Jump to content


Photo

windows installer ms173.tmp

is this malware?

  • This topic is locked This topic is locked
76 replies to this topic

#51 spyz1

spyz1

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 12 November 2013 - 01:19 PM

I downloaded JRT using administrator rights. This is on my main computer.

The original log seems to have got lost. I did another scan with JRT. Here is the log:

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by wfc on 12/11/2013 at 17:53:59.52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\wfc\appdata\local\filetypeassistant"



~~~ FireFox

Successfully deleted the following from C:\Users\wfc\AppData\Roaming\mozilla\firefox\profiles\a91aoj64.default-1379056555739\prefs.js

user_pref("browser.startup.homepage", "hxxps://ixquick.com/");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/11/2013 at 18:12:32.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#52 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,259 posts

Posted 12 November 2013 - 01:54 PM

Filetypeassistant can be considered spyware but I don't know why ESET objected to ixquick.com.  As far as I know that is a perfectly safe metasearch site.  You can put it back as Firefox home page if you want to.

 

Does your PC seem OK and is it running well?


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#53 spyz1

spyz1

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 12 November 2013 - 07:14 PM

Yes Thanks - both PC's seem ok now.  Yes I also think ixquick is fine.

 

I  am trying to overcome slowness of initial start up of browser and or processes/applications.

This seems to be between 10 -15 seconds after booting up. Bit faster once running.

There seems to be general consensus that this gets slower on Xp and W7 as time goes on.

I am therefore trying things like removing old software or bloatware.

This is a different issue to the original thread so I will start a new thread if it warrants it.

 

Thanks for your usual good help on the bugs. I will keep checking with Eset etc.

I have used Avast AV on both PC's and am using Private firewall wall on one. I will try the comodo

FW on the other as you have recommended.



#54 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,259 posts

Posted 12 November 2013 - 08:12 PM

StartupLite may or may not help with speed.  All it does is show you what startups you could disable, and let you choose.

 

What I'd do:

First read this about Diagnostic Startup (not the same thing as Safe Mode).  Scroll down to the bottom of the page.

Do Start > System Configuration

Open the Services tab.  Check the 'Hide all Microsoft services' box.  Look at all the Services that say Running - may give you a clue  what unnecessary things are running.

Then in the General tab, select 'Diagnostic startup' - click Apply and OK, reboot.

See if browsers start faster. 


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#55 spyz1

spyz1

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 14 November 2013 - 08:45 AM

Thanks - I am in the process of doing the above. One thing I cannot see is if the Anti Virus

or other protection is scanning in the background during boot up to prevent the loading

up of malware etc. It is just a feeling but I get the idea that this slows down everything. Safe

but unfortunately very slow.

 

I will report back on the Diagnostic start up.



#56 spyz1

spyz1

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 14 November 2013 - 08:07 PM

I think I have tracked down one of the culprits. I have hitman pro loaded and notice it runs in the boot up.

it is supposed to be anti - malware but acts like malware and cannot be removed - no uninstaller.

Please advise. I will also check for other culprits slowing things up



#57 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,259 posts

Posted 14 November 2013 - 08:20 PM

Hitman Pro is a good program and we often use it.  All highly effective anti-malware programs do act somewhat like rootkits.
 
If you are sure you don't want it you can completely uninstall it with Revo.

Totally uninstall Hitman Pro, using the Revo Uninstaller.
Download and run the free version of Revo Uninstaller.
Select the Hitman Pro icon and click Uninstall.
Set it to 'Advanced' and click Scan.
Revo will do this:
Step 1. Create restore point.
Step 2. Run the official Hitman Pro uninstaller.
Step 3. When uninstaller finishes, click Scan in Revo and it will search for remnants. Delete everything found (Select All, Delete All).
Reboot if asked to.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#58 spyz1

spyz1

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 14 November 2013 - 08:41 PM

Hitman does not show on the Revo uninstaller (web says free version of revo does not show 64 bit

applications). Hitman did indeed remove hard items. But not good that it is so hard to remove.Also the presca

does slow bootup. So I guess a  trade off. I do want my PC to start up quickly though.



#59 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,259 posts

Posted 14 November 2013 - 08:49 PM

Probably best for you to just install Hitman Pro when you need an extra scan.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#60 spyz1

spyz1

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 14 November 2013 - 08:53 PM

yes - agree. Trying to uninstall hitman now.



#61 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,259 posts

Posted 14 November 2013 - 08:56 PM

You can use the trial version of Revo Pro.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#62 spyz1

spyz1

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 14 November 2013 - 09:25 PM

Sorry it does not show hitman pro. Will not show some 64 bit applications. Hitman sure is hard to get rid of.



#63 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,259 posts

Posted 14 November 2013 - 11:04 PM

Try this:  (from the Manual)

 

From the Hitman Pro Control Center,

right-click the target computer and select Scripts > Anti-Virus > HitmanPro > HitmanPro Uninstall.

 

Once selected, the Schedule a Script window will display.    

The 'Schedule a Script' window will default to the current time and to only run the script once, right now.

Accept these defaults or make the desired changes and click Create.    

Once scheduled, you can view the status by double-clicking on the agent and then clicking on the Scripts tab. 


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#64 spyz1

spyz1

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 15 November 2013 - 09:25 AM

The above procedure :  

 

 

'From the Hitman Pro Control Center,

right-click the target computer and select Scripts > Anti-Virus > HitmanPro > Hitman'

 

did not appear to be available on my version. I did get rid of HMP by using revouninstaller  in

hunter mode, which is also not always available.I  Used it also on Superspyware program.

 

I recommend when Hitman Pro or Superspyware are used by non-experts then a warning is given

They are not easy to remove or the developers are informed of these difficulties. I do recognise

they get rid of hard infections. Trade off I suppose.

 

I am continuing with getting rid of Toshiba bloatwear and trying to speed up startup and browser.

I will come back to you on this.

 

Thanks for the info.



#65 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,259 posts

Posted 22 November 2013 - 04:47 PM

I would like you to run ComboFix again since there was no log.
Delete the ComboFix icon.
Please download ComboFix.exe to your Desktop. Visit this webpage for download links, and instructions for running the tool:
how-to-use-combofix. Be sure to read the whole page and note the graphics so you know what to expect.

Allow it to update if it asks.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review, and let me know what problems remain. If ComboFix caused any error message, reboot again should fix it.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#66 spyz1

spyz1

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 23 November 2013 - 08:04 PM

Thanks -  I will run Combo and report back on this soon.



#67 spyz1

spyz1

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 25 November 2013 - 03:41 PM

II ran eset scan before combo fix - here are the logs:

 

 

 

ComboFix 13-11-23.02 - wfc 25/11/2013  18:24:27.2.2 - x64
Running from: c:\users\wfc\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-25 to 2013-11-25  )))))))))))))))))))))))))))))))
.
.
2013-11-25 18:41 . 2013-11-25 18:41    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-11-25 18:41 . 2013-11-25 18:41    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-11-24 23:44 . 2013-11-24 23:44    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4E36234-B3F3-48B2-8D46-354902E7CBF2}\offreg.dll
2013-11-24 23:38 . 2013-11-08 03:12    10285968    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4E36234-B3F3-48B2-8D46-354902E7CBF2}\mpengine.dll
2013-11-15 02:00 . 2013-11-15 02:00    --------    d-----w-    c:\users\wfc\AppData\Roaming\IObit
2013-11-15 02:00 . 2013-11-15 02:00    --------    d-----w-    c:\programdata\IObit
2013-11-15 02:00 . 2013-11-15 02:00    --------    d-----w-    c:\programdata\ProductData
2013-11-15 02:00 . 2013-11-15 02:00    --------    d-----w-    c:\program files (x86)\IObit
2013-11-13 04:12 . 2013-11-20 02:41    --------    d-----w-    c:\users\wfc\AppData\Local\FileTypeAssistant
2013-11-11 17:43 . 2013-11-11 17:43    --------    d-----w-    c:\users\wfc\AppData\Roaming\AVAST Software
2013-11-11 17:42 . 2013-11-11 17:41    65264    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-11-11 17:42 . 2013-11-11 17:41    205320    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-11-11 17:42 . 2013-11-12 05:42    409832    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2013-11-11 17:42 . 2013-11-11 17:41    65776    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-11-11 17:42 . 2013-11-11 17:41    1032416    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-11-11 17:42 . 2013-11-11 17:41    84328    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-11-11 17:42 . 2013-11-11 17:41    92544    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-11-11 17:42 . 2013-11-11 17:41    38984    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-11-11 17:41 . 2013-11-11 17:41    43152    ----a-w-    c:\windows\avastSS.scr
2013-11-10 01:33 . 2013-11-10 03:39    --------    d-----w-    c:\users\wfc\AppData\Roaming\Audacity
2013-11-10 01:32 . 2013-11-10 03:21    --------    d-----w-    c:\program files (x86)\Audacity
2013-11-07 03:42 . 2013-11-07 03:42    --------    d-----w-    c:\users\wfc\AppData\Local\Chromium
2013-11-02 18:32 . 2013-11-02 18:32    --------    d-----w-    c:\program files (x86)\Foolish IT
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-11 17:41 . 2013-09-19 02:38    334648    ----a-w-    c:\windows\system32\aswBoot.exe
2013-11-11 05:50 . 2010-11-21 03:27    267936    ------w-    c:\windows\system32\MpSigStub.exe
2013-10-17 15:05 . 2012-12-18 13:42    317808    ----a-w-    c:\windows\system32\drivers\RapportKE64.sys
2013-09-21 02:06 . 2010-06-24 09:33    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-09-21 02:04 . 2013-09-15 08:28    76    ----a-w-    c:\windows\Fonts\{B063429F-893C-4b32-9AA4-CE9B18ECD152}
2013-09-09 06:45 . 2012-11-25 17:35    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-09 06:45 . 2012-11-25 17:35    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-01 16:08 . 2012-12-01 02:16    79143768    ----a-w-    c:\windows\system32\MRT.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-12-16 765200]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-21 20549280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560]
"Samsung Common SM"="c:\windows\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 372736]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-11 3568312]
"20131121"="c:\program files\AVAST Software\Avast\setup\emupdate\69fc6167-39aa-4bcc-9372-4b38d8788a17.exe" [2013-11-25 180184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 RapportCerberus_59849;RapportCerberus_59849;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - RapportIaso
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-11 17:41    326944    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-07 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-07 391000]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-07 418136]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-12 11775592]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-10 2186856]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 212.23.6.100 212.23.3.100
FF - ProfilePath - c:\users\wfc\AppData\Roaming\Mozilla\Firefox\Profiles\a91aoj64.default-1379056555739\
FF - prefs.js: browser.startup.homepage - hxxps://ixquick.com/
FF - ExtSQL: 2013-10-08 02:29; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\wfc\AppData\Roaming\Mozilla\Firefox\Profiles\a91aoj64.default-1379056555739\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-10-08 17:35; {3d7eb24f-2740-49df-8937-200b1cc08f8a}; c:\users\wfc\AppData\Roaming\Mozilla\Firefox\Profiles\a91aoj64.default-1379056555739\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - ExtSQL: 2013-10-15 04:00; {1280606b-2510-4fe0-97ef-9b5a22eafe30}; c:\users\wfc\AppData\Roaming\Mozilla\Firefox\Profiles\a91aoj64.default-1379056555739\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
Toolbar-Locked - (no file)
Toolbar-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-25  18:50:16
ComboFix-quarantined-files.txt  2013-11-25 18:50
ComboFix2.txt  2013-09-07 00:59
.
Pre-Run: 62,581,149,696 bytes free
Post-Run: 63,943,327,744 bytes free
.
- - End Of File - - 33F3E4CC76CDF284331114A2D3A3606D
 



#68 spyz1

spyz1

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 25 November 2013 - 03:47 PM

sorry eset was run after - I will send you the log shortly



#69 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,259 posts

Posted 25 November 2013 - 04:08 PM

Hitman Pro seems to be gone?
 
I'm puzzled by the beginning of your ComboFix log:

ComboFix 13-11-23.02 - wfc 25/11/2013  18:24:27.2.2 - x64
Running from: c:\users\wfc\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-25 to 2013-11-25  )))))))))))))))))))))))))))))))

 
Normally it lists your protection, AV and/or FW present on machine and if enabled or disabled, outdated or updated.
 
Please download latest Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#70 spyz1

spyz1

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 25 November 2013 - 07:05 PM

Yes hitman pro is gone.

 

Avast may not have shown up as I switched off for the Combo scan.

 

Using windows firewall at the moment.



#71 spyz1

spyz1

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 25 November 2013 - 07:21 PM

 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.0    
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Flash Player 11.8.800.94  
 Mozilla Firefox (25.0)
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 



#72 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,259 posts

Posted 25 November 2013 - 07:22 PM

I still need to try to understand why the ComboFix log is abnormal.  It should be showing Avast disabled.

 

Security Check doesn't show Avast as antivirus.  Is there an Avast icon in your notification area? (Right of task bar)


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#73 spyz1

spyz1

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 26 November 2013 - 08:58 AM

Yes avast icon present and all working.

 

nothing on latest eset scan

 

latest security check:

 

 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.0    
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Adobe Flash Player 11.8.800.94  
 Mozilla Firefox (25.0)
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 



#74 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,259 posts

Posted 26 November 2013 - 11:52 AM

Oh well.  So, are you happy with the way your PC is working now?


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#75 spyz1

spyz1

    Member

  • Full Member
  • Pip
  • 98 posts

Posted 27 November 2013 - 12:15 PM

Not too bad. PC  Still rather slow. I will run eset again and also remove more programs. Firefox remains slow. I will try and reset it.



#76 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,259 posts

Posted 02 December 2013 - 10:18 PM

What's the situation now?


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#77 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,259 posts

Posted 08 December 2013 - 02:16 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button