viruses and worms > viruses and worms
C:\windows\system32\explorer.exe may have a malware infection?
<< < (2/6) > >>
AdoptablePeach:
My malwarebytes scan.

Internet Explorer 9.0.8112.16421
Everett :: DESKTOP [administrator]

Protection: Enabled

06/02/2013 5:01:16 PM
mbam-log-2013-02-06 (17-01-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 352343
Time elapsed: 25 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\CLSID\{0696f815-a3a9-490a-bb14-9ec3350b1276} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|ShopperReports 3.1.69.0 (Adware.HotBar) -> Data:  -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E879077FBD765C5534AE96 (Malware.Trace) -> Data:  -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 10
C:\ProgramData\OptimizerPro1\OptimizerPro1.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Everett\AppData\Local\Temp\is-BC69E.tmp\DealioToolbar-stub-1.exe (PUP.Dealio.TB) -> Quarantined and deleted successfully.
C:\Users\Everett\AppData\Local\Temp\is-JA7JO.tmp\DealioToolbar-stub-1.exe (PUP.Dealio.TB) -> Quarantined and deleted successfully.
C:\Users\Everett\AppData\Local\Temp\is-QSU73.tmp\DealioToolbar-stub-1.exe (PUP.Dealio.TB) -> Quarantined and deleted successfully.
C:\Users\Zack\AppData\Local\Temp\ICReinstall\Facemoods.exe (Adware.InstallCore) -> Quarantined and deleted successfully.
C:\Users\Everett\Local Settings\Temporary Internet Files\Content.IE5\CJP1QB9U\uninstaller[1].exe (PUP.Offerware) -> Quarantined and deleted successfully.
C:\Users\Everett\Local Settings\Temporary Internet Files\Content.IE5\N43Y57YF\agent_setup[1].exe (PUP.Offerware) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Framework.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files (x86)\OIS.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SkseProxy.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

(end)
iroc9555:
No need to copy/paste log results. Attach the log text file. How to attach logs see my image below.

Still need OTL and aswMBR.exe

Specialists were notified.
AdoptablePeach:
This is a print screen of what appears.
AdoptablePeach:
My OTL.txt and Extras.txt
magna86:
Hi,

I need aswMBR.txt logreport. Run aswMBR.exe AntiRootkit tool.
http://forum.avast.com/index.php?topic=53253.0



Go to control Panel > add or remove programs and uninstall OptimizerPro

--------------------------------------------------


> Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

> Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this or this Instruction.

How to disable avast:

[*]Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
[*]In the window that opens on the top right corner, click Settings.
[*]In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.

[*]Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes. [/list]

Note: Do not forget to turn on this option after the cleaning.



> Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix's window while it is running.
If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart computer once more.


> When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
  Attach log reports ( ComboFix.txt) back to topic.



*********************************


Re-run OTLScan

[*] Make sure all other windows are closed and to let it run uninterrupted.
   
[*] Click on Scan All Users
 
[*] Paste this into Custom Scans/Fixes box at the bottom

[/list]
--- Code: ---

%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
/md5stop
CREATERESTOREPOINT


--- End code ---
[*] Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
        [*] When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
         
[*] Please attach them in this thread.
[/list]
[/list]


Navigation
Message Index
Next page
Previous page

Go to full version