[Annorax]

Hello all. I've had Norton Antivirus Corporate edition version 7.01 for many years now, and just recently I scanned my computer and found over 4000 viruses! But they were very minor and in some temp files, so I removed them.

But now, Norton Antivirus runs very, very slow. During startup, it's fine. But if I double click the icon to load it into a window, it takes forever. Every operation in the program now takes ages to do. The computer's "thinking" LED doesn't do anything, the computer just sits there for a while as if it has to parse a lot of info. It is very annoying to run since it's sooooo slow.

Could anyone offer me any advice on how to fix this? Thanks.

 

[mobo]

Please get Spybot S&D to clear out any spyware.
http://www.safer-networking.org/index.php?page=mirrors

Install the program and open it.

Before doing any scanning click Online and Search for Updates .
Put a check mark at and install all updates .
Click Check for Problems nd when the scan is finished have Spybot fix all it finds marked in red .

Then after reboot :
Download 'Hijack This! http://www.spychecker.com/program/hijackthis.html
Unzip, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the " scan " button will change into a " save log " button.
Press that, save the log , load it in Notepad, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

 

[Annorax]

I ran Spybot and erased the red marked items. This is the output of the 2nd program you said to run:

Logfile of HijackThis v1.97.7
Scan saved at 23:37:40, on 3/28/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\ActiveBuddy\BuddyScript SDK\bin\bmd.exe
C:\WINNT\System32\cisvc.exe
C:\PROGRA~1\Navnt\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\Matlab\webserver\bin\win32\matlabserver.exe
C:\PROGRA~1\Navnt\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\Program Files\TDK\InCD\InCD.exe
C:\Program Files\IntelliMouse\point32.exe
C:\WINNT\system32\LXSUPMON.EXE
C:\PROGRA~1\Navnt\vptray.exe
C:\WINNT\System32\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\MSI\PC Alert III\alert.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\PopUpKiller\PopUpKiller.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
E:\Program Files\WeatherBug\WeatherBug.exe
C:\Documents and Settings\user\Start Menu\Programs\Misc. Stuff\TransparentB.exe
C:\Documents and Settings\user\Start Menu\Programs\Startup\eDexter.exe
C:\WINNT\System32\cidaemon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\SlimBrowser\sbrowser.exe
C:\Program Files\Overnet\overnet.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe

O1 - Hosts: 195.249.40.108 asp.flaaten.dk
O1 - Hosts: 195.249.40.108 www.flaaten.dk
O1 - Hosts: 209.123.205.211 i.dslr.net
O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PMXInit] C:\WINNT\system32\pmxinit.exe -SetupRunOnce
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\TDK\InCD\InCD.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINNT\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\Navnt\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [axperff] C:\WINNT\system32\axperff.exe
O4 - HKLM\..\Run: [3drampd] C:\WINNT\system32\3drampd.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [Tray Temperature] E:\Program Files\WeatherBug\WeatherBug.exe 1
O4 - HKLM\..\RunServices: [RunAlert] C:\Program Files\MSI\PC Alert III\AService.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Desktop Architect] "C:\Program Files\Desktop Architect\datray.exe" -S
O4 - HKCU\..\Run: [seticlient] C:\Program Files\[email protected]\[email protected] -min
O4 - HKLM\..\RunOnce: [PMXInit] C:\WINNT\system32\pmxinit.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Weatherbug in Celsius.lnk = E:\Program Files\WeatherBug\WeatherBug.exe
O4 - Startup: TransparentB.lnk = C:\Documents and Settings\user\Start Menu\Programs\Misc. Stuff\TransparentB.exe
O4 - Startup: eDexter.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PC Alert III.lnk = C:\Program Files\MSI\PC Alert III\alert.exe
O4 - Global Startup: WeatherBug.lnk = C:\Program Files\AWS\WeatherBug\Weather.exe
O4 - Global Startup: PopUp Killer.lnk = C:\Program Files\PopUpKiller\PopUpKiller.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://205.159.125.199/central/02030106/cccabs/CleverContent.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.7.150/01738b90569a009ba618/netzip/RdxIE.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181/chaincast/proxy/CCMP.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} - http://download.weatherbug.com/minibug/tricklers/AWS/minibuginstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37647.3617361111
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://autos.msn.com/components/ocx/autopricer/autopricer.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://216.65.38.226/crack.CAB

I'm not sure what spyware has to do with this, but I appreciate your help.

 

[mobo]

Rescan and put a check next to each of these then close all browser windows and click "fix checked"

O1 - Hosts: 195.249.40.108 asp.flaaten.dk

O1 - Hosts: 195.249.40.108 www.flaaten.dk

O1 - Hosts: 209.123.205.211 i.dslr.net

O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file)

O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\System32\qttask.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WeatherBug.lnk = C:\Program Files\AWS\WeatherBug\Weather.exe

O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://216.65.38.226/crack.CAB

---------------------------------------------------------------------------------------
Do you know what these are ?

O4 - HKLM\..\Run: [axperff] C:\WINNT\system32\axperff.exe

O4 - HKLM\..\Run: [3drampd] C:\WINNT\system32\3drampd.exe

 

[Annorax]

Aren't these needed for the computer to run? I use Nero CD burner, Office, and Weatherbug. Will doing this remove these things? And why fix just these, why not any of the others?

O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\System32\qttask.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: WeatherBug.lnk = C:\Program Files\AWS\WeatherBug\Weather.exe

As for those 2 you listed, I do not know them. Do you know where I could find out about them?

 

[mobo]

The weather can stay if you wish to keep it but you are safe to remove all the rewst as those programs will still work. Its just removing the startup entry. They are not needed to load on startup which they are.

You can check the other files out here http://www.kaspersky.com/remoteviruschk.html

 

[Annorax]

I'm working this right now, but I'm not sure I get this. The program loads perfectly fine when Windows starts up. But say, after startup when I am using the computer for normal use, Norton runs incredibly sluggishly (but the hard drive LED remains off). This happened ever since I found about 4000 really minor viruses on my machine.

How will removing spyware solve this? It seems like it has to load alot and parse alot when it runs....