Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Explorer.exe has stopped working"+ MBAM premium issue combined


  • Please log in to reply
11 replies to this topic

#1 PapagenoX

PapagenoX

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 PM

Posted 14 October 2014 - 05:07 PM

Hi all,

 

This morning I brought back my PC from hibernation and the first thing I noticed was that the "wired internet connection" icon on the lower right (Windows 7 Ultimate 64 bit BTW) had a red x on it.  Despite this, the browser was pulling up webpages, which was mysterious.  I tried to open Network and Sharing center and couldn't get it to come up.  Then I opened Malware Bytes Premium and at the dashboard, I notice that the Malicious website protection was not working or on.  Tried to fix it, but no go.  I think that that was when the "Explorer.exe has stopped working" messages started, and I lost my taskbar.  I managed to do a restart using CTRL-ALT-DELETE which seemed to go fine.  My system is usually rock solid, so this kind of thing freaks me out.

 

Once I was back at the desktop, I thought to try to use Malware Bytes Chameleon just in case.  The first one brought up the command window, and immediately there was something in red type (although I confess I can't remember exactly what it said). On either that try or the next one down it did a Malwarebytes full scan and found nothing.  Everything seems to be working great now, but I'm understandably rather paranoid.  Should I be?  For my regular anti-virus I'm running MSE.

 

So, to recap:

 

Running Windows 7 Ultimate x64,

Explorer.exe stopped working, combined with website protection not activatable in Malware Bytes Premium.

 

Any help/advice would be greatly appreciated.

 

Thanks,

José aka PapagenoX


Edited by PapagenoX, 14 October 2014 - 05:08 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:22 AM

Posted 14 October 2014 - 06:53 PM

If you are receiving a message inside the MBAM program that Malicious Website Protection is disabled, please follow these instructions.

Please download and scan with Emsisoft Emergency Kit which contains a collection of programs that can be used without software installation to scan for malware and clean infected computers.
  • Save the file to your Desktop.
  • Double click the EmsisoftEmergencyKit.exe icon to run the tool.
    I7zpP8t.png
    Vista/Windows 7/8 users right-click and select Run As Administrator.
    .
  • When the program opens select Emergency Kit Scanner.
    rxYDlQ1.png
    .
  • If prompted to download the latest definition files, select Yes.
    dQaKPnk.png
    .
  • After the update, go to Scan PC and select the option to perform a Deep Scan.
  • Be patient...this is a comprehensive scan and can take some time to comple.
    .
  • When the scan has finished, select Quarantine Detected Objects and click OK.
    g5ojhHp.png
    .
  • When done, click on View Report, save it to your Desktop and copy and paste the contents in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 PapagenoX

PapagenoX
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 PM

Posted 15 October 2014 - 01:37 AM

Hello, quietman, and thanks for helping.  I'm doing what you asked, but the Emsisoft Emergency Kit has obviously had some changes since those screenshots were taken.  The "Deep Scan" is now called the "Full Scan" for instance. I do wish it had a setting that let you decide how much of the CPU to use, it's taking forever (I'm going to let it run all night) yet it's only using 7% of my i5 2500k, which is rather silly.  I don't see any way to get it to use more, though, and free is free.

 

I'll post the report when it's finally done.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:22 AM

Posted 15 October 2014 - 04:03 AM

Not a problem.

 

I use Emsisoft Anti-Malware so its been a while since I tried the Emergency Kit and wasn't aware of the changes. Thanks for letting me know.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 PapagenoX

PapagenoX
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 PM

Posted 15 October 2014 - 10:13 AM

Hmm, it doesn't want to let me post the results because for some bizarre reason it's finding "too many emoticons" in the text. Maybe because there's a bunch of lines with ( B) at the end and it's interpreting those as emoticons?

 

Aha, that was it! I'll add an extra space now.

 

BTW, I wonder why it only quarantined 11 items (among which seem to be many archived copies of the same particular email message) when it found a total of 91?  Is there anything earth-shattering in here?  As I wrote in my OP, everything seems to be running fine now.

 

Emsisoft Emergency Kit - Version 9.0
Last update: 10/14/2014 10:27:33 PM
User account: JoséWin7-64PC\José Hulse

Scan settings:

Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\, D:\, E:\, F:\, G:\, H:\, I:\, J:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    10/14/2014 10:29:11 PM
C:\Users\José Hulse\AppData\Roaming\getrighttogo     detected: Application.AppInstall (A)
C:\Users\José Hulse\AppData\Roaming\pdfforge     detected: Application.AppInstall (A)
C:\Users\José Hulse\AppData\Local\apn     detected: Application.AppInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SYSTWEAK     detected: Application.InstallAd (A)
C:\Users\José Hulse\AppData\Roaming\Thunderbird\Profiles\793okthw.default\Mail\Local Folders\Inbox -> (message 933)     detected: Generic.Peed.Eml.D3D9E7B2 (B )
C:\Users\José Hulse\AppData\Roaming\Thunderbird\Profiles\793okthw.default\Mail\Local Folders\Inbox -> (message 948)     detected: Generic.Peed.Eml.D8C4D331 (B )
C:\Users\José Hulse\AppData\Roaming\Thunderbird\Profiles\793okthw.default\Mail\Local Folders\Inbox -> (message 1042)     detected: Generic.Peed.Eml.3EAC2E2B (B )
C:\Users\José Hulse\AppData\Roaming\Thunderbird\Profiles\793okthw.default\Mail\Local Folders\Inbox -> (message 1195)     detected: Generic.Peed.Eml.A5DAE2A1 (B )
C:\Users\José Hulse\AppData\Roaming\Thunderbird\Profiles\793okthw.default\Mail\Local Folders\Inbox -> (message 1252)     detected: Generic.Peed.Eml.ED6F982F (B )
C:\Users\José Hulse\AppData\Roaming\Thunderbird\Profiles\793okthw.default\Mail\Local Folders\Inbox -> (message 1389)     detected: Generic.Peed.Eml.6835E94A (B )
C:\Users\José Hulse\AppData\Roaming\Thunderbird\Profiles\793okthw.default\Mail\Local Folders\Inbox -> (message 1450)     detected: Generic.Peed.Eml.026FA90F (B )
C:\Users\José Hulse\AppData\Roaming\Thunderbird\Profiles\793okthw.default\Mail\Local Folders\Inbox -> (message 1453)     detected: Generic.Peed.Eml.7EA06D12 (B )
C:\Users\José Hulse\AppData\Roaming\Thunderbird\Profiles\793okthw.default\Mail\Local Folders\Inbox -> (message 1510)     detected: Generic.Peed.Eml.0F8A0ED9 (B )
C:\Users\José Hulse\AppData\Roaming\Thunderbird\Profiles\793okthw.default\Mail\Local Folders\Inbox -> (message 1515)     detected: Generic.Peed.Eml.11048DB9 (B )
C:\Users\José Hulse\AppData\Roaming\Thunderbird\Profiles\793okthw.default\Mail\Local Folders\Inbox -> (message 1622)     detected: Generic.Peed.Eml.86181996 (B )
C:\Users\José Hulse\AppData\Roaming\Thunderbird\Profiles\793okthw.default\Mail\Local Folders\Inbox -> (message 1667)     detected: Generic.Peed.Eml.1706621C (B )
C:\Users\José Hulse\AppData\Roaming\Thunderbird\Profiles\793okthw.default\Mail\Local Folders\Inbox -> (message 1726)     detected: Generic.Peed.Eml.B6F9DB3C (B )
C:\Users\José Hulse\AppData\Roaming\Thunderbird\Profiles\793okthw.default\Mail\Local Folders\Inbox -> (message 1889)     detected: Generic.Peed.Eml.ED540EBB (B )
C:\Users\José Hulse\AppData\Roaming\Thunderbird\Profiles\793okthw.default\Mail\Local Folders\Inbox -> (message 1970)     detected: Generic.Peed.Eml.282948AF (B )
C:\Users\José Hulse\AppData\Roaming\Thunderbird\Profiles\793okthw.default\Mail\Local Folders\Inbox -> (message 2020)     detected: Generic.Peed.Eml.AE7C51B4 (B )
C:\Users\José Hulse\AppData\Roaming\Thunderbird\Profiles\793okthw.default\Mail\Local Folders\Inbox -> (message 2062)     detected: Generic.Peed.Eml.61FCF692 (B )
F:\Backup from C\Thunderbird 2.0.0.21 (en-US) - 2011-03-12\Mail\Local Folders\Inbox -> (message 933)     detected: Generic.Peed.Eml.D3D9E7B2 (B )
F:\Backup from C\Thunderbird 2.0.0.21 (en-US) - 2011-03-12\Mail\Local Folders\Inbox -> (message 948)     detected: Generic.Peed.Eml.D8C4D331 (B )
F:\Backup from C\Thunderbird 2.0.0.21 (en-US) - 2011-03-12\Mail\Local Folders\Inbox -> (message 1042)     detected: Generic.Peed.Eml.3EAC2E2B (B )
F:\Backup from C\Thunderbird 2.0.0.21 (en-US) - 2011-03-12\Mail\Local Folders\Inbox -> (message 1195)     detected: Generic.Peed.Eml.A5DAE2A1 (B )
F:\Backup from C\Thunderbird 2.0.0.21 (en-US) - 2011-03-12\Mail\Local Folders\Inbox -> (message 1252)     detected: Generic.Peed.Eml.ED6F982F (B )
F:\Backup from C\Thunderbird 2.0.0.21 (en-US) - 2011-03-12\Mail\Local Folders\Inbox -> (message 1389)     detected: Generic.Peed.Eml.6835E94A (B )
F:\Backup from C\Thunderbird 2.0.0.21 (en-US) - 2011-03-12\Mail\Local Folders\Inbox -> (message 1450)     detected: Generic.Peed.Eml.026FA90F (B )
F:\Backup from C\Thunderbird 2.0.0.21 (en-US) - 2011-03-12\Mail\Local Folders\Inbox -> (message 1453)     detected: Generic.Peed.Eml.7EA06D12 (B )
F:\Backup from C\Thunderbird 2.0.0.21 (en-US) - 2011-03-12\Mail\Local Folders\Inbox -> (message 1510)     detected: Generic.Peed.Eml.0F8A0ED9 (B )
F:\Backup from C\Thunderbird 2.0.0.21 (en-US) - 2011-03-12\Mail\Local Folders\Inbox -> (message 1515)     detected: Generic.Peed.Eml.11048DB9 (B )
F:\Backup from C\Thunderbird 2.0.0.21 (en-US) - 2011-03-12\Mail\Local Folders\Inbox -> (message 1622)     detected: Generic.Peed.Eml.86181996 (B )
F:\Backup from C\Thunderbird 2.0.0.21 (en-US) - 2011-03-12\Mail\Local Folders\Inbox -> (message 1667)     detected: Generic.Peed.Eml.1706621C (B )
F:\Backup from C\Thunderbird 2.0.0.21 (en-US) - 2011-03-12\Mail\Local Folders\Inbox -> (message 1726)     detected: Generic.Peed.Eml.B6F9DB3C (B )
F:\Backup from C\Thunderbird 2.0.0.21 (en-US) - 2011-03-12\Mail\Local Folders\Inbox -> (message 1889)     detected: Generic.Peed.Eml.ED540EBB (B )
F:\Backup from C\Thunderbird 2.0.0.21 (en-US) - 2011-03-12\Mail\Local Folders\Inbox -> (message 1970)     detected: Generic.Peed.Eml.282948AF (B )
F:\Backup from C\Thunderbird 2.0.0.21 (en-US) - 2011-03-12\Mail\Local Folders\Inbox -> (message 2020)     detected: Generic.Peed.Eml.AE7C51B4 (B )
F:\Backup from C\Thunderbird 2.0.0.21 (en-US) - 2011-03-12\Mail\Local Folders\Inbox -> (message 2062)     detected: Generic.Peed.Eml.61FCF692 (B )
F:\My Downloads\GamersGate temporary files\368\launch -> (Quarantine-PE)     detected: Gen:Trojan.Heur.9GZ@Xk8YR9h (B )
F:\My Downloads\GamersGate temporary files\596\launch -> (Quarantine-PE)     detected: Gen:Trojan.Heur.5GZ@XQRt32g (B )
G:\Documents and Settings\Jose\Application Data\Thunderbird\Profiles\3kjjnsik.default\Mail\Local Folders\Inbox -> (message 933)     detected: Generic.Peed.Eml.D3D9E7B2

(B )
G:\Documents and Settings\Jose\Application Data\Thunderbird\Profiles\3kjjnsik.default\Mail\Local Folders\Inbox -> (message 948)     detected: Generic.Peed.Eml.D8C4D331

(B )
G:\Documents and Settings\Jose\Application Data\Thunderbird\Profiles\3kjjnsik.default\Mail\Local Folders\Inbox -> (message 1042)     detected: Generic.Peed.Eml.3EAC2E2B

(B )
G:\Documents and Settings\Jose\Application Data\Thunderbird\Profiles\3kjjnsik.default\Mail\Local Folders\Inbox -> (message 1195)     detected: Generic.Peed.Eml.A5DAE2A1

(B )
G:\Documents and Settings\Jose\Application Data\Thunderbird\Profiles\3kjjnsik.default\Mail\Local Folders\Inbox -> (message 1252)     detected: Generic.Peed.Eml.ED6F982F

(B )
G:\Documents and Settings\Jose\Application Data\Thunderbird\Profiles\3kjjnsik.default\Mail\Local Folders\Inbox -> (message 1389)     detected: Generic.Peed.Eml.6835E94A

(B )
G:\Documents and Settings\Jose\Application Data\Thunderbird\Profiles\3kjjnsik.default\Mail\Local Folders\Inbox -> (message 1450)     detected: Generic.Peed.Eml.026FA90F

(B )
G:\Documents and Settings\Jose\Application Data\Thunderbird\Profiles\3kjjnsik.default\Mail\Local Folders\Inbox -> (message 1453)     detected: Generic.Peed.Eml.7EA06D12

(B )
G:\Documents and Settings\Jose\Application Data\Thunderbird\Profiles\3kjjnsik.default\Mail\Local Folders\Inbox -> (message 1510)     detected: Generic.Peed.Eml.0F8A0ED9

(B )
G:\Documents and Settings\Jose\Application Data\Thunderbird\Profiles\3kjjnsik.default\Mail\Local Folders\Inbox -> (message 1515)     detected: Generic.Peed.Eml.11048DB9

(B )
G:\Documents and Settings\Jose\Application Data\Thunderbird\Profiles\3kjjnsik.default\Mail\Local Folders\Inbox -> (message 1622)     detected: Generic.Peed.Eml.86181996

(B )
G:\Documents and Settings\Jose\Application Data\Thunderbird\Profiles\3kjjnsik.default\Mail\Local Folders\Inbox -> (message 1667)     detected: Generic.Peed.Eml.1706621C

(B )
G:\Documents and Settings\Jose\Application Data\Thunderbird\Profiles\3kjjnsik.default\Mail\Local Folders\Inbox -> (message 1726)     detected: Generic.Peed.Eml.B6F9DB3C

(B )
G:\Documents and Settings\Jose\Application Data\Thunderbird\Profiles\3kjjnsik.default\Mail\Local Folders\Inbox -> (message 1889)     detected: Generic.Peed.Eml.ED540EBB

(B )
G:\Documents and Settings\Jose\Application Data\Thunderbird\Profiles\3kjjnsik.default\Mail\Local Folders\Inbox -> (message 1970)     detected: Generic.Peed.Eml.282948AF

(B )
G:\Documents and Settings\Jose\Application Data\Thunderbird\Profiles\3kjjnsik.default\Mail\Local Folders\Inbox -> (message 2020)     detected: Generic.Peed.Eml.AE7C51B4

(B )
G:\Documents and Settings\Jose\Application Data\Thunderbird\Profiles\3kjjnsik.default\Mail\Local Folders\Inbox -> (message 2062)     detected: Generic.Peed.Eml.61FCF692

(B )
H:\Users\JoseWin7\AppData\Roaming\Thunderbird\Profiles\kkwq1udk.JosesOldEmail\Mail\Local Folders\Inbox -> (message 933)     detected: Generic.Peed.Eml.D3D9E7B2 (B )
H:\Users\JoseWin7\AppData\Roaming\Thunderbird\Profiles\kkwq1udk.JosesOldEmail\Mail\Local Folders\Inbox -> (message 948)     detected: Generic.Peed.Eml.D8C4D331 (B )
H:\Users\JoseWin7\AppData\Roaming\Thunderbird\Profiles\kkwq1udk.JosesOldEmail\Mail\Local Folders\Inbox -> (message 1042)     detected: Generic.Peed.Eml.3EAC2E2B (B )
H:\Users\JoseWin7\AppData\Roaming\Thunderbird\Profiles\kkwq1udk.JosesOldEmail\Mail\Local Folders\Inbox -> (message 1195)     detected: Generic.Peed.Eml.A5DAE2A1 (B )
H:\Users\JoseWin7\AppData\Roaming\Thunderbird\Profiles\kkwq1udk.JosesOldEmail\Mail\Local Folders\Inbox -> (message 1252)     detected: Generic.Peed.Eml.ED6F982F (B )
H:\Users\JoseWin7\AppData\Roaming\Thunderbird\Profiles\kkwq1udk.JosesOldEmail\Mail\Local Folders\Inbox -> (message 1389)     detected: Generic.Peed.Eml.6835E94A (B )
H:\Users\JoseWin7\AppData\Roaming\Thunderbird\Profiles\kkwq1udk.JosesOldEmail\Mail\Local Folders\Inbox -> (message 1450)     detected: Generic.Peed.Eml.026FA90F (B )
H:\Users\JoseWin7\AppData\Roaming\Thunderbird\Profiles\kkwq1udk.JosesOldEmail\Mail\Local Folders\Inbox -> (message 1453)     detected: Generic.Peed.Eml.7EA06D12 (B )
H:\Users\JoseWin7\AppData\Roaming\Thunderbird\Profiles\kkwq1udk.JosesOldEmail\Mail\Local Folders\Inbox -> (message 1510)     detected: Generic.Peed.Eml.0F8A0ED9 (B )
H:\Users\JoseWin7\AppData\Roaming\Thunderbird\Profiles\kkwq1udk.JosesOldEmail\Mail\Local Folders\Inbox -> (message 1515)     detected: Generic.Peed.Eml.11048DB9 (B )
H:\Users\JoseWin7\AppData\Roaming\Thunderbird\Profiles\kkwq1udk.JosesOldEmail\Mail\Local Folders\Inbox -> (message 1622)     detected: Generic.Peed.Eml.86181996 (B )
H:\Users\JoseWin7\AppData\Roaming\Thunderbird\Profiles\kkwq1udk.JosesOldEmail\Mail\Local Folders\Inbox -> (message 1667)     detected: Generic.Peed.Eml.1706621C (B )
H:\Users\JoseWin7\AppData\Roaming\Thunderbird\Profiles\kkwq1udk.JosesOldEmail\Mail\Local Folders\Inbox -> (message 1726)     detected: Generic.Peed.Eml.B6F9DB3C (B )
H:\Users\JoseWin7\AppData\Roaming\Thunderbird\Profiles\kkwq1udk.JosesOldEmail\Mail\Local Folders\Inbox -> (message 1889)     detected: Generic.Peed.Eml.ED540EBB (B )
H:\Users\JoseWin7\AppData\Roaming\Thunderbird\Profiles\kkwq1udk.JosesOldEmail\Mail\Local Folders\Inbox -> (message 1970)     detected: Generic.Peed.Eml.282948AF (B )
H:\Users\JoseWin7\AppData\Roaming\Thunderbird\Profiles\kkwq1udk.JosesOldEmail\Mail\Local Folders\Inbox -> (message 2020)     detected: Generic.Peed.Eml.AE7C51B4 (B )
H:\Users\JoseWin7\AppData\Roaming\Thunderbird\Profiles\kkwq1udk.JosesOldEmail\Mail\Local Folders\Inbox -> (message 2062)     detected: Generic.Peed.Eml.61FCF692 (B )
I:\Backup05Mar2011\Application Data\Thunderbird\Profiles\3kjjnsik.default\Mail\Local Folders\Inbox -> (message 933)     detected: Generic.Peed.Eml.D3D9E7B2 (B )
I:\Backup05Mar2011\Application Data\Thunderbird\Profiles\3kjjnsik.default\Mail\Local Folders\Inbox -> (message 948)     detected: Generic.Peed.Eml.D8C4D331 (B )
I:\Backup05Mar2011\Application Data\Thunderbird\Profiles\3kjjnsik.default\Mail\Local Folders\Inbox -> (message 1042)     detected: Generic.Peed.Eml.3EAC2E2B (B )
I:\Backup05Mar2011\Application Data\Thunderbird\Profiles\3kjjnsik.default\Mail\Local Folders\Inbox -> (message 1195)     detected: Generic.Peed.Eml.A5DAE2A1 (B )
I:\Backup05Mar2011\Application Data\Thunderbird\Profiles\3kjjnsik.default\Mail\Local Folders\Inbox -> (message 1252)     detected: Generic.Peed.Eml.ED6F982F (B )
I:\Backup05Mar2011\Application Data\Thunderbird\Profiles\3kjjnsik.default\Mail\Local Folders\Inbox -> (message 1389)     detected: Generic.Peed.Eml.6835E94A (B )
I:\Backup05Mar2011\Application Data\Thunderbird\Profiles\3kjjnsik.default\Mail\Local Folders\Inbox -> (message 1450)     detected: Generic.Peed.Eml.026FA90F (B )
I:\Backup05Mar2011\Application Data\Thunderbird\Profiles\3kjjnsik.default\Mail\Local Folders\Inbox -> (message 1453)     detected: Generic.Peed.Eml.7EA06D12 (B )
I:\Backup05Mar2011\Application Data\Thunderbird\Profiles\3kjjnsik.default\Mail\Local Folders\Inbox -> (message 1510)     detected: Generic.Peed.Eml.0F8A0ED9 (B )
I:\Backup05Mar2011\Application Data\Thunderbird\Profiles\3kjjnsik.default\Mail\Local Folders\Inbox -> (message 1515)     detected: Generic.Peed.Eml.11048DB9 (B )
I:\Backup05Mar2011\Application Data\Thunderbird\Profiles\3kjjnsik.default\Mail\Local Folders\Inbox -> (message 1622)     detected: Generic.Peed.Eml.86181996 (B )
I:\Backup05Mar2011\Application Data\Thunderbird\Profiles\3kjjnsik.default\Mail\Local Folders\Inbox -> (message 1667)     detected: Generic.Peed.Eml.1706621C (B )
I:\Backup05Mar2011\Application Data\Thunderbird\Profiles\3kjjnsik.default\Mail\Local Folders\Inbox -> (message 1726)     detected: Generic.Peed.Eml.B6F9DB3C (B )
I:\Backup05Mar2011\Application Data\Thunderbird\Profiles\3kjjnsik.default\Mail\Local Folders\Inbox -> (message 1889)     detected: Generic.Peed.Eml.ED540EBB (B )
I:\Backup05Mar2011\Application Data\Thunderbird\Profiles\3kjjnsik.default\Mail\Local Folders\Inbox -> (message 1970)     detected: Generic.Peed.Eml.282948AF (B )
I:\Backup05Mar2011\Application Data\Thunderbird\Profiles\3kjjnsik.default\Mail\Local Folders\Inbox -> (message 2020)     detected: Generic.Peed.Eml.AE7C51B4 (B )
I:\Backup05Mar2011\Application Data\Thunderbird\Profiles\3kjjnsik.default\Mail\Local Folders\Inbox -> (message 2062)     detected: Generic.Peed.Eml.61FCF692 (B )

Scanned    1078045
Found    91

Scan end:    10/15/2014 5:44:59 AM
Scan time:    7:15:48

I:\Backup05Mar2011\Application Data\Thunderbird\Profiles\3kjjnsik.default\Mail\Local Folders\Inbox    Quarantined Generic.Peed.Eml.61FCF692 (B )
H:\Users\JoseWin7\AppData\Roaming\Thunderbird\Profiles\kkwq1udk.JosesOldEmail\Mail\Local Folders\Inbox    Quarantined Generic.Peed.Eml.61FCF692 (B )
G:\Documents and Settings\Jose\Application Data\Thunderbird\Profiles\3kjjnsik.default\Mail\Local Folders\Inbox    Quarantined Generic.Peed.Eml.61FCF692 (B )
F:\My Downloads\GamersGate temporary files\596\launch    Quarantined Gen:Trojan.Heur.5GZ@XQRt32g (B )
F:\My Downloads\GamersGate temporary files\368\launch    Quarantined Gen:Trojan.Heur.9GZ@Xk8YR9h (B )
F:\Backup from C\Thunderbird 2.0.0.21 (en-US) - 2011-03-12\Mail\Local Folders\Inbox    Quarantined Generic.Peed.Eml.61FCF692 (B )
C:\Users\José Hulse\AppData\Roaming\Thunderbird\Profiles\793okthw.default\Mail\Local Folders\Inbox    Quarantined Generic.Peed.Eml.61FCF692 (B )
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SYSTWEAK    Quarantined Application.InstallAd (A)
C:\Users\José Hulse\AppData\Local\apn    Quarantined Application.AppInstall (A)
C:\Users\José Hulse\AppData\Roaming\pdfforge    Quarantined Application.AppInstall (A)
C:\Users\José Hulse\AppData\Roaming\getrighttogo    Quarantined Application.AppInstall (A)

Quarantined    11


Edited by PapagenoX, 15 October 2014 - 11:41 AM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:22 AM

Posted 15 October 2014 - 01:40 PM

I see nothing of significant concern showing in your log...and no indication of a major malware infection.


Now try doing an online scan to see if it finds anything else that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
Vista/Windows 7/8 users need to run Internet Explorer/Firefox as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.

  • Click the green esetOnline.png button.
  • Read the End User License Agreement and check the box:
  • Check esetAcceptTerms.png.
  • Click the esetStart.png button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check esetScanArchives.png and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • The scan can take some time to complete...close all programs and do NOT use the computer while the scan is running.
    If given the option (when threats are found), choose "Quarantine" instead of delete.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop as ESETScan.txt.
  • Push the esetBack.png button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply. If no threats are found, there is no option to create a log.

If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
ESET Online Scanner FAQs
-- Note: If you recognize any of the detections as legitimate programs, it's possible they are "false positives" and you can ignore them or get a second opinion if you're not sure. Eset's detection rate is high and can include legitimate files which it considers suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not always the case. Be careful what you choose to remove. If in doubt, ask before taking action.
 
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 PapagenoX

PapagenoX
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 PM

Posted 16 October 2014 - 09:10 AM

OK, here are the results of the ESET scan:

 

C:\Users\José Hulse\AppData\Local\Temp\AskSLib.dll    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
C:\Users\José Hulse\AppData\Local\Temp\fox50A8.tmp\Foxit Reader en5.4.2.901(toolbar) Setup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
C:\Users\José Hulse\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\76354827-1890526a    a variant of Java/JShrink.A potentially unsafe application    deleted - quarantined
C:\Users\José Hulse\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\39c1bfb3-28093b94    multiple threats    cleaned by deleting - quarantined
C:\Users\José Hulse\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\72f16a78-5ee2086b    multiple threats    cleaned by deleting - quarantined
C:\Users\José Hulse\Downloads\ccsetup320.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application    deleted - quarantined
C:\Users\José Hulse\Downloads\cpu-z_1.59-setup-en.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application    deleted - quarantined
C:\Users\José Hulse\Downloads\FoxitReader513.1201_enu_Setup.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
C:\Users\José Hulse\Downloads\PDFCreator-1_6_0_setup.exe    Win32/InstallMonetizer.AQ potentially unwanted application    deleted - quarantined
C:\Users\José Hulse\Downloads\PFPortChecker.exe    Win32/InstallMonetizer.AN potentially unwanted application    deleted - quarantined
E:\isobuster_eng.exe    a variant of Win32/Toolbar.Conduit.B potentially unwanted application    deleted - quarantined
F:\My Downloads\SetupImgBurn_2.5.2.0.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application    deleted - quarantined
F:\My Downloads\TVersitySetup_1_8.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application    deleted - quarantined
H:\Program Files\Ask.com\GenericAskToolbar.dll    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application    deleted - quarantined
H:\Program Files\Ask.com\SaUpdate.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application    deleted - quarantined
H:\Program Files\Ask.com\UpdateTask.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application    deleted - quarantined
H:\Users\JoseWin7\AppData\Local\AskToolbar\Downloaded Program Files\xaddon.dll    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application    deleted - quarantined
H:\Users\JoseWin7\AppData\LocalLow\AskToolbar\xaddon.cab    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application    deleted - quarantined
H:\Windows\Installer\b5c9a.msi    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application    deleted - quarantined



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:22 AM

Posted 16 October 2014 - 04:34 PM

Again noting of significant concern...mostly PUP related detections.

How is your computer running now?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 PapagenoX

PapagenoX
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 PM

Posted 16 October 2014 - 07:26 PM

It seems to be working fine.  Maybe it was just some power-related thing (my PC is about 3 years old now, and in building it I actually used a power supply that I'd bought new about a year before that but not used).



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:22 AM

Posted 16 October 2014 - 08:04 PM

If your computer is running OK and there's no signs of infection...you should be good to go.

You may want to read these topics.
Best Practices for Safe Computing - Prevention of Malware Infection
How Malware Spreads - How did I get infected
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs)
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 PapagenoX

PapagenoX
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:22 PM

Posted 17 October 2014 - 05:09 AM

Thanks for your help.



#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,077 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:22 AM

Posted 17 October 2014 - 05:15 AM

You're welcome. :thumbup2:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users