Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown A/V programs after reinstall


  • Please log in to reply
22 replies to this topic

#1 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:14 AM

Posted 25 July 2011 - 08:30 PM

Hi - Not sure if here (or AII) is the best place for this topic.
I cleaned and fully reinstalled XP Pro on a very troubled machine, and now it is mine, however an OTL log showed all these A/V and F/wall programs.
Do you think they are just images from the old user or is there any chance they are actually installed somewhere.
I uninstalled any A/V I thought was installed, but this list seems a bit over the top, and I cannot find the programs.
The M.S.E. is the only one I have installed after I thought all others were gone.
Thanks for any ideas -

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

EDIT -
These are listed in HKLM , but I was just not sure if I should delete them from there with regedit -

Edited by noknojon, 26 July 2011 - 12:12 AM.


BC AdBot (Login to Remove)

 


#2 USN Vet

USN Vet

  • Members
  • 190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 PM

Posted 26 July 2011 - 03:56 AM

DO NOT DELETE: Those entries are part of the installation.
Feel free to ignore my comment, just another user !

#3 noknojon

noknojon
  • Topic Starter

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:14 AM

Posted 26 July 2011 - 04:04 AM

What do you think louis ?

EDIT -
Not doubting you USN Vet, just that hamluis was looking also.

Edited by noknojon, 26 July 2011 - 04:28 AM.


#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,754 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:14 PM

Posted 26 July 2011 - 06:59 AM

I don't fool around with my registry unless I have a problem...I have no idea why you started playing with the registry or what you hoped to accomplish.

I do know that registry entries for various programs previously installed...routinely remain in the registry and, normally, cause no problems at all on systems I own/have owned.

Louis

#5 Allan

Allan

  • BC Advisor
  • 8,589 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:07:14 PM

Posted 26 July 2011 - 07:13 AM

I cleaned and fully reinstalled XP Pro on a very troubled machine, and now it is mine


What does that mean? EXACTLY what did you do?

#6 KarstenHansen

KarstenHansen

    The Dane


  • Members
  • 1,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:14 AM

Posted 26 July 2011 - 08:57 AM

Basically, the registry should NEVER be touched by a normal everyday user, as it is the place the OS saves it's information. If it works, WHY FIX IT ;)

And if I understood your post correctly, you have just reinstalled the OS, so why go ahead and start editing the registry, when it is so easy to mess up. If you go ahead and choose to do it anyways, then OK but please do remember to BACKUP the registry BEFORE you start editing.
You can backup with ERUNT from here : http://www.larshederer.homepage.t-online.de/erunt/

Good luck.

Karsten

Edited by KarstenHansen, 26 July 2011 - 09:00 AM.


#7 noknojon

noknojon
  • Topic Starter

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:14 AM

Posted 26 July 2011 - 07:56 PM

I have no idea why you started playing with the registry or what you hoped to accomplish.

@ hamluis - I am not "playing with the registry", just asking the question if these are normal entries after a Full Install of XP Pro.

What does that mean? EXACTLY what did you do?

@ Allan - The computer was badly infected and having other operating problems, so Exactly, means a Full Install from the original M/soft XP Pro CD.

And if I understood your post correctly, you have just reinstalled the OS

@ Karsten - Yes it was a Full Install, not repair install of XP Pro (same as the original OS).

I had just never seen this many "Sub Entries" of A/V's and F/walls after a Full Install. Usually only a version of Norton is included and installed.
If this is normal, I will leave it "As Is".

Thanks for the responses -

#8 USN Vet

USN Vet

  • Members
  • 190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 PM

Posted 27 July 2011 - 07:26 AM

DO NOT DELETE: Those entries are part of the installation.



What do you think louis ?

EDIT -
Not doubting you USN Vet, just that hamluis was looking also.

My previous post was based on the fact that the computer I have now, running XP
was owned by an Author, who used it only for his writings. Kinda expensive
Word Processor. But to the point, there was never an AV installed on it, and
it was never connected to the Internet. When I got it last month, it was still
at SP1, and I updated thru SP3. I installed AVAST 6.0, and all those entries are
in the registry as well. Therefore I must assume they are there from an install
or updating the SP's.
Feel free to ignore my comment, just another user !

#9 KarstenHansen

KarstenHansen

    The Dane


  • Members
  • 1,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:14 AM

Posted 27 July 2011 - 07:31 AM

:thumbsup:

Edited by KarstenHansen, 27 July 2011 - 07:38 AM.


#10 noknojon

noknojon
  • Topic Starter

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:14 AM

Posted 27 July 2011 - 07:39 AM

all those entries are in the registry as well. Therefore I must assume they are there from an install or updating the SP's.

@ USN Vet - As I said , "I was not doubting your reply" , and the other posts have basically agreed with your answer and I have learned a few things I was not sure of .
It was just that after the last install I did of an XP (Home version) those entries were not there.

Thanks again for your help -

@ Karsten - :thumbup2:

Edited by noknojon, 27 July 2011 - 07:43 AM.


#11 Allan

Allan

  • BC Advisor
  • 8,589 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:07:14 PM

Posted 27 July 2011 - 01:09 PM

What does that mean? EXACTLY what did you do?

@ Allan - The computer was badly infected and having other operating problems, so Exactly, means a Full Install from the original M/soft XP Pro CD.

I'm not trying to give you a hard time - but that doesn't help. Did you format first? Did you delete and recreate partitions first?

#12 noknojon

noknojon
  • Topic Starter

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:14 AM

Posted 27 July 2011 - 05:34 PM

I'm not trying to give you a hard time - but that doesn't help. Did you format first? Did you delete and recreate partitions first?

Yes - It was like a "Day 1 install" on a fresh partition - I am using it now and the items I posted were the only problem.

The previous owner had no ideas, so I needed to 1st remove everything and start from an almost new computer.
He was the type to add 3 or 4 A/V programs, and that was the only reason why I asked if they were "normal".

Apart from that there are no other problems now, and it is running perfectly :) and I am happy with it -

Thanks for your concern -

#13 Allan

Allan

  • BC Advisor
  • 8,589 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Jersey
  • Local time:07:14 PM

Posted 27 July 2011 - 05:44 PM

If indeed you formatted, there is no reason for those entries to be in the HKLM hive. You have several options

1) Leave them alone - they aren't hurting anything
2) EXPORT the keys for the ones you don't use to a known location and then delete the keys. If you have a problem later you can import them
3) Create an disk image with Acronis True Image or Macrium Reflect and then do whatever you want. You can always restore the image (always my favorite choice)
4) Backup the registry (ERUNT, built-in File - Export - All, etc) and then do whatever you want

Just out of curiosity, do any of the entries for av's that aren't installed show the av is active (monitoring)?

Edited by Allan, 27 July 2011 - 05:45 PM.


#14 Jayson201

Jayson201

  • Members
  • 208 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:14 PM

Posted 27 July 2011 - 05:51 PM

I hope it's alright If I butt in, If not I apologize.
I have a theory. When you don't have an Anti Virus program on your computer, Windows tells you about it and gives you suggestions on which you should use. Considering that they show up even without internet, the suggestions would have to be included somewhere in the registry and I think those are in fact are the suggestions they use.


That's just a theory feel free to ignore me, the BC Advisor's are smarter than me, listen to them. ;)

Edited by ComputerTalk-Jayson, 27 July 2011 - 05:52 PM.


#15 noknojon

noknojon
  • Topic Starter

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:14 AM

Posted 27 July 2011 - 06:41 PM

If indeed you formatted, there is no reason for those entries to be in the HKLM hive.
Just out of curiosity, do any of the entries for av's that aren't installed show the av is active (monitoring)?

They were invisible until I did an OTL scan just to look at the entries on the new system, and to be sure Norton was Not active -
AV: Microsoft Security Essentials *Enabled/Updated* - From a DDS scan, this is the only active a/v at this time -
Almost all M/soft CD installs add Norton in new installs or reinstalls, and I removed it to replace with M.S.E. , my preferred a/v -
Even a new shop install of Windows 7 comes with Norton installed as default Antivirus - Mine did -
Also the XP Pro CD was never used prior to me opening the pack, as this was a custom built machine and only the Driver CD was opened -
Listed is the section of DDS that shows it is a new install with only a bit of up time since the new install -
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 19/07/2011 1:15:30 PM
System Uptime: 28/07/2011 8:46:32 AM (1 hours ago)
C: is FIXED (NTFS) - 466 GiB total, 453.05 GiB free. <<-
The reason I acquired this machine - My old one was only 1G and slowing a bit -
I may try the ERUNT idea as I saw no reason for them to be there in the first place, except as suggestions or open 'Receptor' keys


@ ComputerTalk-Jayson - You are always welcome to comment if you feel it helps :busy: None of us are perfect, so that is why we ask -
I have only seen Norton as an added (default) a/v with the installs and repair installs I had done on several machines -
"" BC Advisor's are smarter than me"" :whistle: We can all add something if we think it is better -

Edited by noknojon, 27 July 2011 - 07:21 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users