Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Stubborn Registry Keys


  • Please log in to reply
34 replies to this topic

#1 getemboi

getemboi

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 20 June 2014 - 09:54 AM

I haven't been able to remove the following keys no matter what I do. They don't impact the functionality of my PC, but it's something I'd like to learn to solve so I know what to do in the future should i encounter it. I've tried removing with CCleaner, tried changing permissions (won't allow), tried Registry Assassin, tried using removal tool, and probably a couple other things I've forgotten about. These are the keys, any advice or help would be appreciated.

 

Unused File Extension    {80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}    HKCR\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}
Invalid file reference    ImagePath - "c:\program files (x86)\avira\antivir desktop\sched.exe"    HKLM\SYSTEM\CurrentControlSet\services\AntiVirSchedulerService
Invalid file reference    ImagePath - "c:\program files (x86)\avira\antivir desktop\avguard.exe"    HKLM\SYSTEM\CurrentControlSet\services\AntiVirService
Invalid file reference    ImagePath - "c:\program files (x86)\avira\antivir desktop\avwebg7.exe"    HKLM\SYSTEM\CurrentControlSet\services\AntiVirWebService
 



BC AdBot (Login to Remove)

 


#2 wpgwpg

wpgwpg

  • Members
  • 1,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US of A
  • Local time:01:14 AM

Posted 20 June 2014 - 10:05 AM

 My advice would be to keep out of the registry, and above all don't use registry cleaners!  They are snake oil.  They do no good, aren't needed, and can cause problems that are difficult to diagnose and extremely hard to fix.  


Everyone with a computer should back his system up to an external hard drive regularly.  :thumbsup:

#3 getemboi

getemboi
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 20 June 2014 - 10:11 AM

Doesn't really answer my question now does it. :mellow:



#4 frankp316

frankp316

  • Members
  • 2,677 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 20 June 2014 - 10:32 AM

Have you tried the Avira removal tool?

 

 

 

http://www.avira.com/en/support-for-home-knowledgebase-detail/kbid/88



#5 scotty_ncc1701

scotty_ncc1701

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 AM

Posted 20 June 2014 - 10:38 AM

Registry keys also have security assigned against each entry.  Find the entries you listed in REGEDIT, right click on it, and see what the permissions are.  For example:

10p4jno.png

You can alter the security of the listed entries, and that should allow you run CCleaner, and clear the entries.

Best of luck.
 



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:14 AM

Posted 20 June 2014 - 10:40 AM

These are all services:

 

Invalid file reference    ImagePath - "c:\program files (x86)\avira\antivir desktop\sched.exe"    HKLM\SYSTEM\CurrentControlSet\services\AntiVirSchedulerService
Invalid file reference    ImagePath - "c:\program files (x86)\avira\antivir desktop\avguard.exe"    HKLM\SYSTEM\CurrentControlSet\services\AntiVirService
Invalid file reference    ImagePath - "c:\program files (x86)\avira\antivir desktop\avwebg7.exe"    HKLM\SYSTEM\CurrentControlSet\services\AntiVirWebService

 

You can try to delete them via Command Prompt ran as administrator:

 

sc delete AntiVirSchedulerService => hit Enter

 

sc delete AntiVirService => hit Enter

 

sc delete AntiVirWebService => hit Enter

 

 

Regards,

Georgi


cXfZ4wS.png


#7 getemboi

getemboi
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 20 June 2014 - 11:42 AM

Yes, I tried doing that guys. :smash:

 

I haven't been able to remove the following keys no matter what I do. They don't impact the functionality of my PC, but it's something I'd like to learn to solve so I know what to do in the future should i encounter it. I've tried removing with CCleaner, tried changing permissions (won't allow), tried Registry Assassin, tried using removal tool, and probably a couple other things I've forgotten about. These are the keys, any advice or help would be appreciated.



#8 getemboi

getemboi
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 20 June 2014 - 11:56 AM

@B-boy/StyLe/ 

 

I followed your instructions and I was able to delete the services, but reg keys remain after I clean with CCleaner.



#9 JohnC_21

JohnC_21

  • Members
  • 23,286 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 AM

Posted 20 June 2014 - 11:59 AM

You could  download Kaspersky Rescue Disk. It has an Offline Registry Editor that would delete the keys. Based on linux, it doesn't care anything about Windows.



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:14 AM

Posted 20 June 2014 - 02:12 PM

@B-boy/StyLe/

 

I followed your instructions and I was able to delete the services, but reg keys remain after I clean with CCleaner.

 

Which of them?

 

The keys under "HKLM\SYSTEM\CurrentControlSet\services" should be gone after the commands above.

 

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield
     :folderfind
    AVIRA
    Antivir
    :regfind
    AVIRA
    Antivir
    h+bedv
    x-avcsd
    {80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}

     

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

Regards,

Georgi


cXfZ4wS.png


#11 getemboi

getemboi
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 20 June 2014 - 03:22 PM

Thanks for the continued help Georgi. To answer your question, all keys remain.

 

I've downloaded and run SystemLook.exe as instructed. It seems to be taking an inordinate amount of time to complete though.

 

How long should it take approximately?

 

Contents of the .txt file produced on Dekstop (still says scanning)......

 

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 14:24 on 20/06/2014 by User
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== folderfind ==========

Searching for "AVIRA"

SystemLook 30.07.11 by jpshortstuff
Log created at 14:24 on 20/06/2014 by User
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== folderfind ==========

Searching for "AVIRA"
 

 

 

 

Will download 64-bit version and scan and post results if successful.


Edited by getemboi, 20 June 2014 - 03:31 PM.


#12 getemboi

getemboi
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 20 June 2014 - 03:35 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 14:31 on 20/06/2014 by User
Administrator - Elevation successful

========== folderfind ==========

Searching for "AVIRA"
C:\ProgramData\Avira    d------    [21:17 28/03/2014]
C:\Users\All Users\Avira    d------    [21:17 28/03/2014]
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Avira    d------    [21:20 28/03/2014]

Searching for "Antivir"
No folders found.

========== regfind ==========

Searching for "AVIRA"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{305CA226-D286-468e-B848-2B2E8E697B74}]
@="Avira Free Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{305CA226-D286-468e-B848-2B2E8E697B74}]
"System.ApplicationName"="Avira.Avira Free Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{305CA226-D286-468e-B848-2B2E8E697B74}]
"System.Software.TasksFileUrl"="C:\Program Files (x86)\Avira\AntiVir Desktop\avconfig.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{305CA226-D286-468e-B848-2B2E8E697B74}\DefaultIcon]
@="C:\Program Files (x86)\Avira\AntiVir Desktop\rcimage.dll,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{305CA226-D286-468e-B848-2B2E8E697B74}\Shell\Open\Command]
@="C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0623B03B-EC25-47A1-A8CA-7466651044CE}\1.0\0\win32]
@="C:\Program Files (x86)\Avira\AntiVir Desktop\avwmi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0623B03B-EC25-47A1-A8CA-7466651044CE}\1.0\HELPDIR]
@="C:\Program Files (x86)\Avira\AntiVir Desktop"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0623B03B-EC25-47A1-A8CA-7466651044CE}\1.0\0\win32]
@="C:\Program Files (x86)\Avira\AntiVir Desktop\avwmi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0623B03B-EC25-47A1-A8CA-7466651044CE}\1.0\HELPDIR]
@="C:\Program Files (x86)\Avira\AntiVir Desktop"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{305CA226-D286-468e-B848-2B2E8E697B74}]
@="Avira Free Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Avira]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Avira\Antivir Desktop]
"Path"="C:\Program Files (x86)\Avira\AntiVir Desktop\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Avira\Antivir Desktop]
"AppDataDirectory"="C:\ProgramData\Avira\AntiVir Desktop\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\X-AVCSD\Workstation\AntiVir Desktop]
"Name"="Avira Free Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\X-AVCSD\Workstation\AntiVir Desktop]
"MasterKey"="Software\Avira\AntiVir Desktop"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0623B03B-EC25-47A1-A8CA-7466651044CE}\1.0\0\win32]
@="C:\Program Files (x86)\Avira\AntiVir Desktop\avwmi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0623B03B-EC25-47A1-A8CA-7466651044CE}\1.0\HELPDIR]
@="C:\Program Files (x86)\Avira\AntiVir Desktop"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avkmgr]
"Description"="Avira Manager Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avkmgr]
"Group"="Avira"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirSchedulerService]
"ImagePath"=""C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirSchedulerService]
"DisplayName"="Avira Scheduler"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirSchedulerService]
"Description"="Service to schedule Avira Free Antivirus jobs and updates."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirService]
"ImagePath"=""C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirService]
"DisplayName"="Avira Real-Time Protection"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirService]
"Description"="Offers permanent protection against viruses and malware with the Avira search engine."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirWebService]
"ImagePath"=""C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirWebService]
"DisplayName"="Avira Web Protection"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirWebService]
"Description"="Offers permanent protection against viruses and malware for web browsers with the Avira search engine."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\avgntflt]
"Description"="Avira mini-filter driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\avipbb]
"Description"="Avira Security Enhancement Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\avipbb]
"Group"="Avira"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\avkmgr]
"Description"="Avira Manager Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\avkmgr]
"Group"="Avira"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\AntiVirSchedulerService]
"ImagePath"=""C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\AntiVirSchedulerService]
"DisplayName"="Avira Scheduler"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\AntiVirSchedulerService]
"Description"="Service to schedule Avira Free Antivirus jobs and updates."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\AntiVirService]
"ImagePath"=""C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\AntiVirService]
"DisplayName"="Avira Real-Time Protection"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\AntiVirService]
"Description"="Offers permanent protection against viruses and malware with the Avira search engine."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\AntiVirWebService]
"ImagePath"=""C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\AntiVirWebService]
"DisplayName"="Avira Web Protection"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\AntiVirWebService]
"Description"="Offers permanent protection against viruses and malware for web browsers with the Avira search engine."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\avgntflt]
"Description"="Avira mini-filter driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\avipbb]
"Description"="Avira Security Enhancement Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\avipbb]
"Group"="Avira"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\avkmgr]
"Description"="Avira Manager Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\avkmgr]
"Group"="Avira"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirSchedulerService]
"ImagePath"=""C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirSchedulerService]
"DisplayName"="Avira Scheduler"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirSchedulerService]
"Description"="Service to schedule Avira Free Antivirus jobs and updates."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirService]
"ImagePath"=""C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirService]
"DisplayName"="Avira Real-Time Protection"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirService]
"Description"="Offers permanent protection against viruses and malware with the Avira search engine."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirWebService]
"ImagePath"=""C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirWebService]
"DisplayName"="Avira Web Protection"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirWebService]
"Description"="Offers permanent protection against viruses and malware for web browsers with the Avira search engine."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\avgntflt]
"Description"="Avira mini-filter driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\avipbb]
"Description"="Avira Security Enhancement Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\avipbb]
"Group"="Avira"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\avkmgr]
"Description"="Avira Manager Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\avkmgr]
"Group"="Avira"

Searching for "Antivir"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\12F\52C64B7E]
"@%SystemRoot%\System32\wscsvc.dll,-201"="The WSCSVC (Windows Security Center) service monitors and reports security health settings on the computer.  The health settings include firewall (on/off), antivirus (on/off/out of date), antispyware (on/off/out of date), Windows Update (automatically/manually download and install updates), User Account Control (on/off), and Internet settings (recommended/not recommended). The service provides COM APIs for independent software vendors to register and record the state of their products to the Security Center service.  The Action Center (AC) UI uses the service to provide systray alerts and a graphical view of the security health states in the AC control panel.  Network Access Protection (NAP) uses the service to report the security health states of clients to the NAP Network Policy Server to make network quarantine decisions.  The service also has a public API that allows external consumers to p
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}]
@="Windows Defender IOfficeAntiVirus implementation"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{305CA226-D286-468e-B848-2B2E8E697B74}]
@="Avira Free Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{305CA226-D286-468e-B848-2B2E8E697B74}]
"System.ApplicationName"="Avira.Avira Free Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{305CA226-D286-468e-B848-2B2E8E697B74}]
"System.Software.TasksFileUrl"="C:\Program Files (x86)\Avira\AntiVir Desktop\avconfig.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{305CA226-D286-468e-B848-2B2E8E697B74}\DefaultIcon]
@="C:\Program Files (x86)\Avira\AntiVir Desktop\rcimage.dll,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{305CA226-D286-468e-B848-2B2E8E697B74}\Shell\Open\Command]
@="C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0623B03B-EC25-47A1-A8CA-7466651044CE}\1.0\0\win32]
@="C:\Program Files (x86)\Avira\AntiVir Desktop\avwmi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0623B03B-EC25-47A1-A8CA-7466651044CE}\1.0\HELPDIR]
@="C:\Program Files (x86)\Avira\AntiVir Desktop"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}]
@="Windows Defender IOfficeAntiVirus implementation"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0623B03B-EC25-47A1-A8CA-7466651044CE}\1.0\0\win32]
@="C:\Program Files (x86)\Avira\AntiVir Desktop\avwmi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{0623B03B-EC25-47A1-A8CA-7466651044CE}\1.0\HELPDIR]
@="C:\Program Files (x86)\Avira\AntiVir Desktop"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{305CA226-D286-468e-B848-2B2E8E697B74}]
@="Avira Free Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94B111E42F3FF354C8B5322F5C079777]
"00000000000000000000000000000000"="02:\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\ScanWithAntiVirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F46C95810534DB34491B8397BB7CAAEB]
"00000000000000000000000000000000"="22:\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\ScanWithAntiVirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Avira\Antivir Desktop]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Avira\Antivir Desktop]
"Path"="C:\Program Files (x86)\Avira\AntiVir Desktop\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Avira\Antivir Desktop]
"AppDataDirectory"="C:\ProgramData\Avira\AntiVir Desktop\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\X-AVCSD\Workstation\AntiVir Desktop]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\X-AVCSD\Workstation\AntiVir Desktop]
"Name"="Avira Free Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\X-AVCSD\Workstation\AntiVir Desktop]
"MasterKey"="Software\Avira\AntiVir Desktop"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2781761E-28E0-4109-99FE-B9D127C57AFE}]
@="Windows Defender IOfficeAntiVirus implementation"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0623B03B-EC25-47A1-A8CA-7466651044CE}\1.0\0\win32]
@="C:\Program Files (x86)\Avira\AntiVir Desktop\avwmi.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{0623B03B-EC25-47A1-A8CA-7466651044CE}\1.0\HELPDIR]
@="C:\Program Files (x86)\Avira\AntiVir Desktop"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirSchedulerService]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirSchedulerService]
"ImagePath"=""C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirSchedulerService]
"Description"="Service to schedule Avira Free Antivirus jobs and updates."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirService]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirService]
"ImagePath"=""C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirWebService]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirWebService]
"ImagePath"=""C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AntiVirWebService]
"DependOnService"="AntiVirService"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\AntiVirSchedulerService]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\AntiVirSchedulerService]
"ImagePath"=""C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\AntiVirSchedulerService]
"Description"="Service to schedule Avira Free Antivirus jobs and updates."
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\AntiVirService]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\AntiVirService]
"ImagePath"=""C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\AntiVirWebService]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\AntiVirWebService]
"ImagePath"=""C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\AntiVirWebService]
"DependOnService"="AntiVirService"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirSchedulerService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirSchedulerService]
"ImagePath"=""C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirSchedulerService]
"Description"="Service to schedule Avira Free Antivirus jobs and updates."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirService]
"ImagePath"=""C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirWebService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirWebService]
"ImagePath"=""C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AntiVirWebService]
"DependOnService"="AntiVirService"
[HKEY_USERS\S-1-5-21-3171051738-137609224-1564598169-1000\Software\Classes\Local Settings\MuiCache\12F\52C64B7E]
"@%SystemRoot%\System32\wscsvc.dll,-201"="The WSCSVC (Windows Security Center) service monitors and reports security health settings on the computer.  The health settings include firewall (on/off), antivirus (on/off/out of date), antispyware (on/off/out of date), Windows Update (automatically/manually download and install updates), User Account Control (on/off), and Internet settings (recommended/not recommended). The service provides COM APIs for independent software vendors to register and record the state of their products to the Security Center service.  The Action Center (AC) UI uses the service to provide systray alerts and a graphical view of the security health states in the AC control panel.  Network Access Protection (NAP) uses the service to report the security health states of clients to the NAP Network Policy Server to make network quarantine decisions.  The service also has a public
[HKEY_USERS\S-1-5-21-3171051738-137609224-1564598169-1000_Classes\Local Settings\MuiCache\12F\52C64B7E]
"@%SystemRoot%\System32\wscsvc.dll,-201"="The WSCSVC (Windows Security Center) service monitors and reports security health settings on the computer.  The health settings include firewall (on/off), antivirus (on/off/out of date), antispyware (on/off/out of date), Windows Update (automatically/manually download and install updates), User Account Control (on/off), and Internet settings (recommended/not recommended). The service provides COM APIs for independent software vendors to register and record the state of their products to the Security Center service.  The Action Center (AC) UI uses the service to provide systray alerts and a graphical view of the security health states in the AC control panel.  Network Access Protection (NAP) uses the service to report the security health states of clients to the NAP Network Policy Server to make network quarantine decisions.  The service also has a public API that

Searching for "h+bedv"
No data found.

Searching for "x-avcsd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\X-AVCSD]

Searching for "{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\{80b8c23c-16e0-4cd8-bbc3-cecec9a78b79}]

-= EOF =-



#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:14 AM

Posted 20 June 2014 - 05:16 PM

Hello,

 

There are a lot of leftovers in the log above. Are you sure you uninstalled it correctly from the Control Panel first?

 

 

Regards,

Georgi


cXfZ4wS.png


#14 getemboi

getemboi
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:12:14 AM

Posted 20 June 2014 - 05:28 PM

Yes, I uninstalled from the control panel, either that or CCleaner.
I also ran Avira removal tool, which removed some stuff (so it said) but not everything.

It certainly is a lot of leftovers, yet CCleaner registry scan only shows the three keys mentioned.
Is CCleaner really that bad to miss so much? I've always heard it was very good.

Edited by getemboi, 20 June 2014 - 05:31 PM.


#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:08:14 AM

Posted 20 June 2014 - 05:45 PM

Hi,

 

We don't recommend the usage of such programs.

 

Registry Editor / Cleaner Warning !!

Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:

  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.

For more information about why you should avoid using a such programs please take a look here => Registry Cleaners and System Tweaking Tools

 

Ok...this is not the first time I am dealing with leftovers from various antivirus programs. I will prepare a fix for you but (tomorrow). Since we have a different timezone (here it is 01.45 a.m.) and I need my sleep and my eyes are tired. :)

 

Will catch you tomorrow..

 

 

Regards,

Georgi


cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users