Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91804 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Slow Computer. Windows Explorer keeps restarting [Solved]


  • This topic is locked This topic is locked
29 replies to this topic

#16 AnthonySzum

AnthonySzum

    Authentic Member

  • Authentic Member
  • PipPip
  • 102 posts

Posted 29 January 2014 - 03:59 AM

An error pops up saying windows cannot find notepad. Its not on the computer for some reason.

 

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ae3b2b6e3ea1dc41bf73a5ae3b01dc51
# engine=16841
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-01-29 04:54:02
# local_time=2014-01-28 11:54:02 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=3590 16777213 100 90 17394430 209041306 0 0
# compatibility_mode=5892 16776573 100 100 0 227578770 0 0
# scanned=449425
# found=8
# cleaned=0
# scan_time=17336
sh=D5E7A4717328BD41D5844E7704C9F4F2B2312445 ft=1 fh=35688940cc2af874 vn="a variant of Win32/HiddenStart.A application" ac=I fn="C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe"
sh=7FAF9CDDB31B3CB464F91CDCFB9857B926D6DCD1 ft=0 fh=0000000000000000 vn="SWF/Exploit.CVE-2007-0071 trojan" ac=I fn="C:\Program Files (x86)\Rosetta Stone\Content\data\1c\2\1c2136a7c1675c9ff26a4bae649e01faeac67f54"
sh=A7826FD0A61CC994153A0D0D0712013C51C20F3A ft=1 fh=f36db57315c0dad6 vn="a variant of Win32/Toolbar.MyWebSearch application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\iWonEI\Installr\1.bin\jfEIPlug.dll.vir"
sh=CA3AC64EB5BD99D32E0A7013D4132C3EB0E1D752 ft=1 fh=dd4ca1e002054879 vn="a variant of Win32/Toolbar.Conduit.B application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\ToggleEN\tbTogg.dll.vir"
sh=9E5629DC46A552762E8EFFEE81DE4E565A4C4E79 ft=1 fh=c71c0011d001ea45 vn="probably a variant of Win32/Adware.Gamevance.AG application" ac=I fn="C:\Qoobox\Quarantine\C\Users\patricia\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@playsushi.com\components\PlaySushiFF.dll.vir"
sh=297CA0907D08374145FBBF4836BF6209946926B2 ft=1 fh=fe6583c741449090 vn="Win64/Olmarik.AL trojan" ac=I fn="C:\TDSSKiller_Quarantine\10.09.2012_20.06.16\mbr0000\tdlfs0000\tsk0004.dta"
sh=BC798E1A61DF3696B241DFD2EC26B795D5661C0F ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.DN trojan" ac=I fn="C:\ThunderboltTempRoot\fre3vo"
sh=231B6BEF450552CF7BF279113B7A538BD6DE188E ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.DN trojan" ac=I fn="C:\Users\patricia\Desktop\Thunderbolt\ThunderboltTempRoot.zip"
 


    Advertisements

Register to Remove


#17 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 29 January 2014 - 10:06 AM

A program called "Thunderbolt" is flagged there as a trojan.  In the purest sense it is as it is a hack.  It hacks the root of android phones.  I'm assuming that you have purposefully used this program to "root" your android device.  If that is not true... then please let me know.

 

Overall.. your looking good.

 

Let's try this for notepad.

 

Hold your windows key and press R.  This will bring up the run box.

 

In the box type:  C:\Windows\System32\notepad.exe and then press OK.

 

Does notepad open?

 

Let me know and also let me know how things are running overall.


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#18 AnthonySzum

AnthonySzum

    Authentic Member

  • Authentic Member
  • PipPip
  • 102 posts

Posted 29 January 2014 - 01:26 PM

I did use it for rooting my phone but it was a while ago. I'd like to take it off the computer since I am not using it.

The command for notepad did not work. As I stated, it is completely gone from my system. Is there a place to download it from?

Everything is running smooth but for some reason, I keep getting that error message about windows explorer restarting. Perhaps it is a hardware issue?



#19 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 29 January 2014 - 01:38 PM

Ok...  If it is completely gone... then all I know to do is install a third party replacement.

 

Let's give a thorough look to make sure it isn't hiding in some "unusual" place.

 

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    notepad
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#20 AnthonySzum

AnthonySzum

    Authentic Member

  • Authentic Member
  • PipPip
  • 102 posts

Posted 29 January 2014 - 02:07 PM

SystemLook 30.07.11 by jpshortstuff

Log created at 14:44 on 29/01/2014 by patricia

Administrator - Elevation successful

 

========== filefind ==========

 

Searching for "notepad"

No files found.

 

-= EOF =-



#21 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 29 January 2014 - 02:41 PM

Well, it doesn't appear to be hiding anywhere.
 
What program did the logs you posted open in?
 
At this point it would appear that your only choice is to install a third party replacement program.  here are a few:
Notepad2
Notepad++
TED Notepad

TextPad

 

Notepad++ is the only one I've used.  Each of these is like "notepad on steroids" in that they do more than notepad ever could.

 

As far as removing ThunderBolt... you have a folder on your desktop called Thunderbolt.  Right click on it and select delete.

Then, on the root of your C: drive you have a folder called ThunderboltTempRoot.  Right click on it and select delete.

 


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#22 AnthonySzum

AnthonySzum

    Authentic Member

  • Authentic Member
  • PipPip
  • 102 posts

Posted 29 January 2014 - 05:29 PM

It opens using wordpad. Is there anyway to get the original notepad back? I done searches everywhere and can't find it

 

All deleted



#23 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 29 January 2014 - 06:30 PM

Do you have your Vista systems disk?  If so, see if it has a folder called i386.  If it does... there should be a file in there called notepad.ex_.  If this is true also... you can restore as follows:

 

With the disk in the disk drive, hold your windows key and press R to bring up the run box.  In the run box type cmd and press enter.  (This will bring up a dos prompt.)

 

At the dos prompt type cd E: and press enter.

now type cd i386 and press enter

type expand notepad.ex_ C:\windows\notepad.exe and press enter

type expand notepad.ex_ C:\windows\system32\notepad.exe and press enter

type exit and press enter (this will close the dos prompt window)

 

Now hold your windows key and press R to bring up the run box.  type notepad and press enter.  Notepad should open.

 


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#24 AnthonySzum

AnthonySzum

    Authentic Member

  • Authentic Member
  • PipPip
  • 102 posts

Posted 30 January 2014 - 02:00 PM

Unfortunately, I don't have that. Aside from that, everything seems to be running good. One last question. What happens if you run combofix more than once? Say I do it once a week or month to keep the computer going smooth.



#25 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 30 January 2014 - 03:26 PM

Running cf on your own as a prophylactic is a bad idea.  It is extremely powerful and can do as much damage as good.  It is updated quite frequently so the version you have will expire in a day or two anyway.  You have surely seen it used quite often on the forums, but you should have noticed that it is never used before a log has been garnered to review what is happening.  Using CF against certain infections can brick your system.  If you don't know what you're looking for... you are playing Russian roulette.  Without the training and access to the developers updates... you can't know what to look for.

 

Do you have any friends with a Vista system disk?   It doesn't have to be the one that came with your computer.  All Vista disks should have the file you need.


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

    Advertisements

Register to Remove


#26 AnthonySzum

AnthonySzum

    Authentic Member

  • Authentic Member
  • PipPip
  • 102 posts

Posted 30 January 2014 - 04:11 PM

Oh I see. I was just curious because I noticed eventually it seems everyone winds using it. I was looking to run it on my comp down stairs.Btw I found notepad.exe on the computer down stairs and put it on the one you helped me with so now I have it again.

Thank you for all your help!



#27 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 30 January 2014 - 04:30 PM

Great!

 

So let's clean up!

 

 

  • Click START then RUN
  •  
  • Now type ComboFix /Uninstall in the runbox  and click OK.
  • Note the space between the X and the U, it needs to be there.
  • Combofix_uninstall_image.jpg

The above procedure will:

  • Implement some cleanup procedures.
  • Reset System Restore.

 

 

Now to remove most of the tools that we have used in fixing your machine:

  • Make sure you have an Internet Connection.
  • Download OTC to your desktop and run it
  • A list of tool components used in the cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.

 

Please re-enable any security that was disabled.

 

Any tools and/or logs left can just be deleted.

 

The following is my standard advice for the future.  Use what you can and pat yourself on the back for what you're already doing.

Please take time to read Preventing Malware - Tools and Practices for Safe Computing.  Very important information for your consideration is contained therein.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein


Also: "How to prevent malware" 
by miekiemoes

Please respond back that you understand the above and let me know if you have any questions.  Otherwise, this thread will be closed Resolved.  :thumbup:
 


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#28 AnthonySzum

AnthonySzum

    Authentic Member

  • Authentic Member
  • PipPip
  • 102 posts

Posted 01 February 2014 - 10:20 AM

Everything is uninstalled. I really appreciate your time and effort you put in to help me and my computer.

Thank you!!!!!!!!!



#29 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 01 February 2014 - 11:35 AM

You are very welcome.

Good luck and be well! :thumbup:


Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png


#30 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,150 posts

Posted 01 February 2014 - 11:37 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif


WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users