[Tweene]

I dont understand why it shows in the Porgrams and Features in the Control Panel.

You (or maybe a member of your familly) installed it, it appears in the first Combofix log :

2009-09-20 15:28:44 . 2009-09-20 22:38:43 0 d-----w- C:\HijackThis
2009-09-20 15:07:02 . 2009-09-20 15:07:02 0 d-----w- C:\Program Files\Trend Micro

Let me check something before giving you a new set of instructions.

[Advertisements]

Thanks Tweene. I know I had installed it the day I started this thread, assuming that you guys would want me to send you the logs. I was just being proactive.

I will wait for your instructions.

[bengaluru]

Thanks Tweene. I know I had installed it the day I started this thread, assuming that you guys would want me to send you the logs. I was just being proactive.

I will wait for your instructions.

[Tweene]

Ok.


Step 1

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  

  :filefind
  HijackThis.*
  :folderfind
  HijackThis
  Trend Micro

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt


Step 2

Please download SWReg from here and save it to your desktop.

Please copy (Ctrl +C) and paste (Ctrl +V) the text in the code box below to Notepad

swreg acl HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis >> perms.txt

Save it as FixReg.bat and save it in your desktop.
Locate FixReg.bat and run it. It should be quick.
Then, please post the content of perms.txt (it is on your desktop)

[bengaluru]

Hi Tweene,

^{SystemLook Log}

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 09:21 on 24/10/2009 by Nidhi (Administrator - Elevation successful)

========== filefind ==========

Searching for "HijackThis.*"
No files found.

========== folderfind ==========

Searching for "HijackThis"
No folders found.

Searching for "Trend Micro"
No folders found.

-=End Of File=-

^Perms.txt

*******************************************************************************
Registrykey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis

Permissions:
*******************************************************************************
Username
Type Permissions Inheritance
*******************************************************************************
NIDHIPC\Users
Allowed Read This Key Only (Inherited)
NIDHIPC\Users
Allowed Special (Unknown) Subkeys only (Inherited)
NIDHIPC\Administrators
Allowed Full Control This Key Only (Inherited)
NIDHIPC\Administrators
Allowed Special (Unknown) Subkeys only (Inherited)
NT AUTHORITY\SYSTEM
Allowed Full Control This Key Only (Inherited)
NT AUTHORITY\SYSTEM
Allowed Special (Unknown) Subkeys only (Inherited)
\CREATOR OWNER
Allowed Special (Unknown) Subkeys only (Inherited)

Not enough privileges for Auditing

Owner: Administrators (NIDHIPC\Administrators)

[Tweene]

Hum I get the same log with my computer and I can uninstall it.


If Hijackthis.exe is not on your computer, you can't uninstall it : windows should just ask you if you want to remove the entry from the Programs and Features. But it does not ...

Can I have a screenschot of the error message ? (when you try to uninstall Hijackthis)


Please run again FixReg.bat but with this new script :

swreg query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis >> test.txt

And please post the log test.txt.

[bengaluru]

Hello Tweene.

Here is the new test.txt

SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 ©

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\hijackthis
DisplayName REG_SZ HijackThis 2.0.2
UninstallString REG_SZ "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
DisplayIcon REG_SZ C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
DisplayVersion REG_SZ 2.0.2
Publisher REG_SZ TrendMicro

Also attached is the screen shot.

[Tweene]

Hi


Ok, there are many possibilities, let's try this :


Download and install Revo Uninstaller

• Double click the Revo Uninstaller icon on your desktop to start the program
• Scroll through the listed programs and Right Click on the program you wish to uninstall
• From the pop out menu choose Uninstall
• Click Yes to the confirmation dialogue
• In the next window select the Advanced mode
• Click Next to start uninstalling the program
• Answer Yes to confirm the uninstall
• When the program has completed the four steps, click Next to allow the program to search for leftovers
• Once complete, click Next, then Finish
• Repeat the above steps for any other programs you wish to remove.

[bengaluru]

I got an error message in Revo Unistaller - Running the application's Uninstalled failed. Possible invalid Uninstall command.

And when I click OK, the program run the full course, and then deleted the files.

Thank you so much for all your help.

Enjoy your Time off - well deserved one.

Edited by bengaluru, 25 October 2009 - 07:12 AM.

[Tweene]

Just to be sure, it's gone ?

[bengaluru]

Yes Tweene. it's gone. Thanks for all your help.

[Tweene]

Great.

You can delete the last programs I asked you to download.


Regards
Tweene

[Tweene]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.