesday, May 18, 2004, 1:01:28 AM
SYMAVENG.CAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040518.032
7.94 KB (8,137 bytes)
Tuesday, May 18, 2004, 6:03:22 PM
Tuesday, May 18, 2004, 4:00:00 AM
SYMAVENG.INF
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040518.032
900 bytes (900 bytes)
Tuesday, May 18, 2004, 6:03:22 PM
Tuesday, May 18, 2004, 4:00:00 AM
SYMAVENG.CAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040519.021
7.94 KB (8,137 bytes)
Sunday, May 23, 2004, 12:34:14 PM
Wednesday, May 19, 2004, 4:00:00 AM
SYMAVENG.INF
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20040519.021
900 bytes (900 bytes)
Sunday, May 23, 2004, 12:34:14 PM
Wednesday, May 19, 2004, 4:00:00 AM
symaveng.cat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmpD0.tmp
7.94 KB (8,137 bytes)
Sunday, May 23, 2004, 12:34:12 PM
Wednesday, May 19, 2004, 4:00:00 AM
symaveng.inf
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmpD0.tmp
900 bytes (900 bytes)
Sunday, May 23, 2004, 12:34:12 PM
Wednesday, May 19, 2004, 4:00:00 AM
SYMAVENG.985
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmpCF.tmp
1.39 KB (1,425 bytes)
Sunday, May 23, 2004, 12:33:42 PM
Wednesday, May 19, 2004, 10:53:48 AM
SYMAVENG.984
C:\Program Files\Common Files\Symantec Shared\VirusDefs\tmpCF.tmp
104 bytes (104 bytes)
Sunday, May 23, 2004, 12:33:42 PM
Wednesday, May 19, 2004, 10:53:50 AM
--
The war is over?? | |
sonofjayMission Accomplished - Bush May 1, 2003Premium,MVM
join:2001-05-14
North Attleboro, MA
kudos:1 Reviews:
·Earthlink Cable ..
1 edit | 
service |
--
The war is over?? | |
jvmorrisI Am The Man Who Was Not There.Premium,MVM
join:2001-04-03
Reston, VA | reply to sonofjay
Okay, thanks, scratching down here.
Randy, I could use a bit of help regarding his NAV entries.
said by sonofjay:
...Do you have a link to the other forum that covers this problem? I'd like to read up on it too.
Back with those shortly, unless you already know how to access the NNTP newsgroup at grc.security.
quote:
SymantecRootInstaller.exe 2.0.39.0 too old. . . .
SymantecRootInstaller.log LOG File ...
symaveng.cat NAV file ...
symaveng.inf Ditto ...
Some of the following look more promising. quote:
SymRedir.cat
C:\WINDOWS\system32\drivers
20 bytes (20 bytes)
Thursday, May 13, 2004, 9:14:24 PM
Thursday, May 13, 2004, 9:14:24 PM
SymRedir.inf
C:\WINDOWS\system32\drivers
1.10 KB (1,133 bytes)
Thursday, May 13, 2004, 9:14:24 PM
Thursday, May 13, 2004, 9:14:24 PM
symdns.sys
5.3.1.54
C:\WINDOWS\system32\drivers
10.7 KB (11,008 bytes)
Thursday, May 13, 2004, 9:25:08 PM
Thursday, May 13, 2004, 9:25:08 PM
symndis.sys
5.3.1.54
C:\WINDOWS\system32\drivers
50.3 KB (51,552 bytes)
Thursday, May 13, 2004, 9:25:12 PM
Thursday, May 13, 2004, 9:25:12 PM
SymIDSCo.sys
5.3.1.54
C:\WINDOWS\system32\drivers
166 KB (170,208 bytes)
Thursday, May 13, 2004, 9:25:16 PM
Thursday, May 13, 2004, 9:25:16 PM
symredrv.sys
5.3.1.54
C:\WINDOWS\system32\drivers
15.9 KB (16,288 bytes)
Thursday, May 13, 2004, 9:25:16 PM
Thursday, May 13, 2004, 9:25:16 PM
symtdi.sys
5.3.1.54
C:\WINDOWS\system32\drivers
257 KB (263,744 bytes)
Thursday, May 13, 2004, 9:25:18 PM
Thursday, May 13, 2004, 9:25:18 PM
SymRedir.dll
5.3.1.54
C:\WINDOWS\system32
113 KB (115,936 bytes)
Thursday, May 13, 2004, 9:25:20 PM
Thursday, May 13, 2004, 9:25:20 PM
SymNeti.dll
5.3.1.54
C:\WINDOWS\system32
493 KB (505,056 bytes)
Thursday, May 13, 2004, 9:25:22 PM
Thursday, May 13, 2004, 9:25:22 PM
The above are all interesting because they post-date the 12 May LiveUpdate. On the other hand, I find it curious that the DateCreated and DateModified information is identical.
Need to have someone with a working copy of NIS/NPF 2002 review those.
quote:
SymFW.sys
5.3.1.55
C:\WINDOWS\system32\drivers
162 KB (166,048 bytes)
Sunday, May 23, 2004, 2:23:10 PM
Tuesday, May 18, 2004, 1:01:28 AM
The above is very interesting; it's a newer build than I've seen anyone else reference, last modified on 18 May and it certainly looks like you got blessed with it as a consequence of the LiveUpdate released last weekend.
quote:
SYMAVENG.CAT NAV File...
SYMAVENG.INF ditto...
SYMAVENG.CAT ditto...
SYMAVENG.INF ditto...
symaveng.cat ditto...
symaveng.inf ditto...
SYMAVENG.985 ditto...
SYMAVENG.984 ditto...
Okay, let me go back and see what's still of interest . . .
--
Regards, Joseph V. Morris | |
|
