Hey guys, I’m new here and looking for help. My pc has been acting awkward recently and am wondering if there are some fishy root, viruses, Trojans, or spy kits installed. I have ran tdsskiller, otl, combofix and aswmbr. TDSSkiller did not find anything. Can somebody look at the logs and see if there is anything fishy that I need to remove? I consider myself mediocre when it comes to removing viruses. Thanks. *OTL log too large to attach.
Here are the Rogue Killer logs.
missing logs… sorry
Here is the OTL log… I found a host for it.
Now we need a Malwarebytes log and then were good to go.
HI could you define fishy
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:Commands
[CREATERESTOREPOINT]
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=drive&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDyCzytCtA0EtC0DtB0EyEtN0D0Tzu0CyEyDtAtN1L2XzutBtFtBtFtCtFyEyBzztN1L1Czu1Q1C1L2X1P&cr=573514476&ir=
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=drive&cd=2XzuyEtN2Y1L1Qzuzz0Czzzy0AyDyCzytCtA0EtC0DtB0EyEtN0D0Tzu0CyEyDtAtN1L2XzutBtFtBtFtCtFyEyBzztN1L1Czu1Q1C1L2X1P&cr=573514476&ir=
IE - HKU\S-1-5-21-3656693151-748633025-988903754-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3656693151-748633025-988903754-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startpage.com/
FF - prefs.js..browser.startup.homepage: "http://www.startpage.com/"
[2013/03/28 17:47:07 | 000,000,000 | ---D | M] -- C:\Users\Adi\AppData\Roaming\Funmoods
:Commands
[resethosts]
[emptytemp]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.
Ok… ran the fix. Then ran adwcleaner and then mbam. Here are the logs. Mbam did not find anything. Did anybody notice anything that was suspicious? Thanks for the help.
Are you experiencing any problems ?
Its using more ram than normal. Sometimes its just slow and something is processing in the background since the HDD is running and the cpu is loaded. Apps started crashing. IE would freeze and crash. Also other weird things that I cant think of now. One time, my mouse moved by itself. I hibernate the PC every night and sometimes in the morning I would find it on… but the boot password kept it from going further.
7.75 Gb Total Physical Memory | 5.55 Gb Available Physical Memory | 71.59% Memory freeWindows (later versions) tries to use as much RAM as possible, otherwise it is just wasted
Have you defragmented the drive recently ?
Disable Hibernation, reboot and then re-enable hibernation as this can sometimes get a tad corrupted
I am running Win7 64bit. I just checked fragmentation and its at 1%.
OK lets look deeper, I do not believe there is anything there, but better safe than sorry
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
- IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
- Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
- Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
- If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Here is the combofix log. Thanks again.
I can see no apparent malware at all the system looks clean