Norton Security Scan

[Returnofmic]

For some reason, Norton Security Scan is on my computer. I've removed the actual program.

However, I still have the icon for it;

 

 

Whenever I try to do (pretty much) anything to it, it says I need Admin Superpowers to do it; (Rename it, move it etc)

 

 

I am the only user on this computer, and I am the administrator, so I really don't know what to do.

Does anyone have some sort of idea as to what to do?

[i do apologize if this is in the wrong section, not sure if it goes here or in the "Keyloggers" sub-forum. Just figured I'd get better responses here.]

[obfuscator]

So you basically just have the icon on your desktop then? Can you post a hijack this log?

 

Also, the keylogger forum is only for fixes to keyloggers posted on the board :P

[Returnofmic]

So you basically just have the icon on your desktop then? Can you post a hijack this log?

 

Yes, and sorry, but what's a "Hijack this log"?

[obfuscator]

http://free.antivirus.com/hijackthis/

 

You run it and it lists all processes running on your computer. It's useful to see if there's anything malicious.

 

Have you tried deleting it manually from your desktop folder?

 

C:\Users\usernamehere\Desktop\ - for windows 7 at least, may be different for XP.

[Corvus]

Norton is somewhat infamous for making their software impossible to completely uninstall by normal users, especially Security Scan as it is essentially their advertising program using scareware and malware tactics, because it requires another program to be downloaded from a somewhat hidden page on their website to actually do it.(for most of their software their support site wont even tell you how to uninstall it unless you perform a search on the somewhat out of the way search portion of their support page)

Here is a link to one of the pages where they have links to download the program (It uninstalls all Norton software on your computer, so make sure you have your liscense key if you are using an actual copy of Norton): http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20090910004050EN depending on which version of windows and your settings you use you may have to save it to your desktop, and right click it for the option to run it as an administrator. (this program does not actually officially support removal of Security Scan, but it may fix the issue)

[obfuscator]

Really? I've never had problems removing their software...

[Returnofmic]

@Y_Guy

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:54:14, on 2010-10-17

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.7930.16406)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng[Caution: Executable File]

C:\Windows\system32\Dwm[Caution: Executable File]

c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost[Caution: Executable File]

C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32[Caution: Executable File]

C:\Windows\Explorer[Caution: Executable File]

C:\Program Files\Windows Defender\MSASCui[Caution: Executable File]

C:\Program Files\Motorola\SMSERIAL\sm56hlpr[Caution: Executable File]

C:\Program Files\Synaptics\SynTP\SynTPEnh[Caution: Executable File]

C:\Windows\RtHDVCpl[Caution: Executable File]

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif[Caution: Executable File]

C:\Program Files\HP\QuickPlay\QPService[Caution: Executable File]

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL[Caution: Executable File]

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain[Caution: Executable File]

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg[Caution: Executable File]

C:\Program Files\Alwil Software\Avast5\AvastUI[Caution: Executable File]

C:\Advanced Wheel Mouse\wh_exec[Caution: Executable File]

C:\Program Files\Windows Sidebar\sidebar[Caution: Executable File]

C:\Windows\ehome\ehtray[Caution: Executable File]

C:\Program Files\Windows Live\Messenger\msnmsgr[Caution: Executable File]

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware[Caution: Executable File]

C:\Program Files\uTorrent\uTorrent[Caution: Executable File]

C:\Program Files\Rainmeter\Rainmeter[Caution: Executable File]

C:\Program Files\Windows Media Player\wmpnscfg[Caution: Executable File]

C:\Windows\System32\mobsync[Caution: Executable File]

C:\Windows\system32\wbem\unsecapp[Caution: Executable File]

C:\Program Files\Hewlett-Packard\Shared\HpqToaster[Caution: Executable File]

C:\Windows\ehome\ehmsas[Caution: Executable File]

C:\Program Files\Google\Chrome\Application\chrome[Caution: Executable File]

C:\Program Files\Google\Chrome\Application\chrome[Caution: Executable File]

C:\Program Files\Google\Chrome\Application\chrome[Caution: Executable File]

C:\Program Files\Google\Chrome\Application\chrome[Caution: Executable File]

C:\Program Files\Trend Micro\HiJackThis\HiJackThis[Caution: Executable File]

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tip.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SE&c=73&bd=Pavilion&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_SE&c=73&bd=Pavilion&pf=laptop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

R3 - URLSearchHook: Runescape Toolbar - {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files\Runescape\tbRune.dll

O1 - Hosts: ::1 localhost

O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Runescape Toolbar - {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files\Runescape\tbRune.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll

O3 - Toolbar: Runescape Toolbar - {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files\Runescape\tbRune.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui[Caution: Executable File] -hide

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr[Caution: Executable File]

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh[Caution: Executable File]

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl[Caution: Executable File]

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif[Caution: Executable File]

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService[Caution: Executable File]"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl[Caution: Executable File] /Start

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain[Caution: Executable File]

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg[Caution: Executable File]

O4 - HKLM\..\Run: [CognizanceTS] rundll32[Caution: Executable File] c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule

O4 - HKLM\..\Run: [RegCtrl32] C:\Windows\system32\regedit32[Caution: Executable File]

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI[Caution: Executable File] /nogui

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32[Caution: Executable File] C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [WheelMouse] C:\ADVANC~1\wh_exec[Caution: Executable File]

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher[Caution: Executable File]

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar[Caution: Executable File] /autoRun

O4 - HKCU\..\Run: [ehTray[Caution: Executable File]] C:\Windows\ehome\ehTray[Caution: Executable File]

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr[Caution: Executable File]" /background

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware[Caution: Executable File]

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG[Caution: Executable File]

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent[Caution: Executable File]"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar[Caution: Executable File] /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32[Caution: Executable File] oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar[Caution: Executable File] /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter[Caution: Executable File]

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL[Caution: Executable File]/3000

O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: http://world117.runescape.com

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: APSHook.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService[Caution: Executable File]

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc[Caution: Executable File]

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc[Caution: Executable File]

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc[Caution: Executable File]

O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder[Caution: Executable File]

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc[Caution: Executable File]

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched[Caution: Executable File]

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb[Caution: Executable File]

O23 - Service: Tjänsten Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate[Caution: Executable File]

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service[Caution: Executable File]

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex[Caution: Executable File]

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon[Caution: Executable File]

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT[Caution: Executable File]

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc[Caution: Executable File]

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc[Caution: Executable File]

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9[Caution: Executable File]

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec[Caution: Executable File]

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService[Caution: Executable File]

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr[Caution: Executable File]

O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService[Caution: Executable File],-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService[Caution: Executable File]

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32[Caution: Executable File]

 

--

End of file - 10443 bytes

 

 

 

@wyvren2000

Thanks, but it doesn't seem like that did anything :huh:

 

EDIT: Off-topic, seeing all these processes, is there a way to easily turn them of?

[obfuscator]

Did you try deleting it from the desktop folder?

 

Most of the processes are important to the system, you can kill them from task manager but I wouldn't recommend it.

[Returnofmic]

Did you try deleting it from the desktop folder?

 

I can't, it doesn't show up.

[obfuscator]

Huh. Well it doesn't really appear to be doing anything, so I'd probably just leave the icon there lol.

[Returnofmic]

Huh. Well it doesn't really appear to be doing anything, so I'd probably just leave the icon there lol.

 

Heh, yeah, doesn't really do anything, just annoys me :thumbdown:

[obfuscator]

Well I know of some programs that allow you better control over deleting stuff like that but to be honest it's just not worth the time if it's purely cosmetic..

 

And of course you could always contact norton support for help.

[VARN]

It looks like Norton security scan has a problem with it reinstalling automatically on reboot; try these possible solutions.

 

EDIT: Off-topic, seeing all these processes, is there a way to easily turn them of?

 

I use CCleaner to remove startup entries.

[Corvus]

Try hitting F5 while on your desktop as it may be an issue that some piece of software disabled your desktop's auto refresh.(which requires editing the registry to fix)

Edited October 18, 2010 by Laura
Double post. ;)