Author Topic: Do I have malware?  (Read 4216 times)

Offline JoniB

  • Jr. Member
  • **
  • Posts: 20
    • Personal Message (Offline)
Do I have malware?
« on: February 28, 2013, 06:02:35 AM »
I've saved the newest version of Avast that I found at filehippo.com to my laptop 32 bit.  I then tried to download it on the computer, but I just get a message saying that it's not compatible with Win32.  Am I missing something, or is this malware that is blocking help?

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21697
  • Gender: Male
    • Personal Message (Offline)
Re: Do I have malware?
« Reply #1 on: February 28, 2013, 06:20:51 AM »
what AV did you use before installing avast?
have you removed it?


run these and try again   http://forum.avast.com/index.php?topic=53253.0
AdwCleaner....click delete.....post log here
Malwarebyts......after quick scan, click remove selected if anything is found....post log


Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline JoniB

  • Jr. Member
  • **
  • Posts: 20
    • Personal Message (Offline)
Re: Do I have malware?
« Reply #2 on: February 28, 2013, 06:26:40 AM »
Searched, and this is the log.........

# AdwCleaner v2.113 - Logfile created 02/28/2013 at 02:24:30
# Updated 23/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : User - USER-260401AF3B
# Boot Mode : Normal
# Running from : C:\Documents and Settings\User\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ihwg2pze.default\searchplugins\delta.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Found : C:\Documents and Settings\All Users\Application Data\Toolbar4
Folder Found : C:\Documents and Settings\User\Application Data\Babylon

***** [Registry] *****

Key Found : HKCU\Software\5f6dbdae53eed15
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0 (en-US)

File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ihwg2pze.default\prefs.js

Found : user_pref("extensions.delta.admin", false);
Found : user_pref("extensions.delta.aflt", "babsst");
Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Found : user_pref("extensions.delta.autoRvrt", "false");
Found : user_pref("extensions.delta.dfltLng", "en");
Found : user_pref("extensions.delta.excTlbr", false);
Found : user_pref("extensions.delta.id", "4053a21d0000000000000016cf4ea251");
Found : user_pref("extensions.delta.instlDay", "15740");
Found : user_pref("extensions.delta.instlRef", "sst");
Found : user_pref("extensions.delta.newTab", false);
Found : user_pref("extensions.delta.prdct", "delta");
Found : user_pref("extensions.delta.prtnrId", "delta");
Found : user_pref("extensions.delta.rvrt", "false");
Found : user_pref("extensions.delta.smplGrp", "none");
Found : user_pref("extensions.delta.tlbrId", "base");
Found : user_pref("extensions.delta.tlbrSrchUrl", "");
Found : user_pref("extensions.delta.vrsn", "1.8.10.0");
Found : user_pref("extensions.delta.vrsnTs", "1.8.10.09:33:31");
Found : user_pref("extensions.delta.vrsni", "1.8.10.0");
Found : user_pref("extensions.toolbar@ask.com.install-event-fired", true);

-\\ Google Chrome v17.0.963.79

File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4154 octets] - [28/02/2013 02:24:30]

########## EOF - C:\AdwCleaner[R1].txt - [4214 octets] ##########

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21697
  • Gender: Male
    • Personal Message (Offline)
Re: Do I have malware?
« Reply #3 on: February 28, 2013, 06:31:28 AM »
you must click delete in AdwCleaner to remove all those crap files.....the log you post is just serch
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline JoniB

  • Jr. Member
  • **
  • Posts: 20
    • Personal Message (Offline)
Re: Do I have malware?
« Reply #4 on: February 28, 2013, 06:33:59 AM »
I've got Essentials, but wasn't finding whatever was bothering my system, so I thought I'd download Avast.  It claims to help with the spyware I think may have my system infected.  I didn't remove Essentials prior to saving Avast.  I was expecting an objection by the software as a reaffirmation that I SHOULD remove it first.  Perhaps that is why the notice, but it seems a strange notice to send as an objection for duplicating AV's.  I also didn't want to remove Essentials prior to knowing that I wouldn't be making matters worse.

Offline JoniB

  • Jr. Member
  • **
  • Posts: 20
    • Personal Message (Offline)
Re: Do I have malware?
« Reply #5 on: February 28, 2013, 06:41:26 AM »
Deleted.  Here is the next log:



***** [Registry] *****

Key Deleted : HKCU\Software\5f6dbdae53eed15
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0 (en-US)

File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ihwg2pze.default\prefs.js

C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\ihwg2pze.default\user.js ... Deleted !

Deleted : user_pref("extensions.delta.admin", false);
Deleted : user_pref("extensions.delta.aflt", "babsst");
Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Deleted : user_pref("extensions.delta.autoRvrt", "false");
Deleted : user_pref("extensions.delta.dfltLng", "en");
Deleted : user_pref("extensions.delta.excTlbr", false);
Deleted : user_pref("extensions.delta.id", "4053a21d0000000000000016cf4ea251");
Deleted : user_pref("extensions.delta.instlDay", "15740");
Deleted : user_pref("extensions.delta.instlRef", "sst");
Deleted : user_pref("extensions.delta.newTab", false);
Deleted : user_pref("extensions.delta.prdct", "delta");
Deleted : user_pref("extensions.delta.prtnrId", "delta");
Deleted : user_pref("extensions.delta.rvrt", "false");
Deleted : user_pref("extensions.delta.smplGrp", "none");
Deleted : user_pref("extensions.delta.tlbrId", "base");
Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Deleted : user_pref("extensions.delta.vrsn", "1.8.10.0");
Deleted : user_pref("extensions.delta.vrsnTs", "1.8.10.09:33:31");
Deleted : user_pref("extensions.delta.vrsni", "1.8.10.0");
Deleted : user_pref("extensions.toolbar@ask.com.install-event-fired", true);

-\\ Google Chrome v17.0.963.79

File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4283 octets] - [28/02/2013 02:24:30]
AdwCleaner[S1].txt - [4419 octets] - [28/02/2013 02:34:52]

########## EOF - C:\AdwCleaner[S1].txt - [4479 octets] ##########

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21697
  • Gender: Male
    • Personal Message (Offline)
Re: Do I have malware?
« Reply #6 on: February 28, 2013, 06:47:24 AM »
ok, continue with Malwarebytes quick scan.....and remove selected if anything is found
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline JoniB

  • Jr. Member
  • **
  • Posts: 20
    • Personal Message (Offline)
Re: Do I have malware?
« Reply #7 on: February 28, 2013, 07:02:24 AM »
Nothing found.  That's good.


Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.28.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: USER-260401AF3B [administrator]

Protection: Enabled

2/28/2013 2:54:34 AM
mbam-log-2013-02-28 (02-54-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200771
Time elapsed: 5 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21697
  • Gender: Male
    • Personal Message (Offline)
Re: Do I have malware?
« Reply #8 on: February 28, 2013, 07:09:54 AM »
seems you are clean...try uninstall MSE and install avast again

if that does not work, see in the same guide i gave you...scroll down to OTL and attach (not copy and paste) the diagnostic log
then one of the experts here will have a look and see if he can spot a problem

they usually arrive here after work hours european time    ;)
« Last Edit: February 28, 2013, 07:12:53 AM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline JoniB

  • Jr. Member
  • **
  • Posts: 20
    • Personal Message (Offline)
Re: Do I have malware?
« Reply #9 on: February 28, 2013, 07:14:15 AM »
Will I need to add a firewall with Essentials?  Not that I know what I'm talking about.... :}

Offline JoniB

  • Jr. Member
  • **
  • Posts: 20
    • Personal Message (Offline)
Re: Do I have malware?
« Reply #10 on: February 28, 2013, 07:15:15 AM »
*read "without" instead of "with"

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21697
  • Gender: Male
    • Personal Message (Offline)
Re: Do I have malware?
« Reply #11 on: February 28, 2013, 07:16:53 AM »
for most users windows firewall is enough, and there are usually no complicated pop ups
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline JoniB

  • Jr. Member
  • **
  • Posts: 20
    • Personal Message (Offline)
Re: Do I have malware?
« Reply #12 on: February 28, 2013, 07:21:19 AM »
Okay.  I removed MSE and still get the same note when trying to load Avast.  Now I'm naked!!!!  :)  Never thought about joining a colony before.....

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21697
  • Gender: Male
    • Personal Message (Offline)
Re: Do I have malware?
« Reply #13 on: February 28, 2013, 07:29:44 AM »
strange.....run OTL attach OTL diagnostic log....i have send a PM to the expert so he will check the log later today

you may install MSE again so that you are not naked   ;)
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline JoniB

  • Jr. Member
  • **
  • Posts: 20
    • Personal Message (Offline)
Re: Do I have malware?
« Reply #14 on: February 28, 2013, 07:30:13 AM »
Specifically it states that ....(AVAST)....."is not a valid Win32 application".

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now