Possible rootkit infection?

Request another UVK scan and create log just to get a look at your current setup.

On another note if everything is okay and there are no detections would you like to install Secure Aplus?

There's a few things you need to know:

The initial scan and whitelisting process is likely to take time - up to a couple of hours.

Once that's finished it needs configuring. Best configuration is to disable the internal AV and set it to trust processes by digital signature where the signature is in the trusted certificate list. That way if any unsigned executable attemps to run it will automatically be blocked and uploaded to VirusTotal and the results are displayed in a pop up box. You then get the option to allow the file if you want to allow it to run.

When installing trusted software there's various options:



Let us know if you're interested. It checks all unsigned executables no matter how they're launched.

Just a thought really but I wonder if it's possible that the whole problem is related to Avast settings?

It's a long time since I used Avast but as far as I can work out it can be set to scan inside packed archives (zips) and sensitivity level can be set. Those zip files you uploaded were fine but did contain folders for MAC OSX which shouldn't be a problem but maybe Avast just doesn't like the files or can't scan them.

Just as a test:

Try configuring Avast not to scan inside zipped files:

https://www.avast.com/en-us/faq.php?...KB178#artTitle



If all boxes are checked in the settings in the above screenshot - uncheck them leaving only the ones shown in the screenshot checked.

Also for the following screenshot check that your settings are the same as the ones shown:



I'm not sure if changing Avast settings requires a reboot. Anyway once settings are as above try downloading one or all of the zip files that you attached earlier to see if you get the same problem.

Note: If you Avast settings for packed archives are the same as shown then there's no point in trying the above steps.

Re: AdwCleaner - your latest log. It's fine. Those detections appear to be related to Internet Download Manager so if you use it no furter action is needed.

Re: UVK log. I'll take a look at it and let you know if I can spot anything.

Re: Secure Aplus. Sorry for the confusion. It has it's own built in secondary AV and real time AV scanning but it's based on ClamWin and although it could be used alongside Avast it's best to disable the Secure Aplus AV entirely but enable the Application Whitelisting component if using this software.

There's no real need to install Secure Aplus but the Application Whitelisting feature is very good at detecting unsigned executables, PUP installers or anything else dodgy that attempts to run. It works alongside your existing AV. It was mentioned as something to think about regarding additional protection if you think you need it.

Re: UVK log. Nothing dodgy found.

If you cleaned the reg with CCleaner & all is running good, then that's a good sign, just hang on to the backed up removed reg files for a bit. NoScript shouldn't slow down FF. But I couldn't tell you if it actually does because I've used NoScript since day 1 & I have no basis for comparison. You can always look at your sys with process explorer to see if anything is causing a drain.

+1 Callender

Here's a video demo of Secure Aplus Appication Whitelising in action.

Explanation:

Comodo is onboard AV. Downloaded Crypto locker for test purposes. Comodo detects it and I choose to allow CryptoLocker to run since we need to test what happens next.

Around 42s in the video you see Secure Aplus spring into action. Comodo now allows Cryptolocker to run but Secure Aplus detects the file attempting to run and temporarily blocks it and uploads to VirusTotal for scanning. Reports a threat. I then choose to allow the file to run.

Around 1 minute in the video you see VoodooShield temporarilly block CyptoLocker and then scan it. Around 1min 15s you see another VoodooShield alert and I quarantine the file.

Around 1 minute 46 seconds you see Secure Aplus detecting VoodooShield Quarantine procees. I choose to allow.

At various other points in the video you see Comodo's on access file scan spring into action and I have to keep telling Comodo to ignore the detection.

So what's the point? Well if my onboard AV misses something it won't sneak through the additional protection and in fact remains blocked from running at all.

Well the correct download is bottom right of the page - click "need offline installer" then version "Without offline AV" but I suggest avoiding that download for now. If you want to install it it will take some time to whitelist everything. It might take a couple of hours. If you want to go ahead I'll PM you a link to download a slightly older version that in my opinion works better than the one that's currently available. If you decide to install it it will require a little configuration after the initial whitelist process has finished.

Sending PM with download link.