Infected Computer. I think its the explorer.exe virus but google redirects

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and attach the requested logs when you finish these instructions.

• **** If something does not run, write down the info to explain to us later but keep on going. ****
• Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

• After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!

Helpful Notes:

1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
   
   
   • Starting your computer in Safe mode
2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
3. If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only SUPERAntiSpyware and Malwarebytes while logged into this aother user account. Then reboot and see if you can log into the problem user account. If you can then run SUPERAntiSpyware, Malwarebytes, ComboFix and MGtools on the infected account as requested in the instructions.
4. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
   
   • Don't Bump! It Only Hurts You!!!

Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.
​

 

Please just skip any scans that don't run. But in the meantime, I want you to also run this:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!


Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  Vista/Windows 7 users right-click and select Run As Administrator.
• If TDSSKiller does not run, try renaming it.
• To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
• Click the Start Scan button.
• Do not use the computer during the scan
• If the scan completes with nothing found, click Close to exit.
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
• A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_14.17.05_log.txt) will be created and saved to the root directory ( usually Local Disk C ).
• Attach this log to your next message

 

Try uninstalling AVG with their tool:

http://www.avg.com/us-en/download-tools

 

Hi!

You're welcome, and perhaps TimW can also help with your pc's slowness. Please attach these logs -

• SASlog.txt log from SuperAntiSpyware.
• Malwarebytes Anti-Malware log
• RRlog.txt (from RootRepeal)
• ComboFix.txt (normally C:\ComboFix.txt)
• MGlogs.zip - normally it is C:\MGlogs.zip - only attach this log from MGtools.exe DO NOT attach any logs seen in the MGtools folder.

dr.m

 

Please attach the C:\MGLogs.zip. You can not zip a zip.

 

Yes you can! But we do not want them attached in a double layer zip.

 

They never open correctly when they are double zipped for me.

Well, the second try worked. So, no need to re-attach the log. I am not seeing any malware in your logs.

I also do not know or see any reason for slowness. I suggest you post in the software forum for further assistance with that. ( You might want to first try disabling Spybot TeaTimer from running at start up. )

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real time protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.We recommend them for doing backup scans when you suspect a malware infection.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
     
     
   
   
3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
   
   
10. After doing the above, you should work thru the below link:
    
    • How to Protect yourself from malware!
    
    

Help Support MajorGeeks
Buy Discounted Software @ Majorgeeks Store. Giveaways Too!

Majorgeeks Geek Wear. Hats, T-Shirts, Hoodies

MajorGeeks on FaceBook

 

Which is why I said we don't want them that way. Some helpers do no have WinZip which can handle this.

 

It would be best if you created a new one in the software forum and answer these questions for them so they can get an idea as to what is happening:

Please explain what operations are slow! For example answer the below:

* Is boot up slow?
* Is shutdown slow?
* Is browsing/surfing slow?
* Is downloading slow?
* Is running any application?
* Is it also slow in safe boot mode?
* Also are any process showing in Task Manager to be using a lot of CPU time?
* Anything else slow?

 

Possibly two contributors that I see:

First low hard disk space on drive C which as an extremely small drive to be running Win 7 on.

Second a combination of all of the below being installed:

Ad-Aware
Advanced SystemCare 3
ALWIL Software Security 4.8.1296.0
Ask Toolbar
avast! Antivirus
IObit Security 360
Spybot - Search & Destroy
ZoneAlarm Toolbar
ZoneAlarm

I would uninstall each of the below and then reboot and see how things run.

Ad-Aware
Advanced SystemCare 3
Ask Toolbar
IObit Security 360
Spybot - Search & Destroy
ZoneAlarm Toolbar
ZoneAlarm



EDIT: Providing answers to the questions TimW just posted would also help everyone better understand your problem.

 

I just noticed that your logs were from safe boot mode. You really needed to attach logs from Normal Boot mode for proper disgnosis. Also ComboFix had stated the below

You should rerun ComboFix in normal boot mode and see if these still show as infected.

 

Yes it does. Quite frequently this happens after some infections because they can managed to break various aspects of Windows that are not detectable via any scans. The only real true solution in some cases is a reinstall as using System Restore or even a Repair Install will also not always be entirely successful.

Make sure you rerun ComboFix too as suggested to see if the infections were truly fixed.

Yes I noticed from your logs the 3 partitions. Win 7 should have a larger partition though.

 

May just be due to all the things you are running. Did you uninstall ALL of the items I suggested? If so then also look into removing anything else not really necessary. Also consider uninstall Avast and rebooting just as a test to see what happens. Due to having multiple security programs installed, you may have cause some corruption.

 

Are they listed in CCleaner's "Tools > Uninstall" section? *Other tools that may be useful are -

• Your Uninstaller! 2010
• Revo Uninstaller 1.89

*For testing purposes, this should be done while your machine is physically disconnected from your internet connection.

 

Do you have your Vista CD? You may need to do a repair install.

 

I suggest that you post in the hardware forum. Sounds like you also may be having hard drive issues.