Topic: one of my security programs was damaged by virus and now I cannot uninstall it.

[cobaltazule]

   Samker, are you there my friend.
I need you and the SCF team again!
A couple of weeks ago a smitfraud virus got past my defenses and attacked my system. I was able to remove it with smitfraudfix, but not before it had damaged several registry entries. I did a system restore and my computer seems to be back to normal , but one of my security programs was damaged and I cannot uninstall or delete it in order to reinstall a fresh and undamaged version. The program damaged is Avira Anti-virus free home edition. I have tried unistalling to no avail. Even tried different user accounts...nothing works. I am at a loss.
Any ideas from my favorite techno-wizard?
I will send a hjt log right after this post.
Regards
Robert




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:59 AM, on 12/11/2007
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Robert Mansfield\AppData\Local\Temp\Temp1_HiJackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.netzero.com
O15 - Trusted Zone: *.netzero.net
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IUF - Unknown owner - C:\Users\ROBERT~1\AppData\Local\Temp\IUF.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Steam Client Service - Unknown owner - C:\Program Files\Common Files\Steam\SteamService.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9663 bytes

[Samker]

Hey Robert,

how are you?

I will check your HJT log tomorrow (must to finish something today) until that please provide us also Kaspersky log (Online Scan).

cya my Friend,

Samker

[Samker]

Hey Robert,

how are you?

I will check your HJT log tomorrow (must to finish something today) until that please provide us also Kaspersky log (Online Scan).

cya my Friend,

Samker

Robert I m still waiting for your Kaspersky Online Scan, first we must to check did you still have some kind of "infection".

Regards,

Samker

[cobaltazule]

Hello Again
I'm sorry I am late in getting back to you. Family issues have kept me away. I believe I have solved my own problem. I went to google and downloaded "revo-uninstaller". It made short work of that security program. Samker it is truly amazing how many FREE utilities are out there if you look. I believe my issue is closed. I have run several scans with my arsenal of anti-virus programs and they all show my system is clean. Kaspersky also gave me a clean bill of health. I will run the online scan again now and when it is complete I will send the log to you just to be safe.
As always, thank you
Robert

[Samker]

Ok Robert, I'll wait your Kaspersky log.

Any way after analysing your HJT log I find some issues that we need to fix (traces of few AntiViruses, some unesesery Autostart program, few running Antispyware real-time monitoring services and a lot of unesesery Register "hooks" ...) but we will talk about that later. 

Provide us also new HJT log since you make some changes lately.

Regards,

S.


P.S.

Samker it is truly amazing how many FREE utilities are out there if you look.

I also love to use free services and tools, as you see for most of our "job" here we use free stuff. 

[cobaltazule]

   KASPERSKY ONLINE SCANNER REPORT
Sunday, December 16, 2007 12:54:10 PM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/12/2007
Kaspersky Anti-Virus database records: 484112
Scan Settings
Scan using the following antivirus database    extended
Scan Archives    true
Scan Mail Bases    true
Scan Target    Critical Areas
C:\Windows
C:\Users\ROBERT~1\AppData\Local\Temp\Low\
Scan Statistics
Total number of scanned objects    38654
Number of viruses found    0
Number of infected objects    0
Number of suspicious objects    0
Duration of the scan process    00:45:02

Infected Object Name    Virus Name    Last Action
C:\Windows\Debug\PASSWD.LOG    Object is locked    skipped
C:\Windows\Debug\sam.log    Object is locked    skipped
C:\Windows\Debug\WIA\wiatrace.log    Object is locked    skipped
C:\Windows\Installer\MSI48C2.tmp    Object is locked    skipped
C:\Windows\Logs\CBS\CBS.log    Object is locked    skipped
C:\Windows\Logs\CBS\CBS.persist.log    Object is locked    skipped
C:\Windows\Logs\DPX\setupact.log    Object is locked    skipped
C:\Windows\Logs\DPX\setuperr.log    Object is locked    skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config    Object is locked    skipped
C:\Windows\Panther\UnattendGC\diagerr.xml    Object is locked    skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml    Object is locked    skipped
C:\Windows\Panther\UnattendGC\setupact.log    Object is locked    skipped
C:\Windows\Panther\UnattendGC\setuperr.log    Object is locked    skipped
C:\Windows\security\database\secedit.sdb    Object is locked    skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log    Object is locked    skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0    Object is locked    skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0    Object is locked    skipped
C:\Windows\System32\catroot2\edb.log    Object is locked    skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb    Object is locked    skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb    Object is locked    skipped
C:\Windows\System32\config\components    Object is locked    skipped
C:\Windows\System32\config\COMPONENTS.LOG1    Object is locked    skipped
C:\Windows\System32\config\COMPONENTS.LOG2    Object is locked    skipped
C:\Windows\System32\config\default    Object is locked    skipped
C:\Windows\System32\config\DEFAULT.LOG1    Object is locked    skipped
C:\Windows\System32\config\DEFAULT.LOG2    Object is locked    skipped
C:\Windows\System32\config\sam    Object is locked    skipped
C:\Windows\System32\config\SAM.LOG1    Object is locked    skipped
C:\Windows\System32\config\SAM.LOG2    Object is locked    skipped
C:\Windows\System32\config\security    Object is locked    skipped
C:\Windows\System32\config\SECURITY.LOG1    Object is locked    skipped
C:\Windows\System32\config\SECURITY.LOG2    Object is locked    skipped
C:\Windows\System32\config\software    Object is locked    skipped
C:\Windows\System32\config\SOFTWARE.LOG1    Object is locked    skipped
C:\Windows\System32\config\SOFTWARE.LOG2    Object is locked    skipped
C:\Windows\System32\config\system    Object is locked    skipped
C:\Windows\System32\config\SYSTEM.LOG1    Object is locked    skipped
C:\Windows\System32\config\SYSTEM.LOG2    Object is locked    skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf    Object is locked    skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms    Object is locked    skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms    Object is locked    skipped
C:\Windows\System32\config\TxR\{378fed3a-a8c3-11dc-9ea5-001b2431e375}.TxR.0.regtrans-ms    Object is locked    skipped
C:\Windows\System32\config\TxR\{378fed3a-a8c3-11dc-9ea5-001b2431e375}.TxR.1.regtrans-ms    Object is locked    skipped
C:\Windows\System32\config\TxR\{378fed3a-a8c3-11dc-9ea5-001b2431e375}.TxR.2.regtrans-ms    Object is locked    skipped
C:\Windows\System32\config\TxR\{378fed3a-a8c3-11dc-9ea5-001b2431e375}.TxR.blf    Object is locked    skipped
C:\Windows\System32\Ikeext.etl    Object is locked    skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM    Object is locked    skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl    Object is locked    skipped
C:\Windows\System32\restore\MachineGuid.txt    Object is locked    skipped
C:\Windows\System32\spool\SpoolerETW.etl    Object is locked    skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml    Object is locked    skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml    Object is locked    skipped
C:\Windows\System32\sysprep\Panther\setupact.log    Object is locked    skipped
C:\Windows\System32\sysprep\Panther\setuperr.log    Object is locked    skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof    Object is locked    skipped
C:\Windows\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof    Object is locked    skipped
C:\Windows\System32\wbem\Logs\WMITracing.log    Object is locked    skipped
C:\Windows\System32\wbem\repository\INDEX.BTR    Object is locked    skipped
C:\Windows\System32\wbem\repository\MAPPING1.MAP    Object is locked    skipped
C:\Windows\System32\wbem\repository\MAPPING2.MAP    Object is locked    skipped
C:\Windows\System32\wbem\repository\OBJECTS.DATA    Object is locked    skipped
C:\Windows\System32\winevt\Logs\Antivirus.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\Application.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\OSession.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\Security.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\Setup.evtx    Object is locked    skipped
C:\Windows\System32\winevt\Logs\System.evtx    Object is locked    skipped
C:\Windows\Tasks\1-Click Maintenance.job    Object is locked    skipped
C:\Windows\Tasks\SCHEDLGU.TXT    Object is locked    skipped
C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job    Object is locked    skipped
C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job    Object is locked    skipped
C:\Windows\Tasks\Uniblue SpeedUpMyPC.job    Object is locked    skipped
C:\Windows\tracing\BAP.LOG    Object is locked    skipped
C:\Windows\tracing\IpHlpSvc.LOG    Object is locked    skipped
C:\Windows\tracing\KMDDSP.LOG    Object is locked    skipped
C:\Windows\tracing\NDPTSP.LOG    Object is locked    skipped
C:\Windows\tracing\PPP.LOG    Object is locked    skipped
C:\Windows\tracing\RASAPI32.LOG    Object is locked    skipped
C:\Windows\tracing\RASBACP.LOG    Object is locked    skipped
C:\Windows\tracing\RASCCP.LOG    Object is locked    skipped
C:\Windows\tracing\RASDLG.LOG    Object is locked    skipped
C:\Windows\tracing\RASEAP.LOG    Object is locked    skipped
C:\Windows\tracing\RASIPCP.LOG    Object is locked    skipped
C:\Windows\tracing\RASIPHLP.LOG    Object is locked    skipped
C:\Windows\tracing\RASIPV6CP.LOG    Object is locked    skipped
C:\Windows\tracing\RASMAN.LOG    Object is locked    skipped
C:\Windows\tracing\RASPAP.LOG    Object is locked    skipped
C:\Windows\tracing\RASQEC.LOG    Object is locked    skipped
C:\Windows\tracing\RASTAPI.LOG    Object is locked    skipped
C:\Windows\tracing\remotesp.LOG    Object is locked    skipped
C:\Windows\tracing\svchost_RASCHAP.LOG    Object is locked    skipped
C:\Windows\tracing\svchost_RASTLS.LOG    Object is locked    skipped
C:\Windows\tracing\tapi32.LOG    Object is locked    skipped
C:\Windows\tracing\tapisrv.LOG    Object is locked    skipped
C:\Windows\WindowsUpdate.log    Object is locked    skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd    Object is locked    skipped
Scan process completed.

[cobaltazule]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:03:45 PM, on 12/16/2007
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Users\Robert Mansfield\AppData\Local\Temp\Temp2_HiJackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.netzero.com
O15 - Trusted Zone: *.netzero.net
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IUF - Unknown owner - C:\Users\ROBERT~1\AppData\Local\Temp\IUF.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Steam Client Service - Unknown owner - C:\Program Files\Common Files\Steam\SteamService.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 9639 bytes

[cobaltazule]

Hello again my friend
Here is the data you asked for. I am a bit concerned about the items you mentioned. I had thought my system was clean. I am eager to hear your suggestions.
On a different note...without my having to go to the scf intro, where in this forum is a good place to talk to you about non-security issues? I am in the U.S and I know you are in Bosnia. I would really like to get your perspective on different international issues such as the war in Iraq, problems in russia, etc etc.
Also, what is the best time to catch you logged on?
all the best
Robert
P.S. didn't there used to be a live chat place in this forum?

[Samker]

I am a bit concerned about the items you mentioned. I had thought my system was clean. I am eager to hear your suggestions.

Don't worry R. your PC is clean but I find some "space" for improving your PC performance. At my opinion you only need AVG AntiVirus (what's happened with Norton anyway?) and Spybot real-time protection. I need your opinion so I can turn of other programs from AutoStart ?!

On a different note...without my having to go to the scf intro, where in this forum is a good place to talk to you about non-security issues? I am in the U.S and I know you are in Bosnia. I would really like to get your perspective on different international issues such as the war in Iraq, problems in russia, etc etc.

We have part of forum (International Community) for that kind of talks called Chit-Chat: http://scforum.info/index.php/board,24.0.html
It will be very nice to continue our friendship there. 

Also, what is the best time to catch you logged on?

Usually I'm here at 06-10h PM (CET - Central European Time; etc. scForum Time)

P.S. didn't there used to be a live chat place in this forum?

Yes, you got I right but We close that section because of some technical problems.


R. now I must to go. tomorrow I'll give you some instruction, please provide me until that your decisions which security program you want to leave?!

All the Best,

Samker

[cobaltazule]

samker
Yes I know I have alot of anti-spy and virus. And yes I know they would ordinarily slow my system. I usually keep only Norton and spybot actually running. The others I use only for scanning and then I disable them again-what norton or spybot might miss, another might pick up. I keep them around for when I think I may be infected. Were there other issues?
regards
Robert