1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Symantec Antivirus Problem

Discussion in 'General Security' started by Evalyn, Jan 3, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. Evalyn

    Evalyn Thread Starter

    Joined:
    Jan 3, 2011
    Messages:
    12
    Have uninstalled Nortons Symantec Antivirus but now everytime I right click in any program the Antivirus attempts to reinstall itself. How can I fix this :confused:
     
  2. TheShooter93

    TheShooter93 Malware Specialist

    Joined:
    Jul 9, 2008
    Messages:
    11,242
    First Name:
    Cody
  3. Evalyn

    Evalyn Thread Starter

    Joined:
    Jan 3, 2011
    Messages:
    12
    I ran the Nortons removal tool to uninstall the program in the first place but when I try to remove it from Add/Remove it wants a password which I can't remember. Any other Suggestions?

    Thanks for responding so quickly Theshooter93
     
  4. TheShooter93

    TheShooter93 Malware Specialist

    Joined:
    Jul 9, 2008
    Messages:
    11,242
    First Name:
    Cody
  5. Evalyn

    Evalyn Thread Starter

    Joined:
    Jan 3, 2011
    Messages:
    12
    Hi The Shooter 93

    I tried using your link to Revo uninstaller but I no longer have the help of my computer literate brother-in-law who lives in a different state. The message that came up was "Your download will start soon" then a new page that gave me a lot of product options from Cnet but there doesnt seem to be any way of continuing the download process.

    I am an "old" beginner which is what got me in trouble in the first place. I had accidently installed Imesh and Alot which has made my computer run at a snails pace. My brother-in-law thinks he's cleaned them up but I am back home now and so I have to try "fly solo". These two programs seem to be gone (fingers crossed) but the running is only moderately improved

    I got my computer second hand from a friend with Symantec Antivirus already installed. It kept coming up with a bubble message saying it was inactive which Alan said was one of the things slowing down my computer as it was trying to load. That was why he started to remove it but going through the usual add/remove program required the key that I don't have. My friend who gave me the computer has moved to Bruni so....no key!

    I am now really wary of downloading ANYTHING on my own so with Revo not making it simple I'm not sure what to do

    Thanks for your patience. I am trying to move out of the stone age but us old girls come from the pre digital tech era so it's so much harder for us to pick this stuff up.

    Cheers
    Evalyn
     
  6. TheShooter93

    TheShooter93 Malware Specialist

    Joined:
    Jul 9, 2008
    Messages:
    11,242
    First Name:
    Cody
    Symantec running will definitely slow the computer down, though I find it odd it's requiring that key.

    Do you happen to have a Recovery CD or Windows XP CD?

    --------------------------------------------------

    Now about Revo Uninstaller, you should just be able to click "Download Now". Then when it gets to the page that says "your download will start soon", wait for a download box to appear. If it does not, look at the top of Internet Explorer for a gold bar mentioning the blocking of a pop-up. This may be the reason the download box does not appear.
     
  7. Evalyn

    Evalyn Thread Starter

    Joined:
    Jan 3, 2011
    Messages:
    12
    Thanks Shooter93

    I managed to install Revo Uninstaller and successfully went through the process to uninstall Symantec Antivirus but my initial problem remains.

    When I right click in any program an Install Shield Wizard begins to reinstall Symantec Antivirus.

    While I was uninstalling with Revo the Symantec uninstall wizard came up again and when I went through its process it stopped me by requesting the password. So I cancelled it and continued the uninstall process with Revo.

    According to Revo I'm done but this Wizard still doggedly remains and wont let me use my right click. :eek:
    The good news is my computer is behaving better. Is there a way of dumping this wizard or do I just have to put up with. I can still use right click actions after I've stopped the wizard's installation process. It's just very annoying and I have to be on my guard to hit cancel quickly as the installation is fast.

    Thanks for your persistence
    Evalyn
     
  8. TheShooter93

    TheShooter93 Malware Specialist

    Joined:
    Jul 9, 2008
    Messages:
    11,242
    First Name:
    Cody
    Try going to C:\Program Files\Norton and deleting it.

    Then reboot your computer.

    ----------------------------------------------

    Also, right-click your taskbar, click "Task Manager."

    Click the Processes Tab.

    See is Symantec/Norton is currently running.

    ----------------------------------------------

    If the software is uninstalled to the degree that you do not have antivirus protection, I suggest downloading Microsoft Security Essentials.
     
  9. Evalyn

    Evalyn Thread Starter

    Joined:
    Jan 3, 2011
    Messages:
    12
    Hi again The Shooter93

    This is really strange. Norton or Symantec doesn't appear anywhere on my computer nor is it running in the taskbar. I looked under C:\Program Files\Norton and did a search for it all over the computer, then tried a search under Norton Install Shield Wizard.

    Did find a folder inside Program File folder called Instal Shield Installation Information and inside this there were a number of folders with long numerical/alphabetical names but none of these had any references to Norton or Symantec. They each had an icon named Setup Install Shield (R) Setup Launcher, then a file version and some had Macrovision in the name

    One thing I noticed is that when I try right clicking, the first little box that comes up has Windows Installer on the top then it changes to Symantec Antivirus Shield Wizard.

    The other thing that might have something to do with it is that this computer is an ex-education departmant unit and still has 4 servers installed. Would they be trying to load as well? Would it help if I dump these and if yes how do I do it?
    They are labelled in My Computer as:

    students$ on 'hpsserver' (R:)
    staff$ on 'hpsserver' (V:)
    Group on 'hpsserver' (Y:)
    CDs on 'hpsserver' (S:)

    Thanks again The Shooter93.
    Evalyn

    PS: My son installed AVG for me prior to Xmas so I have Virus protection. I also have spybot
     
  10. TheShooter93

    TheShooter93 Malware Specialist

    Joined:
    Jul 9, 2008
    Messages:
    11,242
    First Name:
    Cody
    If there is no Program Folder for Norton or Symantec, yet you're still able to uninstall it using Revo Uninstaller, then it is obviously partly still on your system.

    Since you can't uninstall the program without entering a key of some sort, I suggest installing a fresh OS.

    Normally, I wouldn't suggest this since it's a bit extreme for a problem like this, but I'm all out of ideas at the moment. I will ask around and see if anyone has other ideas for you.

    Do you have a System Recovery CD or a Windows XP CD?

    ----------------------------------------------

    Also, did you try installing Microsoft Security Essentials?
     
  11. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    Please click HERE to download and install HijackThis.

    Run it and select Do a system scan and save a logfile from the Main Menu.

    The log will be saved in Notepad. Copy and paste the log in your next post.

    IMPORTANT: Do not fix anything
     
  12. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,796
    If you can't run HijackThis in Normal Mode, reboot the computer into Safe Mode and run the program again.
     
  13. TheShooter93

    TheShooter93 Malware Specialist

    Joined:
    Jul 9, 2008
    Messages:
    11,242
    First Name:
    Cody
    Phantom010 is a Trusted Advisor with a lot more knowledge and experience than I have. He'll be able to help you out from here, good luck. :)

    (I will be keeping tabs on this thread, just in case I come up with another idea or something along those lines).
     
  14. Evalyn

    Evalyn Thread Starter

    Joined:
    Jan 3, 2011
    Messages:
    12
    Thanks for trying to help me The Shooter93. If nothing else, I've learnt heaps from you. Phantom 010 has offered to help so maybe we will get to the bottom of this.

    Good luck with your future plans.
    Evalyn
     
  15. Evalyn

    Evalyn Thread Starter

    Joined:
    Jan 3, 2011
    Messages:
    12
    Hi Pantom 010

    Thanks for wading into the fray

    Here is the log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:55:57 AM, on 9/01/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\System32\QCONSVC.EXE
    C:\WINDOWS\System32\TPHDEXLG.EXE
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
    C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
    C:\WINDOWS\system32\TpScrLk.exe
    C:\IBMTOOLS\UTILS\ibmprc.exe
    C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
    C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101849&gct=&gc=1&q=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101849&gct=&gc=1&q=%s
    R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
    O2 - BHO: ALOT Toolbar BHO - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\alot.dll (file missing)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
    O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
    O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (file missing)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\system32\TpScrLk.exe
    O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
    O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
    O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236127832226
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
    O20 - AppInit_DLLs:
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
    O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
    O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
    O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
    O23 - Service: SAVRoam (SavRoam) - Unknown owner - C:\Program Files\Symantec AntiVirus\SavRoam.exe (file missing)
    O23 - Service: IBM HDD APS Logging Service (TPHDEXLGSVC) - IBM Corporation - C:\WINDOWS\System32\TPHDEXLG.EXE
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
    --
    End of file - 8447 bytes
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/972525

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice