Uninstall tool

Discussion in 'ESET NOD32 Antivirus' started by CG_30454, Jan 29, 2012.

Thread Status:
Not open for further replies.
  1. CG_30454

    CG_30454 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    10
    It's been months and months ago I had a trial of eset nod32 av. I uninstalled it long long ago. Was using MSE AV. I have been getting redirects science about October maybe longer. I was very badly infected back about October also. But maleware bytes cleaned it but I was still getting the redirects just been dealing with it. I was tired of it so lastnight I decided to try combofix AGAIN. Well it did something. I deleted some things (I have logs if requested I will post) It seems it reset IE because I was asked the things IE ask when it's new or whatever. But anyway I think the redirects may be gone now. My concerne is when I run combofix I got a message about eset/nod32 running. I was just concerned because I removed it months ago.
    Any suggestions? Maybe it is still in the registery or a service? I looked but did not see but something seems hidden. Maybe if I get it gone maleware bytesd may find more infections?
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  3. CG_30454

    CG_30454 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    10
    I have tried the uninstall tool followed insturctions. It still has the combo fix conflict. Don't you have a uninstall tool that is normal and can run in normal mode not safemode? The tool did nothing at all.
     
  4. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    The tool is designed to run in Safe Mode for a reason. If your safe mode is not working then that is an issue in itself very possibly requiring OS repair.
     
  5. CG_30454

    CG_30454 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    10
    My safemode works fine. The eset was uninstalled 4 or 5 monthts ago. It was a 30 day trial. There has to be something left behind because combofix saids it's still running. I have had other AV programs installed and no issues. What I meant about the infections was if eset still has some processes left from the uninstall was removed with add/remove programs. I ran the tool thinking it would remove what was left over. Thanks for the help. Here is the log file from the removal tool.

    Code:
    >>>>>>>>>>>>>>>>>>>>>>> BEGIN >>>>>>>>>>>>>>>>>>>>>>>
    [01/29/12  13:02:02]	C:\Users\User\Desktop\ESETUninstaller.exe 4.0.15.5
    [01/29/12  13:02:02]	Input arguments: 
    [01/29/12  13:02:04]	Online (PC booted from fixed disk) mode detected.
    
    [01/29/12  13:02:04]	WARNING! This tool uninstalls AV product in non-standard way. Your PC can be harmed seriously, please back up Your data.
    Please keep in mind that as soon as this application is finished your network connection can be down and you will have to restart your PC.
    Are you really sure to continue? (y/n): y
    
    
    [01/29/12  13:02:07]	Scanning available operating systems ...
    
    [01/29/12  13:02:07]	Available operating systems, which AV product can be removed from:
    
    [01/29/12  13:02:07]	[1]
    [01/29/12  13:02:07]	Product Name: Windows 7 Ultimate
    [01/29/12  13:02:07]	Current Version: 6.1.1.7601.WinNT.AMD64
    [01/29/12  13:02:07]	Volume: C:\
    [01/29/12  13:02:07]	System Root: C:\Windows
    [01/29/12  13:02:07]	Program Files: C:\Program Files
    [01/29/12  13:02:07]	Program Files (x86): C:\Program Files (x86)
    [01/29/12  13:02:07]	Common files: C:\Program Files\Common Files
    [01/29/12  13:02:07]	Common files (x86): C:\Program Files (x86)\Common Files
    [01/29/12  13:02:07]	Common application data folder: C:\ProgramData
    [01/29/12  13:02:07]	Common programs folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
    [01/29/12  13:02:07]	Device path folder: C:\Windows\inf
    [01/29/12  13:02:07]	Drives mapping:
    [01/29/12  13:02:07]	Current Letter: C	Native Letter: C
    [01/29/12  13:02:07]	Current Letter: E	Native Letter: E
    
    [01/29/12  13:02:07]	Building cache: 64bit COM: AppID -> DllName ... 
    [01/29/12  13:02:07]	Building cache: 64bit COM: Category -> ReferenceCounter ... 
    [01/29/12  13:02:07]	Building cache: 32bit COM: AppID -> DllName ... 
    [01/29/12  13:02:07]	Building cache: 32bit COM: Category -> ReferenceCounter ... 
    [01/29/12  13:02:07]	Scanning installed AV products ...
    
    [01/29/12  13:02:09]	Installed AV products:
    [01/29/12  13:02:09]		1. ESS/EAV/EMSX
    [01/29/12  13:02:09]		2. NODv2
    [01/29/12  13:02:09]		3. SEP
    
    [01/29/12  13:02:09]	Enter sequence number of AV product to uninstall and press ENTER (hint: to abort press 'q'): 2
    
    [01/29/12  13:02:28]	Are you sure to uninstall NODv2 from this OS? (y/n): y
    
    
    [01/29/12  13:02:35]	Product uninstallation: NODv2
    
    [01/29/12  13:02:35]	Uninstallation in progress, please wait ...
    
    [01/29/12  13:02:35]	Current control set ...   ControlSet001
    
    [01/29/12  13:02:35]	WSC: NODv2 unregistered of Windows Security Center
    
    
    [01/29/12  13:02:35]	ShellEx (32-bit): deleted value in: Microsoft\Windows\CurrentVersion\Shell Extensions\Approved ...
    [01/29/12  13:02:35]	deleted: {B089FE88-FB52-11D3-BDF1-0050DA34150D}
    
    [01/29/12  13:02:35]	ESET Product (32-bit): deleted value in: ESET\NOD\CurrentVersion ...
    [01/29/12  13:02:35]	deleted: Amon_status
    [01/29/12  13:02:35]	ESET Product (32-bit): deleted: ESET\NOD\CurrentVersion
    [01/29/12  13:02:35]	ESET Product (32-bit): deleted: ESET\NOD
    
    [01/29/12  13:02:35]	Uninstallation NODv2 finished successfully.
    
    
    [01/29/12  13:02:35]	Installed AV products:
    [01/29/12  13:02:35]		1. ESS/EAV/EMSX
    [01/29/12  13:02:35]		2. SEP
    
    [01/29/12  13:02:35]	Enter sequence number of AV product to uninstall and press ENTER (hint: to abort press 'q'): 1
    
    [01/29/12  13:02:40]	Are you sure to uninstall ESS/EAV/EMSX from this OS? (y/n): y
    
    
    [01/29/12  13:02:42]	Product uninstallation: ESS/EAV/EMSX
    
    [01/29/12  13:02:42]	Uninstallation in progress, please wait ...
    
    [01/29/12  13:02:42]	Current control set ...   ControlSet001
    
    [01/29/12  13:02:42]	Network: NSI: deleted NetLuidIndex: 0x4 IfType: 0x83
    [01/29/12  13:02:42]	Network: NSI: deleted 'Microsoft ISATAP Adapter' driver ID: {1DACD069-CED4-415D-8B50-EF2095F85389}
    [01/29/12  13:02:42]	Network: NSI: deleted NetLuidIndex: 0x6 IfType: 0x83
    [01/29/12  13:02:42]	Network: NSI: deleted 'Microsoft ISATAP Adapter' driver ID: {AEE20736-5538-454E-AA85-E039D3C2037C}
    
    [01/29/12  13:02:42]	Services: deleted: ControlSet001\Services\eamon
    [01/29/12  13:02:42]	Services: deleted: ControlSet001\Enum\Root\LEGACY_EPFWWFPR
    [01/29/12  13:02:42]	Services: deleted: ControlSet001\Enum\Root\LEGACY_EHDRV
    
    [01/29/12  13:02:42]	WSC: ESS/EAV unregistered of Windows Security Center
    
    [01/29/12  13:02:42]	WSC: ESS/EAV (WMI) unregistered of Windows Security Center
    
    
    [01/29/12  13:02:42]	ESET Product (64-bit): deleted: ESET\Setup
    [01/29/12  13:02:42]	ESET Product (64-bit): deleted: ESET
    
    [01/29/12  13:02:42]	ESET Product (32-bit): deleted: ESET\ESET Security
    [01/29/12  13:02:42]	ESET Product (32-bit): deleted: ESET
    
    
    [01/29/12  13:02:42]	Dmon (64-bit): deleted: Classes\AppId\DMON.DLL
    [01/29/12  13:02:42]	Dmon (64-bit): deleted: Classes\AppId\{6EB1806F-1E78-4EE0-BC56-CCB3A2784379}
    
    [01/29/12  13:02:42]	Email plugins (32-bit): deleted value in: Mozilla\Thunderbird\Extensions ...
    [01/29/12  13:02:42]	deleted: [email]eplgTb@eset.com[/email]
    
    [01/29/12  13:02:42]	Email plugins (32-bit): deleted value in: Microsoft\Exchange\Client\Extensions ...
    [01/29/12  13:02:42]	deleted: ESET Outlook Plugin
    
    [01/29/12  13:02:42]	Uninstallation ESS/EAV/EMSX finished successfully.
    
    
    [01/29/12  13:02:42]	Installed AV products:
    [01/29/12  13:02:42]		1. SEP
    
    [01/29/12  13:02:42]	Enter sequence number of AV product to uninstall and press ENTER (hint: to abort press 'q'): 1
    
    [01/29/12  13:02:46]	Are you sure to uninstall SEP from this OS? (y/n): y
    
    
    [01/29/12  13:02:48]	Product uninstallation: SEP
    
    [01/29/12  13:02:48]	Uninstallation in progress, please wait ...
    
    [01/29/12  13:02:48]	Current control set ...   ControlSet001
    
    [01/29/12  13:02:48]	WSC: SEP unregistered of Windows Security Center
    
    [01/29/12  13:02:48]	WSC: SEP (WMI) unregistered of Windows Security Center
    
    
    
    [01/29/12  13:02:51]	Windows Defender (32-bit): deleted value in: Microsoft\Windows Defender ...
    [01/29/12  13:02:51]	deleted: DisableAntiSpyware
    
    [01/29/12  13:02:51]	Uninstallation SEP finished successfully.
    
    
    [01/29/12  13:02:51]	Log file location: "C:\Users\User\Desktop\~ESETUninstaller.log"
    
    [01/29/12  13:02:51]	Uninstallation finished successfully, please restart your PC now.
    
    [01/29/12  13:02:51]	Press any key to exit ...
    >>>>>>>>>>>>>>>>>>>>>>>> END >>>>>>>>>>>>>>>>>>>>>>>>
     
  6. CG_30454

    CG_30454 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    10
    Here is exact what the error has.

    ComboFix has detected the fowolling real time scanners.

    antivirus ESET NOD32 Antivirus 4.2
    antispyware ESET NOD32 Antivirus 4.2
     
  7. CG_30454

    CG_30454 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    10
    Well I just don't know what to do. Why can't software companies make software that uninstalled and not leave things behind? Also if eset is going to have an uninstaller then they need to have a normal one and one that works. I reinstalled eset and booted to safemode and uninstalled it and still get the error. I thanks you for your quick reply. Maybe you have another suggestion.

    Thanks
     
  8. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    few more folders to check for and remove if still there
    kb.eset.com/esetkb/index?page=content&id=SOLN2116

    are you able to run another av?
     
Thread Status:
Not open for further replies.