Author Topic: need some help please  (Read 3483 times)

Offline wio

  • Newbie
  • *
  • Posts: 14
    • Personal Message (Offline)
need some help please
« on: December 27, 2012, 11:30:54 PM »
Avast's scan came up with something  and sice  the action button is unawilable (no option to quarantine /del)

in OTL scan I had no option of 64bit scan & it came up with only one log ( no extras.txt)

asw at first attempt got insight of something red and i got sistems failure-autorestart-blues screen -Safe Mode ( did open regular)
second round came up with log attached.

i did Roguekiller before asw but have no option to attach


ty guys

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21649
  • Gender: Male
    • Personal Message (Offline)
Re: need some help please
« Reply #1 on: December 27, 2012, 11:43:08 PM »
Quote
Avast's scan came up with something  and sice  the action button is unawilable (no option to quarantine /del)
what was detected....as this usually indicate not infected....or detection in memory


your OTL log show that you have multiple AV programs installed

Quote
PRC - [2012/08/21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/08/17 20:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
PRC - [2012/07/12 17:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/07/12 17:32:18 | 018,832,264 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAware.exe
PRC - [2011/12/19 12:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe

never install more then one AV as this will give you a slower machine, mysterious windows errors and false detections
you need to uninstall the one you dont use, and the run the vendors removal tools to clear all leftover files that may conflict
you find the removal tools here  http://singularlabs.com/uninstallers/security-software/


« Last Edit: December 27, 2012, 11:47:23 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline wio

  • Newbie
  • *
  • Posts: 14
    • Personal Message (Offline)
Re: need some help please
« Reply #2 on: December 28, 2012, 12:22:03 AM »
Quote
what was detected

 in attachment ( those are password protected and growing. would  love to del-them)

Quote
your OTL log show that you have multiple AV programs installed
never install more then one AV as this will give you a slower machine, mysterious windows errors and false detections
you need to uninstall the one you dont use, and the run the vendors removal tools to clear all leftover files that may conflict
you find the removal tools here  http://singularlabs.com/uninstallers/security-software/

i know... but couldnt resist. only Avast came up with that. & so much THX for the link  :)

got the Rouge attached


ty so much
« Last Edit: December 28, 2012, 12:26:12 AM by wio »

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21649
  • Gender: Male
    • Personal Message (Offline)
Re: need some help please
« Reply #3 on: December 28, 2012, 12:29:28 AM »
is it polish?....
it seems like detections in AVG and SpyBot files, so seems to be conflict

anyway the removal specialists are notified. it may take hours before one arrive so be patient
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline wio

  • Newbie
  • *
  • Posts: 14
    • Personal Message (Offline)
Re: need some help please
« Reply #4 on: December 28, 2012, 12:44:38 AM »
is it polish?....

yes it is :)

it seems like detections in AVG and SpyBot files, so seems to be conflict

 SbS&D started to make those logs not long time ago, end are multiplying. & bluescreen is so rare for me freeked me out

anyway the removal specialists are notified. it may take hours before one arrive so be patient

anyway.... a Big Thx for so fast response Pondus
have a gr8 shift
(i got myself extra cleaning tomorrow)

Offline wio

  • Newbie
  • *
  • Posts: 14
    • Personal Message (Offline)
Re: need some help please
« Reply #5 on: December 28, 2012, 01:00:11 AM »
« Last Edit: December 28, 2012, 01:05:06 AM by wio »

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28931
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: need some help please
« Reply #6 on: December 28, 2012, 09:25:26 AM »
The aswMBR locked files are part of Kaspersky so they will need removing, Spybot quarantine holds a lot of bad stuff that will need to be removed

Basically you have gone for overkill

 Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:OTL
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/11/19 21:27:41 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/08/17 20:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP)
SRV - [2012/07/12 17:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2011/12/19 12:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
DRV - [2012/11/19 21:27:43 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/08/13 17:24:12 | 000,587,096 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012/08/13 15:49:44 | 000,144,344 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV - [2012/08/02 14:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2012/07/25 13:53:48 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2012/06/19 16:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2012/06/08 10:38:12 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV - [2012/05/25 18:38:48 | 000,025,432 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2011/12/19 11:44:24 | 000,093,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips)
DRV - [2011/11/29 05:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/10/26 13:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2012/09/11 03:12:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2012/09/11 03:12:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2012/09/11 03:12:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2010/03/16 00:02:37 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\USER\AppData\Roaming\mozilla\Firefox\Profiles\zpkzyjca.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2012/04/22 00:32:52 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\USER\AppData\Roaming\mozilla\Firefox\Profiles\zpkzyjca.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011/12/24 23:28:36 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [SBRegRebootCleaner] C:\Program Files\Ad-Aware Antivirus\SBRC.exe (GFI Software)
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - HKU\S-1-5-21-770305187-3020679099-2410195673-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
[2012/12/27 07:31:42 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk


:Files
C:\Program Files\Common Files\AVG Secure Search
C:\Program Files\Kaspersky Lab
C:\Program Files\Ad-Aware Antivirus
C:\Program Files\ESET
C:\ProgramData\Ad-Aware Browsing Protection

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Offline wio

  • Newbie
  • *
  • Posts: 14
    • Personal Message (Offline)
Re: need some help please
« Reply #7 on: December 31, 2012, 07:18:59 PM »
done






ps.Happy NY 2all
« Last Edit: December 31, 2012, 10:05:52 PM by wio »

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28931
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: need some help please
« Reply #8 on: December 31, 2012, 09:08:11 PM »
You still need to remove Kaspersky http://support.kaspersky.com/1464

How is the computer behaving now ?

Offline wio

  • Newbie
  • *
  • Posts: 14
    • Personal Message (Offline)
Re: need some help please
« Reply #9 on: December 31, 2012, 09:36:48 PM »
How is the computer behaving now ?

we'll wait &see
thx
still memory usage does not seem right. any advice on that topic?
« Last Edit: December 31, 2012, 10:08:35 PM by wio »

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28931
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: need some help please
« Reply #10 on: January 01, 2013, 10:34:05 AM »
Yes uninstall Kaspersky

Offline wio

  • Newbie
  • *
  • Posts: 14
    • Personal Message (Offline)
Re: need some help please
« Reply #11 on: January 03, 2013, 06:22:19 AM »
Yes uninstall Kaspersky
did. after that had icons missing from my desktop (got back with a brush of a mouse)
SbS&D & emWave are still generating files that are suspected by Avast. wanted to del but.."perform" button not available. had to do it manual

 sistem malfuncions - new "there was problem sending command to the program" ->windows office is offline
  old - cant make back to restore point or recovery
        - after serious cleaning still dont like it (lot of memo usage)

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28931
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: need some help please
« Reply #12 on: January 03, 2013, 01:26:15 PM »
Have you run the Kaspersky tool though, as there are (or were)  still a lot of drivers running

Download and run farbar service scanner



Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Offline wio

  • Newbie
  • *
  • Posts: 14
    • Personal Message (Offline)
Re: need some help please
« Reply #13 on: January 14, 2013, 04:49:52 PM »
done

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28931
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: need some help please
« Reply #14 on: January 14, 2013, 05:15:00 PM »
OK lets try a general repair now

Download  Windows Repair (all in one)  from this site

Install the programme then run



Go to step 3 and allow it to run SFC



On the start repairs tab click start


Select the following  items and tick restart system when finished


 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now