# Solved: Can't Uninstall CA Internet Security Suite 2009



## natds

I had CA Internet Security Suite 2009 installed, I wanted to remove it. I tried doing so through control panel, which removed everything but the Antivirus and Firewall which I suppose may have still been running in memory at the time. After the first restart after everything else uninstalled I tried to remove them and I was getting some error 9026 uninstallation error, unable to initialize uninstallation for both. I tried using the uninstallers posted in the support section of their website and one of them seemed to be running through a lot of files and registry entries and deleting them, but after I restarted the Antivirus and Firewall are still installed and enabled. I tried deleting the CA folder and I'm told I don't have permission. When I ran one of the uninstallers it gives some message like "this is what would have been displayed if uninstalling ca internet security suite 2009-r5" before the window quickly closes. I tried uninstalling under safe mode and stopping any processes I thought were CA using task manager and I get the unable to initialize uninstall error 9026 every time. I'm running Windows Vista 64-bit SP2. I tried filling out their support form and get this error message in Firefox:
The data area passed to a system call is too small. 
In IE it just says it can't load the next page. 
Does anyone have anything that might help? I've never seen anything like this, a program that refuses to be gotten rid of. They say they charge for phone support. I found some post of someone else's who also has Vista 64-bit and couldn't uninstall the antivirus or firewall, and they claimed that some program called you installer removed it for them. Well I tried that, it seemed to actually get rid of it, but once I restarted after it said it was gone, there was the CA Security suite still sitting in Add/Remove programs, the programs were still running in the background though the taskbar icon hasn't shown up since i uninstalled the other components. The CA folder is still there and I get access denied errors if I try to delete it. I've already posted on the CA forums where other people who have used it post and didn't get any help there, its really quite dead. How am I supposed to remove this? If you don't know the solution where is the place I should be asking about so complex a problem as this? I need those with serious knowledge.


----------



## Kenny94

The link below should help:

http://homeofficekb.ca.com/CIDocume...eturn=0&GUID=DF325E0AA0AB4264AF47E4BEA49F571B


----------



## natds

That is one of the several CA uninstallers I've tried. None of them seem to be functional for 64 bit installations.


----------



## Rich-M

This might be a case for Revo Uninstaller. Try it if it does not work install it again and then use the uninstall programs to take it out instead of Control Panel uninstaller.
http://www.revouninstaller.com/


----------



## perfume

Dear natds,
As RICH-M said, download the "Revo Uninstaller" and see if CA is visible there (it should be, because CA is also in the Add/Remove). Revo does a real total uninstall if you choose the level 4 button, that's the one listed at the bottom. Either way you'll have to tackle the Registry, to remove the entries/changes CA made there. Empty the Recycle bin at the end. Kindly reboot and CA should be gone.:up:


----------



## Kenny94

If Revo Uninstaller does not work, post a HijackThis log. I guess we'll treat CA as malware removal..

*Click here* to download *HJTInstall.exe*

Save *HJTInstall.exe* to your desktop.
Doubleclick on the *HJTInstall.exe* icon on your desktop.
By default it will install to *C:\Program Files\Trend Micro\HijackThis* . 
Click on *Install*.
It will create a HijackThis icon on the desktop.
Once installed, it will launch *Hijackthis*.
Click on the *Do a system scan and save a logfile* button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
*DO NOT* have Hijackthis fix anything yet. Most of what it finds will be harmless or even required. 

Also, I would like you to generate a "Add/Remove Software list" log using the HijackThis application. Here is how you can do this:

To get an Uninstall List from HijackThis:

Open HijackThis, click Config, click Misc Tools
Click "*Open Uninstall Manager*"
Click "Save List" (generates *uninstall_list.txt*)
Click Save, copy and paste the results in your next post.


----------



## natds

Thanks for the replies, here are my results. I tried revouninstaller, and strangely nothing CA security related is listed, so there was seemingly nothing I could do with that. I did generate a Uninstall List using Hijackthis, but I looked through it and there was also no mention of anything about CA Security. However I did look over my HJT log which is pasted below, and see CA entries, I know its there, the Antivirus and Firewall report in Windows security center, and the CA folder is still intact and they're in my startup programs and running in task manager.
I'm not sure what's with the Yahoo entries. I use nothing Yahoo. I don't have messenger installed. I think it has some integration with IE8, though I never use IE. I recall some mentioning of a CA/Yahoo connection, that someone else trying to uninstall CA had a CA technician wipe out their yahoo address book or something, possible connection?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:32 AM, on 7/4/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Users\Documents\NetMeter114beta_4.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=0109&m=m-7301u
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [NetMeter] C:\Users\Ian\Documents\NetMeter114beta_4.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E23B1F71-38C8-48B3-9ECF-7C762DA6982D}: NameServer = 68.87.71.226,68.87.73.242
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Syntek AVStream USB2.0 ATV Service (StkSSrv) - Unknown owner - C:\Windows\System32\StkCSrv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 7589 bytes


----------



## Rich-M

I wonder if this is something as simple as a "dangler" or two in startup leftover. Go "Run, msconfig,ok,startup" and uncheck any reference to CA.


----------



## natds

There are 3 entries in startup for CA. Ca security suite, which is casc.exe, capfasem.exe which is in the firewall folder, and antivirus plus which is listed as caamrid.exe. I've tried disabling them before, and when I was still able to get into the CA tray, I stopped the Firewall from starting at startup, but Antivirus and Firewall are always still listed in Windows Security even if I stop all Ca processes in Task Manager. Sometimes when I start up I get a Caller ID error saying CA security failed to start but regardless Windows Security reports CA firewall on and Antirvirus on but out of date (updating wasn't working).


----------



## Rich-M

Well this is one for the books....one thing I have tried before with such issues is use Win Patrol which controls startup (free version is fine), and allow these 3 entries, then after they are allowed, let Win Patrol remove then by right clicking in the Win Patrol "startup" menu. www.winpatrol.com

If that doesn't do it I would go into the CA folder and delete files and entries one by one...hopefully you can get it all but there may be entries elsewhere in Users or Docs and Settings also you need to do this with as we don't know if you are using XP or Vista.


----------



## Kenny94

Try Rich's ideal and if they do not work. Lets try this below.

Click Start - Run - and type in:

services.msc

Click OK.

In the services window find:

*ccSchedulerSVC*

Click on the Stop button on the left side you will see it, and wait a sec for it to stop.
Right click on "ccSchedulerSVC" and choose "Properties
Next to Startup type, click on the drop down menuand select Disable.
Click on the Apply button.

NOTE: If the service will not stop and gives a error, then you will need to restart the computer to stop it after you set it to Disabled and clicked on OK.

Exit the Services utility.

*Run HijackThis, click on "Scan" and check the boxes next to this item.*

O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe

*Then close all windows, and browsers, except HijackThis. Tell HijackThis to "Fix checked".*

You may need to restart the computer but you should be able to delete the folder now.

The problem now is going to be to installed another antivirus program. Because CA is still in the Registry and the other antivirus program is going to pick up on this and not intalled maybe? Lets see. And we can't run ComboFix to remove the Registry key. ComboFix will not run with vista 64 bit.....


----------



## natds

I used winpatrol to get rid of the exe's that kept loading. I also for the first time disabled the ccscheduler service which wasn't running but was set to automatic. That really seemed to change something, because I was then for the first time able to delete the entire CA program files folder. I also used CCleaner and looked through regedit to get rid of anything CA. No CA files are still present that I know of, however there must be some other registry entries somewhere, because though it seems no CA processes are running anymore and files have been deleted Windows Security Center is still reporting about CA Antivirus being out of date and CA Firewall being on, yet I deleted the entire CA folder. Does this mean that Windows is wrongly reporting them, since there are no longer any files to actually make those programs work, nor are they running. So what is causing them to still register with Windows? I didn't do anything with Hijackthis since once I disabled that service and winpatrol removed those exe's that CA entry no longer came up in HJT. I'm running Windows Vista 64-bit SP2.


----------



## Rich-M

I would not worry about it, as long as there are no other issues, disable the Security Center, I always do it on systems anyway, though I have never seen it fail to note a new antivirus and firewall present. Did you enable another firewall or Windows firewall?


----------



## natds

I've installed Zonealarm and it registers that Zonealarm and CA Firewall are on, but as I said all CA files and entries are gone, and after installing Avast that is the only antivirus it reports.


----------

