Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Remove F-Secure Antivirus from Windows XP


  • Please log in to reply

#1
winterlady

winterlady

    Member

  • Member
  • PipPip
  • 31 posts
I am trying to install AOL Safety & Security Center (SSC) on my system: Windows XP Home Edition Version 2002 Service Pack 2 with an Intel Celeron Processor 801 MHz, 384 MB of ram. I previously had F-Secure Antivirus software installed included in the Security Suite software provided by my cable internet provider, I removed it through my add & remove programs, but now AOL is telling me I can not successfully download & install the whole package in their SSC, it's not installing the virus protection due to still having F-Secure files running on my system? I'm not very computer saavy and I don't know how to locate or remove any remaining files. I ran a search on my system and did not find any F-Secure program files. Please help!
  • 0

Advertisements


#2
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
it says that it cannot because those are running?

Download hijackthis from my signature and ATTACH a hijackthis log so I can see what is starting with the PC
  • 0

#3
winterlady

winterlady

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Thanks for such a quick reply. I hope I've done this right, like I said I'm not very computer saavy but I believe this is the log you requested.

Attached Files


  • 0

#4
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
that is correct

Now, my confusion...I see no evidence of f-secure...I do see evidence of Mcafee, which I was pretty certain was the av componant of the aol security center. And it is running

Did you mean you had an old version of Mcafee?

Also, there is at least one line in your log that concerns me.

I need to check u on that
  • 0

#5
winterlady

winterlady

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Yes your right McAfee is a component of AOL SSC. But I did have McAfee first, I had downloaded and installed it from their web site, before I installed the Security Suite provided by my internet cable service, I had removed that through my add/remove prior to installing the Security Suite. I thought. Since my last posting I've tried to uninstall and reinstall the AOL SSC again but no success. I'm sorry to say I had forgot to mention a couple of things that happen when trying to install SSC, I a box that will pop up, that says "can not open install log" and the other during the beginning of the installation process a box pops up that says AOL has found McAfee on my system and will remove it before installing SSC. But when I chatted with an AOL tech and sent him my system info I was then told it was F-Secure causing the problem? I have tried the search feature on my system and the command prompt to locate McAfee or F-Secure Security Suite but it comes up with nothing.?? Just to let you know I had a very similar problem when I tried to download & install my upgrade from AOL 8.0 to AOL 9.0, it would not install all the components either, AOL had to send me a disc via mail for me to install the upgrade to 9.0. This time AOL has told me a disc will not work either because I need to find and delete any existing program files left on my system from any other virus protection, but I can not even find any on my system??
Being such a computer novice doesn't help, I am so confused and don't know what to do now. I am very concerned about not having any virus protection on my system right now. Maybe I should just put McAfee back on my system and pay for it??
What did you mean that there's at least one line in my log that concerns you? I don't even understand what that means?? Please help, I need it!
  • 0

#6
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
would like to see the system info you sent to the AOL fella if you have it...I think he may have been in error

The line I am curious about in your hijack log is
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system\userinit.exe

That is unusual--do not do anything...I asked some malware people to take a look and will report back
  • 0

#7
winterlady

winterlady

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
HERE IS THE SAME INFO I SENT THE AOL TECH:

TotalDiskDrives=3
DiskDrive1=Floppy Drive A:\
DiskDrive2=Hard Drive C:\, FreeSpace: 8209MB, TotalSpace: 19459MB
DiskDrive3=CD-ROM Drive D:\
Processor=Intel Celeron, 801MHz
Memory=383MB total (70% load )
Video=800 x 600, True Color (24 bit)
Multimedia=CD-ROM
OS=Windows XP (Build 2600) Service Pack 2
Browser=Microsoft IE Build 6.0.2900.2180 128-bit encryption
Firewall1=McAfee
Plugin1=Name: Viewpoint, Version: 3, 2, 2, 26
Plugin2=Name: QuickTime, Version: 6.5
Plugin3=Name: Direct Draw, Version: 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158)
Plugin4=Name: Windows Media Player, Version: 10.00.00.3646
Plugin5=Name: Shockwave Flash, Version: 7,0,19,0
Plugin6=Name: Real Player, Version: 6.0.12.1235

appName=America Online 9.0
numLaunches=39
numLogins=34

versionNumber=AOL 16.4184.5301 US (a)
appFolderPath=C:\Program Files\America Online 9.0
dataFolderPath=C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0
lastUsedOn=1/28/2006 11:37

Error1=11:06:05 01/28/06 Ignoring independent within independent.
Error2=11:04:44 01/28/06 You have not completely filled out this form.
Error3=09:56:59 01/19/06 FP Busy Syncing, unable to perform a new sync
Error4=17:05:33 01/18/06 BartError: type=7,id=02FFFFFF,category=3,error=0,suberror=7
Error5=16:32:13 01/18/06 Ignoring independent within independent.
Error6=08:31:17 01/17/06 Ignoring independent within independent.
Error7=08:31:14 01/17/06 Ignoring independent within independent.
Error8=08:07:37 01/17/06 Ignoring independent within independent.
Error9=08:06:56 01/17/06 PNH Sync: Time out, host is not responding
Error10=16:06:37 01/16/06 Ignoring independent within independent.
Error11=16:06:33 01/16/06 Ignoring independent within independent.
Error12=19:09:11 01/15/06 Ignoring independent within independent.
Error13=13:36:30 01/15/06 FP Busy Syncing, unable to perform a new sync
Error14=13:22:26 01/15/06 Ignoring independent within independent.
Error15=13:22:24 01/15/06 Ignoring independent within independent.
Error16=17:16:19 01/14/06 FP Busy Syncing, unable to perform a new sync
Error17=11:09:24 01/09/06 Address Book Sync Checker Timeout
Error18=11:09:23 01/09/06 ABSyncError:233
Error19=10:53:55 01/09/06 Ignoring independent within independent.
Error20=10:53:25 01/09/06 HTTP/1.0 302 Moved Temporarily
Error21=10:53:25 01/09/06 ABSyncError:-1
Error22=09:44:23 01/09/06 Ignoring independent within independent.
Error23=09:22:30 01/09/06 PNH Sync: Time out, host is not responding
Error24=08:48:07 01/09/06 ABSyncError:202
Error25=08:12:43 01/09/06 ABSyncError:-1
Error26=07:22:16 01/09/06 HTTP/1.0 302 Moved Temporarily
Error27=07:22:16 01/09/06 ABSyncError:-1
Error28=17:15:32 01/08/06 Ignoring independent within independent.
Error29=17:15:21 01/08/06 HTTP/1.0 302 Moved Temporarily
Error30=17:15:21 01/08/06 ABSyncError:-1

CurCache=4MB
MaxCache=128MB
TopSpeedCache=256MB






script1=09:28:24 01/09/06 C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\TOD\3743.phx
success1=Success
script2=17:32:22 01/08/06 C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\TOD\3675.phx
success2=Success

Device1=56K AC-Link Voice Modem on COM3 MODEM_CONNECTION
Device2=Broadband (High-Speed, Cable, DSL, or other ISP) TCPIP_CONNECTION
TotalLocations=2
Location1=TotalConnections: 1, Name: ISP/LAN Connection, Tries: 1, Current location: FALSE
Connection1 at Location1=Name: TCP/IP connection, Tries: 2, Device: TCP/IP: LAN or ISP (Internet Service Provider), Network Script: , TunnelTraffic:
Location2=TotalConnections: 0, Name: Broadband, Tries: 1, Current location: TRUE

NIC=Detected
USB=Detected









aolcom1

aolcom2

aolcom3

aolcom4

aolcom5

sysinfocom1

sysinfocom2

sysinfocom3

sysinfocom4

sysinfocom5
  • 0

#8
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
Note: removed a few pieces of info that probably should not have been posted in a public forum
  • 0

#9
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
I don't see how he deduced the f-secure thing from that...unless it changed.

I have to fly right now, but I will pop in later this afternoon.

I want to think it through, but I think we will just shut down all the mcafee start routines, then wipe most of the files manually then reinstall over the top.

Run a system restore point in the meantime

Start > HELP AND SUPPORT> UNDO CHANGES WITH SYSTEM RESTORE > CREATE RESTORE POINT
  • 0

#10
winterlady

winterlady

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Thank you. It's probably very obvious to you exactly what a true novice I am now. I appreciate all the help your giving me but I think it's very important I get some kind of virus protection installed on my system soon.
Do you think the problem is with AOL or my computer?? Should I give up on AOL and just reinstall the McAfee?? I'll wait until I hear back from you on my issues before I do anything else. Thanks again!
  • 0

#11
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts

The line I am curious about in your hijack log is
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system\userinit.exe


OK, sorry this has taken so long. I've had some top folks looking at this line and we are all stumped...never seen it before. :tazz:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,

is actually normal...but when it is followed by something (after the , ) it usually a bad sign....but userinit.exe is a legitimate windows file....but not in that location (C:\windows\System)...so we are apprehensive.

I know this has you all uncomfortable. I would like you to do the following

In MY COMPUTER, go to LOCAL DISK C:, go to WINDOWS, go to SYSTEM---find userinit.exe, right click, choose PROPERTIES, go to the VERSION tab. Read me back the information.

We'll move on with the original problem after this....
  • 0

#12
winterlady

winterlady

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
I did what you suggested to find that userinit.exe by opening my computer, local disk C, windows then system but I could not figure out where it was, I found a whole bunch of things that started with $Nt?? So I ended up using the search feature for files/folders with the name of userinit.exe and 3 came up in the search. I checked the properties then the version on all 3,

the first one listed was: Version: 5.1.2600.2180 Description: Userinit Logon Application Copyright: Microsoft
Location: C:\WINDOWS\SYSTEM32

the second one: Version 5.1.2600.0 Description: Userinit Logon Application Copyright: Microsoft
Location: C:\WINDOWS\$NtServicePackUninstall

the third one: Version: 5.1.2600.2180 Description: Userinit Logon Application Copyright: Microsoft
Location: C:\WINDOWS\ServicePackFiles\i386

Is this a bad thing?? Please respond as soon as possible. I have to go on line to do our taxes this afternoon and I think I'm going to have to just reinstall the McAfee after listening to the news this morning there is a new bad worm coming out tomorrow and they were advising everyone to make sure they have virus protection on their computers.
  • 0

#13
gerryf

gerryf

    Retired Staff

  • Retired Staff
  • 11,365 posts
no, those three are good things...the first is the one in use and is normal, the second is the original that came with your system, and the third is a copy of the one in use that came with the service pack.

I think that is a phantom setting...just not sure how it go there...have been able to find a few other logs that have it and none seem to have any ill effect.

We're going to leave that one along and go back to the original setting

Open hijackthis again and out a check mark next to each of the following entries

O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O15 - Trusted Zone: http://*.mcaffe.com
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {CA0B9B6D-C2AF-11D3-B376-0800460222F0} - http://www.iwon.com/...nbar1,0,2,1.cab
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe

Hit FIX, this will remove the entries and place them in a BACKUP folder, so we can restore them if need be.

Reboot. Nothing to do with McAfee will load, so nothing will be in memory, and prevent AOL Security Center from loading

Try to load AOL SC...succeed? If it fails, we will rename a couple of folders and try again.

If that fails, we will simple load McAfee again and try to work this through when you have more time.
  • 0

#14
cdnjan

cdnjan

    New Member

  • Member
  • Pip
  • 6 posts
Hi
Don't mean to interfere here but maybe this will be useful. I use the same program as the OP does....[ which is awesome it includes virus/spyware and adware all in one free package] The program is called Shaw Secure ...perhaps it will help you locate her problem/conflicting files not sure.
regards
jan
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP