Solved: Want to check this computer for an infection please

HI I would like to check a Windows 7 home premium for malware infections please. The reason being is because the people that use this computer have complained to me recently that the computer is moving slow sometimes when surfing on the internet with Internet Explorer 11. Their have also been some times when Internet explorer 11 will freeze for no reason and you have to shutdown the computer and restart it again. When the computer starts it does lag a little bit getting to the desktop.

So I just would like someone to check some logs I will post the logs very shortly I forgot my password for the avast forum and this is why I am typing this thread on a different computer this morning.

Thanks very much
have a good week

here are otl log and adwcleaner log malwarebytes free did not pick up anything in the quick scan

thanks

Hi,

OTL looks clean. This shall just clean some junk from your computer…

Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.

:OTL
@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:A3E39C6A
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:CF75D88F
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:813B8EB6
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:57DC3B52
:FILES
C:\Program Files\*.tmp
:COMMANDS
[EMPTYTEMP]

[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.

If the log doesn’t appear, it can be found here:

c:_OTL\MovedFiles\mmddyyyy_hhmmss.log

===================================
Next …

We need to check system on kernel space as well …

Please download GMER, the RootKit Detector tool from the link below and save it to your Desktop:

Gmer download link
Note: file will be random named

Double-clicking to run GMER.

[*]Wait for initial scan to finish - if there is any query, click No;
[*]Click [ Scan ] button and wait until the full scan is complete;
[*]Click [ Save … ]- save the report to the Desktop (named ARK );

[*]Then click the >>> button and select Autostart card;
[*]Click [ Scan ] button;
[*] After quick scan, click Copy button;
[*]Open notepad and Paste text. Save report to the Desktop (named autostart )

Attach here both Gmer logreports. (ARK.txt and autostart.txt)

HI I was wondering what do you mean we have check the Kernel space what does mean. After I Run GMer where do I find the autostart does it come With GMER. Just wondering.
I was wondering do I have to download the Autostart is it a program separate from GMER.
Thanks

Hi Diddy,

HI I was wondering what do you mean we have check the Kernel space what does mean.

First, you need to ask yourself what are the Rootkits?
http://en.wikipedia.org/wiki/Rootkit

Rootkits can work in user or in kernel level.
http://msdn.microsoft.com/en-us/library/windows/hardware/ff554836(v=vs.85).aspx

After I Run GMer where do I find the autostart does it come With GMER. Just wondering. I was wondering do I have to download the Autostart is it a program separate from GMER. Thanks

All you have to do is to read my instructions for running GMER and everything will be clear.

Then click the >>> button and select Autostart card;

HI sorry for all the questions abut GMER I was wondering when I launch the program on Windows 7 do I put a check mark right next to C: drive do I leave everything else checked I am referring to your screen shot of GMER.

I was also wondering noticed in screen shot of GMER that Autostart is not shown in the list to the right of the window is Auto start card covered up by a tool menu in the program. Where is Autostart card where is it located in the GMER program please xplain.

Thanks very much

hi is the otl log i will post the other logs soon

Hi Diddy,

Nowhere I did not mention any checkbox or check mark next to C, right? Again, follow the instruction, all is clearly stated …

HI When the GMER starts up I wait for the ital scan to complete the quick scan is checked though so how do you make sure that GMER does a full scan please explain. Some of your instructions do not make sense at all.

Thanks

Hi i did GMER rootkit full scan and the auto start scan here are both logs below:

Let me now if i need to do more.

Thanks very much for your time and help as always.

Both logs are saved in notepad

hi i did another adwcleaner just make sure that the mysearch dial.com was gone and i have had this show up in adwcleaner lasted version and each time i clean with adwcleaner it still comes back. can you help me get rid of this dial search and mydialsearch.com off of this computer please and thanks you.

Hi,

GMER log looks clean. No traces of malware activities.

AdwCleaner does not look for a real malware but bad PUP software. AdwC has been remove just one Firefox extension (ffxtlbr@mysearchdial.com) and related settings.

You may remove used tools using DelFix.

Please download DelFix by “Xplode” to your Desktop.

Run the tool and check the following boxes below;

[] Remove disinfection tools
[
] Create registry backup
[*] Purge System Restore

Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt

I don’t need DelFix log report.

HI was wondering how can I get rid of mysearch dial that keeps coming up in Firefox on the Windows 7 system. I have tried several times get rid of this with Adwcleaner and it still comes back what can I do not get rid of mysearch tool bar.

Thanks

Hi,

I do not see that in posted OTL log. That may be installed later. Let’s chechk that:

Please download zoek.zip or zoek.rar by smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…

[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not start…

[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:

FilesRCM;
StartupAll;
SkipFix-IEDefaults;
FirefoxLook;
ChromeLook;

[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)

[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log

hI thanks very much for your help and time

hi i would like to now what i am doing wrong Zoesk did create the log file but Zoesk did not restart the computer and the mysearch dial toolbar is still in the firefox browser. i also disabled my antivirus also. i did put all the code you had in the Zoesk tool box area. Could you help me please.

here is the Zoesk log below;

Thanks

Run Firefox, click on Firefox (orange) button on your upper-left side and click Add-ons.

New tab shall load … Click on Extensions button …

Remove the bad add-ons. Remove all add-ons from Firefox, all of them. Just leave “avast Online Security” and “Skype Click to Call” adds, the other …just remove them.

Close Firefox and re-launch.


Then, re-run zoek as you did before, click on More Options button, cleck box only for AutoClean option and then click on RunScript button.

Zoek shall start the system scan, then it shall ask your system for reboot and after reboot, post here fresh created zoek log.

hi here is hopefully the last Zoesk log

thanks

Hi,

Launched: C:\Users\Gary\Desktop\zoek.exe [Scan all users] [b][Script inserted][/b] [Checkboxes used]

Mate, I did not tell you to use zoekscript for execution. Only AutoClean box option.

Anyway, zoek has been remove mysearchdial.com.
Empty your recycle bin as well. This should be it, zoek log is clean.

Thanks Magna86 for your help and your advice.

Thanks again have a good weekend