need some help please

Avast’s scan came up with something and sice the action button is unawilable (no option to quarantine /del)

in OTL scan I had no option of 64bit scan & it came up with only one log ( no extras.txt)

asw at first attempt got insight of something red and i got sistems failure-autorestart-blues screen -Safe Mode ( did open regular)
second round came up with log attached.

i did Roguekiller before asw but have no option to attach

ty guys

Avast's scan came up with something and sice [b]the action button is unawilable[/b] (no option to quarantine /del)
what was detected....as this usually indicate not infected....or detection in memory

your OTL log show that you have multiple AV programs installed

PRC - [2012/08/21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012/08/21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012/08/17 20:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe PRC - [2012/07/12 17:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe PRC - [2012/07/12 17:32:18 | 018,832,264 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAware.exe PRC - [2011/12/19 12:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe

never install more then one AV as this will give you a slower machine, mysterious windows errors and false detections
you need to uninstall the one you dont use, and the run the vendors removal tools to clear all leftover files that may conflict
you find the removal tools here http://singularlabs.com/uninstallers/security-software/

[quote author=Pondus link=topic=111918.msg878592#msg878592 date=1356655388]

what was detected

in attachment ( those are password protected and growing. would love to del-them)

your OTL log show that you have multiple AV programs installed never install more then one AV as this will give you a slower machine, mysterious windows errors and false detections you need to uninstall the one you dont use, and the run the vendors removal tools to clear all leftover files that may conflict you find the removal tools here http://singularlabs.com/uninstallers/security-software/

i know… but couldnt resist. only Avast came up with that. & so much THX for the link :slight_smile:

got the Rouge attached

ty so much

is it polish?..
it seems like detections in AVG and SpyBot files, so seems to be conflict

anyway the removal specialists are notified. it may take hours before one arrive so be patient

yes it is :slight_smile:

SbS&D started to make those logs not long time ago, end are multiplying. & bluescreen is so rare for me freeked me out

anyway… a Big Thx for so fast response Pondus
have a gr8 shift
(i got myself extra cleaning tomorrow)

hmmm

The aswMBR locked files are part of Kaspersky so they will need removing, Spybot quarantine holds a lot of bad stuff that will need to be removed

Basically you have gone for overkill

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/11/19 21:27:41 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/08/17 20:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP)
SRV - [2012/07/12 17:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2011/12/19 12:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
DRV - [2012/11/19 21:27:43 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/08/13 17:24:12 | 000,587,096 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2012/08/13 15:49:44 | 000,144,344 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kneps.sys -- (kneps)
DRV - [2012/08/02 14:09:30 | 000,024,408 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2012/07/25 13:53:48 | 000,025,944 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2012/06/19 16:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2012/06/08 10:38:12 | 000,043,608 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kltdi.sys -- (kltdi)
DRV - [2012/05/25 18:38:48 | 000,025,432 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2011/12/19 11:44:24 | 000,093,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips)
DRV - [2011/11/29 05:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/10/26 13:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\SBREDrv.sys -- (SBRE)
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2012/09/11 03:12:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2012/09/11 03:12:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2012/09/11 03:12:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2010/03/16 00:02:37 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\USER\AppData\Roaming\mozilla\Firefox\Profiles\zpkzyjca.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2012/04/22 00:32:52 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\USER\AppData\Roaming\mozilla\Firefox\Profiles\zpkzyjca.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011/12/24 23:28:36 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [SBRegRebootCleaner] C:\Program Files\Ad-Aware Antivirus\SBRC.exe (GFI Software)
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - HKU\S-1-5-21-770305187-3020679099-2410195673-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
[2012/12/27 07:31:42 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk


:Files
C:\Program Files\Common Files\AVG Secure Search
C:\Program Files\Kaspersky Lab
C:\Program Files\Ad-Aware Antivirus
C:\Program Files\ESET
C:\ProgramData\Ad-Aware Browsing Protection

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

done

ps.Happy NY 2all

You still need to remove Kaspersky http://support.kaspersky.com/1464

How is the computer behaving now ?

we’ll wait &see
thx
still memory usage does not seem right. any advice on that topic?

Yes uninstall Kaspersky

did. after that had icons missing from my desktop (got back with a brush of a mouse)
SbS&D & emWave are still generating files that are suspected by Avast. wanted to del but…“perform” button not available. had to do it manual

sistem malfuncions - new “there was problem sending command to the program” ->windows office is offline
old - cant make back to restore point or recovery
- after serious cleaning still dont like it (lot of memo usage)

Have you run the Kaspersky tool though, as there are (or were) still a lot of drivers running

Download and run farbar service scanner

http://i1224.photobucket.com/albums/ee362/Essexboy3/Farbar/FSS-1.jpg

Tick “All” options.
Press “Scan”.
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

done

OK lets try a general repair now

Download Windows Repair (all in one) from this site

Install the programme then run

https://dl.dropbox.com/u/73555776/waio%20start.JPG

Go to step 3 and allow it to run SFC

https://dl.dropbox.com/u/73555776/waio%20step3.JPG

On the start repairs tab click start

https://dl.dropbox.com/u/73555776/waiostart%20rep.JPG

Select the following items and tick restart system when finished

https://dl.dropbox.com/u/73555776/waio%20rep%20list.JPG

done
all the logs have the same mesg. (Attachment no.2)
still problems with office
if i can get pass the blocade on recovery i will manage

What is the exact problem with office ?

msg: there was a problem sending messags to the program.
( i can open them with Wordpad only )

Are you able to re-install office at all ? What version is it

1.restored system (word- back on line)
2.cleand other antiwiruses
(meantime mesed other things, no browser for a while- fun, but for now seems ok)(next time no mercy-install disc)
4.run Av-got clean
3.scans attached (mbam seems to get some)