65 replies to this topic

[Satchfan]

I need to see what security you have because I think there is a big conflict somewhere.

Please try safe mode again and see if SecurityCheck will run.
 

[Pacer]

Security Check log from Safe Mode session:

 

Results of screen317's Security Check version 0.99.90  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Security Center service is not running! This report may not be accurate! 

ESET NOD32 Antivirus 8.0      

Kaspersky Internet Security   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Java™ 6 Update 32  

 Java 7 Update 45  

 Java version out of Date! 

 Adobe Reader XI  

 Google Chrome (38.0.2125.104) 

 Google Chrome (38.0.2125.111) 

 Google Chrome (chrome.dll..) 

 Google Chrome (chrome.exe..) 

 Google Chrome (debug.log..) 

 Google Chrome (Dictionaries...) 

 Google Chrome (First Run...) 

 Google Chrome (old_chrome.exe..) 

 Google Chrome (update.dll..) 

 Google Chrome (wow_helper.exe..) 

````````Process Check: objlist.exe by Laurent````````  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  

````````````````````End of Log`````````````````````` 

 

[Satchfan]

At the very beginning I asked you not to make any changes, (including installing/uninstalling programs), without my instruction.

Not only have you ignored that, but you’ve also ignored what I said about two antiviruses.

As I’ve been unable to trace any form of malware, (apart from some adware), your problem is likely to be just that. Two antiviruses cannot work together and can even render each other useless; so, far from making sure that your computer is protected, it is very under-protected and under great strain to work properly as two programs are constantly fighting against each other.

Please uninstall Eset antivirus and then run SecurityCheck in normal mode.

===================================================

There is also one entry that I want to check.

Please download SystemLook from one of the links below and save it to your Desktop.

SystemLook (32-bit)
SystemLook (64-bit)

• double-click SystemLook.exe to run it.
• copy the content of the following codebox into the main textfield - please make sure you include the colon, (:), at the beginning:
  
  

  :filefind
  *2dopeboyz*
  
  :folderfind
  *2dopeboyz*
  
  :Regfind
  2dopeboyz
  

• click the Look button to start the scan.
• when finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Please don't forget to include the SecurityCheck log.

Satchfan

 

[Pacer]

First and foremost I've followed your instructions to the letter. The only changes I've made was uninstalling AVG and Popcorn Time per your instructions:

 

"You can not run two real-time ANTIVIRUSES at the same time. Although many have different methods of searching for and recognising threats, they will all be 'fighting' in memory to kick each other out, rendering them all ineffective.

I would suggest you uninstall AVG but it is your choice.

• click Start, Control Panel, Programs and Features
• scroll down the list click on either Kaspersky Internet Secutity or AVG and then on Remove."

As far as EST Antivirus, I only have that per your instructions. It never prompted me to uninstall it once it was finished and it wont uninstall in Programs. The only option is change and that only leads to a install setup wizard.

-------------------------------------------------------------------------------------------

SystemLook 04.09.10 by jpshortstuff

Log created at 11:27 on 13/12/2014 by monroe county

Administrator - Elevation successful

 

========== filefind ==========

 

Searching for "*2dopeboyz*"

C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-177457807-164583720-2097069978-1000\Chrome\Default\Local Storage\http_www.2dopeboyz.com_0.localstorage --a---- 3072 bytes [23:57 05/02/2014] [02:51 05/02/2014] EBA428AEA6D6FA5077605FB6A2660EB0

C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-177457807-164583720-2097069978-1000\Chrome\Default\Local Storage\http_www.2dopeboyz.com_0.localstorage-journal --a---- 3608 bytes [23:57 05/02/2014] [02:51 05/02/2014] 928B0981306FCA22F1546D9E9F6EBF1C

C:\Users\All Users\Kaspersky Lab\SafeBrowser\S-1-5-21-177457807-164583720-2097069978-1000\Chrome\Default\Local Storage\http_www.2dopeboyz.com_0.localstorage --a---- 3072 bytes [23:57 05/02/2014] [02:51 05/02/2014] EBA428AEA6D6FA5077605FB6A2660EB0

C:\Users\All Users\Kaspersky Lab\SafeBrowser\S-1-5-21-177457807-164583720-2097069978-1000\Chrome\Default\Local Storage\http_www.2dopeboyz.com_0.localstorage-journal --a---- 3608 bytes [23:57 05/02/2014] [02:51 05/02/2014] 928B0981306FCA22F1546D9E9F6EBF1C

C:\Users\monroe county\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_2dopeboyz.com_0.localstorage --a---- 7168 bytes [00:42 06/06/2014] [14:37 12/12/2014] 2FBC0717E53EE416C2F5C3E96DF3CF91

C:\Users\monroe county\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_2dopeboyz.com_0.localstorage-journal --a---- 7736 bytes [00:42 06/06/2014] [14:37 12/12/2014] 4D7CF451BD1781E16FFE649E7FD84D4C

C:\Users\monroe county\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.2dopeboyz.com_0.localstorage --a---- 6144 bytes [15:41 01/02/2014] [01:51 02/06/2014] 9A2336710951CAB55A5534F43ED5A946

C:\Users\monroe county\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.2dopeboyz.com_0.localstorage-journal --a---- 6704 bytes [15:41 01/02/2014] [01:51 02/06/2014] 09F0583EE527495C8621F23EE9AFAE30

 

========== folderfind ==========

 

Searching for "*2dopeboyz*"

No folders found.

 

========== Regfind ==========

 

Searching for "2dopeboyz"

No data found.

 

-= EOF =-

[Satchfan]

My apologies if I'm wrong.

 

Eset has to go though so let’s try forcing the uninstall.

 

 

There is also an issue with Chrome, (normal these days), but we'll deal with that later.

Download Revo Uninstaller
 

• double click the installation file on the desktop to run the installer
• let it install to the default location
• double click the new Revo Uninstaller Icon on the desktop to start the program.

You will now see a list of installed programs that Revo Uninstaller can remove.

• locate the program you are uninstalling <Eset
• right-click the icon then choose Uninstall
• click Yes to the warning and choose the Uninstall Mode
• choose the Advanced option and then click Next
• this will launch the programs built in uninstaller. Be patient it can take several seconds
• once the uninstaller is done click Next
• Revo Uninstaller will now scan for leftover information. Be patient it can take several seconds.
• once this scan is done click Next
• you will then be presented of the leftover entries found by Revo Uninstaller
• look at ALL of the entries to ensure they relate to the uninstall
• next, click Select All > Delete to remove the entries
• click Next
• if there are any program file folders left over you will be presented with a list to be removed
• again look at ALL of the entries to ensure they are related to the uninstall
• click Select All > Delete to remove the entries
• click Finish to go back to the uninstall list
• when you have removed it, close the program.

Let me know how that goes.

Satchfan
 

 

[Pacer]

So far so good....no sign of any EST warning prompts. Do I need to do anything about Revo at this time?

[Pacer]

Update: It seems that EST yet lives.

[Satchfan]

Try uninstalling it in safe mode.

[Pacer]

I'm having the same problem from earlier with the inability to get into safe mode. No matter what I tried, including

allowing the laptop to overheat to force a reboot and every time it skip passed the BIOS screen.

[Satchfan]

Hi Pacer

 

Strange about safe mode seeing as it was fine when you ran SecurityCheck. As it doesn't appear to be a malware problem that's causing this, when we finish up here it may be worth asking in our Windows forum; I'll give you the link later.

 

 

It could be Kaspersky that is causing the "uninstall" problem with Eset. See this article.

 

The only option is change and that only leads to a install setup wizard.

 

 

Try temporarily disabling Kaspersky and then use the Eset Install wizard to uninstall it.

 

Satchfan

[Pacer]

So far so good no signs of EST at this time.

[Satchfan]

When you think it has been uninstalled, please run SecurityCheck again and post the log.

 

Thanks

 

Satchfan

[Pacer]

Requested logs:

 

Results of screen317's Security Check version 0.99.90  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Disabled!  

Kaspersky Internet Security   

 Antivirus up to date!   

`````````Anti-malware/Other Utilities Check:````````` 

 Java™ 6 Update 32  

 Java 7 Update 45  

 Java version out of Date! 

 Adobe Reader XI  

 Google Chrome (38.0.2125.104) 

 Google Chrome (38.0.2125.111) 

 Google Chrome (chrome.dll..) 

 Google Chrome (chrome.exe..) 

 Google Chrome (debug.log..) 

 Google Chrome (Dictionaries...) 

 Google Chrome (First Run...) 

 Google Chrome (old_chrome.exe..) 

 Google Chrome (update.dll..) 

 Google Chrome (wow_helper.exe..) 

````````Process Check: objlist.exe by Laurent````````  

 Kaspersky Lab Kaspersky Internet Security 14.0.0 avp.exe  

 Kaspersky Lab Kaspersky Internet Security 14.0.0 avpui.exe  

 Kaspersky Lab Kaspersky Internet Security 14.0.0 plugin-nm-server.exe  

 Kaspersky Lab Kaspersky Internet Security 14.0.0 avp.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 1% 

````````````````````End of Log`````````````````````` 

 

[Satchfan]

That looks good.

 

Can you try starting in safe mode. If it's still a problem, seeing that I'm satisfied there is no malware on your computer, I'll give you a link to our Windows forum to see if they can find the problem as it's beyond my area of expertise.

 

Can you also tell me if there are any other remaining problems and if not, I'll send instructions to tidy up.

 

Satchfan

[Pacer]

The original problems still exist.