| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 110566 | 2010-06-22 23:10:00 | Symantec AntiVirus | NZHawk (4093) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1112659 | 2010-06-23 01:43:00 | My personal experience with Spyware Doctor is rubbish - every PC I see it on it is just crippling the PC, using stupid amounts of system resources. And symantec own it now. Highly recommend NOD32 + malwarebytes to remain protected + the programs Speedy recommends for actually removing the infection in the first place, if it's dug in deep. :2cents: THIS!!! |
SolMiester (139) | ||
| 1112660 | 2010-06-23 02:18:00 | Norton AV is not very good for blocking malware/spyware . Norton internet security can also make older/slower PC's run like a pig . Unfortunately , there is no Perfect AV, they all can/do miss some spyware/viruses . , but some are much worse than others . The best (often unpractical ) prevention is being savvy to what you are doing, what websites you go to, what emails you open, whose USB stick you plug in, what pirated files you download . This method doesnt work on shared/work/teenagers PC's :-) cleanup: Download & run SpywareDoctor from Major Geeks (it has a slightly better detection rate than Mbytes) . Update it a few times 1st & rebbot . Keep running these scanners untill they come up clean (may take a few passes) Uninstall Spywaredoctor when finished (not allways 100% stable) Definitley run Malwarebytes as well . Download either kaspersky AV(only) trial or perhaps Avir & AV scan pc as well . tp://www . free-av . com/en/index . html Also run 'hijack this' (be careful) available from 'Major Geeks' empty Windows\prefetch check hosts file default IE, empty temp internet files, del temp files disable system restore(re-enable when finished) check win firewall, check firewall exceptions sometimes some 'services' need re-enabling after infections (services . msc) rare but can happen . . . if you have a rootkit that cant be detected by Malwarebytes & spywaredoctor , then run latest tdskiller . exe (sorry no link for that one handy) If you have given Norton your credit card details, expect ongoing annual charges regardless . Hmmmm . . . . Doesn't Spyware Doctor require purchasing a license key to actually remove anything it finds? Surely you're not suggesting the OP buys a key and then uninstall the app? I used to be a Spyware Doctor fan back in the day too, but a combination of NOD32 used with Malwarebytes, SuperAntiSpyware and Spyware Terminator (plus HJT if needed) will remove just about anything . And there are some nasty pieces of malware like Virut that essentially bork your system to the extent you need to rebuild it, even once it's been removed . |
nofam (9009) | ||
| 1112661 | 2010-06-23 03:00:00 | Hmmmm . . . . Doesn't Spyware Doctor require purchasing a license key to actually remove anything it finds? Surely you're not suggesting the OP buys a key and then uninstall the app? I used to be a Spyware Doctor fan back in the day too, but a combination of NOD32 used with Malwarebytes, SuperAntiSpyware and Spyware Terminator (plus HJT if needed) will remove just about anything . And there are some nasty pieces of malware like Virut that essentially bork your system to the extent you need to rebuild it, even once it's been removed . i'd add tdsskiller to your arsenal for those hard to find rootkits . :2cents: & rant :badpc: I'm talking about cleanup, not protection . These programs effectivness seems to change every year (aargh) Spywaredoctor still have 100% free version if you use the MajorGeeks link . Run the update & get v6 . It also all depends on the settings . AV set to scan all files will find more than AV set to quickscan . Some also give too many false positives (Avir) or show multiple infections that turn out to be just cookies etc Ive tried allmost everything I can get my hands on(still looking) . Spywaredoc usually detects more hard to detect infections than the others, just what Ive seen -results may vary :punk NOD hasnt overly impressed me, aprt from being stable & fast & a good price . Disappointing when freeware(Mbytes) has better malware removal than pay AV programs (not just NOD) Also seems to loose registration info on server installs(whats up with that) Problem is not anything better for Business/corporates ????? |
sroby (11519) | ||
| 1112662 | 2010-06-23 03:37:00 | Thank you to all the respondeez. What I have done is: turn off system restore uninstalled all Symantec, Live Update & Norton products. I installed, updated MS Security Essentials & scan: clean here is the HJT log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 2:32:48 p.m., on 23/06/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18928) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Toshiba\ConfigFree\NDSTray.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Toshiba\Power Saver\TPwrMain.exe C:\Program Files\Toshiba\SmoothView\SmoothView.exe C:\Program Files\Toshiba\FlashCards\TCrdMain.exe C:\Program Files\TrueSuite Access Manager\FpNotifier.exe C:\Program Files\TrueSuite Access Manager\usbnotify.exe C:\Program Files\TrueSuite Access Manager\PwdBank.exe C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\TrueSuite Access Manager\CssSvr.exe C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Microsoft Security Essentials\msseces.exe C:\Users\user\Desktop\2 Cleaning Tools\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stuff.co.nz/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\s wg.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [FingerPrintNotifer] "C:\Program Files\TrueSuite Access Manager\FpNotifier.exe" O4 - HKLM\..\Run: [UsbMonitor] "C:\Program Files\TrueSuite Access Manager\usbnotify.exe" O4 - HKLM\..\Run: [PwdBank] "C:\Program Files\TrueSuite Access Manager\PwdBank.exe" O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7 709873947E87.dll/cmsidewiki.html O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: acaptuser32.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Authentec memory manager service (Authentec memory manager) - AuthenTec Inc. - C:\Windows\system32\TAMSvr.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c95c2b2aa7a601) (gupdate1c95c2b2aa7a601) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 11935 bytes |
NZHawk (4093) | ||
| 1112663 | 2010-06-23 03:44:00 | Tick these these tick fix checked Close browsers O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) Uninstall askbar O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide This is a trojan (www.sophos.com). Use trojan remover update it if this is 32 bit. Then click on scan, then select all options under utils O4 - HKCU\..\Run: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe If Java isnt 6 update 20, uninstall all versions of Java, then update it |
Speedy Gonzales (78) | ||
| 1112664 | 2010-06-23 05:39:00 | Symantec Antivirus or Norton Antivirus? Is it a home or work machine? | Alex B (15479) | ||
| 1112665 | 2010-06-23 22:12:00 | Symantec AntiVirus | NZHawk (4093) | ||
| 1112666 | 2010-06-24 00:49:00 | Symantec is not a bad product all up. Bit weird for a home user to be using it though. | Alex B (15479) | ||
| 1 2 | |||||