Avast WEBforum
Other => General Topics => Topic started by: spottydog on March 15, 2005, 11:35:24 PM
-
This has got me beat. I run xp prof and installed Avast but evertime I boot I get a nice blue box saying that avast cant operate with Kaspersky running. I have never had or used kaspersky and can find nothing in the registry or files or anywhere on the hard drives which has to do with Kaspersky. I would love to be able to use Avast properly so please someone give me some help. Thanks for reading this.
-
Did you ever used the online scanner by Kaspersky?
-
Quite strange if you never used or installed Kaspersky ::)
Anyway, you can try to repair your installation:
Go to Control Panel > Add/Remove programs > avast! antivirus > Remove
Then choose Repair function in the popup window (Repair).
You must be connected to the internet while repairing.
Or, if this does not help, can you uninstall / boot / install / boot again
Can you post the contents of these Windows Registry keys in your system?
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers\\VDD
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\VirtualDeviceDrivers\\VDD
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\VirtualDeviceDrivers\\VDD
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\VirtualDeviceDrivers\\VDD
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\VirtualDeviceDrivers\\VDD
Welcome to avast 8)
-
I shall try out your suggestions now. I cant remember using the online scanner from Kaspersky but seeing as how I have used these services in the past from Trend and a few others so there is a possibility I used Kaspersky too. Anyhow I shall try to follow your suggestions, thanks for the quick response. I do like the look of Avast and it has helped me (the bits that are working that is).
The newbie
-
I believe Kaspersky also has an anti-hijack program (or something like that), although not an anti-virus program it is resident and has caused similar problems with avast mentioned previously in these forums.
However, if you don't have any Kaspersky product installed this is unlikely to be it.
-
I have tried everything you suggested. Repaired, uninstall and reboot, install and reboot. Still comes up with Kaspersky is running. ???
I also checked the registry areas you asked for, the only one that doesnt state c:programme\Alwilsoftware\Avast4\aswMONvd.dll is
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\VirtualDeviceDrivers\\VDD
this states c:progra~1\symantec\S32EVNT1.DLL
What I have found is under controlset2\Enum\Root\Legacy_KAVMONITORSERVICE
Still in need of help and by the way thanks for the welcome.
-
Here is a hijack this copy of my system, I cant see anything but then again I am no way an expert.
Logfile of HijackThis v1.99.1
Scan saved at 22:55:32, on 16.03.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
C:\Programme\Alwil Software\Avast4\ashServ.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Alwil Software\Avast4\ashMaiSv.exe
C:\Programme\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\pupxpman.exe
C:\PROGRA~1\GEMEIN~1\AOL\AOLPRI~1\AOLSP Scheduler.exe
C:\Programme\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Logitech\Video\LogiTray.exe
C:\Programme\Google\Gmail Notifier\gnotify.exe
C:\Programme\Muiltmedia keyboard utility\KbdAp32A.exe
C:\Programme\Office Mouse\moffice.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\AOL 9.0b\aoltray.exe
C:\Programme\Office Mouse\MOUSE32A.EXE
C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programme\SECRETMAKER\secretmaker.exe
C:\Programme\Logitech\Video\FxSvr2.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\aj\Desktop\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groups.yahoo.com/mygroups
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\system32\smiehlp.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\pupxpman.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\GEMEIN~1\AOL\AOLPRI~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programme\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Programme\Muiltmedia keyboard utility\MMKEYBD.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Programme\Office Mouse\moffice.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programme\Logitech\Video\ManifestEngine.exe boot
O4 - Global Startup: AOL Tray-Symbol.lnk = C:\Programme\AOL 9.0b\aoltray.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: SECRETMAKER.lnk = C:\Programme\SECRETMAKER\secretmaker.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programme\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programme\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programme\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programme\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.de/computercheckup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093897218945
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DAFCB656-6AC8-436B-81FC-C985507FB818}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Privacy Protection Service (AOLService) - Unknown owner - C:\Programme\Gemeinsame Dateien\AOL\AOL Privacy Protection\\aolserv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programme\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programme\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com Personal Firewall Service (MpfService) - McAfee.com Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
-
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\VirtualDeviceDrivers\\VDD
this states c:progra~1\symantec\S32EVNT1.DLL
On Registry you must have the following entry there:
C:\Program Files\Alwil Software\Avast4\aswMonVd.dll
Open the key, backup it first, delete the last two groups of zeros.
You'll have 00 00
and should be only 00
You will see the avast entry appearing by 'miracle'...
What I have found is under controlset2\Enum\Root\Legacy_KAVMONITORSERVICE
Backup the key and delete it.
Let us know the results...
-
Well, did everything you said but I still get the same nice screen telling me Kaspersky is running. I deleted the Legacy_KAVMONITORSERVICE entry and also now have Avast running on Controlset1 instead of Symantec. Nothing seems to help. ??? :'(
I am at a total loss now. Any further help would be most gratefull.
Thanks for helping me out on this, awaiting your reply with bated breath.
Tony
-
I am still trying to get Avast working and at the same time trying to get rid of Kaspersky. I am really at a loss and feel quite exposed without any protection running.
I spend lots of time in the net and know how easy it is to pick up a virus. I just dont know what to do next. Also I see in my Hijack this post a reference to a proxy ip 205.188.146.145 this has me worried as I dont use proxies. The ref is number 017 my hijack this post.
Thanks for all your help you are giving me its much appreciated.
Tony (who is tearing his hair out by the roots)
-
spottydog
You can get further info an the IP address you listed at the following:
http://www.dnsstuff.com/tools/whois.ch?ip=205.188.146.145
-
About Kaspersky removal, I can't help you that much...
On the VDD registry key, it should have both avast and Symantec drivers listed.
You could use avast as the first and Symantec after.
-
Ok, I only have Avast listed. I used a tool that got rid of all symantec stuff. Its a pity there isnt a like tool for Kaspersky. I hate to say this but I cant be without adequate protection. As much as I like Avast and would really like to use it properly it is no use to me if I cant have real time protection. I just dont know what else to do. I have looked everywhere and I have deleted everything I can find. Installed deinstalled and the same once again but everytime I get the same pic telling me that Kaspersky is running. Is there nobody that can help me. ??? :'(
-
Hi spottydog,
See here about removing Kaspersky: http://www.kaspersky.com/faq?qid=3605944
Now about your log:
The 017 in your log is your ISP (AOL), so it should be safe.
Also your log looks clean/non infected to me, however there is some non needed start ups you can remove if you want they are:
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe" (lxbkbmgr.exe is a program for the lexmark series x1100 printer)
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe (a part of the Logitech Image Studio and is installed alongside the Logitech quickcam range of products. Allows an easy-access traybar icon which gives access to the diagnostics of this product.)
O4 - Global Startup: AOL Tray-Symbol.lnk = C:\Programme\AOL 9.0b\aoltray.exe (tray bar process for AOL. It gives you easy access to AOL and different settings. This process can be removed to free up system resources. )
All the above items suggested to be removed will still be there and work fine, you will just need to activate them manuly if you need them rather then that taking up boot time everytime you start up and shut down your PC.
--lee
-
Here is another link that might help:
http://www.kaspersky.com/faq?qid=158048671
-
Thanks guys, I have now sent an E-mail to support@kaspersky. I am hoping they can help. If they do I shall post the answer here.
Once again thanks for all the help and advice.
Tony
-
Hi everyone, I seem to have solved the problem. Kaspersky didn't deem fit to answer my query so I looked at everything once again. I used a process viewer and checked out the dll's. I found in c:windows\system32\drivers a KLIF.Sys file from Kaspersky. I deleted it and re-booted. Bingo everything works.
Thanks once again to one and all for all your time and trouble. It was really appreciated. I am looking forward to using Avast now to its fullest extent.
-
It's always good to see an user solved his/her problem.
I'll link this thread, in the future, if anybody asked about Kaspersky uninstallation 8)
-
Hi everyone, I seem to have solved the problem. Kaspersky didn't deem fit to answer my query so I looked at everything once again. I used a process viewer and checked out the dll's. I found in c:windows\system32\drivers a KLIF.Sys file from Kaspersky. I deleted it and re-booted. Bingo everything works.
Thanks once again to one and all for all your time and trouble. It was really appreciated. I am looking forward to using Avast now to its fullest extent.
Tried you suggestion and it Works, many thanks.
AM
-
More on Kaspersky remnants.
Run this utility to remove all traces of Kaspersky from the registry:
http://www.ice-kav.com/downloads/util/KAV_Registry_Clean.zip
ICE is a US distributor for Kaspersky.
-
Thanks, it worked for me too !!!!
-
No problem, you have found the very useful forum search function (since this topic is relatively old, but still works), which is very handy as there is a wealth of information in the forums.
Welcome to the forums.
-
I am having similar problems when I start up my PC; I am getting an error stating that the file ashdisp.exe is not found. Anyway, I just want to use Avast properly since it is one of the most popular antivirus software in the market. I tried uninstalling Avast but it will not remove the program; I am getting a little frustrated!!! Good Luck!!
-
This 'old' topic is also related to having previously had Kaspersky installed so unless this exactly mirrors your problem I would suggest you start a 'new topic' of your own and answer these questions.
What is your OS ?
What version of avast do you have, the latest is 4.8.1201 ?
Have (or did) you another AV installed in this system, if so what was it and how did you get rid of it ?
What other security based software do you have that might block new startup entries, e.g. Spybot S&D (TeaTimer), AdAware (AdWatch), SpySweeper, Spyware Doctor (StartUpGuard or OnGuard), PrevX, WinPatrol, ProcessGuard, etc. ?