BleepingComputer.com: Unknown A/V programs after reinstall

Hi - Not sure if here (or AII) is the best place for this topic.
I cleaned and fully reinstalled XP Pro on a very troubled machine, and now it is mine, however an OTL log showed all these A/V and F/wall programs.
Do you think they are just images from the old user or is there any chance they are actually installed somewhere.
I uninstalled any A/V I thought was installed, but this list seems a bit over the top, and I cannot find the programs.
The M.S.E. is the only one I have installed after I thought all others were gone.
Thanks for any ideas -

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

EDIT -
These are listed in HKLM , but I was just not sure if I should delete them from there with regedit -

This post has been edited by noknojon: 26 July 2011 - 12:12 AM

DO NOT DELETE: Those entries are part of the installation.

What do you think louis ?

EDIT -
Not doubting you USN Vet, just that hamluis was looking also.

This post has been edited by noknojon: 26 July 2011 - 04:28 AM

I don't fool around with my registry unless I have a problem...I have no idea why you started playing with the registry or what you hoped to accomplish.

I do know that registry entries for various programs previously installed...routinely remain in the registry and, normally, cause no problems at all on systems I own/have owned.

Louis

noknojon, on 25 July 2011 - 08:30 PM, said:

What does that mean? EXACTLY what did you do?

Basically, the registry should NEVER be touched by a normal everyday user, as it is the place the OS saves it's information. If it works, WHY FIX IT ;)

And if I understood your post correctly, you have just reinstalled the OS, so why go ahead and start editing the registry, when it is so easy to mess up. If you go ahead and choose to do it anyways, then OK but please do remember to BACKUP the registry BEFORE you start editing.
You can backup with ERUNT from here : http://www.larshederer.homepage.t-online.de/erunt/

Good luck.

Karsten

This post has been edited by KarstenHansen: 26 July 2011 - 09:00 AM

Quote

@ hamluis - I am not "playing with the registry", just asking the question if these are normal entries after a Full Install of XP Pro.

Quote

@ Allan - The computer was badly infected and having other operating problems, so Exactly, means a Full Install from the original M/soft XP Pro CD.

Quote

@ Karsten - Yes it was a Full Install, not repair install of XP Pro (same as the original OS).

I had just never seen this many "Sub Entries" of A/V's and F/walls after a Full Install. Usually only a version of Norton is included and installed.
If this is normal, I will leave it "As Is".

Thanks for the responses -

USN Vet, on 26 July 2011 - 03:56 AM, said:

noknojon, on 26 July 2011 - 04:04 AM, said:

My previous post was based on the fact that the computer I have now, running XP
was owned by an Author, who used it only for his writings. Kinda expensive
Word Processor. But to the point, there was never an AV installed on it, and
it was never connected to the Internet. When I got it last month, it was still
at SP1, and I updated thru SP3. I installed AVAST 6.0, and all those entries are
in the registry as well. Therefore I must assume they are there from an install
or updating the SP's.

This post has been edited by KarstenHansen: 27 July 2011 - 07:38 AM

Quote

@ USN Vet - As I said , "I was not doubting your reply" , and the other posts have basically agreed with your answer and I have learned a few things I was not sure of .
It was just that after the last install I did of an XP (Home version) those entries were not there.

Thanks again for your help -

@ Karsten -

This post has been edited by noknojon: 27 July 2011 - 07:43 AM

noknojon, on 26 July 2011 - 07:56 PM, said:

I'm not trying to give you a hard time - but that doesn't help. Did you format first? Did you delete and recreate partitions first?

Quote

Yes - It was like a "Day 1 install" on a fresh partition - I am using it now and the items I posted were the only problem.

The previous owner had no ideas, so I needed to 1st remove everything and start from an almost new computer.
He was the type to add 3 or 4 A/V programs, and that was the only reason why I asked if they were "normal".

Apart from that there are no other problems now, and it is running perfectly and I am happy with it -

Thanks for your concern -

If indeed you formatted, there is no reason for those entries to be in the HKLM hive. You have several options

1) Leave them alone - they aren't hurting anything
2) EXPORT the keys for the ones you don't use to a known location and then delete the keys. If you have a problem later you can import them
3) Create an disk image with Acronis True Image or Macrium Reflect and then do whatever you want. You can always restore the image (always my favorite choice)
4) Backup the registry (ERUNT, built-in File - Export - All, etc) and then do whatever you want

Just out of curiosity, do any of the entries for av's that aren't installed show the av is active (monitoring)?

This post has been edited by Allan: 27 July 2011 - 05:45 PM

I hope it's alright If I butt in, If not I apologize.
I have a theory. When you don't have an Anti Virus program on your computer, Windows tells you about it and gives you suggestions on which you should use. Considering that they show up even without internet, the suggestions would have to be included somewhere in the registry and I think those are in fact are the suggestions they use.


That's just a theory feel free to ignore me, the BC Advisor's are smarter than me, listen to them. ;)

This post has been edited by ComputerTalk-Jayson: 27 July 2011 - 05:52 PM

Quote

They were invisible until I did an OTL scan just to look at the entries on the new system, and to be sure Norton was Not active -
AV: Microsoft Security Essentials *Enabled/Updated* - From a DDS scan, this is the only active a/v at this time -
Almost all M/soft CD installs add Norton in new installs or reinstalls, and I removed it to replace with M.S.E. , my preferred a/v -
Even a new shop install of Windows 7 comes with Norton installed as default Antivirus - Mine did -
Also the XP Pro CD was never used prior to me opening the pack, as this was a custom built machine and only the Driver CD was opened -
Listed is the section of DDS that shows it is a new install with only a bit of up time since the new install -
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 19/07/2011 1:15:30 PM
System Uptime: 28/07/2011 8:46:32 AM (1 hours ago)
C: is FIXED (NTFS) - 466 GiB total, 453.05 GiB free. <<- The reason I acquired this machine - My old one was only 1G and slowing a bit -
I may try the ERUNT idea as I saw no reason for them to be there in the first place, except as suggestions or open 'Receptor' keys


@ ComputerTalk-Jayson - You are always welcome to comment if you feel it helps None of us are perfect, so that is why we ask -
I have only seen Norton as an added (default) a/v with the installs and repair installs I had done on several machines -
"" BC Advisor's are smarter than me"" We can all add something if we think it is better -

This post has been edited by noknojon: 27 July 2011 - 07:21 PM