Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Explorer


  • Please log in to reply
30 replies to this topic

#1 tyler4402

tyler4402

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Palatine of Lancashire England
  • Local time:05:29 AM

Posted 09 August 2014 - 10:32 AM

Hi all
   I click on the Windows explorer icon to expand the Libraries, and when I opposite click on any of the folders in order to add another folder to the primary folder, or delete a particular folder, the page sort of goes opaque, and I get the message that Windows explorer has stopped working, so I have to close the explorer down.
I was wondering if some sort of file has gone missing, anybody any ideas? regards Robert

Edited by Queen-Evie, 10 August 2014 - 11:10 AM.
moved from Windows 7 to Am I Infected


BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,607 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:09:29 PM

Posted 09 August 2014 - 11:07 AM

Please run System File Checker (sfc)
 
The sfc /scannow command scans all protected system files and replaces corrupted and incorrect versions with correct Microsoft versions.
 
Click on the Start orb and then type cmd in the Search programs and files box.
 
In the pane above the search box Programs will appear with cmd below it, right click on cmd and choose Run as administrator.
 
If you are prompted for an administrator password or for a confirmation, enter the password, or click Allow.
 
A page similar to the one below will open.
 
elevatedcommandpromptw7_zpseba8c499.png
 
Type in sfc /scannow and then press Enter to start the scan.  Please notice the space between sfc and the /scannow.
 
If the scan finds no integrity  problems in the first portion of the scan it should stop, to be sure that the scan has stopped wait five minutes, then type in exit and press Enter to stop the scan.
 
When the scan is finished please post the log of this scan.
 
To find sfc /scannow log, type cmd in the Search programs and files box. 
 
cmd will appear above the search box under Apps., right click on it and choose Run as administrator, this will open the Elevated Command Prompt.  This will look simlare to the image above.
 
Copy and paste the following in the Search programs and files box, then press Enter.  
 
findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt
 
This will place a new icon on the desktop titled sfcdetails.  Click on this to open the log, copy it and paste it in your topic.  

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 tyler4402

tyler4402
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Palatine of Lancashire England
  • Local time:05:29 AM

Posted 09 August 2014 - 01:54 PM

Hi, thanks for your quick reply, I ran the scan twice and after both times it reached 100% the scan reported that nothing was amiss, I then opened the cmd and clicked run as admin and pasted the str /c"[SR]" line into the box and entered it, but it did not put a sfc file onto the desktop.

Regards Robert. 



#4 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,607 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:09:29 PM

Posted 09 August 2014 - 02:10 PM

If no integrity issues are found there will be not log.

 

Boot into Safe Mode and see if you can duplicate this error there. 


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#5 tyler4402

tyler4402
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Palatine of Lancashire England
  • Local time:05:29 AM

Posted 10 August 2014 - 04:01 AM

Hi dc3

 

   I did boot into safe mode and I got the same message or fault when I opposite clicked a folder, regards Robert.



#6 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,607 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:09:29 PM

Posted 10 August 2014 - 10:18 AM

Please run the two security scan below.  A moderator will see this and move this topic to the Am I Infected forum.  This is a normal procedure as these scans are not suppose to be run in the Windows forums.


Please run the ESET OnlineScan

***Please note. If you run this scan using Internet Explorer you won't need to download the Eset Smartinstaller.***

  • Click on this link to open ESET OnlineScan in a new window.
  • The ESET Online Scanner page will open, click on Yes, I agree to the trems of use, then click on Start, the scan will now begine.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

Please download Malwarebytes Anti-Malware.  After clicking on the link the download will start automatically.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
mbamreplace_zps3ead4824.png
 
 
4)  When the scan is complete the results will be displayed.  Click on Quarantine All, then click on Apply Actions
 
mbam4_zps23e52ad4.png
 
 
5)  To complete any actions taken you will be asked if you want to restart your computer, click on Yes
 
 mbam4_zps490948cc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#7 tyler4402

tyler4402
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Palatine of Lancashire England
  • Local time:05:29 AM

Posted 11 August 2014 - 07:52 AM

Hi dc, I hope this is the info that you wanted, the Eset prog looks very good it certainly does get rid of of a lot of rubbish.

Having looked back I remember that I used a prog called Revo Uninstaller & each time I used it I lost the MBR file which I learned to put back, I used Revo again a couple of months ago and I think my prob started after that, regards Robert.

 

C:\ProgramData\Malwarebytes\Malwarebytes
Anti-Malware\Quarantine

Malware Exclusions: =================== Unable to access exclusion information: Error
code 20001Web Exclusions: ================ Unable to access exclusion information: Error
code 20001Quarantined Items: =================== Unable to access quarantine information: Error
code
20001=============================================================== END OF FILE

 

C:\AdwCleaner\Quarantine\C\Program Files\NCH
Software\Disketch\disketch.exe.vir    a variant of
Win32/Toolbar.Conduit.H potentially unwanted application    deleted -
quarantined C:\AdwCleaner\Quarantine\C\Program Files\NCH
Software\Disketch\disketchsetup_v3.07.exe.vir    a variant of
Win32/Toolbar.Conduit.H potentially unwanted application    deleted -
quarantined C:\AdwCleaner\Quarantine\C\Program Files\NCH
Software\ExpressRip\expressrip.exe.vir    probably a variant of
Win32/Toolbar.Conduit.H potentially unwanted application    deleted -
quarantined C:\AdwCleaner\Quarantine\C\Program Files\NCH
Software\ExpressRip\expressripsetup_v1.92.exe.vir    probably a variant
of Win32/Toolbar.Conduit.H potentially unwanted application    deleted -
quarantined C:\AdwCleaner\Quarantine\C\Program
Files\Searchprotect\ffprotect\application.js.vir    Win32/Conduit.SearchProtect.A
potentially unwanted application    deleted - quarantined C:\AdwCleaner\Quarantine\C\Program
Files\Searchprotect\ffprotect\nsprotector.js.vir    Win32/Conduit.SearchProtect.A
potentially unwanted application    deleted - quarantined C:\AdwCleaner\Quarantine\C\Program
Files\WebSearch\uninstall.exe.vir    Win32/SProtector.B potentially
unwanted application    deleted - quarantined C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir    Win32/Toolbar.Conduit.Y
potentially unwanted application    deleted - quarantined C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll.vir    Win32/Toolbar.Conduit.Y
potentially unwanted application    deleted - quarantined C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\Local\Conduit\Chrome\CT3306061\CHUninstaller.exe.vir    a
variant of Win32/Conduit.SearchProtect.N potentially unwanted
application    deleted - quarantined C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User
Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil\10.22.0.88_0\nativeMessaging\TBMessagingHost.exe.vir    a
variant of Win32/Toolbar.Conduit.AH potentially unwanted
application    deleted - quarantined C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User
Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil\10.22.0.88_0\plugins\ConduitChromeApiPlugin.dll.vir    a
variant of Win32/Toolbar.Conduit.AH potentially unwanted
application    deleted - quarantined C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User
Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil\10.22.0.88_0\TBHostSupport\TBHostSupport.dll.vir    a
variant of Win32/Toolbar.Conduit.AA potentially unwanted
application    deleted - quarantined C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User
Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil\10.22.5.10_0\nativeMessaging\TBMessagingHost.exe.vir    a
variant of Win32/Toolbar.Conduit.AH potentially unwanted
application    deleted - quarantined C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User
Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil\10.22.5.10_0\plugins\ConduitChromeApiPlugin.dll.vir    a
variant of Win32/Toolbar.Conduit.AH potentially unwanted
application    deleted - quarantined C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User
Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil\10.22.5.10_0\TBHostSupport\TBHostSupport.dll.vir    a
variant of Win32/Toolbar.Conduit.AA potentially unwanted
application    deleted - quarantined C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\Local\TBHostSupport\TBHostSupport.dll.vir    a
variant of Win32/Toolbar.Conduit.AA potentially unwanted
application    deleted - quarantined C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\Roaming\Searchprotect\ffprotect\application.js.vir    Win32/Conduit.SearchProtect.A
potentially unwanted application    deleted - quarantined C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\Roaming\Searchprotect\ffprotect\nsprotector.js.vir    Win32/Conduit.SearchProtect.A
potentially unwanted application    deleted - quarantined C:\Config.Msi\Downloads\PCPerformer_GN.exe    a
variant of Win32/InstallBrain potentially unwanted
application    deleted - quarantined C:\Config.Msi\Downloads\sd-setup.exe    Win32/ELEX.AH
potentially unwanted application    deleted - quarantined C:\Users\Robert\Downloads\smart-defrag-setup.exe    a
variant of Win32/Toolbar.Widgi.B potentially unwanted
application    deleted - quarantined C:\Users\TEMP\Windows.old.000\Program
Files\DictionaryBossEI\Installr\1.bin\NPv4EISb.dll    Win32/Toolbar.MyWebSearch
potentially unwanted application    deleted - quarantined C:\Users\TEMP\Windows.old.000\Program
Files\DictionaryBossEI\Installr\1.bin\v4EIPlug.dll    Win32/Toolbar.MyWebSearch
potentially unwanted application    deleted - quarantined C:\Users\TEMP\Windows.old.000\Program
Files\DictionaryBossEI\Installr\1.bin\v4EZSETP.dll    Win32/Toolbar.MyWebSearch
potentially unwanted application    deleted - quarantined C:\Users\TEMP\Windows.old.000\Program
Files\Mozilla
Firefox\components\sprotector.js    Win32/Conduit.SearchProtect.A
potentially unwanted application    deleted - quarantined C:\Users\TEMP\Windows.old.000\Program
Files\tinySpell\Trend
Micro\HijackThis\backups\backup-20120201-221353-771.dll    a variant of
Win32/Toolbar.Visicom.B potentially unwanted application    deleted -
quarantined C:\Users\TEMP\Windows.old.000\ProgramData\Spybot
- Search &
Destroy\Recovery\USTechSupportMyCleanPC.zip    Win32/Bagle.gen.zip
worm    cleaned by deleting - quarantined C:\Users\TEMP\Windows.old.000\ProgramData\Spybot
- Search &
Destroy\Recovery\USTechSupportMyCleanPC1.zip    Win32/Bagle.gen.zip
worm    cleaned by deleting - quarantined C:\Users\TEMP\Windows.old.000\ProgramData\Spybot
- Search &
Destroy\Recovery\USTechSupportMyCleanPC2.zip    Win32/Bagle.gen.zip
worm    cleaned by deleting - quarantined C:\Users\TEMP\Windows.old.000\ProgramData\Spybot
- Search &
Destroy\Recovery\USTechSupportMyCleanPC3.zip    Win32/Bagle.gen.zip
worm    cleaned by deleting - quarantined C:\Windows.old\Documents and Settings\Robert\My
Documents\12 Downloads of PC Program\Core-Temp-setup.exe    probably a
variant of Win32/Complitly.A potentially unwanted application    deleted
- quarantined C:\Windows.old\Documents and Settings\Robert\My
Documents\12 Downloads of PC
Program\Setup_FreeConverter.exe    Win32/Toolbar.Widgi potentially
unwanted application    deleted - quarantined C:\Windows.old\Documents and Settings\Robert\My
Documents\12 Downloads of PC Program\Video converter prismsetup.exe    a
variant of Win32/Toolbar.Conduit.K potentially unwanted
application    deleted - quarantined C:\Windows.old\Documents and Settings\Robert\My
Documents\Documents and Settings\Robert\Shared\Download_Energy.exe    a
variant of Win32/Toolbar.Conduit.B potentially unwanted
application    deleted - quarantined C:\Windows.old\Documents and Settings\Robert\My
Documents\Documents and Settings\Robert\Shared\winmx_music_free.exe    a
variant of Win32/Toolbar.Conduit.B potentially unwanted
application    deleted - quarantined F:\cbsidlm-cbsi134-Revo_Uninstaller-ORG-10687648.exe    a
variant of Win32/CNETInstaller.B potentially unwanted
application    deleted - quarantined F:\23 TECH & PC Programs info folders\5 PC
Program Downloads\cbsidlm-tr1_13-World_Clock-ORG-75698825
(1).exe    Win32/DownloadAdmin.G potentially unwanted
application    deleted - quarantined F:\23 TECH & PC Programs info folders\5 PC
Program
Downloads\cbsidlm-tr1_13-World_Clock-ORG-75698825.exe    Win32/DownloadAdmin.G
potentially unwanted application    deleted - quarantined F:\23 TECH & PC Programs info folders\5 PC
Program Downloads\Core-Temp-setup.exe    probably a variant of
Win32/Complitly.A potentially unwanted application    deleted -
quarantined F:\23 TECH & PC Programs info folders\5 PC
Program Downloads\ffortsetup.exe    a variant of
Win32/Toolbar.Conduit.H potentially unwanted application    deleted -
quarantined F:\23 TECH & PC Programs info folders\5 PC
Program Downloads\installfreefileopener_553.exe    a variant of
Win32/InstallIQ.A potentially unwanted application    deleted -
quarantined F:\23 TECH & PC Programs info folders\5 PC
Program Downloads\Java.exe    a variant of Win32/DomaIQ.BB potentially
unwanted application    deleted - quarantined F:\23 TECH & PC Programs info folders\5 PC
Program Downloads\media.player.codec.pack.v4.0.0.setup.exe    a variant
of Win32/Toolbar.Widgi potentially unwanted application    deleted -
quarantined F:\23 TECH & PC Programs info folders\5 PC
Program Downloads\Setup_FreeConverter.exe    Win32/Toolbar.Widgi
potentially unwanted application    deleted - quarantined F:\23 TECH & PC Programs info folders\5 PC
Program Downloads\smart-defrag-setup.exe    a variant of
Win32/Toolbar.Widgi.B potentially unwanted application    deleted -
quarantined F:\23 TECH & PC Programs info folders\5 PC
Program Downloads\Video converter prismsetup.exe    a variant of
Win32/Toolbar.Conduit.K potentially unwanted application    deleted -
quarantined F:\23 TECH & PC Programs info folders\5 PC
Program Downloads\Secunia PSI installer\cnet_PSISetup_exe.exe    a
variant of Win32/InstallCore.D potentially unwanted
application    deleted - quarantined F:\23 TECH & PC Programs info folders\PC
Driver Store\Gig W7 driver\cnet_DriverSweeper_3_1_0_exe.exe    a variant
of Win32/InstallCore.D potentially unwanted application    deleted -
quarantined F:\32 FILE recovery
tools\Restoration\cbsidlm-tr1_14-Restoration-ORG-10322950.exe    Win32/DownloadAdmin.G
potentially unwanted application    deleted - quarantined F:\35 PC
Programs\cbsidlm-cbsi134-AdwCleaner-ORG-75851221.exe    a variant of
Win32/CNETInstaller.B potentially unwanted application    deleted -
quarantined F:\35 PC
Programs\cbsidlm-cbsi134-Freemake_Video_Converter-ORG-75218346
(3).exe    a variant of Win32/CNETInstaller.B potentially unwanted
application    deleted - quarantined F:\35 PC
Programs\cbsidlm-cbsi134-Free_Youtube_Downloader-ORG-75450165.exe    a
variant of Win32/CNETInstaller.B potentially unwanted
application    deleted - quarantined F:\35 PC
Programs\cbsidlm-cbsi134-Text_Cleaner-ORG-10148056.exe    a variant of
Win32/CNETInstaller.B potentially unwanted application    deleted -
quarantined F:\35 PC
Programs\cbsidlm-cbsi145-jZip-ORG-10730326.exe    a variant of
Win32/CNETInstaller.B potentially unwanted application    deleted -
quarantined F:\35 PC
Programs\cbsidlm-cbsi145-Text_Cleaner-ORG-10148056.exe    a variant of
Win32/CNETInstaller.B potentially unwanted application    deleted -
quarantined F:\35 PC
Programs\cbsidlm-cbsi183-RAR_File_Open_Knife__Free_Opener-ORG-10971016.exe    a
variant of Win32/CNETInstaller.B potentially unwanted
application    deleted - quarantined F:\35 PC Programs\defragsetup.exe    a variant of
Win32/Toolbar.Widgi.B potentially unwanted application    deleted -
quarantined F:\35 PC Programs\drivermax_7_25_cnet.exe    a
variant of Win32/DealPly.I potentially unwanted application    deleted -
quarantined F:\35 PC
Programs\duplicate-file-finder-setup.exe    Win32/InstallMonetizer.AQ
potentially unwanted application    deleted - quarantined F:\35 PC
Programs\registry-cleaner-setup.exe    Win32/InstallMonetizer.AQ
potentially unwanted application    deleted - quarantined F:\35 PC
Programs\revouninstaller-setup.exe    Win32/DownloadAdmin.G potentially
unwanted application    deleted - quarantined F:\35 PC
Programs\Setup.exe    Win32/AdWare.iBryte.G application    cleaned by
deleting - quarantined F:\35 PC Programs\Windows Live Mail.exe    a
variant of Win32/FirseriaInstaller.C potentially unwanted
application    deleted - quarantined F:\35 PC Programs\DTA download manager\Setup
(1).exe    a variant of Win32/AdWare.iBryte.AF application    cleaned by
deleting - quarantined F:\35 PC Programs\DTA download manager\Setup
(2).exe    a variant of Win32/AdWare.iBryte.AF application    cleaned by
deleting - quarantined F:\35 PC Programs\DTA download
manager\Setup.exe    a variant of Win32/AdWare.iBryte.AF
application    cleaned by deleting - quarantined



#8 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,607 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:09:29 PM

Posted 11 August 2014 - 09:40 AM

There was a worm found in the Malwarebytes log.  The rest were not malicious.

 

 

Please post the log for the Eset online scan.

 

 

Please run a scan with Emsisoft.  Download it and follow the instructions.  Post the log in you topic.

 

 

 
Double click on the download and choose to run the program.
 
A screen similar to the one below will open, click any key to run the program.
 
securitycheck_zpscfb86945.png
 
When the scan is finished there will be a log, copy and then paste your log in your next post.
 
If you have AdwCleaner installed, uninstall it and use the link below to download it and run it.
 

Please download AdwCleaner and run it.
 
An image like the one below will open, click on Scan.
 
adwcleaner11_zps48314883.png
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
 
You will receive a message telling you that all programs will be close so that the infections can be removed.  Click on Ok.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your next post.

Edited by dc3, 11 August 2014 - 09:43 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#9 tyler4402

tyler4402
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Palatine of Lancashire England
  • Local time:05:29 AM

Posted 11 August 2014 - 05:52 PM

Hi dc3

The Eset scan went onto my desk top but I could not find a way to append the file to this message, as there does not seem to be a paper clip icon or any icon that will append a file to the message, that's why I had to copy and paste the Eset log into the last message.

 

The emisoft file also went to my Desk Top but again I can't find any attach icon, so I have pasted the log below.

 

Emsisoft Emergency Kit - Version 4.0 Last update: 8/11/2014 5:20:07 PM User account: Blackbess\Robert
Scan settings:
Scan type: Deep Scan Objects: Rootkits, Memory, Traces, C:\, E:\, F:\

Detect PUPs: On Scan archives: On ADS Scan: On File extension filter: Off Advanced caching: On Direct disk access: Off

Scan start:    8/11/2014 5:21:00 PM Key:
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    detected: Application.Win32.WSearch (A) F:\20 What I think, docs for later use\19 Saved
Pc program info\TalkTalk\Password reset - The TalkTalk Members
Forums_files\35550f41a6fc1f763ba5e68c2aa718ac774d     detected:
Trojan.Script.602501 (B)

Scanned    516914 Found    2

Scan end:    11/08/2014 20:28:53 Scan time:    3:07:53

F:\20 What I think, docs for later use\19 Saved
Pc program info\TalkTalk\Password reset - The TalkTalk Members
Forums_files\35550f41a6fc1f763ba5e68c2aa718ac774d    Quarantined
Trojan.Script.602501 (B) Key:
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}    Quarantined
Application.Win32.WSearch (A)

Quarantined    2

 

 

This one is the 317 scan

 

 Results of screen317's Security Check version 0.99.86  
 Windows 7 Service Pack 1 x86 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Out of date HijackThis  installed! 
 Spybot - Search & Destroy 
 Secunia PSI (3.0.0.9016)   
 HijackThis 2.0.2    
 CCleaner     
 Auslogics Registry Cleaner   
 EasyCleaner     
 Java 7 Update 65  
 Java 8 Update 11  
 Adobe Flash Player 14.0.0.126  
 Mozilla Firefox (31.0) 
 Google Chrome 37.0.2041.4  
````````Process Check: objlist.exe by Laurent````````  
 Spybot Teatimer.exe is disabled! 
 Comodo Firewall cmdagent.exe 
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 

````````````````````End of Log``````````````````````

Regards Robert. 



#10 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,607 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:09:29 PM

Posted 12 August 2014 - 08:36 AM

Copy and paste the Eset scan log in your topic.

 

I will be gone until late afternoon PST and will address the rest.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#11 tyler4402

tyler4402
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Palatine of Lancashire England
  • Local time:05:29 AM

Posted 12 August 2014 - 10:23 AM

Hi dc, thanks for your guidance, sorry I though that I had already posted the Eset log, anyway here it is below , regards Robert. 

 

C:\AdwCleaner\Quarantine\C\Program Files\NCH
Software\Disketch\disketch.exe.vir    a variant of
Win32/Toolbar.Conduit.H potentially unwanted application    deleted -
quarantined C:\AdwCleaner\Quarantine\C\Program Files\NCH
Software\Disketch\disketchsetup_v3.07.exe.vir    a variant of
Win32/Toolbar.Conduit.H potentially unwanted application    deleted -
quarantined C:\AdwCleaner\Quarantine\C\Program Files\NCH
Software\ExpressRip\expressrip.exe.vir    probably a variant of
Win32/Toolbar.Conduit.H potentially unwanted application    deleted -
quarantined C:\AdwCleaner\Quarantine\C\Program Files\NCH
Software\ExpressRip\expressripsetup_v1.92.exe.vir    probably a variant
of Win32/Toolbar.Conduit.H potentially unwanted application    deleted -
quarantined C:\AdwCleaner\Quarantine\C\Program
Files\Searchprotect\ffprotect\application.js.vir    Win32/Conduit.SearchProtect.A
potentially unwanted application    deleted - quarantined C:\AdwCleaner\Quarantine\C\Program
Files\Searchprotect\ffprotect\nsprotector.js.vir    Win32/Conduit.SearchProtect.A
potentially unwanted application    deleted - quarantined C:\AdwCleaner\Quarantine\C\Program
Files\WebSearch\uninstall.exe.vir    Win32/SProtector.B potentially
unwanted application    deleted - quarantined C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir    Win32/Toolbar.Conduit.Y
potentially unwanted application    deleted - quarantined C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll.vir    Win32/Toolbar.Conduit.Y
potentially unwanted application    deleted - quarantined C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\Local\Conduit\Chrome\CT3306061\CHUninstaller.exe.vir    a
variant of Win32/Conduit.SearchProtect.N potentially unwanted
application    deleted - quarantined C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User
Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil\10.22.0.88_0\nativeMessaging\TBMessagingHost.exe.vir    a
variant of Win32/Toolbar.Conduit.AH potentially unwanted
application    deleted - quarantined C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User
Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil\10.22.0.88_0\plugins\ConduitChromeApiPlugin.dll.vir    a
variant of Win32/Toolbar.Conduit.AH potentially unwanted
application    deleted - quarantined C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User
Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil\10.22.0.88_0\TBHostSupport\TBHostSupport.dll.vir    a
variant of Win32/Toolbar.Conduit.AA potentially unwanted
application    deleted - quarantined C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User
Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil\10.22.5.10_0\nativeMessaging\TBMessagingHost.exe.vir    a
variant of Win32/Toolbar.Conduit.AH potentially unwanted
application    deleted - quarantined C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User
Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil\10.22.5.10_0\plugins\ConduitChromeApiPlugin.dll.vir    a
variant of Win32/Toolbar.Conduit.AH potentially unwanted
application    deleted - quarantined C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\Local\Google\Chrome\User
Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil\10.22.5.10_0\TBHostSupport\TBHostSupport.dll.vir    a
variant of Win32/Toolbar.Conduit.AA potentially unwanted
application    deleted - quarantined C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\Local\TBHostSupport\TBHostSupport.dll.vir    a
variant of Win32/Toolbar.Conduit.AA potentially unwanted
application    deleted - quarantined C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\Roaming\Searchprotect\ffprotect\application.js.vir    Win32/Conduit.SearchProtect.A
potentially unwanted application    deleted - quarantined C:\AdwCleaner\Quarantine\C\Users\Robert\AppData\Roaming\Searchprotect\ffprotect\nsprotector.js.vir    Win32/Conduit.SearchProtect.A
potentially unwanted application    deleted - quarantined C:\Config.Msi\Downloads\PCPerformer_GN.exe    a
variant of Win32/InstallBrain potentially unwanted
application    deleted - quarantined C:\Config.Msi\Downloads\sd-setup.exe    Win32/ELEX.AH
potentially unwanted application    deleted - quarantined C:\Users\Robert\Downloads\smart-defrag-setup.exe    a
variant of Win32/Toolbar.Widgi.B potentially unwanted
application    deleted - quarantined C:\Users\TEMP\Windows.old.000\Program
Files\DictionaryBossEI\Installr\1.bin\NPv4EISb.dll    Win32/Toolbar.MyWebSearch
potentially unwanted application    deleted - quarantined C:\Users\TEMP\Windows.old.000\Program
Files\DictionaryBossEI\Installr\1.bin\v4EIPlug.dll    Win32/Toolbar.MyWebSearch
potentially unwanted application    deleted - quarantined C:\Users\TEMP\Windows.old.000\Program
Files\DictionaryBossEI\Installr\1.bin\v4EZSETP.dll    Win32/Toolbar.MyWebSearch
potentially unwanted application    deleted - quarantined C:\Users\TEMP\Windows.old.000\Program
Files\Mozilla
Firefox\components\sprotector.js    Win32/Conduit.SearchProtect.A
potentially unwanted application    deleted - quarantined C:\Users\TEMP\Windows.old.000\Program
Files\tinySpell\Trend
Micro\HijackThis\backups\backup-20120201-221353-771.dll    a variant of
Win32/Toolbar.Visicom.B potentially unwanted application    deleted -
quarantined C:\Users\TEMP\Windows.old.000\ProgramData\Spybot
- Search &
Destroy\Recovery\USTechSupportMyCleanPC.zip    Win32/Bagle.gen.zip
worm    cleaned by deleting - quarantined C:\Users\TEMP\Windows.old.000\ProgramData\Spybot
- Search &
Destroy\Recovery\USTechSupportMyCleanPC1.zip    Win32/Bagle.gen.zip
worm    cleaned by deleting - quarantined C:\Users\TEMP\Windows.old.000\ProgramData\Spybot
- Search &
Destroy\Recovery\USTechSupportMyCleanPC2.zip    Win32/Bagle.gen.zip
worm    cleaned by deleting - quarantined C:\Users\TEMP\Windows.old.000\ProgramData\Spybot
- Search &
Destroy\Recovery\USTechSupportMyCleanPC3.zip    Win32/Bagle.gen.zip
worm    cleaned by deleting - quarantined C:\Windows.old\Documents and Settings\Robert\My
Documents\12 Downloads of PC Program\Core-Temp-setup.exe    probably a
variant of Win32/Complitly.A potentially unwanted application    deleted
- quarantined C:\Windows.old\Documents and Settings\Robert\My
Documents\12 Downloads of PC
Program\Setup_FreeConverter.exe    Win32/Toolbar.Widgi potentially
unwanted application    deleted - quarantined C:\Windows.old\Documents and Settings\Robert\My
Documents\12 Downloads of PC Program\Video converter prismsetup.exe    a
variant of Win32/Toolbar.Conduit.K potentially unwanted
application    deleted - quarantined C:\Windows.old\Documents and Settings\Robert\My
Documents\Documents and Settings\Robert\Shared\Download_Energy.exe    a
variant of Win32/Toolbar.Conduit.B potentially unwanted
application    deleted - quarantined C:\Windows.old\Documents and Settings\Robert\My
Documents\Documents and Settings\Robert\Shared\winmx_music_free.exe    a
variant of Win32/Toolbar.Conduit.B potentially unwanted
application    deleted - quarantined F:\cbsidlm-cbsi134-Revo_Uninstaller-ORG-10687648.exe    a
variant of Win32/CNETInstaller.B potentially unwanted
application    deleted - quarantined F:\23 TECH & PC Programs info folders\5 PC
Program Downloads\cbsidlm-tr1_13-World_Clock-ORG-75698825
(1).exe    Win32/DownloadAdmin.G potentially unwanted
application    deleted - quarantined F:\23 TECH & PC Programs info folders\5 PC
Program
Downloads\cbsidlm-tr1_13-World_Clock-ORG-75698825.exe    Win32/DownloadAdmin.G
potentially unwanted application    deleted - quarantined F:\23 TECH & PC Programs info folders\5 PC
Program Downloads\Core-Temp-setup.exe    probably a variant of
Win32/Complitly.A potentially unwanted application    deleted -
quarantined F:\23 TECH & PC Programs info folders\5 PC
Program Downloads\ffortsetup.exe    a variant of
Win32/Toolbar.Conduit.H potentially unwanted application    deleted -
quarantined F:\23 TECH & PC Programs info folders\5 PC
Program Downloads\installfreefileopener_553.exe    a variant of
Win32/InstallIQ.A potentially unwanted application    deleted -
quarantined F:\23 TECH & PC Programs info folders\5 PC
Program Downloads\Java.exe    a variant of Win32/DomaIQ.BB potentially
unwanted application    deleted - quarantined F:\23 TECH & PC Programs info folders\5 PC
Program Downloads\media.player.codec.pack.v4.0.0.setup.exe    a variant
of Win32/Toolbar.Widgi potentially unwanted application    deleted -
quarantined F:\23 TECH & PC Programs info folders\5 PC
Program Downloads\Setup_FreeConverter.exe    Win32/Toolbar.Widgi
potentially unwanted application    deleted - quarantined F:\23 TECH & PC Programs info folders\5 PC
Program Downloads\smart-defrag-setup.exe    a variant of
Win32/Toolbar.Widgi.B potentially unwanted application    deleted -
quarantined F:\23 TECH & PC Programs info folders\5 PC
Program Downloads\Video converter prismsetup.exe    a variant of
Win32/Toolbar.Conduit.K potentially unwanted application    deleted -
quarantined F:\23 TECH & PC Programs info folders\5 PC
Program Downloads\Secunia PSI installer\cnet_PSISetup_exe.exe    a
variant of Win32/InstallCore.D potentially unwanted
application    deleted - quarantined F:\23 TECH & PC Programs info folders\PC
Driver Store\Gig W7 driver\cnet_DriverSweeper_3_1_0_exe.exe    a variant
of Win32/InstallCore.D potentially unwanted application    deleted -
quarantined F:\32 FILE recovery
tools\Restoration\cbsidlm-tr1_14-Restoration-ORG-10322950.exe    Win32/DownloadAdmin.G
potentially unwanted application    deleted - quarantined F:\35 PC
Programs\cbsidlm-cbsi134-AdwCleaner-ORG-75851221.exe    a variant of
Win32/CNETInstaller.B potentially unwanted application    deleted -
quarantined F:\35 PC
Programs\cbsidlm-cbsi134-Freemake_Video_Converter-ORG-75218346
(3).exe    a variant of Win32/CNETInstaller.B potentially unwanted
application    deleted - quarantined F:\35 PC
Programs\cbsidlm-cbsi134-Free_Youtube_Downloader-ORG-75450165.exe    a
variant of Win32/CNETInstaller.B potentially unwanted
application    deleted - quarantined F:\35 PC
Programs\cbsidlm-cbsi134-Text_Cleaner-ORG-10148056.exe    a variant of
Win32/CNETInstaller.B potentially unwanted application    deleted -
quarantined F:\35 PC
Programs\cbsidlm-cbsi145-jZip-ORG-10730326.exe    a variant of
Win32/CNETInstaller.B potentially unwanted application    deleted -
quarantined F:\35 PC
Programs\cbsidlm-cbsi145-Text_Cleaner-ORG-10148056.exe    a variant of
Win32/CNETInstaller.B potentially unwanted application    deleted -
quarantined F:\35 PC
Programs\cbsidlm-cbsi183-RAR_File_Open_Knife__Free_Opener-ORG-10971016.exe    a
variant of Win32/CNETInstaller.B potentially unwanted
application    deleted - quarantined F:\35 PC Programs\defragsetup.exe    a variant of
Win32/Toolbar.Widgi.B potentially unwanted application    deleted -
quarantined F:\35 PC Programs\drivermax_7_25_cnet.exe    a
variant of Win32/DealPly.I potentially unwanted application    deleted -
quarantined F:\35 PC
Programs\duplicate-file-finder-setup.exe    Win32/InstallMonetizer.AQ
potentially unwanted application    deleted - quarantined F:\35 PC
Programs\registry-cleaner-setup.exe    Win32/InstallMonetizer.AQ
potentially unwanted application    deleted - quarantined F:\35 PC
Programs\revouninstaller-setup.exe    Win32/DownloadAdmin.G potentially
unwanted application    deleted - quarantined F:\35 PC
Programs\Setup.exe    Win32/AdWare.iBryte.G application    cleaned by
deleting - quarantined F:\35 PC Programs\Windows Live Mail.exe    a
variant of Win32/FirseriaInstaller.C potentially unwanted
application    deleted - quarantined F:\35 PC Programs\DTA download manager\Setup
(1).exe    a variant of Win32/AdWare.iBryte.AF application    cleaned by
deleting - quarantined F:\35 PC Programs\DTA download manager\Setup
(2).exe    a variant of Win32/AdWare.iBryte.AF application    cleaned by
deleting - quarantined F:\35 PC Programs\DTA download
manager\Setup.exe    a variant of Win32/AdWare.iBryte.AF
application    cleaned by deleting - quarantined



#12 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,607 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:09:29 PM

Posted 13 August 2014 - 12:19 PM

Is the computer running any better?


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#13 tyler4402

tyler4402
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Palatine of Lancashire England
  • Local time:05:29 AM

Posted 13 August 2014 - 03:40 PM

Hi dc3, sorry no, I still have the original problem of when I opposite click onto a file in the explorer list, explorer closes down, although I have figured out that if I click on a folder and expand it I can still click inside the folder and add a sub folder that way.

I am still wondering if the Revo prog has deleted a .dll file.

I was surprised to see my-websearch and conduit etc mentioned in the scan, as I scan with mbam and JRT quite regular,

Regards Robert.  



#14 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,607 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:09:29 PM

Posted 14 August 2014 - 10:20 AM

Revo should not uninstall any .dll files.

 

You should uninstall Spybot search and destroy and Combofix.  Conbofix should not be run unless it is under the supervision of a member of our Malware Removal Team.

 

Please download and install Speccy to provide us with information about your computer.  When  FileHippo opens, click on Download latest version in the upper right pane.
 
When Speccy opens you will see a screen similar to the one below.
 
speccy9_zps2d9cdedc.png
 
Click on File which is outlined in red in the screen above, and then click on Publish Snapshot.
 
The following screen will appear, click on Yes.
 
speccy7_zpsfa02105f.png
 
The following screen will appear, click on Copy to Clipboard.
 
speccy3_zps1791b093.png
 
In your next post right click inside the Reply to Topic box, then click on Paste.  This will load a link to the Speccy log.
 
 

Please download MiniToolBox, save it to your desktop and run it.
 
Checkmark the following checkboxes:
 
• List last 10 Event Viewer log
• List Installed Programs
• List Users, Partitions and Memory size.
• List Minidump Files
 
Click on Go to start the scan.  Once it is finished highlight the text, copy it and paste it in your next post.
 

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#15 tyler4402

tyler4402
  • Topic Starter

  • Members
  • 77 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Palatine of Lancashire England
  • Local time:05:29 AM

Posted 14 August 2014 - 12:04 PM

Hi dc3

 

  I have uninstalled Spy Bot as instructed, but I was unaware that Combofix was on my PC, I have looked in Program files and it does not show there, so I do not know where it is hiding, I will of course continue looking, regards Robert. 

 

 

http://speccy.piriform.com/results/v2lK3qH86NZ6fyNqyfplWhu






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users