I tried not just Norton 360, but SpyBot from Safer Networking, ClamWin, Sophos Rootkit Revealer, Dr. Web Scanner for Windows, and more. Nothing except the Rootkit tools turned up any infection and I don't know how to interpet those results. I also booted the Norton 360 CD and ran its scanner.
This is a 64-bit Vista SP2 system. The symtoms I have seen are as follows:
- The desktop personalization Control Panel applet is just a blank folder rather than a webpage. This turns out to be true for all webpage-based Control Panel applets.
- Explorer now ignores the /e command line option to show the folder tree.
- AERO is disabled.
If I don't find a solution tomorrow, I expect to give up and reinstall Windows.
Hi WillPittenger:
Please save the rootkit scan results to Notepad and then attach using the attachments utility below in the reply editor. One of us can look at the results for you.
The only one I thought might have caught something was Dr. Web Cure It. It supposedly can save data, but I don't know where it is saving to. There are too many entries to post with a screen capture.
I finally found where DrWeb CureIt stores its log. However, at over 800 megs, I have no where to upload it to. I actually ran that program twice. When I started it, a limited scan immediately started. When that finished, I ran a more comprehensive scan that took several days.
I just reran Sophos. It doesn't seem to be able to save results, but I was able to copy them to a clipboard. That is below.
Area: Windows registry
Description: Hidden registry key
Location: \HKEY_USERS\S-1-5-18\Keyboard Layout\Substitutes
Removable: No
Notes: (no more detail available)
Area: Local hard drives
Description: Unknown hidden file
Location: C:\ProgramData\Norton\00000082\0000010f\000004b1\cltLMS1.dat
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)
Area: Local hard drives
Description: Unknown hidden file
Location: C:\ProgramData\Norton\00000082\0000010f\000004b1\cltLMS2.dat
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)
Area: Local hard drives
Description: Unknown hidden file
Location: C:\Users\Will Pittenger\AppData\Local\Temp\foxtab\thumbs\1_90
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)
Area: Local hard drives
Description: Unknown hidden file
Location: C:\Users\Will Pittenger\AppData\Local\Temp\foxtab\thumbs\1_90_S
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)
Area: Local hard drives
Description: Unknown hidden file
Location: C:\Program Files (x86)\Microsoft\Visual\Studio\Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU\vs70uimgr.dll
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)
Area: Local hard drives
Description: Unknown hidden file
Location: C:\Windows\System32\en-US\soundschemes2.exe.mui
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)
Area: Local hard drives
Description: Unknown hidden file
Location: C:\Windows\System32\en-US\winload.exe.mui
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)
Area: Local hard drives
Description: Unknown hidden file
Location: C:\Windows\winsxs\x86_netfx-csharpcompilermsg_b03f5f7f11d50a3a_6.0.6000.20883_none_5a3245d00426c258\cscompui.dll
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)
Area: Local hard drives
Description: Unknown hidden file
Location: C:\Windows\System32\en-US\soundschemes.exe.mui
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)
Area: Local hard drives
Description: Unknown hidden file
Location: C:\Program Files (x86)\Apple\QuickTime\PictureViewer.Resources\nb.lproj\PictureViewerLocalized.qtr
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)
Area: Local hard drives
Description: Unknown hidden file
Location: C:\Windows\System32\en-US\dfshim.dll.mui
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)
Area: Local hard drives
Description: Unknown hidden file
Location: E:\My Downloaded Files\Mozilla\Gecko as an ActiveX\Install 1.7.7.exe
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)
Area: Local hard drives
Description: Unknown hidden file
Location: E:\My Downloaded Files\Hardware Updates\ATI\Install 10.3 dated 2010-3-24 for 64-bit Vista.exe
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)
Area: Local hard drives
Description: Unknown hidden file
Location: E:\My Downloaded Files\Hardware Updates\ATI\Install video driver for 8400 series for 64-bit Vista (12-17-2009 Version 9.12).exe
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)
Area: Local hard drives
Description: Unknown hidden file
Location: E:\My Downloaded Files\ClamWin\Portable\Install 0.95.3 English.paf.exe
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)
Area: Local hard drives
Description: Unknown hidden file
Location: E:\My Downloaded Files\JK Defrag\Portable\Install 3.36.paf.exe
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)
Area: Local hard drives
Description: Unknown hidden file
Location: E:\My Downloaded Files\Image Editors\Gimp\Portable\Install 2.6.8.paf.exe
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)
How long have you had N360 installed? If there was another security program on board prior to the installation of N360, what was it and how was it removed? Can you give us the version number of Norton under Help & Support>about? It could be a software conflict rather than malware.
It has been installed since I got the computer about 9 months ago. I think it might have come with McAfee, but I uninstalled that immediately (but don't remember how). My 3.x subscription just expired earlier this month at which time I upgraded to 4.0. I currently have 4.1.0.32 installled. The problem, however, didn't happen until just last week.
I don't know how they are related as I can open 360 just fine. My problems are outside 360. If I ran the removal tool, would I have to reconfigure everything?
Sorry, it was the blank page that threw me off. Every once in a while Norton will come up a blank. I would hold off on the Uninstall as some reconfiguration would be necessary. It sounds more as if there has been a conflict with settings in the browser. Microsoft had a fistful of updates last week.
You haven't said what infection your scans may have found, or how or if they were removed. There is nothing in the log portion from Sophos. Online scanners won't cause an issue, but you should remove any other real time scanning engine from the machine, as that will complicate things.
What is your O/S and what browser do you use?
This is a 64-bit Vista SP1 install. Firefox 3.6.3 is my normal browser, but for some sites (including Norton support pages), I use the IE Tab extension.
If you have Malwarebytes installed, try updating it and running a scan with that. It will provide a quick check for malware. If you don't have it, it can be had here.
http://www.filehippo.com/download_malwarebytes_anti_malware/
You will be able to save the log to Notepad and attach it to a reply. You can also have a look in Event Viewer for any application errors to see if that sheds any light on the subject.
Hello
You can also use the free version of SUPERAntiSpyware as another check for malware. It can be found here.
Here is a free on demand antimalware scanner. It is safe to use on demand with your Norton product.
http://www.superantispyware.com/
Here is another site you can use to get the program.
http://www.filehippo.com/download_superantispyware/
The download button is on the right hand side. Please be careful not to download Spyware Doctor which is on the left side. Also, please don't forget to update the program each time before use of it. In fact you can update it every day just in case some malware may prevent you from updating it.
I gave up and reformated.
Hello Will
Since you have reformatted, it looks like your thread is solved then. Would you please mark your last post as the solution so that everyone will know that your thread is solved? Thanks.