TechSpot

Windows Explorer Runtime Error on Performing Search

By bobcat
Jan 27, 2009
Topic Status:
Not open for further replies.
  1. bobcat

    bobcat TechSpot Paladin Topic Starter Posts: 688   +67

    @ mflynn

    First of all, many thanks for continuing to show interest and provide advice, I hope I’m not a bad pupil. As I said before, I have increased my personal knowledge, anti-malware arsenal and system security as a result of this thread. :)

    Another reply to a question of yours:
    I clarify that SiSoftware is indeed installed, but in the Startup list (Start> Run> services.msc) is shown as starting manually, not automatically with Windows. Is it shown by HJT as being activated, i.e. starting automatically?

    As regards malware still detected by various tools, I had noticed in the past that each tool tends to find items quarantined by another and signal a new discovery, when in fact it’s an already known and fixed issue. I just hope this is not happening in my case.

    It’s also possible that de-activating all real-time protection during scans leaves the way open for new invaders. How likely do you consider this when there is internet connection but no browser open?

    I shall now proceed with the other measures you mentioned. I have been busy doing further scans with AntiVir & Ad-Aware.
  2. bobcat

    bobcat TechSpot Paladin Topic Starter Posts: 688   +67

    @Bobbye

    Many thanks also to you for your continued support.

    I clarify that
    Code:
    http://www.i-choice.com.cy/
    is in fact the provider of my internet connection, that’s why it's my home page. I consider it safe, but they may be changing the name of the service, hence the complication.
  3. mflynn

    mflynn TS Rookie Posts: 2,793

    OK SiSoftware should not be set to run automatically its ok forget it!

    Clear all Quarantines now!

    Disabling all protections is reasonably safe if cable is unplugged or in Safe Mode only!

    I think Dial-A-Fix (DAF) has a good chance of fixing your issue.

    Mike
  4. bobcat

    bobcat TechSpot Paladin Topic Starter Posts: 688   +67

    Here is my report on Dial-A-Fix, but the bug is tougher than any fix.

    After creating a System Restore Point, I picked up enough courage to run DAF, as it is a beta version and goes deeply into the system.

    I did not get any error or file missing reported, nor did it ask for the XP CD.
    After completion, I rebooted and re-tested, but the search error appeared promptly.

    As DAF had not fixed my problem and I didn’t know what it did, I considered it prudent to restore my system to its previous state. It did restore, which means that DAF had in fact made some changes. I don’t know whether I should have restored, I just feel more comfortable “with the devil I know, as opposed to the one I don’t know”.

    Anyway, thanks for your efforts and the many useful tools you introduced me to.

    Some other info:

    New scans by 5 different tools find no more malware.
    But my AntiVir gave ComboFix as undesirable and quarantined it. I visited its page (http://www.bleepingcomputer.com/combofix/how-to-use-combofix#restore) and it seems a very reputable one above all suspicion. Also my McAfee site advisor gave the site as safe. So it must be a false alarm.
  5. mflynn

    mflynn TS Rookie Posts: 2,793

    Hi Bob

    I feel you are clear of Malwware.

    You mentioned twice now about running my advised programs without knowing what they do, DAF and the SAS repairs by the numbers when all you need to do is pause the mouse over each and read.

    DAF is one of the safest programs I know of. Basically only unregisters then reregisters DLL's. You should have not done the restore.

    Your search problem is related to your Acronis and the .tib files.

    Here is the fix!

    Download and run http://www.nirsoft.net/utils/shexview.zip

    Disable the Acronis True Image Shell Extension

    Reboot!

    I don't like Vista's search, especially since we lost a feature that I use and like.

    In XP we could search for multiple files in the search box using a simicolon ; like this "*.exe:*.com;adobe*.exe" etc.

    I started using XSearch http://www.easexp.com/xsearch/ in Vista and now even in XP because of its features.

    Mike
  6. bobcat

    bobcat TechSpot Paladin Topic Starter Posts: 688   +67

    [​IMG]
    The above image (hope the board allows it in this case) says everything.
    My search now finishes very soon. Before, it was dragging on till the WE crash.

    Thanks, congrats and compliments! :)
    I hope Admins/Mods read this thread and take due notice of your valuable assistance and extensive knowledge.

    Though you had identified the cause of the problem early on,
    I am glad we didn’t just uninstall Acronis, as I’ve gained much more from this thread than just the solution to the problem.

    Now a couple of comments:

    The problem must have arisen when I upgraded Acronis from version 9 to version 11, though the previous version was doing the job and was much smaller.
    Would you advise me to go back to version 9?

    When I said I didn’t know what DAF did, I meant I didn’t know what changes it had made and where. Of course, this is my fault, I should have checked the log. A further difficulty is that I don’t always understand all the technical jargon used by specialized tools.

    I note your confidence in DAF. Which of the following actions would you recommend?
    Undo System Restoration to revive the DAF changes (and re-run shexview)
    Re-run DAF
    Wait for the final version of DAF (expected soon) and run that.
  7. mflynn

    mflynn TS Rookie Posts: 2,793

    OK great!

    On the Acronis all you did was eliminate it from the rt click menu (Shell). Which I doubt you need anyway.

    I would stay with ver 11 if it is doing all you want as far as creating images etc when manually run.

    I would not restore because if you do you would reverse the Acronis fix and perhaps some of the last cleanup we did. Just run DAF again. Then when the new version comes out run that.

    DAF is something that can be run almost anytime. Say after a Virus or Malware cleaning because even if a Malware is removed it does not necessarily repair damage done. Some Malware change or unregister DLL's etc. The registry entry for a DLL can be removed from or changed by Malware, this reregistration corrects that also.

    So mostly DAF goes thu and unregisters then reresisters DLL's, ActiveX, OLE and other scripts to reset them in the registry.

    Yes you can look at the DAF log to see what it did.

    But what I am saying is that after you load DAF to the screen hover the mouse over the label (description) to the right of the check box and you will get a popup description of what that entry does.

    This same thing works in SAS in the numbered repairs you did hover the mouse for a description!

    Thread closing-------------------------------------------------------------------

    Some of these tools update so often they require downloading again later if needed. But keep and run MBAM and SAS to maintain.

    Remove ComboFix
    Start-Run
    type
    combofix /u
    Hit enter or click OK.

    Please download OTCleanIt http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe

    Save to desktop.

    This will remove all the tools we used to clean your computer.


    Double-click OTCleanIt.exe. Click CleanUp. Yes to the "Begin cleanup Process?"

    Approve all if prompted by Firewall. Approve Widows Defender or other guards or security programs while OTCleanIt attempting access to the Internet to allow all.

    If prompted to Reboot click, Yes.
    OTCleanit will delete itself when finished, If not delete it by yourself.

    -------------------------------------------------------------------------------------
    Run CCleaner again twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.

    Run ATF-Cleaner http://majorgeeks.com/ATF_Cleaner_d4949.html Temp and Registry, repeatedly until no more found.

    KCleaner ftp://ftp2.kcsoftwares.com/kcsoftwa/files/kcleaner.exe
    Fantastic cleaner.
    -------------------------------------------------------------------------------------
    The issues can and are likely found is in System Restore so do the below

    Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "After cleanup at TechSpot".

    Then Start-Programs-Accessories-System Tools-Disk Cleanup
    Click OK to accept C:
    Select all Boxes
    Then click More Options
    Here click System Restore and OK to "Are you sure" and the OK to Run.

    As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

    It clears what is known as Shadow copies which are used by specialized back up programs.

    This is if you have the Volume Shadow Copy running which is the default.
    -------------------------------------------------------------------------------------

    Every two weeks or so, run MBAM and SAS until clean.

    They take a while, so leave scanning while you are sleeping working or watching TV. If not done under the gun they can be scheduled not to interfere with computer time.

    If they find something they can not clean, then get back to us.

    Additionally run CCleaner. ATF-Cleaner and KCleaner.
    ----------------------------------------------------------------------------------------
    I have been using ThreatFire for more than a year, it just went from ver 3 to ver 4.

    It was designed to be used with and to co-exist with other Virus scanners.

    Additionally it uses a totally different process to protect. While conventional Virus scanners work from definitions ThreatFire works on recognizing Virus/Malware activity.

    It's like looking at it with 2 sets of eyes and from a different angle.

    It works like some Firewalls do to learn what is good/bad.

    After install it will ask you about everything that could be a security issue. For example the first time you run IE or FireFox it will prompt you. You would answer to approve and remember the setting. From then on no more prompts about IE or FireFox unless the exe changes like in an update.

    As it queries you about the prompt to help you determine to approve or not you can google it with one click.

    http://www.threatfire.com/Download/
    -------------------------------------------------------------------------------------
    Look at http://www.javacoolsoftware.com/spywareblaster.html

    Run SpyBot ocassionally and use the Immunize function.
    http://www.safer-networking.org/en/download/

    I highly reccomend Hostman: Hostman http://majorgeeks.com/HostsMan_d4592.html

    Download install run and allow it to disable DNS Client and select all Host files and then Update and install all host files.

    A Disk Scan (chkdsk) and Defrag are in order.

    Mike
  8. bobcat

    bobcat TechSpot Paladin Topic Starter Posts: 688   +67

  9. mflynn

    mflynn TS Rookie Posts: 2,793

    You are so welcome!:)

    Mike
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.