Steveg722

RE Avira AntiVir Personal - Free Antivirus Hello again, Sorry for the delay... FYI, after successfully cleaning up Uninstallation of Avira with the Registry Cleaner app, I did rerun the Avira setup again (downloaded a fresh copy from Avira site...turned out it was the apparently the same file I had used prior from download.com). The installation of v10.0.0.567 and updating seemed to go smoothly. I've run several scans since and they seem to have run as intented. @Nokojon_thanks for sharing the link to RA Products Uninstallers and the tip re Revo Uninstaller. Thanks SteveG

RE Avira AntiVir Personal - Free Antivirus Hello All, Sorry for the delay...but appears the Avira app has finally been uninstalled. Ran the Registry Cleaner App downloaded from http://www.avira.com/en/support-download-a...registrycleaner then rebooted No Avira processes running, Avira items in services are gone, and Avira item on context menu are gone. I then manually deleted the folders and files under Program Files\Avira. @Firefox_no problem me re the prior link and my not being honorary (at least here yet) but thanks for sharing the new one as that's a handy list (links to access Uninstaller.exe's for several popular malware scanning apps) for all of us dealing with these issues and apps to know about. Apparently its not uncommon for Uninstall via Add/Rem Progs for these apps to leave problematic remnants in place. Great service everybody! Thanks Very Much SteveG

Hi, Thanks for the tips you're offered so far.... @Firefox_FYI, RIGHT HERE link to http://forums.malwarebytes.org/index.php?s...st&p=144502 didn't work for me. "Board Message Sorry, an error occurred. If you are unsure on how to use a feature, or don't know why you got this error message, try looking through the help files for more information. The error returned was: Sorry, the link that brought you to this page seems to be out of date or broken." Hopefully this issue isn't due to any operator error on my part. @TonyKlein_I had run across the avira_registry_cleaner_en.zip option last night but wasn't sure if it was a reliable tool. I have since downloaded it and will give it try later today and let you know what happens. @Haider_good question re integrity of the 100921dl_avira_antivir_personal_en.exe file I had downloaded from downloads.com. For what its worth the file shows as 43057KB and as mentioned, the initial Setup routine last night seemed to result in a good install. IF I can first get everything clean (using removal tool Tony suggested), I might try reinstalling. IF I do so, I'll take your advice and download a Setup.exe directly from http://www.avira.com/en/free-download-avira-antivir-personal. FYI, there were no active security application running on the machine when I was doing the installs/uninstalls. Thanks again for your suggestions.... I'll post back to let you know how this all works out. SteveG

RE Avira AntiVir Personal - Free Antivirus Hi, This machine is running Windows 2000 Pro SP4. First became aware of Avira browsing this website (use is proposed on Malware Removal - HijackThis Logs Pinned: I'm infected - What do I do now?) last month when working on another machine. It may be a good app but I've run into a swamp so hoping someone can help me get out of it. On 21Sep10, I had downloaded avira_antivir_personal_en.exe from download.com. Last night, I decided to try a scan of this machine using Avira. Ran the Setup app and Avira Antivir seemed to install without any apparent issues. Soon after, I was browsing the manual and noticed something saying it was important to close all other programs before installing (which I had not done) to assure the program works properly. Decided to goback and redo the install so tried Uninstalling using Add/Rem Progams (there was no Uninstall option in the Avira folder in Start Menu). That began OK but got a popup indicating Uninstall failed but it went away and the Uninstall routine indicated it had finished ok. After reboot, found there were still many remnants left and found there were still some Avira related processes running. Figured reinstalling again might clean everything up so ran Setup again this time with all Apps closed except WinExp but Setup had issues and after Reboot found parts of the installation seemed to be missing/incorrect. Tried Uninstalling again using Add/Rem Programs. It did remove Avira from Add/Rem Programs but it didn't remove a lot else (Program Files\Avira folders still have many files, Start Menu still showing Avira, 2 Avira related services were running, Avira item in Control Panel??, Avira item on right click menu, Avira Folders and contents under Documents and Settings, much Registry pollution re Avira, etc). What concerned me a bit was that the Avira Services were apparently still configured in the Registry to be in the Start-up Programs list and in the Services list, they could not be stopped. Have browsed the web looking for solutions but didn't find anything simple I would have much confidence in at this point. Avira website documentation was little help...says complete Uninstall is simple via Add/Rem Programs. Not true in my case. How can I simply and reliably clean all remnants of Avira off this machine? Thanks SteveG

18Sep2010 959p edt Re

18Sep2010 659p edt Re

18Sep2010 400p edt Reply to

18Sep10 221p edt Reply to

18Sep10 1158a edt Good morning, My main question here is about some files found during a Quick Scan most of which appear to be "OK files". FYI, have included first some background re the swamp I've been in for a couple of weeks now. Struggling to salvage a corrupted WINDOWS installation. Machine is a Dell Inspiron 6000 laptop that had been running XPSP3 with most updates installed (under C:\WINDOWS). Initial symptom on reboot was hal.dll missing or corrupt. Per Dell Tech, did a parallel installation of XPSP2 to C:\WINXP using XPCD. WINXP runs ok, allows me to see entire C:\ drive (and make manual chgs to WINDOWS), and has access to our home network and the internet. Re C:\WINDOWS In addition to numerous other things, have done ~5 REPAIR installations on WINDOWS using XPCD. Could only get to SAFEWITHOUTNETWORKING mode. Booting to either Normal Mode OR SafeWithNetworking modes resulted in the boot hanging OR more recently with a "A problem is preventing Windows from accurately checking the license for the computer. Error Code: 0x80090019" error msg after the the Welcome to WinXP came up. Under SAFEWITHOUTNETWORKING mode, have gotten SYSTEMRESTORE app going but attempts to actually Restore to any of the few RestorePoints showing have all failed. SYSTEMRESTORE app does not show the opt to Save a new Restore Point. Yesterday, I downloaded and ran the installer for XPSP3....that ran to the registering files point but aborted with a "Not Authorized" popup (KB docs suggest this relates to a problem with some security settings in registry). I'm about to attempt a 6th REPAIR installation on WINDOWS but before doing decided to run a MalawareBytes scan. After launching to WINDOWS in SAFEWITHOUTNETWORKING ran a Quick Scan using Malwarebytes' Anti-Malware 1.46 mode. The app reported two (2) KEYS and twenty (20) files as infected. While I have taken snap copies of the five Registry files and the System32 folder before letting the app make any changes, I'm puzzled by some of the files the app ID'd as "infected". Would appreciate it if someone "in the know" could comment on the logfile from Quick Scan run on WINDOWS after executing mbam.exe /developer. Have pasted the contents of mbam-log-2010-09-18 (09-45-38).txt below and as instructed attempted to attach a copy of mbam-log-2010-09-18 (09-45-38).zip to this post. Look forward to your comments and suggestions. Thanks Steveg722 contents of mbam-log-2010-09-18 (09-45-38).txt below Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4052 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 7.0.5730.13 9/18/2010 9:45:38 AM mbam-log-2010-09-18 (09-45-38).txt Scan type: Quick scan Objects scanned: 176215 Time elapsed: 6 minute(s), 41 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 20 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\Software\AntiMalware_ProNE (Rogue.Trace) -> No action taken. [561A0EF459D887469A6CACC0D41B1D14] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\{F9197A7E-CE10-458e-85F8-5B0CE6DF2BBE} (Trojan.Agent) -> No action taken. [95AEB77CD6147CCFE27DEB9502554FE9] Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\DRIVERS\ltmdmntt.sys (Rootkit.Agent.H) -> No action taken. [E40CC8FA46CB9029B499E4720D6D20AC] C:\WINDOWS\system32\DRIVERS\svchost.exe (Trojan.Downloader) -> No action taken. [0C7FF0DFAA71877077F75556585A2E64] C:\WINDOWS\system32\DRIVERS\cisvc.exe (Trojan.Agent) -> No action taken. [6B8F0940134B39D8247CEC1068899FDD] C:\WINDOWS\system32\DRIVERS\cmstp.exe (Trojan.Agent) -> No action taken. [3EF54ED854EA569283A6BDCC594975AA] C:\WINDOWS\system32\DRIVERS\comrepl.exe (Trojan.Agent) -> No action taken. [2CB6E92866D569770CCC603F724E6B66] C:\WINDOWS\system32\DRIVERS\logman.exe (Trojan.Agent) -> No action taken. [652C6228E278208922687F69C1314C83] C:\WINDOWS\system32\DRIVERS\mstinit.exe (Trojan.Agent) -> No action taken. [D2A69DD735163B6C03E9D98371EA0AFC] C:\WINDOWS\system32\DRIVERS\rsvp.exe (Trojan.Agent) -> No action taken. [1C31F2989034975B4850434EA90F2C47] C:\WINDOWS\system32\DRIVERS\services.exe (Trojan.Agent) -> No action taken. [174D5E06767065BB6B8C4F6AB71AC13C] C:\WINDOWS\system32\DRIVERS\winlogon.exe (Backdoor.Bot) -> No action taken. [13BC20931380421D543ADDA71EE38AC0] C:\WINDOWS\system32\DRIVERS\csrss.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. [4052004E5985601671D1FCBAF31AB64F] C:\WINDOWS\system32\DRIVERS\ctfmon.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. [DE8D4BED2038223C17462F02B98E70C9] C:\WINDOWS\system32\DRIVERS\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. [F03D14281BCF8CFD0ADE8F8358A2BD12] C:\WINDOWS\system32\DRIVERS\explorer.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. [49635E14F9899F0197654E79F7142A4B] C:\WINDOWS\system32\DRIVERS\lsass.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. [2875D733981E73BDFAD359F0E3E66BF9] C:\WINDOWS\system32\DRIVERS\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. [C0308230B1D0F95045056E536EC4A0A9] C:\WINDOWS\system32\DRIVERS\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. [5A32C817446474E5613810C48100AD8D] C:\WINDOWS\system32\DRIVERS\smss.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. [41E83D9B8188A4433728567E07A02B68] C:\WINDOWS\system32\DRIVERS\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. [837737DA25FE31611D9A3C012A5BC47E] C:\WINDOWS\system32\DRIVERS\userinit.exe (Heuristics.Reserved.Word.Exploit) -> No action taken. [0A556900C77FF71B3E608D5934257DD8] mbam_log_2010_09_18__09_45_38_.zip