[Umbe]

so, a number of things happened.

first time I ran it, the computer didn't reboot, so I restarted it from the Start menu.
upon reopening windows, there were:
two message boxes from the security center asking me to confirm that Kaspersky Virus Tool remover may make changes to my hard drive. I pressed ok on both of them.
two command prompt windows (minimized) that both closed when I opened one of them.
one 'AVPTool installation failed' error message (similar to the one below) saying that the 'error message is'. and ending there. no actual error message was on the end of that sentence.
the AVPTool install screen also flashed up and then closed itself.

a few seconds later Avast popped up three warnings, one from svchost.exe and two from different Apple services (photostream and ubd [?]).

because this felt somewhat sloppy, I reopened the AVPTool, and reran the script. the computer rebooted on its own, and windows opened with:

two message boxes from the security center asking me to confirm that Kaspersky Virus Tool remover may make changes to my hard drive. I pressed ok on both of them.
two command prompt windows (minimized) that both closed before I had a chance to open them.
one avast popup (attached)
and one posse of error messages (also attached)

the analysis will be right along, as soon as I close these errors which are holding up AVPTool.

Attached Thumbnails

• 
• 

[Advertisements]

note that, just now, well after that popup, manually updated the Avast definitions and application version.

anyway, the analysis scan...

Attached Files

•  avptool_sysinfo2.zip   10.63KB   93 downloads

[Umbe]

note that, just now, well after that popup, manually updated the Avast definitions and application version.

anyway, the analysis scan...

Attached Files

•  avptool_sysinfo2.zip   10.63KB   93 downloads

[Essexboy]

The popup from Avast was the emergency updater, a new feature that will download any missing or damaged elements for the AV..

Are you getting alerts since the update ?

[Umbe]

yes, and more than before that aren't associated with browsers (svchost, apple stuff, and the Avast emupdater again). I'm running a full system scan with Avast, and we'll see how much that turns up. also, the AVPTool is still doing its startup routine of windows and errors, though the one with the error description wasn't there this time.

[Essexboy]

Could you run a fresh OTL scan for me please

Also is Avast updating ?

[Umbe]

avast is updating fine, both automatically and manually. there were some new error messages upon opening (attached), accompanied by two command line windows that closed when I closed the errors.

for OTL, I'm just running a QuickScan, nothing more. do you want me to change some of the settings and run a more thorough scan?

some windows updates just came through and, so far, I haven't had any popups from Avast (!). they may have taken care of it, but I just haven't been on long enough to be certain. the Malicious Software Removal Tool was in the group of downloads. the quick scan didn't find anything.I have to go, and will leave it doing a full scan.

Attached Thumbnails

• 

Attached Files

•  OTL2.Txt   87.37KB   99 downloads

[Essexboy]

Let me know if this stops the warnings

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

:OTL
DRV:64bit: - [2012/10/09 09:12:12 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\08530055.sys -- (08530055)
DRV - [2012/10/09 20:44:49 | 000,013,312 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\vdiynju1.sys -- (vdiynju1)
O2 - BHO: (no name) - {652853ad-5592-4231-88c6-706613a52e61} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {652853ad-5592-4231-88c6-706613a52e61} - No CLSID value found.
O4 - Startup: C:\Users\Umberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_08530055.lnk = C:\Users\Umberto\AppData\Local\Temp\_uninst_08530055.bat ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
[2012/10/09 20:40:11 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\08530055.sys
[2012/10/09 08:08:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/10/08 15:20:33 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Umberto\Desktop\tdsskiller.exe
[2012/10/08 10:50:43 | 000,167,696 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys
[2012/10/07 01:48:50 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/10/09 20:44:49 | 000,013,312 | ---- | M] () -- C:\Windows\SysWow64\drivers\vdiynju1.sys
[2012/10/09 09:12:12 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\08530055.sys
[2012/10/08 15:20:24 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Umberto\Desktop\tdsskiller.exe
[2012/10/08 10:53:46 | 000,167,696 | ---- | M] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys
[2012/10/09 20:40:30 | 000,001,012 | ---- | C] () -- C:\Users\Umberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_08530055.lnk

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[Umbe]

so far so good. I'll keep you posted on any more popups from Avast.

Thanks you very very much for all the help! I really would have been at the point of despair without it.

Attached Files

•  OTL fix log.log   7.47KB   110 downloads

[Essexboy]

OK run it for a while, and if all is good let me know and I will clear my rubbish away

[Umbe]

just got ten popups D:. three from svchost, which is more than usual, and a few from Avast, and a few more from chrome.

AAAAAAAAAAAARRRRRRRRRRRRRRRRGGGGGGGGGGGGGHHHHHHHHHHHH

[Essexboy]

OK what am I missing ...

I would like to take a look outside of windows

Download the following three programmes to your desktop :


1. WiNTBootIc
2. Windows 7 64bit RC
3. Farbar Recovery Scan Tool x64

Extract wintoboot to your desktop
Insert a USB drive of at least 1GB
Run Wintoboot



Drag and drop the Windows 7 ISO to the programme in the space indicated
Tick the Format box and accept the warnings
Press Do It

You will see it progressing



It will let you know when it is done
Then copy FRST to the same USB




Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here


When you reboot you will see this although yours will say windows 7. Click repair my computer


Select your operating system


Select Command prompt


At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.

Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[Umbe]

before I do that I do want to note that I am running a non-genuine version of windows. torrents and such, you know. will that affect anything?

[Essexboy]

That will most definitely affect it as I am unable to assist if windows is not a legitimate version

[Umbe]

do you think that doing this would prevent windows from running? what would happen?

[Essexboy]

I have no idea as the recovery console is genuine, whether that checks or not I could not say