Remove F-Secure Antivirus from Windows XP
Started by
winterlady
, Jan 30 2006 11:19 AM
#1
Posted 30 January 2006 - 11:19 AM
winterlady
-
- Member
-
- 31 posts
Member
#2
Posted 30 January 2006 - 11:38 AM
gerryf
-
- Retired Staff
-
- 11,365 posts
Retired Staff
it says that it cannot because those are running?
Download hijackthis from my signature and ATTACH a hijackthis log so I can see what is starting with the PC
Download hijackthis from my signature and ATTACH a hijackthis log so I can see what is starting with the PC
#3
Posted 30 January 2006 - 12:50 PM
winterlady
- Topic Starter
-
- Member
-
- 31 posts
Member
Thanks for such a quick reply. I hope I've done this right, like I said I'm not very computer saavy but I believe this is the log you requested.
Attached Files
-
hijackthislog.txt 13.27KB
160 downloads
#4
Posted 31 January 2006 - 08:21 AM
gerryf
-
- Retired Staff
-
- 11,365 posts
Retired Staff
that is correct
Now, my confusion...I see no evidence of f-secure...I do see evidence of Mcafee, which I was pretty certain was the av componant of the aol security center. And it is running
Did you mean you had an old version of Mcafee?
Also, there is at least one line in your log that concerns me.
I need to check u on that
Now, my confusion...I see no evidence of f-secure...I do see evidence of Mcafee, which I was pretty certain was the av componant of the aol security center. And it is running
Did you mean you had an old version of Mcafee?
Also, there is at least one line in your log that concerns me.
I need to check u on that
#5
Posted 31 January 2006 - 11:03 AM
winterlady
- Topic Starter
-
- Member
-
- 31 posts
Member
Yes your right McAfee is a component of AOL SSC. But I did have McAfee first, I had downloaded and installed it from their web site, before I installed the Security Suite provided by my internet cable service, I had removed that through my add/remove prior to installing the Security Suite. I thought. Since my last posting I've tried to uninstall and reinstall the AOL SSC again but no success. I'm sorry to say I had forgot to mention a couple of things that happen when trying to install SSC, I a box that will pop up, that says "can not open install log" and the other during the beginning of the installation process a box pops up that says AOL has found McAfee on my system and will remove it before installing SSC. But when I chatted with an AOL tech and sent him my system info I was then told it was F-Secure causing the problem? I have tried the search feature on my system and the command prompt to locate McAfee or F-Secure Security Suite but it comes up with nothing.?? Just to let you know I had a very similar problem when I tried to download & install my upgrade from AOL 8.0 to AOL 9.0, it would not install all the components either, AOL had to send me a disc via mail for me to install the upgrade to 9.0. This time AOL has told me a disc will not work either because I need to find and delete any existing program files left on my system from any other virus protection, but I can not even find any on my system??
Being such a computer novice doesn't help, I am so confused and don't know what to do now. I am very concerned about not having any virus protection on my system right now. Maybe I should just put McAfee back on my system and pay for it??
What did you mean that there's at least one line in my log that concerns you? I don't even understand what that means?? Please help, I need it!
Being such a computer novice doesn't help, I am so confused and don't know what to do now. I am very concerned about not having any virus protection on my system right now. Maybe I should just put McAfee back on my system and pay for it??
What did you mean that there's at least one line in my log that concerns you? I don't even understand what that means?? Please help, I need it!
#6
Posted 31 January 2006 - 11:15 AM
gerryf
-
- Retired Staff
-
- 11,365 posts
Retired Staff
would like to see the system info you sent to the AOL fella if you have it...I think he may have been in error
The line I am curious about in your hijack log is
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system\userinit.exe
That is unusual--do not do anything...I asked some malware people to take a look and will report back
The line I am curious about in your hijack log is
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system\userinit.exe
That is unusual--do not do anything...I asked some malware people to take a look and will report back
#7
Posted 31 January 2006 - 11:27 AM
winterlady
- Topic Starter
-
- Member
-
- 31 posts
Member
HERE IS THE SAME INFO I SENT THE AOL TECH:
TotalDiskDrives=3
DiskDrive1=Floppy Drive A:\
DiskDrive2=Hard Drive C:\, FreeSpace: 8209MB, TotalSpace: 19459MB
DiskDrive3=CD-ROM Drive D:\
Processor=Intel Celeron, 801MHz
Memory=383MB total (70% load )
Video=800 x 600, True Color (24 bit)
Multimedia=CD-ROM
OS=Windows XP (Build 2600) Service Pack 2
Browser=Microsoft IE Build 6.0.2900.2180 128-bit encryption
Firewall1=McAfee
Plugin1=Name: Viewpoint, Version: 3, 2, 2, 26
Plugin2=Name: QuickTime, Version: 6.5
Plugin3=Name: Direct Draw, Version: 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158)
Plugin4=Name: Windows Media Player, Version: 10.00.00.3646
Plugin5=Name: Shockwave Flash, Version: 7,0,19,0
Plugin6=Name: Real Player, Version: 6.0.12.1235
appName=America Online 9.0
numLaunches=39
numLogins=34
versionNumber=AOL 16.4184.5301 US (a)
appFolderPath=C:\Program Files\America Online 9.0
dataFolderPath=C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0
lastUsedOn=1/28/2006 11:37
Error1=11:06:05 01/28/06 Ignoring independent within independent.
Error2=11:04:44 01/28/06 You have not completely filled out this form.
Error3=09:56:59 01/19/06 FP Busy Syncing, unable to perform a new sync
Error4=17:05:33 01/18/06 BartError: type=7,id=02FFFFFF,category=3,error=0,suberror=7
Error5=16:32:13 01/18/06 Ignoring independent within independent.
Error6=08:31:17 01/17/06 Ignoring independent within independent.
Error7=08:31:14 01/17/06 Ignoring independent within independent.
Error8=08:07:37 01/17/06 Ignoring independent within independent.
Error9=08:06:56 01/17/06 PNH Sync: Time out, host is not responding
Error10=16:06:37 01/16/06 Ignoring independent within independent.
Error11=16:06:33 01/16/06 Ignoring independent within independent.
Error12=19:09:11 01/15/06 Ignoring independent within independent.
Error13=13:36:30 01/15/06 FP Busy Syncing, unable to perform a new sync
Error14=13:22:26 01/15/06 Ignoring independent within independent.
Error15=13:22:24 01/15/06 Ignoring independent within independent.
Error16=17:16:19 01/14/06 FP Busy Syncing, unable to perform a new sync
Error17=11:09:24 01/09/06 Address Book Sync Checker Timeout
Error18=11:09:23 01/09/06 ABSyncError:233
Error19=10:53:55 01/09/06 Ignoring independent within independent.
Error20=10:53:25 01/09/06 HTTP/1.0 302 Moved Temporarily
Error21=10:53:25 01/09/06 ABSyncError:-1
Error22=09:44:23 01/09/06 Ignoring independent within independent.
Error23=09:22:30 01/09/06 PNH Sync: Time out, host is not responding
Error24=08:48:07 01/09/06 ABSyncError:202
Error25=08:12:43 01/09/06 ABSyncError:-1
Error26=07:22:16 01/09/06 HTTP/1.0 302 Moved Temporarily
Error27=07:22:16 01/09/06 ABSyncError:-1
Error28=17:15:32 01/08/06 Ignoring independent within independent.
Error29=17:15:21 01/08/06 HTTP/1.0 302 Moved Temporarily
Error30=17:15:21 01/08/06 ABSyncError:-1
CurCache=4MB
MaxCache=128MB
TopSpeedCache=256MB
script1=09:28:24 01/09/06 C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\TOD\3743.phx
success1=Success
script2=17:32:22 01/08/06 C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\TOD\3675.phx
success2=Success
Device1=56K AC-Link Voice Modem on COM3 MODEM_CONNECTION
Device2=Broadband (High-Speed, Cable, DSL, or other ISP) TCPIP_CONNECTION
TotalLocations=2
Location1=TotalConnections: 1, Name: ISP/LAN Connection, Tries: 1, Current location: FALSE
Connection1 at Location1=Name: TCP/IP connection, Tries: 2, Device: TCP/IP: LAN or ISP (Internet Service Provider), Network Script: , TunnelTraffic:
Location2=TotalConnections: 0, Name: Broadband, Tries: 1, Current location: TRUE
NIC=Detected
USB=Detected
aolcom1
aolcom2
aolcom3
aolcom4
aolcom5
sysinfocom1
sysinfocom2
sysinfocom3
sysinfocom4
sysinfocom5
TotalDiskDrives=3
DiskDrive1=Floppy Drive A:\
DiskDrive2=Hard Drive C:\, FreeSpace: 8209MB, TotalSpace: 19459MB
DiskDrive3=CD-ROM Drive D:\
Processor=Intel Celeron, 801MHz
Memory=383MB total (70% load )
Video=800 x 600, True Color (24 bit)
Multimedia=CD-ROM
OS=Windows XP (Build 2600) Service Pack 2
Browser=Microsoft IE Build 6.0.2900.2180 128-bit encryption
Firewall1=McAfee
Plugin1=Name: Viewpoint, Version: 3, 2, 2, 26
Plugin2=Name: QuickTime, Version: 6.5
Plugin3=Name: Direct Draw, Version: 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158)
Plugin4=Name: Windows Media Player, Version: 10.00.00.3646
Plugin5=Name: Shockwave Flash, Version: 7,0,19,0
Plugin6=Name: Real Player, Version: 6.0.12.1235
appName=America Online 9.0
numLaunches=39
numLogins=34
versionNumber=AOL 16.4184.5301 US (a)
appFolderPath=C:\Program Files\America Online 9.0
dataFolderPath=C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0
lastUsedOn=1/28/2006 11:37
Error1=11:06:05 01/28/06 Ignoring independent within independent.
Error2=11:04:44 01/28/06 You have not completely filled out this form.
Error3=09:56:59 01/19/06 FP Busy Syncing, unable to perform a new sync
Error4=17:05:33 01/18/06 BartError: type=7,id=02FFFFFF,category=3,error=0,suberror=7
Error5=16:32:13 01/18/06 Ignoring independent within independent.
Error6=08:31:17 01/17/06 Ignoring independent within independent.
Error7=08:31:14 01/17/06 Ignoring independent within independent.
Error8=08:07:37 01/17/06 Ignoring independent within independent.
Error9=08:06:56 01/17/06 PNH Sync: Time out, host is not responding
Error10=16:06:37 01/16/06 Ignoring independent within independent.
Error11=16:06:33 01/16/06 Ignoring independent within independent.
Error12=19:09:11 01/15/06 Ignoring independent within independent.
Error13=13:36:30 01/15/06 FP Busy Syncing, unable to perform a new sync
Error14=13:22:26 01/15/06 Ignoring independent within independent.
Error15=13:22:24 01/15/06 Ignoring independent within independent.
Error16=17:16:19 01/14/06 FP Busy Syncing, unable to perform a new sync
Error17=11:09:24 01/09/06 Address Book Sync Checker Timeout
Error18=11:09:23 01/09/06 ABSyncError:233
Error19=10:53:55 01/09/06 Ignoring independent within independent.
Error20=10:53:25 01/09/06 HTTP/1.0 302 Moved Temporarily
Error21=10:53:25 01/09/06 ABSyncError:-1
Error22=09:44:23 01/09/06 Ignoring independent within independent.
Error23=09:22:30 01/09/06 PNH Sync: Time out, host is not responding
Error24=08:48:07 01/09/06 ABSyncError:202
Error25=08:12:43 01/09/06 ABSyncError:-1
Error26=07:22:16 01/09/06 HTTP/1.0 302 Moved Temporarily
Error27=07:22:16 01/09/06 ABSyncError:-1
Error28=17:15:32 01/08/06 Ignoring independent within independent.
Error29=17:15:21 01/08/06 HTTP/1.0 302 Moved Temporarily
Error30=17:15:21 01/08/06 ABSyncError:-1
CurCache=4MB
MaxCache=128MB
TopSpeedCache=256MB
script1=09:28:24 01/09/06 C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\TOD\3743.phx
success1=Success
script2=17:32:22 01/08/06 C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\TOD\3675.phx
success2=Success
Device1=56K AC-Link Voice Modem on COM3 MODEM_CONNECTION
Device2=Broadband (High-Speed, Cable, DSL, or other ISP) TCPIP_CONNECTION
TotalLocations=2
Location1=TotalConnections: 1, Name: ISP/LAN Connection, Tries: 1, Current location: FALSE
Connection1 at Location1=Name: TCP/IP connection, Tries: 2, Device: TCP/IP: LAN or ISP (Internet Service Provider), Network Script: , TunnelTraffic:
Location2=TotalConnections: 0, Name: Broadband, Tries: 1, Current location: TRUE
NIC=Detected
USB=Detected
aolcom1
aolcom2
aolcom3
aolcom4
aolcom5
sysinfocom1
sysinfocom2
sysinfocom3
sysinfocom4
sysinfocom5
#8
Posted 31 January 2006 - 11:31 AM
gerryf
-
- Retired Staff
-
- 11,365 posts
Retired Staff
Note: removed a few pieces of info that probably should not have been posted in a public forum
#9
Posted 31 January 2006 - 11:34 AM
gerryf
-
- Retired Staff
-
- 11,365 posts
Retired Staff
I don't see how he deduced the f-secure thing from that...unless it changed.
I have to fly right now, but I will pop in later this afternoon.
I want to think it through, but I think we will just shut down all the mcafee start routines, then wipe most of the files manually then reinstall over the top.
Run a system restore point in the meantime
Start > HELP AND SUPPORT> UNDO CHANGES WITH SYSTEM RESTORE > CREATE RESTORE POINT
I have to fly right now, but I will pop in later this afternoon.
I want to think it through, but I think we will just shut down all the mcafee start routines, then wipe most of the files manually then reinstall over the top.
Run a system restore point in the meantime
Start > HELP AND SUPPORT> UNDO CHANGES WITH SYSTEM RESTORE > CREATE RESTORE POINT
#10
Posted 31 January 2006 - 11:39 AM
winterlady
- Topic Starter
-
- Member
-
- 31 posts
Member
Thank you. It's probably very obvious to you exactly what a true novice I am now. I appreciate all the help your giving me but I think it's very important I get some kind of virus protection installed on my system soon.
Do you think the problem is with AOL or my computer?? Should I give up on AOL and just reinstall the McAfee?? I'll wait until I hear back from you on my issues before I do anything else. Thanks again!
Do you think the problem is with AOL or my computer?? Should I give up on AOL and just reinstall the McAfee?? I'll wait until I hear back from you on my issues before I do anything else. Thanks again!
#11
Posted 01 February 2006 - 08:46 AM
gerryf
-
- Retired Staff
-
- 11,365 posts
Retired Staff
The line I am curious about in your hijack log is
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system\userinit.exe
OK, sorry this has taken so long. I've had some top folks looking at this line and we are all stumped...never seen it before.
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
is actually normal...but when it is followed by something (after the , ) it usually a bad sign....but userinit.exe is a legitimate windows file....but not in that location (C:\windows\System)...so we are apprehensive.
I know this has you all uncomfortable. I would like you to do the following
In MY COMPUTER, go to LOCAL DISK C:, go to WINDOWS, go to SYSTEM---find userinit.exe, right click, choose PROPERTIES, go to the VERSION tab. Read me back the information.
We'll move on with the original problem after this....
#12
Posted 01 February 2006 - 10:50 AM
winterlady
- Topic Starter
-
- Member
-
- 31 posts
Member
I did what you suggested to find that userinit.exe by opening my computer, local disk C, windows then system but I could not figure out where it was, I found a whole bunch of things that started with $Nt?? So I ended up using the search feature for files/folders with the name of userinit.exe and 3 came up in the search. I checked the properties then the version on all 3,
the first one listed was: Version: 5.1.2600.2180 Description: Userinit Logon Application Copyright: Microsoft
Location: C:\WINDOWS\SYSTEM32
the second one: Version 5.1.2600.0 Description: Userinit Logon Application Copyright: Microsoft
Location: C:\WINDOWS\$NtServicePackUninstall
the third one: Version: 5.1.2600.2180 Description: Userinit Logon Application Copyright: Microsoft
Location: C:\WINDOWS\ServicePackFiles\i386
Is this a bad thing?? Please respond as soon as possible. I have to go on line to do our taxes this afternoon and I think I'm going to have to just reinstall the McAfee after listening to the news this morning there is a new bad worm coming out tomorrow and they were advising everyone to make sure they have virus protection on their computers.
the first one listed was: Version: 5.1.2600.2180 Description: Userinit Logon Application Copyright: Microsoft
Location: C:\WINDOWS\SYSTEM32
the second one: Version 5.1.2600.0 Description: Userinit Logon Application Copyright: Microsoft
Location: C:\WINDOWS\$NtServicePackUninstall
the third one: Version: 5.1.2600.2180 Description: Userinit Logon Application Copyright: Microsoft
Location: C:\WINDOWS\ServicePackFiles\i386
Is this a bad thing?? Please respond as soon as possible. I have to go on line to do our taxes this afternoon and I think I'm going to have to just reinstall the McAfee after listening to the news this morning there is a new bad worm coming out tomorrow and they were advising everyone to make sure they have virus protection on their computers.
#13
Posted 01 February 2006 - 11:07 AM
gerryf
-
- Retired Staff
-
- 11,365 posts
Retired Staff
no, those three are good things...the first is the one in use and is normal, the second is the original that came with your system, and the third is a copy of the one in use that came with the service pack.
I think that is a phantom setting...just not sure how it go there...have been able to find a few other logs that have it and none seem to have any ill effect.
We're going to leave that one along and go back to the original setting
Open hijackthis again and out a check mark next to each of the following entries
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O15 - Trusted Zone: http://*.mcaffe.com
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {CA0B9B6D-C2AF-11D3-B376-0800460222F0} - http://www.iwon.com/...nbar1,0,2,1.cab
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
Hit FIX, this will remove the entries and place them in a BACKUP folder, so we can restore them if need be.
Reboot. Nothing to do with McAfee will load, so nothing will be in memory, and prevent AOL Security Center from loading
Try to load AOL SC...succeed? If it fails, we will rename a couple of folders and try again.
If that fails, we will simple load McAfee again and try to work this through when you have more time.
I think that is a phantom setting...just not sure how it go there...have been able to find a few other logs that have it and none seem to have any ill effect.
We're going to leave that one along and go back to the original setting
Open hijackthis again and out a check mark next to each of the following entries
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O15 - Trusted Zone: http://*.mcaffe.com
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {CA0B9B6D-C2AF-11D3-B376-0800460222F0} - http://www.iwon.com/...nbar1,0,2,1.cab
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
Hit FIX, this will remove the entries and place them in a BACKUP folder, so we can restore them if need be.
Reboot. Nothing to do with McAfee will load, so nothing will be in memory, and prevent AOL Security Center from loading
Try to load AOL SC...succeed? If it fails, we will rename a couple of folders and try again.
If that fails, we will simple load McAfee again and try to work this through when you have more time.
#14
Posted 03 February 2006 - 01:15 AM
cdnjan
-
- Member
-
- 6 posts
New Member
Hi
Don't mean to interfere here but maybe this will be useful. I use the same program as the OP does....[ which is awesome it includes virus/spyware and adware all in one free package] The program is called Shaw Secure ...perhaps it will help you locate her problem/conflicting files not sure.
regards
jan
Don't mean to interfere here but maybe this will be useful. I use the same program as the OP does....[ which is awesome it includes virus/spyware and adware all in one free package] The program is called Shaw Secure ...perhaps it will help you locate her problem/conflicting files not sure.
regards
jan
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
