HiJack Log

[bluecountry]

Before I go any further.......


I tried to remove symnatec.
I uninstalled....then used the link you gave me.

I have run it several times...and restarted the computer after each one...yet when I have restarted...I click the removal tool and keep getting told to remove the same programs which I just thought I deleted.

What is going on?
Have I deleted them...and can I remove the removal tool...and if not...what then?

Thanks.

[evilfantasy]

Can you list the files it is saying it removes.

Have you tried running it in Safe Mode?

[bluecountry]

1) Files
Norton Anti-Spam 2004 and 2005
Norton Anti-Virus 2003-2008
Norton Ghost 10, 12, and 14
Norton Go Back 3.1 through 4.2
Norton Internet Security 2003 through 2008
Norton Password Manager
Norton Personal Firewall 2003 through 2006
Norton SystemWorks 2003 through 2008
Norton Confidental Online 2007
Norton Internet Security Add on Pack 1.0-2.1
Norton Save and Restore 1.0 through 2.0
Norton 360 1.0 through 2.0



-After I go through and try to delete...it tells me to turn on Windows Firewall if disabled
        a.  Don't know if the firewall is on
         b. don't know how to turn on the firewall
-Then ie pops up with a page attempting to load, connect...but with no address
-I restart...try again and the same programs are there on the removal

2) No

[evilfantasy]

Try running it in safe mode.

How to turn on or turn off the firewall[url]

[bluecountry]

Did....no change.

This is very frustrating...we've been on this thread for weeks...I'm trying to configure my Computer...and this nonsense keeps coming up.
I'd like once and for all to get this straight instead of playing the run aound...what the heck is so complicated about removing a program?

I said remove...I downloaded the tool...so why is it repeating the SAME MESSAGE???

[evilfantasy]

We'll get rid of it. It's going to take bruit force but we'll get it.

Check in add remove programs for these and uninstall them if found:

LiveUpdate 2.6 (Symantec Corporation)
Symantec AntiVirus

Download Registry Search
(see the link titled RegSearch Download Link)

• Extract the files from Regsearch.zip into a folder.
• Doubleclick regsearch.exe to start the program.
• Enter Symantec in the top area of the form and then click "OK".
  
• Notepad will be opened with text in it (the file named RegSearch.txt will be saved in the program's folder as well).
• Add the contents of the Notepad file to your next reply.

----------

Now run Regsearch again to look for Norton

Post both logs.

[bluecountry]

1)  Is it this hard to remove all anti-virus programs...or just symnatec?
                -Is this why you recommended I use something else?

2)  Add/Remove had none of those programs listed.

3) Logs attached.
            First is symnatec
            Second is norton

[recovering disk space -- attachment deleted by admin]

[evilfantasy]

Yes this is one reason Norton is disliked. Nothing should be this hard to get rid of.

Copy the blue text below to notepad. Save it as fixME.reg to your desktop.
Be sure the File Type is set to "all files" Once you have saved it, look for it on your desktop and when you find it, double-click it and allow it to merge with the registry.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44990301-3c9d-426d-81df-aab636fa4345}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SYMC.ScriptRunner.1]
"command"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC3E040CD66E45E49AF338BB1B4821BE]
"00000000000000000000000000000000"=-

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EECTRL\0000]
"C:\\Documents and Settings\\Trent Berger\\Local Settings\\Temp\\WZSE0.TMP\\SymNRT.exe"=-

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EECTRL\0000]
"C:\\Documents and Settings\\Trent Berger\\Local Settings\\Temp\\WZSE0.TMP\\SymNRT.exe"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EECTRL\0000]
"C:\\Documents and Settings\\Trent Berger\\Local Settings\\Temp\\WZSE0.TMP\\SymNRT.exe"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"(App)Symantec AntiVirus"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\Compatibility\NortonSystemInfo]


How is everything now?

[bluecountry]

I followed your instructions.

When I double clicked...I was told:

Cannot import C:\Documents and Settings\Trent Berger\Desktop\fixME.reg.

The specified file is not a registry script.
You can only import binary registry files from within the registry editor.

[evilfantasy]

Did you save it in Notepad? Also make sure Save as type: is saved as All Files.

[bluecountry]

yes...I did...now what?
How much longer till this is fixed?

[evilfantasy]

Try right clicking it and selecting Merge.

[bluecountry]

Just did...got the same message.

[evilfantasy]

Now download The Avenger by Swandog46 and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
  
• Copy the blue text below, and paste it into the Input script here window:

Comment:

Registry keys to delete:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44990301-3c9d-426d-81df-aab636fa4345}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SYMC.ScriptRunner.1\command

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC3E040CD66E45E49AF338BB1B4821BE\00000000000000000000000000000000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EECTRL\0000\C:\\Documents and Settings\\Trent Berger\\Local Settings\\Temp\\WZSE0.TMP\\SymNRT.exe

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EECTRL\0000\C:\\Documents and Settings\\Trent Berger\\Local Settings\\Temp\\WZSE0.TMP\\SymNRT.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EECTRL\0000\C:\\Documents and Settings\\Trent Berger\\Local Settings\\Temp\\WZSE0.TMP\\SymNRT.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\(App)Symantec AntiVirus

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\Compatibility\NortonSystemInfo


Note: the above instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

• Now click the Execute button.
  
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

• Add the Avenger log in your next post.

[bluecountry]

//////////////////////////////////////////
  Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Wed Jun 25 00:36:33 2008

00:36:16: Error: Invalid registry syntax in command:
"HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache\(App)Symantec AntiVirus"
Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program.
Skipping line.  (Registry key deletion mode) 


//////////////////////////////////////////


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error:  registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EECTRL\0000\C:\\Documents and Settings\\Trent Berger\\Local Settings\\Temp\\WZSE0.TMP\\SymNRT.exe" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_EECTRL\0000\C:\\Documents and Settings\\Trent Berger\\Local Settings\\Temp\\WZSE0.TMP\\SymNRT.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EECTRL\0000\C:\\Documents and Settings\\Trent Berger\\Local Settings\\Temp\\WZSE0.TMP\\SymNRT.exe" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_EECTRL\0000\C:\\Documents and Settings\\Trent Berger\\Local Settings\\Temp\\WZSE0.TMP\\SymNRT.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EECTRL\0000\C:\\Documents and Settings\\Trent Berger\\Local Settings\\Temp\\WZSE0.TMP\\SymNRT.exe" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EECTRL\0000\C:\\Documents and Settings\\Trent Berger\\Local Settings\\Temp\\WZSE0.TMP\\SymNRT.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44990301-3c9d-426d-81df-aab636fa4345}" deleted successfully.

Error:  registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SYMC.ScriptRunner.1\command" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SYMC.ScriptRunner.1\command" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC3E040CD66E45E49AF338BB1B4821BE\00000000000000000000000000000000" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC3E040CD66E45E49AF338BB1B4821BE\00000000000000000000000000000000" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\Compatibility\NortonSystemInfo" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.