Posted 02 August 2009 - 07:45 PM
Helping friend with computer problems. I think there are two issues, one of which should be posted here (I think) and the other-someone will have to tell me if it is a separate issue needing its own space or a symptom of issue number one.
This computer has WinXP Home. I installed several overdue updates over the last couple of days including SP 3 and IE 8.
I was called in because the computer won't stay shut down and my friend wondered if she had a virus. If you click start>turn off>turn off , the computer reacts as if you clicked start>turn off>restart. My friend asked if this was due to a virus. She had AVG 8.5 Free Edition installed, but had done it herself and wasn't sure she did it correctly. However, when she had shown me how the computer rebooted itself, I had noticed a balloon in the systray that said Defender-pro firewall was turned off. Clicking the balloon took me to Win Security Center. Their recommendations were to turn on DP (which had supposedly been uninstalled-and was not in add/remove programs) or turn on Windows Firewall. I turned on Windows Firewall and that solved the popup. But turning off Win Firewall had the message regarding Defender-pro back (if DP is uninstalled, why is it reporting to Win Security Center?).
I looked in the Event Viewer (Admin tools) and under the Applications section found the following two warnings that occurred every time the computer turned itself back on:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
User: NT AUTHORITY\SYSTEM
Windows saved user OWNER-B2AB92955\Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
At this point I thought, maybe the problem was either DP or some kind of malware that wasn't letting go at shutdown. Ran a scan with AVG and no infections but some warning cookies, had those removed to virus vault. I also downloaded and ran Malwarebytes Antimalware. No infections except two popcap loader entries, presumably for a game she'd purchased and installed. So I left them alone. Still getting restart at shutdown and the Defender-Pro messages from Security Center.
Then, I googled Defender-pro and found some complaints about it being difficult to remove. Since my friend had the DP disk, I uninstalled AVG and Spybot S&D and reinstalled Defender-pro. Installation included an announcement that I still had two days of subscription left. I rebooted and proceeded to uninstall DP. Everything seemed to go well, but at reboot, still getting same messages from Security Center of DP reports being turned off. Also, computer still reboots itself when you try to turn it off.
DP's website had a file to download that would supposedly cure uninstall problems-KAVremover9. Running this gave me the message that Kaspersky's was not on the computer. Then I opened a chat session with DP's tech support. The tech asked if I had any other antivirus installed. I told her what I'd already done, including uninstalling AVG. She emailed me a file to run. Same KAV, same results. Then had me go to registry (regedit) and (the following is pasted from chat session):
Christy: then X2 click on hklocal machine
Christy: then x2 click on software
Christy: and then look for AVG
Christy: if there r click and delete
Christy: then look for Symantec
Christy: if there r click and delte
Christy: then look for Kaspersky lab if there r click and delete
paula: deleted avg and kaspersky, no symantec
Christy: ok.. now exit out of here
Christy: and restart
Christy: this will have removed them
However, nothing had changed.
Next I tried to reinstall AVG and got a message saying:
"Another anti-virus or security product is currently installed on this computer!
It is not advisable to have more than one security product running on the same computer because of possible system conflicts.
We strongly recommend that you uninstall the existing anti-virus/security product before proceeding with the AVG 8.5 installation again."
SO...how do I find what is installed and if it is the Defender-Pro, how do I remove it so I can reinstall AVG?
And is this what is causing the computer to restart when I do a shutdown?
Thanks in advance for any and all help.
No trees were killed in the creation of this message, but a number of electrons were diverted from their chosen path