Problems with Norton

[takumi_68]

ok, i have windows XP home edition , and i have a norton firewall and antivirus, i have it on so that it loads on start up. But, sometimes (gettting more and more frequent) they'll load up, but the autoprotectection wont come on and it slows my comp. right down. I have to shut down, wait two minutes for it to completly turn off, and boot up again. I cleaned my system of spyware and all that crap, but it still seems to be happening. any idea how i can fix this?

here is my HiJack This log

Logfile of HijackThis v1.97.7
Scan saved at 8:31:56 PM, on 4/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\JRun4\bin\jrunsvc.exe
C:\JRun4\bin\jrunsvc.exe
C:\JRun4\bin\jrun.exe
C:\JRun4\bin\jrunsvc.exe
C:\JRun4\bin\jrun.exe
C:\JRun4\bin\jrun.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TBPanel.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Documents and Settings\Jamel\My Documents\Kazoom\KaZooM.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\NORTON~3\navapw32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\K-Lite Codec Pack\real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SlimBrowser\sbrowser.exe
C:\Documents and Settings\Jamel\My Documents\MISC\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = wmplayer.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Documents and Settings\Jamel\My Documents\MISC\Spybot\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [KaZooM] C:\Documents and Settings\Jamel\My Documents\Kazoom\KaZooM.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\DOCUME~1\Jamel\MYDOCU~1\MYRECE~1\progs\AVG\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\DOCUME~1\Jamel\MYDOCU~1\MYRECE~1\progs\AVG\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~3\navapw32.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\K-Lite Codec Pack\real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite K++\kpp.exe" "C:\Program Files\Kazaa Lite K++\KazaaLite.kpp" /SYSTRAY
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Documents and Settings\Jamel\My Documents\My Received Files\progs\MRU-Blaster\mrublaster.exe
O4 - Startup: Shortcut to cleanXP.lnk = C:\Documents and Settings\Jamel\My Documents\progs\PurgeIEpro\cleanXP.cmd
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Maintain Block List... - c:\DOCUME~1\jamel\MYDOCU~1\MYRECE~1\maintain.htm
O8 - Extra context menu item: Add to &Block List... - c:\DOCUME~1\jamel\MYDOCU~1\MYRECE~1\suppress.htm
O8 - Extra context menu item: Add to &Exclude List... - c:\DOCUME~1\jamel\MYDOCU~1\MYRECE~1\restrict.htm
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: AdShield (HKCU)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38056.8722685185
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab

 

[eddie5659]

Hiya

Have you done all that was in this thread:

http://forums.techguy.org/showthread.php?t=219512

If so, do this:

Go to Run and type MSINFO32
On the left choose Software Enviroment, then Startup Programs. Copy/paste the list here.

Regards

eddie

 

[takumi_68]

yes i did all that. here's the startup list though.


AVG7_Run c:\docume~1\jamel\mydocu~1\myrece~1\progs\avg\avgw.exe /runonce NT AUTHORITY\LOCAL SERVICE HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AVG7_Run c:\docume~1\jamel\mydocu~1\myrece~1\progs\avg\avgw.exe /runonce NT AUTHORITY\NETWORK SERVICE HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AVG7_Run c:\docume~1\jamel\mydocu~1\myrece~1\progs\avg\avgw.exe /runonce DARREN-TMI11QLH\Diana HKU\S-1-5-21-789336058-1708537768-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ClockSync c:\progra~1\clocks~1\sync.exe /q DARREN-TMI11QLH\Jamel HKU\S-1-5-21-789336058-1708537768-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Gainward c:\windows\tbpanel.exe /a All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IMEKRMIG6.1 c:\windows\ime\imkr6_1\imekrmig.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IMJPMIG8.1 c:\windows\ime\imjp8_1\imjpmig.exe /spoil /remadvdef /migration32 All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IntelliPoint "c:\program files\microsoft intellipoint\point32.exe" All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Lexmark X83 Button Manager c:\progra~1\lexmar~1\acbtnmgr_x83.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Lexmark X83 Button Monitor c:\progra~1\lexmar~1\acmonitor_x83.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MRU-Blaster Silent Clean mru-blaster silent clean.lnk DARREN-TMI11QLH\Jamel Startup
MSPY2002 c:\windows\system32\ime\pintlgnt\imscinst.exe /sync All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MessengerPlus2 "c:\program files\messenger plus! 2\msgplus.exe" /winstart DARREN-TMI11QLH\Jamel HKU\S-1-5-21-789336058-1708537768-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MessengerPlus2 "c:\program files\messenger plus! 2\msgplus.exe" All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NAV Agent c:\progra~1\norton~3\navapw32.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NeroCheck c:\windows\system32\nerocheck.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvCplDaemon rundll32.exe c:\windows\system32\nvcpl.dll,nvstartup All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvMediaCenter rundll32.exe c:\windows\system32\nvmctray.dll,nvtaskbarinit DARREN-TMI11QLH\Jamel HKU\S-1-5-21-789336058-1708537768-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvMediaCenter rundll32.exe c:\windows\system32\nvmctray.dll,nvtaskbarinit All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PHIME2002A c:\windows\system32\ime\tintlgnt\tintsetp.exe /imename All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PHIME2002ASync c:\windows\system32\ime\tintlgnt\tintsetp.exe /sync All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PrinTray c:\windows\system32\spool\drivers\w32x86\3\printray.exe All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Shortcut to cleanXP shortcut to cleanxp.lnk DARREN-TMI11QLH\Jamel Startup
TkBellExe c:\program files\k-lite codec pack\real\update_ob\realsched.exe -osboot All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ccApp "c:\program files\common files\symantec shared\ccapp.exe" All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ccRegVfy "c:\program files\common files\symantec shared\ccregvfy.exe" All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
desktop desktop.ini NT AUTHORITY\SYSTEM Startup
desktop desktop.ini DARREN-TMI11QLH\Jamel Startup
desktop desktop.ini DARREN-TMI11QLH\Diana Startup
desktop desktop.ini .DEFAULT Startup
desktop desktop.ini All Users Common Startup
nwiz nwiz.exe /install All Users HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

 

[eddie5659]

Okay, lets see....

AVG7_Run: Part of AVG Anti-Virus 7.0. Keep

ClockSync: ClockSynck - synchronizes your system clock with an internet time server. It's by WhenU, the makers of the Save Now spyware, and they're usually seen in tandem, so it's advised to replace it with one of may spyware free alternatives available

Gainward: Configuration utility for Gainward graphics cards. Not required unless you use non-default settings. Available via Start -> Settings -> Control Panel. Up to you

IMEKRMIG6.1: Part of MS Input Method Editor which is used to ease the input of Asian characters in MS Office (Chinese, Japanese and this one is Korean). Not needed

IMJPMIG8.1: Part of MS Input Method Editor which is used to ease the input of Asian characters in MS Office (Chinese, Korean and this one is Japanese). Not needed

IntelliPoint: Microsoft Intellipoint software for their Intellimouse series of mice - required if you use non-standard Windows driver features. Up to you

Lexmark X83 Button Manager: Not sure, leave

Lexmark X83 Button Monitor: Not sure, leave

MRU-Blaster Silent Clean: MRU-Blaster scheduler - detects and cleans MRU (most recently used) lists on your computer. Up to you

MSPY2002: Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word. Not needed

MessengerPlus2: Third party MSN Messenger extension that hides banner ads and adds archiving and other useful features. Appears not to work unless checked, but may be activated after startup. Not recommended as it includes Lop.com - see here

http://www.spywareinfo.com/newsletter/archives/june-2003/3.php

Not needed

NAV Agent: Introduced with Norton Anti-Virus 2002 to replace Norton Auto-Protect and Norton eMail Protect. Leaving "Auto-Protect", "E-mail Scanning" and "Script Blocking" enabled doesn't seem to slow the system down. Keep

NeroCheck: Associated with "Nero Burning Rom" CD writing software. Checks for driver issues. Up to you

NvCplDaemon: Intializes the clock and memory settings on nVidia based graphics cards. Enable if you overclock your card. Up to you

NvMediaCenter: System Tray icon used to manage settings for nVidia based graphics cards. May be required for some 3D applications to recognize your card correctly - such as the game "Everquest". Otherwise, settings can be changed manually via Display Properties. Up to you

PHIME2002A: Part of Microsoft's Input Message Editor (IME) for translating Japanese/Chinese text in IE, Outlook and Word. Not needed

PrinTray: Lexmark/Compaq printer icon in the System Tray for quick access. Not required - uncheck via Printer configuration rather than MSCONFIG. See also LexmarkPrintray and CompaqPrinTray. Not needed

TkBellExe: Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it.

http://www.mikescomputerinfo.com/TkBellExe.htm

Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK

Not needed

ccApp: Part of Norton AntiVirus 2003. Auto-protect and E-mail check will not function without this. Keep

ccRegVfy: Part of Norton AntiVirus 2003. "ccRegVfy.exe is responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack". Keep

nwiz: Associated with the newer versions of nVidia graphics cards drivers. Allows you to immensely improve desktop layouts by setting preferences and optimizations. However, this isn't necessary for the operation of your system. Not needed



Go to Start | Run and type MSCONFIG, startup tab. Uncheck all that you don't want, apply and restart.

As for the spyware bit that I have marked in Bold do this:

Download Spybot - Search & Destroy from http://security.kolla.de

After installing, first press Online, and search for, put a check mark at, and install all updates.
Next, close all Internet Explorer and OE windows, hit 'Check for Problems', and have SpyBot remove all it finds.

Then, Go here for the free Ad-aware 6 Personal Build 181: http://www.lavasoft.de/support/download/

Then please launch the program ... on the start-up screen, you will need to first run the Webupdate Feature (globe at the top), or click "check for updates" on the start screen to get the Reference File up to date.

Please use either the Custom Scan with Memory and Both registry scans ON. Also.... make sure that you activate IN-DEPTH scanning.

Then, see that you have these options checked:
Under Ad-aware 6 Settings, Tweaks, Scanning Engine:
"Unload recognized processes during scanning."
Under Ad-aware 6 Settings, Tweaks, Cleaning Engine:
"Automatically try to unregister objects prior to deletion."
"Let Windows remove files in use after reboot."

Next ...

Run Ad-aware 6.
Mark the objects you wish to eliminate for removal. There are many options available with a right-click.
Make a Quarantine only if you do not have the Auto-Quarantine option ON.
Then choose "Next" to remove the chosen objects.
Finally ... Reboot





That ought to get rid of most of your spyware.



When you've done all that, go to www.spychecker.com/program/hijackthis.html , and download 'Hijack This!'.
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please copy & paste its contents to the forum.

It will possibly show other issues deserving our attention, but most of what it lists will be harmless or even required, so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.

eddie

 

[takumi_68]

thank you.

 

[Triple6]

After following the above instructions, here's some more tips:

AVG and Norton may be conflicting with each other, my recommendation would be to pick one and disable/uninstall the other.

Taking Kazaa Lite out of start-up will also help alot, there's little need for it to run at startup and constantly slow down your PC and internet connection.

 

[aam94]

I had a similar problem..
Now I only have a select few items in my start up..
makes for a fast startup..

 

[takumi_68]

yeah i did uninstall AVG, but it still leaves around a few tracks....

 

[aam94]

AVG ..easy enough to delete tracks.. go into registry -find- AVG.. delete accordingly .
then you could double check with a reg cleaner if you are not satisfied