Results 1 to 2 of 2
  1. #1
    Join Date
    Dec 2007
    NH, USA

    Default Trend Micro uninstall secuirty meltdown

    Customer's HP515n has XP Home SP2 and all updates, current Norton Internet Security. Called me in when Norton stopped functioning and found that he couldn't complete a download of the latest version of Adobe Acrobat Reader. Also noting Windows update icon in systray, shows no progress and disappears when clicked on. The Shut Down and Restart buttons no longer work and the power cord must be pulled to shut the machine down. Problems appear to have begun after a trial copy of Trend Micro anti-spyware ended the subscription period and was not renewed.

    Note that computer has only 256MB RAM and integrated graphics, 2.3GHz Celeron, so it's slow to start with. Have recommended a memory upgrade.

    I uninstalled Trend Micro, deleted the Temporary Internet Files and set this folder to empty on closing the browser. Dr. Watson log noted missing files in System32 on most recent boot: wdmaud.exe, RPCTR4.dll and ntdll.dll. Also, symbols could not be found for msmsgs.exe.

    Tried to open Norton consol, applet froze during not (not responding). Installed Spybot Search and Destroy, could not establish connection with server to update (IE6 seems to work fine, Windows Firewall is off, Task Manager network usage graph shows no unusual traffic. CPU use, however, often runs up to 100% for several seconds.)
    Installed AdAware 2007, same problem, could not update (seem to be having this problem on a number of machines, may be a problem with Lavasoft)
    Installed Avira, could not update.
    I tried running all four logged in as Administrator in Safe Mode with network support, with the same negative results.

    Ran Rootkit Revealer, found 10 discrepancies in HKLM\SOFTWARE\Microsoft –
    (9) are in \Windows\CurrentVersion\InternetSettings\cache\Paths -- \Directory (Windows API length not consistent with raw hive data, 168 bytes) ,
    …path1\CacheLimit (Data mismatch..., 4 bytes) ,
    …path1\CachePath (Windows API length not consistent..., 182 bytes), and the same 2 for path2, path3 and path 4.
    10th discrepancy is with HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed (Data mismatch between Windows API and raw hive data, 80 bytes)
    RR also found 15 items of metadata hidden from the Windows API. There were no error bytes mounting the volume.

    I have several other programs I can try (CW Shredder, etc.), but this all took 7 hours and the cost of troubleshooting will soon be more than replacing the computer. Am about ready to back up documents, format the hard drive and reinstall from scratch unless someone has an idea.

    Another note: computer's factory default homepage was Netwcape. This recently changed to AOL, although the customer is not a subscriber (has 4Mbps Time Warner cable). I have a suspicion of a problem here because I've had difficulties with AOL/Netscape before.

    I know that some installations of XP have mysterious problems with Deferred Procedure Calls and high CPU usage indicates this might be part of the problem, but I haven’t seen anything about how to fix this.

  2. #2
    Administrator Help2Go Administrator Canuck's Avatar
    Join Date
    May 2003
    Edmonton, Alberta, Canada


    Hi Bob M,

    Help2Go is a volunteer run site, helping individuals with their computing problems. Our policy is not to get involved with business inquiries, as we are not in this to either help make money or to avoid getting their IT involved with their problems.

    I wish you all the best with your problems, perhaps your business could afford to send you or one of your employees to take some courses in software troubleshooting.

    I'll lock this post to avoid further comment on this subject.