New Laptop - Malware

Hi,

I got a new laptop and have been setting it up with the security measures recommended here, with updates and with free (but highly recommended programs that I have used in the past and have never given me any problems - such as firefox, openoffice, vlc etc) and I have found a huge amount of malware. Avast found no viruses however.

I attach the logs below.

I’ve also a few questions to ask about some of the security programs but I don’t know if I’m supposed to ask that here.

Plus, I think I downloaded a few programs for 32 bit computers (no scripts) whereas I should have downloaded ones for 64 bit. Is this a problem and how can I check?

Also, aswMBR was exceptionally quick.

and I have found a huge amount of malware.
if you refer to Your Malwarebytes log ..... PUP = not a virus / Possible Unwanted Programs what Malwarebytes has detected is crap that comes bundled With other downloads ..toolbars / adware / browser hijackers ....usually a result of Your browsing habits and downloading evry free stuff you see in ads

so it seems Your computer need a good scrubbing for crap files

malware experts are notified

I've also a few questions to ask about some of the security programs but I don't know if I'm supposed to ask that here.
ask away ;)

Its strange because everything I downloaded has a good reputation :s.

The more I use filehippo the more I get a feeling there’s something wrong with it. I’m probably completely wrong but I don’t see how else I could’ve gotten nigh on 200 things. Skype etc wouldn’t have poisoned my system. Any surfing I’ve done has been filehippo or official sites: BBC, inter.it etc.

you have lots of this DealPly … and many others like mysearch / pricepeep / luckyleap …

Adware:Win32/DealPly

Adware:Win32/DealPly is an adware program that displays offers related to your web browsing habits. It may be bundled with certain third-party software installation programs.

http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Adware%3AWin32%2FDealPly#tab=2

I saw those and I swear I started noticing them this morning when I had only downloaded filehippo, firefox and chrome.

I’m not denying I have some nasties on my system, but unless I woke up in a blur I can’t see where they came from.

Is filehippo dangerous?

Is filehippo dangerous?
never had problems With filehippo ....but it may also be what websites you wisit anyway PUP are not dangerous, just extremly annoying and can be difficult to remove

Are you sure you only used Filehippo ? As that and MajorGeeks are the only sites I would recommend (apart from the Authors site)

Have a read of this http://blog.avast.com/2013/07/09/shady-practices-of-free-download-servers/

You will need to reset your Chrome homepage manually

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1QzuyByEzzyCyB0AtD0Dzy0EtB0A0F0DyDtAtN0D0Tzu0CyCtDzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=16537793&ir=
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {1D796BE2-B292-4930-BC1D-D5011AA28F8A}
IE:64bit: - HKLM\..\SearchScopes\{1D796BE2-B292-4930-BC1D-D5011AA28F8A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1QzuyByEzzyCyB0AtD0Dzy0EtB0A0F0DyDtAtN0D0Tzu0CyCtDzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=16537793&ir=
IE - HKLM\..\SearchScopes\{1D796BE2-B292-4930-BC1D-D5011AA28F8A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1QzuyByEzzyCyB0AtD0Dzy0EtB0A0F0DyDtAtN0D0Tzu0CyCtDzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=16537793&ir=
IE - HKU\S-1-5-21-1812367834-437893827-731521028-1001\..\SearchScopes\{1D796BE2-B292-4930-BC1D-D5011AA28F8A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1QzuyByEzzyCyB0AtD0Dzy0EtB0A0F0DyDtAtN0D0Tzu0CyCtDzztN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=16537793&ir=

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Junkware Removal Tool to your desktop.

[]Right-mouse click JRT.exe and select “Run as Administrator” the tool will open and start scanning your system
[
]please be patient as this can take a while to complete depending on your system’s specifications
[]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
[
]post the contents of JRT.txt into your next message.

I’m sure. Maybe in my eagerness to get everything set up I did something and can’t remember but I’m sure that I got these things via filehippo.

A few things I got from cnet but I thought that was safe.

A few things I got from cnet but I thought that was safe.
The last place I would recommend

B***** h***, I thought it was one of the safest… shows what I know.

Couple of questions. I downloaded Process Guard but it says there are compatibility issues with Windows 8. I don’t know if I need ERUNT. I downloaded Drive Image, but I can’t find the image it created. Maybe I’d better delete it now as well as it could have this malware in it. I couldn’t find out how to set up recovery console and I don’t know if I need limited user account. This is all from that safety page you recommended a few weeks ago.

When I ran Junkware Removal it said something about ERUNT.

When I ran Junkware Removal it said something about ERUNT.
did it produce a log?

Running it now, realised I hadn’t done the OTL scan.

With windows 8 … You need to do the following

Install IE10
No need for a drive image as it has one built in go to control panel > windows 7 file recovery
On the same page you will be able to create a System repair disc
Erunt is not required as windows 8 will allow a refresh install

https://dl.dropboxusercontent.com/u/73555776/advanced8.JPG

Ah ok, perfect. So I should uninstall Drive Image then?

Will an ordinary RW CD be ok for a system recovery disk?

JRT scan is here.

Also, now I’ve downloaded those security measures, I have a few symbols on a search that I don’t understand - see image attached.

The first one, a red shield, I don’t understand. The second which is three bars I think is avast, as is the fourth. The third, private green shield, I don’t understand, and the green circle is Web of Trust. I believe all these are connected with the recommended security programs.

I believe that web rep now has a privacy function as well hence the private shield (third party tracking disabled)

Thanks.

I now have a problem with avast. Its gone from my bar at the desktop bottom and when I click the shortcut it gives me the following message:

Do a repair of Avast and see if that cures it

Fixed, I had uninstalled C++ redistributable, thought it was just for writing C++ and didn’t realise it was necessary for avast.

;D

How is the computer now ?