Jump to content


Photo

A Checkup - Avast WebRep / Startup Problem


  • This topic is locked This topic is locked
21 replies to this topic

#1 Ash128kwil

Ash128kwil

    A Hopeful "Malware Advisor"

  • Helper Trainee
  • Pip
  • 40 posts

Posted 15 August 2013 - 08:57 AM

Hi Guys,

 

I am just wanting a general checkup due to a couple of weird things (which are probably nothing).

 

Firstly my Avast! 8 WebRep plugin for chrome isn't working, (I think it was working at one point today but I can't be certain), it is displayed in the top right in Chrome, but on my search results no results are rated at all, not even a grey icon just nothing. In the Avast settings it says the internet security plugin is not installed in Chrome but when I click install the web page says it is installed and it shows in Chromes extension manager.

 

I've tried multiple reboots, reinstalling the plugin to no avail.

 

My second problem is that in the Windows 8 Task manager the Avast entry has a dropdown on it (to expand it) and inside is 14 instances of Google Chrome. I am unsure what there are, whether they are related to the updating of Avast or what but they seemed odd to me.

 

A check of my logs would be great just to see if there is anything in there suspicious looking!

 

MBAM:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.15.04
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16660
Ashley :: ASHS8-XPS [administrator]
 
15/08/2013 15:11:25
mbam-log-2013-08-15 (15-11-25).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 394177
Time elapsed: 35 minute(s), 15 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16660
Run by Ashley at 15:52:42 on 2013-08-15
Microsoft Windows 8 Pro with Media Center  6.2.9200.0.1252.44.2057.18.8086.5949 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{1FB12EC7-4B39-4750-B843-FE0A43468A42} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{1FB12EC7-4B39-4750-B843-FE0A43468A42}\84F657375602F66602B67796C613 : DHCPNameServer = 194.168.4.100 194.168.8.100
AppInit_DLLs= C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll,C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\Drivers\aswRvrt.sys [2013-7-2 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\Drivers\aswVmm.sys [2013-7-2 189936]
R0 nvpciflt;nvpciflt;C:\Windows\System32\Drivers\nvpciflt.sys [2013-7-1 30496]
R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-7-2 1030952]
R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-7-2 378944]
R1 nvkflt;nvkflt;C:\Windows\System32\Drivers\nvkflt.sys [2013-7-1 284448]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\Drivers\aswFsBlk.sys [2013-7-2 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-7-2 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-7-2 46808]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472]
R3 btmhsf;btmhsf;C:\Windows\System32\Drivers\btmhsf.sys [2011-11-15 327168]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\Drivers\iBtFltCoex.sys [2011-12-9 60416]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\Drivers\LGBusEnum.sys [2009-11-24 22408]
R3 qicflt;upper Device Filter Driver;C:\Windows\System32\Drivers\qicflt.sys [2010-7-2 29288]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
R3 rzdaendpt;Razer DeathAdder end point;C:\Windows\System32\Drivers\rzdaendpt.sys [2013-6-7 25600]
R3 rzudd;Razer Mouse Driver;C:\Windows\System32\Drivers\rzudd.sys [2013-6-7 126464]
R3 rzvkeyboard;Razer Virtual Keyboard Driver;C:\Windows\System32\Drivers\rzvkeyboard.sys [2013-6-7 23040]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2013-7-26 103448]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\Drivers\LGVirHid.sys [2009-11-24 16008]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2013-7-26 203672]
S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
S3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;C:\Windows\System32\Drivers\xusb22.sys [2012-7-26 89088]
.
=============== Created Last 30 ================
.
2013-08-13 20:20:57 337408 ----a-w- C:\Windows\System32\wintrust.dll
2013-08-13 20:20:57 261120 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-08-13 20:20:57 1889280 ----a-w- C:\Windows\System32\crypt32.dll
2013-08-13 20:20:57 1568256 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-08-13 20:20:56 87040 ----a-w- C:\Windows\SysWow64\apprepapi.dll
2013-08-13 20:20:56 68096 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-08-13 20:20:56 124416 ----a-w- C:\Windows\System32\apprepapi.dll
2013-08-13 20:20:55 98304 ----a-w- C:\Windows\System32\apprepsync.dll
2013-08-13 20:20:54 74240 ----a-w- C:\Windows\SysWow64\apprepsync.dll
2013-08-13 19:38:45 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-12 19:51:32 -------- d-----w- C:\Users\Ashley\AppData\Roaming\QuickScan
2013-07-28 13:58:06 -------- d-----w- C:\Users\Ashley\AppData\Roaming\SUPERAntiSpyware.com
2013-07-28 13:58:01 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-07-28 13:58:01 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-07-28 13:48:57 -------- d-----w- C:\ProgramData\Licenses
2013-07-28 13:48:55 129872 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2013-07-28 13:48:55 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2013-07-28 13:48:55 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2013-07-26 17:28:31 -------- d-----w- C:\Users\Ashley\AppData\Local\Samsung
2013-07-26 17:28:30 -------- d-----w- C:\Users\Ashley\AppData\Roaming\Samsung
2013-07-26 17:28:09 203672 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2013-07-26 17:28:09 103448 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2013-07-26 17:27:42 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2013-07-26 17:27:38 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll
2013-07-26 17:27:01 -------- d-----w- C:\ProgramData\Samsung
2013-07-26 17:27:01 -------- d-----w- C:\Program Files (x86)\Samsung
2013-07-26 17:25:52 -------- d-----w- C:\Users\Ashley\AppData\Local\Downloaded Installations
2013-07-22 17:51:12 -------- d-----w- C:\Program Files (x86)\ESET
.
==================== Find3M  ====================
.
2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-07-26 05:13:28 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2013-07-26 05:13:28 53760 ----a-w- C:\Windows\System32\UXInit.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-26 03:13:15 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-26 00:54:34 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2013-07-09 06:07:17 2233168 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-07-02 17:07:36 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-07-02 17:07:36 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-07-02 00:44:14 36288 ----a-w- C:\Windows\System32\drivers\WdBoot.sys
2013-07-01 22:08:49 247216 ----a-w- C:\Windows\System32\drivers\WdFilter.sys
2013-06-27 22:04:51 78200 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04:51 693112 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-24 11:20:22 768000 ----a-w- C:\Windows\SysWow64\rzdevicedll.dll
2013-06-21 10:23:16 6496544 ----a-w- C:\Windows\System32\nvcpl.dll
2013-06-21 10:23:16 3514656 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-06-21 10:23:11 884512 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-06-21 10:23:10 67072 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2013-06-21 10:23:10 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-06-21 10:23:10 2555680 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-06-21 10:23:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-06-21 10:23:10 1025312 ----a-w- C:\Windows\System32\nv3dappshext.dll
2013-06-21 04:16:02 566048 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-06-20 04:17:49 3253909 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-06-17 06:43:32 56832 ----a-w- C:\Windows\SysWow64\rzdevinfo.dll
2013-06-17 06:43:32 154112 ----a-w- C:\Windows\SysWow64\rztouchdll.dll
2013-06-17 06:43:28 117248 ----a-w- C:\Windows\SysWow64\rzdisplaydll.dll
2013-06-17 06:43:26 296448 ----a-w- C:\Windows\SysWow64\rzaudiodll.dll
2013-06-16 22:41:31 997632 ----a-w- C:\Windows\System32\drivers\ndis.sys
2013-06-07 03:30:06 25600 ----a-w- C:\Windows\System32\drivers\rzdaendpt.sys
2013-06-07 03:30:02 23040 ----a-w- C:\Windows\System32\drivers\rzvkeyboard.sys
2013-06-07 03:29:52 126464 ----a-w- C:\Windows\System32\drivers\rzudd.sys
2013-06-01 11:54:16 194816 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2013-06-01 11:54:10 125184 ----a-w- C:\Windows\System32\drivers\dumpsd.sys
2013-06-01 11:34:21 2391280 ----a-w- C:\Windows\explorer.exe
2013-06-01 11:29:35 337152 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS
2013-06-01 11:29:35 213248 ----a-w- C:\Windows\System32\drivers\UCX01000.SYS
2013-06-01 11:26:33 327936 ----a-w- C:\Windows\System32\drivers\volsnap.sys
2013-06-01 11:26:31 6987008 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-06-01 10:24:46 2106176 ----a-w- C:\Windows\SysWow64\explorer.exe
2013-06-01 09:25:52 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-06-01 09:25:05 67584 ----a-w- C:\Windows\SysWow64\samlib.dll
2013-06-01 09:25:03 496640 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-06-01 09:24:19 493056 ----a-w- C:\Windows\SysWow64\mscms.dll
2013-06-01 09:24:09 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll
2013-06-01 09:24:09 1453568 ----a-w- C:\Windows\SysWow64\mfcore.dll
2013-06-01 09:23:46 1842176 ----a-w- C:\Windows\SysWow64\dwmcore.dll
2013-06-01 09:23:06 680960 ----a-w- C:\Windows\System32\vds.exe
2013-06-01 09:22:47 80896 ----a-w- C:\Windows\System32\MbaeParserTask.exe
2013-06-01 09:22:33 523264 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-06-01 09:22:33 446976 ----a-w- C:\Windows\System32\wwansvc.dll
2013-06-01 09:22:09 190976 ----a-w- C:\Windows\System32\vdsutil.dll
2013-06-01 09:21:39 729600 ----a-w- C:\Windows\System32\samsrv.dll
2013-06-01 09:21:39 106496 ----a-w- C:\Windows\System32\samlib.dll
2013-06-01 09:21:34 595968 ----a-w- C:\Windows\System32\qedit.dll
2013-06-01 09:20:45 583168 ----a-w- C:\Windows\System32\mscms.dll
2013-06-01 09:20:34 1527808 ----a-w- C:\Windows\System32\mfcore.dll
2013-06-01 09:20:34 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll
2013-06-01 09:20:04 2219520 ----a-w- C:\Windows\System32\dwmcore.dll
2013-06-01 09:19:58 207872 ----a-w- C:\Windows\System32\DeviceSetupManager.dll
2013-06-01 09:19:42 785408 ----a-w- C:\Windows\System32\audiosrv.dll
2013-06-01 03:08:57 37632 ----a-w- C:\Windows\System32\drivers\BthAvrcpTg.sys
2013-05-30 23:14:23 4036096 ----a-w- C:\Windows\System32\win32k.sys
2013-05-24 22:09:20 1403296 ----a-w- C:\Windows\System32\winload.efi
2013-05-24 22:09:20 1271584 ----a-w- C:\Windows\System32\winload.exe
2013-05-24 22:09:20 1217352 ----a-w- C:\Windows\System32\winresume.efi
2013-05-24 22:09:20 1093904 ----a-w- C:\Windows\System32\winresume.exe
2013-05-23 23:02:30 1314816 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-05-23 23:01:46 1300992 ----a-w- C:\Windows\System32\gdi32.dll
2013-05-23 22:27:05 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-05-23 22:25:22 694272 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
.
============= FINISH: 15:52:54.65 ===============
 
Security Check
 
 

 Results of screen317's Security Check version 0.99.72  
   x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
avast! Antivirus   
Windows Defender   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.0    
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Google Chrome 28.0.1500.72  
 Google Chrome 28.0.1500.95  
````````Process Check: objlist.exe by Laurent````````
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
 
 
ESET & Bitdefender online logs are clean :)
 
 
Thanks very much guys!
Ash

Edited by Ash128kwil, 15 August 2013 - 10:07 AM.


#2 Ash128kwil

Ash128kwil

    A Hopeful "Malware Advisor"

  • Helper Trainee
  • Pip
  • 40 posts

Posted 15 August 2013 - 02:48 PM

Hi again,

 

Just an update, I emailed Avast about the WebRep, they told me to run the avast uninstall utility and completely fresh install.

 

I went to safe mode, ran the utility which got rid of avast. I then rebooted to normal mode to complete the uninstall.

 

Then rebooted back to safe mode and installed Avast again, then back into normal mode and updated avast virus DB etc...

 

Still no luck with WebRep Avast says its uninstalled, chrome says it is installed but it isn't working...

 

As for the multiple instances of chrome in my startup tab under Avast! they were gone when I checked before uninstalling and are still gone now on this fresh version but I have no idea what they were!

 

Still looking to have my logs looked over for peace of mind and I am open to suggestions regarding this WebRep business!!

 

EDIT: Was advised by Avast to clean install Google Chrome which did nothing! Still not working in my IE either.

 

Thanks,

Ash


Edited by Ash128kwil, 16 August 2013 - 04:06 AM.


#3 Ash128kwil

Ash128kwil

    A Hopeful "Malware Advisor"

  • Helper Trainee
  • Pip
  • 40 posts

Posted 16 August 2013 - 04:16 AM

I am a little worried as I tried to run Kaspersky malware removal tool and get the error:

 

Please try to reboot your computer. Error message is Client register error: -2147024894

 

Any help on my logs / list of errors is appreciated!

 

Ash



#4 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 17 August 2013 - 11:22 AM

Hello Ash.
 
14 instances of chrome is what you get if you have 14 tabs open...
 
"In the Avast settings it says the internet security plugin is not installed in Chrome"  - same in my Avast, just a quirk.
 
Bring up Avast. In Settings > Maintenance, click Back up settings (just in case)
In Settings > Silent/Gaming Mode, make sure the top box is unchecked.  Click OK.
In Settings > Troubleshooting - take a look at the boxes.  Make sure that the box for 'Do not use Chrome as avast! default browser' is unchecked.  Click OK.
Then still in Settings > WebRep & Antiphishing, make sure both boxes are checked.  Click OK. Then restart Chrome.
 
The Kaspersky error is puzzling. Might be a problem with Windows 8?
See if you can run TDSSKIller.
Please delete any copy of TDSSKiller you have(right-click on it => "Delete"
 
Please download  tdsskiller.exe and save it to your Desktop.  Go here for information.

  • Double-click on TDSSKiller.exe to run the application.
  • Choose "Change Parameters"
    Check "Detect TDLFS file system"
    Hit; OK
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
  • If a suspicious file is detected, the default action will be Skip, click on Continue
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file in your next reply.  
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply, along with DDS.txt, checkup.txt and the MBAM log

Note: Post the log only if something was found.  Look at the end of the log.  If it says:

Detected object count: 0

I don't need the  log.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#5 Ash128kwil

Ash128kwil

    A Hopeful "Malware Advisor"

  • Helper Trainee
  • Pip
  • 40 posts

Posted 17 August 2013 - 12:03 PM

Hi cnm thanks for taking the time to reply,

 

The instances of Chrome were not in my task manager in the processes tab they were inside Avast! in the Startup tab in windows 8 so I am not sure why they were in startup (no Chrome windows actually start on boot).

 

However when I checked before I uninstalled Avast they were not there and since reinstalling they have not appeared again so not sure what that was.

 

As for the WebRep all of the settings you told me were the same. The Avast support said it must be a problem with Chrome (as the extension is not linked to the actual Avast software is it? It is a stand alone Chrome extension?)

 

But as I said after a clean install of Chrome the plugin still does not work.

 

TDSSKiller ran fine with nothing found, I have no idea what the error with the online scan is!

 

I just want a little piece of mind as all of this was made apparent to me at the same time and I am reluctant to use my PC when I think anything could be wrong!

 

Was there anything present which looked odd in my DDS log?

 

Thanks again I appreciate you taking your time to help me,

Ash



#6 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 17 August 2013 - 02:32 PM

WebRep  is part of Avast, not a stand alone Chrome extension.  Can only be installed via Avast.

 

It looks to me as though you may possibly have two installations of Avast.  Look in Control Panel > Programs  > Uninstall a program

Is there more than one?

Also check for any Kaspersky programs - uninstall if found.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#7 Ash128kwil

Ash128kwil

    A Hopeful "Malware Advisor"

  • Helper Trainee
  • Pip
  • 40 posts

Posted 17 August 2013 - 05:05 PM

Hi I will check in the morning,

I used a utility recommended by Avast to completely uninstall it and downloaded it from their website so im not sure if there will be two installed.

I will check for kasperspy products also.

My real worry is the presence of malware and even though webrep is not functioning properly the fact my pc is clean would really put my mind at rest!

Thanks for your help so far on this
Ash

#8 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 17 August 2013 - 05:11 PM

TDSSKiller finds most malware.  I gather it didn't report any.

 

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For altenate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • Please let me know if any problems remain.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#9 Ash128kwil

Ash128kwil

    A Hopeful "Malware Advisor"

  • Helper Trainee
  • Pip
  • 40 posts

Posted 17 August 2013 - 05:11 PM

Hi again,

Just to confirm only one instance of avast in add or remove programs and no sign of kasperspy products.

Thanks again,
Ash

#10 Ash128kwil

Ash128kwil

    A Hopeful "Malware Advisor"

  • Helper Trainee
  • Pip
  • 40 posts

Posted 17 August 2013 - 05:12 PM

Sorry I cant edit on my phone I will run ESET in the morning.

Thanks,
Ash

#11 Ash128kwil

Ash128kwil

    A Hopeful "Malware Advisor"

  • Helper Trainee
  • Pip
  • 40 posts

Posted 18 August 2013 - 04:59 AM

Hi again,

 

TDSSKiller found nothing (I said in my previous post you may have missed it.)

 

ESET Came back clean.

 

In my program files folders there is only one instance of Avast and no Kasperspy products. Also in the Avast pogram files webrep folder there is IE, FF, Opera and Safari folders but no Chrome.

 

Thanks for all the help so far, I just need some peace of mind as I hate using my PC when I think there could be something wrong!

Ash

 

EDIT: My avast is in my Program Files (not x86) but in my running processes it says avast Antivirus! (32bit) Should it not be 64bit?


Edited by Ash128kwil, 18 August 2013 - 05:04 AM.


#12 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 18 August 2013 - 10:31 AM

Avast has been known to cause a strange problem with Chrome because it has an option to install Chrome. I.e. Avast bundles Chrome.  It installs it in Program Files. However the Chrome installed by Google is located at  C:\Users\xxxxxx\AppData\Local\Google\Chrome\Application\chrome.exe 

 

Look and see if you have a Chrome in Program Files; if so get rid of it and get Chrome from https://www.google.c...chrome/browser/


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#13 Ash128kwil

Ash128kwil

    A Hopeful "Malware Advisor"

  • Helper Trainee
  • Pip
  • 40 posts

Posted 18 August 2013 - 11:16 AM

Hi cnm,

I will check what you've asked as soon as I can.

The two things I need some clarification on are:

Firstly is my pc infection free? I know I have problems to fix with chrome but this is my main priority.

Secondly is it ok that my avast is showing as 32 bit in my task manager even though its installed in Program Files (not x86) and is on a 64 Bit system?

These are my two worries as I want to make sure my pc is secure before I fix any other issues.

Thanks again for the time you've taken to help me so far,
Ash

#14 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 18 August 2013 - 11:27 AM

One can never be 100% sure, since new malware is created every day.  However there is absolutely no malware detected.

Parts of Avast are 32 bit, that's correct.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#15 Ash128kwil

Ash128kwil

    A Hopeful "Malware Advisor"

  • Helper Trainee
  • Pip
  • 40 posts

Posted 18 August 2013 - 12:37 PM

Hi again,

I know you cant say 100% and I know that all of the different scans I ran will catch most malware but the fact you have looked over my logs puts my mind at rest.

I am always cautious as I use my pc for online purchases and banking and obviously want it to be as secure as possible. As I say the fact you found nothing in my logs makes me feel much better.

I will have a go at the chrome problem tomorrow after work and get back to you then, its the malware presence that was worrying me.

I dont download things often apart from software from well known and legitimate companies and mostly use my pc for games. I am always careful not to visit a site I haven't heard of and dont have java installed (as recommended by you) and so I consider myself to be a cautious surfer!

Is there any other recommendations you can give me to further increase my security either by means of software, browsing habits or plug ins?

Thanks again you have no idea how much an all clear from you puts my mind at rest!

Ash :)

#16 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 18 August 2013 - 12:59 PM

Make a binary disk image often.  I schedule Acronis to make one of my C: drive every day.  Free disk image program: Macrium Reflect is good but there are  some alternatives.  Also Windows has a built-in utility but doesn't let you mount the image to check that it will work.

 

A disk image provides a much more complete restore than System Restore can do.

 

If you use Macrium be sure to create the recovery disk.  Also have Windows create a Rescue disk. 

 

Chrome is pretty secure and Avast does a good job blocking the occasional thing that slips through.  However nothing protects you against things you download deliberately, hence the desirability of an image to roll you back to an earlier time.

 

And do have a look at where your Chrome is installed.   This looks wrong:

"C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

As I said above, Chrome is not normally in Program Files.  (Although things may have changed since the time mine was installed).


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#17 Ash128kwil

Ash128kwil

    A Hopeful "Malware Advisor"

  • Helper Trainee
  • Pip
  • 40 posts

Posted 18 August 2013 - 02:43 PM

Hi again,

 

I have only the following folder in my AppData,

 

C:\Users\Ashley\AppData\Local\Google\Chrome\User Data

 

This contains a few folders and around a dozen files, some names starting with "Safe Browsing" such as "Safe Browsing Cookies" which I am assuming may be to do with Spyware Blaster or Avast? But doesn't seem to contain Chromes installation files which are located here:

 

C:\Program Files (x86)\Google\Chrome\Application\

 

I did see people complain about Chrome installing to AppData and not Program Files when it first became popular so maybe in all new installations it now goes there?

 

 

 

I did see that Security Check listed 2 versions of Google Chrome in my initial post, since then I have uninstalled it (as recommended by Avast support) and reinstalled it there now only seems to be one occurrence as shown below:

 

 Results of screen317's Security Check version 0.99.72  
   x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
Windows Defender   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 SpywareBlaster 5.0    
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Google Chrome 28.0.1500.95  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 

 

I've also noticed that Chrome is a little slower to load the homepage (but not ones after) after I launch it since re-installing which is a little annoying.

 

If I can not get WebRep to work I will use Web of trust or another in the meantime as its not the end of the world it just helps me determine whether a site can be deemed trustworthy!

 

My main worry was malware related and if you can't find anything in my log then I feel much better about things!

 

Let me know if you have any suggestions about the WebRep / Chrome installation and also if you need anymore logs (since I have reinstalled a few things since we started.)

 

Thanks again I appreciate it!

Ash :)



#18 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 18 August 2013 - 05:04 PM

"Also in the Avast program files webrep folder there is IE, FF, Opera and Safari folders but no Chrome."  That's normal, mine is same.

 

Here's what I would try:  exit Chrome, copy this folder somewhere permanent and then delete it.

C:\Users\Ashley\AppData\Local\Google\Chrome\User Data

(Do the files in it have current dates?)

 

If you decide to try this, let me know what happens.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#19 Ash128kwil

Ash128kwil

    A Hopeful "Malware Advisor"

  • Helper Trainee
  • Pip
  • 40 posts

Posted 19 August 2013 - 11:54 AM

Hi again,

 

The dates were yesterday / today on the files in that folder.

 

I closed chrome and moved the folder elsewhere, when I reopened chrome the folder was added again to the same location.

 

In my chrome my Google account was signed out and it asked me to sign in to get my bookmarks etc. So I am guessing these files are simply my users files for Chrome (bookmarks, history etc.)

 

I coped them back and I am all back logged in etc.

 

When Chrome repopulated that folder (before I copied my settings back) there were fewer of the files starting with "Safe Browsing" but I am guessing these are populated as you use Chrome?

 

Still stumped about this WebRep business but it seems that folder is needed for Chrome to work so should I leave it be?

 

Thanks again,

Ash



#20 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 19 August 2013 - 11:59 AM

Yes, I just thought it might have obsolete info from when you had two installed.

 

No more ideas - unless you want to totally uninstall both Avast and Chrome and start over.  (Use Revo Uninstaller Free)


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#21 Ash128kwil

Ash128kwil

    A Hopeful "Malware Advisor"

  • Helper Trainee
  • Pip
  • 40 posts

Posted 19 August 2013 - 12:17 PM

To be honest as long as my computer is clean so I can get on with some urgent birthday shopping that is my main priority!!

 

Thank you very much for your help :)

Ash



#22 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 19 August 2013 - 12:41 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE




Member of UNITE
Support SpywareInfo Forum - click the button