Solved Explorer not responding at random.

Custom / CUSTOM
February 18, 2016 at 23:17:40
Specs: Windows 7, 2.394 GHz / 6143 MB
I don't get any error messages. At random I can click to open a file on my desktop or open IE or Google Chrome browser and once open I can do nothing else. The mouse still moves. Example: If I open chrome browser the google search page comes up and I notice the " X " in the upper right that is normally highlighted red is no longer highlighted. I can not click on it to close the browser nor can I type in the search window. If I just wait it may work again in a few seconds or several minutes. Right clicking the mouse anywhere does nothing. This is true for IE, Chrome browser or any files I open. I also sometimes get this issue at the desktop itself. If I rapidly alternate between clicking right and left sometimes it seems to free things up. (Found this out through an act of frustration.) If not I have to log off and back on again. This does not completely keep it from happening but it seems to do for a while.

Thanks for any help you folks can give.

Likely


See More: Explorer not responding at random.

Report •

✔ Best Answer
February 19, 2016 at 13:05:23
Here are the first 2 steps, more steps will be needed, after I see the results of these logs.

Run them in this order.

Step 1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click Scan
In the results tabs, uncheck anything you don't want to remove.
Click on Cleaning.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
http://i.imgur.com/r3PoAEG.gif

Step 2: Run Malwarebytes Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.bleepingcomputer.com/dow...
http://thisisudax.org/
http://thisisudax.blogspot.com.au/2...
Download Malwarebytes Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.



#1
February 19, 2016 at 02:25:07
"This does not completely keep it from happening but it seems to do for a while"
If you can, do this & I can check out these logs. Use Safe mode if you have to.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using Zippy ( No account/registration needed ) or upload to a site of your choosing. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif


Report •

#2
February 19, 2016 at 03:09:55

Report •

#3
February 19, 2016 at 03:39:03
Waiting on the Addition log.

Report •

Related Solutions

#4
February 19, 2016 at 10:06:08

Report •

#5
February 19, 2016 at 12:36:07
"This does not completely keep it from happening but it seems to do for a while"
Whilst I'm going through the logs, test the comp in Safe mode.

Do you still get all your problems?


Report •

#6
February 19, 2016 at 13:05:23
✔ Best Answer
Here are the first 2 steps, more steps will be needed, after I see the results of these logs.

Run them in this order.

Step 1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click Scan
In the results tabs, uncheck anything you don't want to remove.
Click on Cleaning.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
http://i.imgur.com/r3PoAEG.gif

Step 2: Run Malwarebytes Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.bleepingcomputer.com/dow...
http://thisisudax.org/
http://thisisudax.blogspot.com.au/2...
Download Malwarebytes Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#7
February 19, 2016 at 16:09:12
Do still have the issue in safe mode but not nearly as often.

# AdwCleaner v5.035 - Logfile created 19/02/2016 at 18:03:26
# Updated 18/02/2016 by Xplode
# Database : 2016-02-18.5 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Roger - MINE
# Running from : C:\Users\Roger\Desktop\adwcleaner_5.035.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : CouponPrinterService

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Coupons
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons

***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}

***** [ Web browsers ] *****

[-] [C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1435 bytes] ##########

Likely


Report •

#8
February 19, 2016 at 16:15:03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Ultimate x64
Ran by Roger (Administrator) on Fri 02/19/2016 at 18:09:31.88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 18

Failed to delete: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Roger\Documents\add-in express (Folder)
Successfully deleted: C:\Windows\couponprinter.ocx (File)
Successfully deleted: C:\Users\Roger\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Roger\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Roger\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\989V4VZM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Roger\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C2W0Y86L (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Roger\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Roger\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Roger\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R6FOADOX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Roger\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7YAZP0N (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\989V4VZM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C2W0Y86L (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R6FOADOX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7YAZP0N (Temporary Internet Files Folder)

Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 02/19/2016 at 18:13:08.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Likely


Report •

#9
February 19, 2016 at 16:15:11
Good one, we are on the right track, shall see what Junkware Removal Tool finds.

Report •

#10
February 19, 2016 at 16:16:39
Our posts crossed.

Copy & Paste the text in Blue below & save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

CreateRestorePoint:
emptytemp:
closeprocesses:
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.7) (Version: 5.0.1.7 - Coupons.com Incorporated)
HKU\S-1-5-21-2194544171-3219587073-765187920-1001\...\MountPoints2: M - M:\LaunchU3.exe -a
HKU\S-1-5-21-2194544171-3219587073-765187920-1001\...\MountPoints2: {d5f3b884-367c-11e5-8d3c-806e6f6e6963} - J:\setup.exe
AppInit_DLLs: AnyDiscHelp.dll => No File
AppInit_DLLs-x32: AnyDiscHelp.dll => No File
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2194544171-3219587073-765187920-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKU\S-1-5-21-2194544171-3219587073-765187920-1001 -> DefaultScope {355767EC-73A6-43D2-B9C3-2C3AD5A572CB} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2194544171-3219587073-765187920-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2194544171-3219587073-765187920-1001 -> {355767EC-73A6-43D2-B9C3-2C3AD5A572CB} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR StartupUrls: Default -> "hxxp://www.google.com/"
S3 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1413736 2015-09-18] (Coupons.com Inc.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


Report •

#11
February 19, 2016 at 16:35:47
Fix result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
Ran by Roger (2016-02-19 18:27:55) Run:1
Running from D:\!!!!!!IMPORTANT !!!!!\MAINT
Loaded Profiles: Roger (Available Profiles: Roger & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
emptytemp:
closeprocesses:
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.7) (Version: 5.0.1.7 - Coupons.com Incorporated)
HKU\S-1-5-21-2194544171-3219587073-765187920-1001\...\MountPoints2: M - M:\LaunchU3.exe -a
HKU\S-1-5-21-2194544171-3219587073-765187920-1001\...\MountPoints2: {d5f3b884-367c-11e5-8d3c-806e6f6e6963} - J:\setup.exe
AppInit_DLLs: AnyDiscHelp.dll => No File
AppInit_DLLs-x32: AnyDiscHelp.dll => No File
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2194544171-3219587073-765187920-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKU\S-1-5-21-2194544171-3219587073-765187920-1001 -> DefaultScope {355767EC-73A6-43D2-B9C3-2C3AD5A572CB} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2194544171-3219587073-765187920-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2194544171-3219587073-765187920-1001 -> {355767EC-73A6-43D2-B9C3-2C3AD5A572CB} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR StartupUrls: Default -> "hxxp://www.google.com/"
S3 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1413736 2015-09-18] (Coupons.com Inc.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
*****************

Restore point was successfully created.
Processes closed successfully.
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.7) (Version: 5.0.1.7 - Coupons.com Incorporated) => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-2194544171-3219587073-765187920-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M" => key removed successfully
"HKU\S-1-5-21-2194544171-3219587073-765187920-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5f3b884-367c-11e5-8d3c-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{d5f3b884-367c-11e5-8d3c-806e6f6e6963} => key not found.
"AnyDiscHelp.dll" => Value data removed successfully.
"AnyDiscHelp.dll" => Value data removed successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKU\S-1-5-21-2194544171-3219587073-765187920-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2194544171-3219587073-765187920-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-2194544171-3219587073-765187920-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-2194544171-3219587073-765187920-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{355767EC-73A6-43D2-B9C3-2C3AD5A572CB}" => key removed successfully
HKCR\CLSID\{355767EC-73A6-43D2-B9C3-2C3AD5A572CB} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
Chrome StartupUrls => removed successfully
CouponPrinterService => service not found.
Synth3dVsc => service removed successfully
tsusbhub => service removed successfully
VGPU => service removed successfully
EmptyTemp: => 352.3 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 18:28:33 ====

Likely


Report •

#12
February 19, 2016 at 16:44:00
I see you have Malwarebytes installed, run & post the quarantine results in your next post please.

Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box to Scan for rootkits.
http://i.imgur.com/dZgt1g2.gif
Under Non-Malware Protection sub tab, make sure PUP and PUM entries to Treat detections as Malware are checked.
http://i.imgur.com/MKxr2K1.gif


Report •

#13
February 19, 2016 at 19:35:05
I run Malwarebytes almost daily haven't detected anything lately but I'll run again and see if I actually get a log this time.

Likely


Report •

#14
February 19, 2016 at 19:51:16
No quarantine log. Nothing detected.

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 2/19/2016 9:33 PM, SYSTEM, MINE, Manual, Domain Database, 2016.2.19.1, 2016.2.20.1,
Update, 2/19/2016 9:33 PM, SYSTEM, MINE, Manual, Malware Database, 2016.2.19.2, 2016.2.19.7,
Protection, 2/19/2016 9:33 PM, SYSTEM, MINE, Protection, Refresh, Starting,
Protection, 2/19/2016 9:33 PM, SYSTEM, MINE, Protection, Refresh, Success,
Scan, 2/19/2016 9:47 PM, SYSTEM, MINE, Manual, Start:2/19/2016 9:33 PM, Duration:14 min 19 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,

(end)

Likely


Report •

#15
February 19, 2016 at 19:54:40
Time to test & let me know what issues you have.

Here is how a USER got the problems, no AV would have prevented USER error. Go to any Malware forum & no matter what AV they have installed, they got infected.

As you can see from your logs, you had stuff installed, that you do not know, how it got installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.

Or, Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies, so be vigilant.
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/Unchec...
http://unchecky.com/
A reliable application that aims to protect your computer against third-party components often offered during software installations.

WARNING: CNET Download.com downloads now come bundled with opt-out crapware and toolbars ( Same applies to Softonic & Brothersoft )
http://www.groovypost.com/unplugged...

I use Softpedia & FreewareFiles.com, they make you aware what Ad-supported programs the author of the program has included.
http://win.softpedia.com/index.free...
http://www.freewarefiles.com/new_fi...
Sample pages
http://www.softpedia.com/get/CD-DVD...
First and foremost, extra attention needs to be paid during installation as ImgBurn offers to create desktop shortcuts to third-party apps, as well as install a browser toolbar onto the host computer, which are not required to ensure the smooth running of the app.
SS of above.
http://i.imgur.com/jgGYNsP.gif
http://i.imgur.com/rqSpp1e.gif
This is what ImgBurn tries to install.
http://i.imgur.com/ms4DzE9.gif
http://i.imgur.com/vVkd39a.gif
http://i.imgur.com/rqFVaHs.gif
http://i.imgur.com/sm1T7h6.gif
http://i.imgur.com/vhkKLYo.gif


Report •

#16
February 19, 2016 at 21:51:19
I do watch for what I refer to as extra crap when downloading and installing things. My copy of ImgBurn is more than five years old and is rarely used. Normally I use a rather old copy of DVD Decrypter. Never had trouble with so I stick with it. It too though has not been used in at least a year. My issue is a few weeks old at best.

I have no toolbars added. (Bloomin things tick me off). My wife had been using a coupon printer but again this is something that has not been used in a long while. Anything that gets downloaded I go through the settings to insure that I must manually update it myself.

Likely


Report •

#17
February 19, 2016 at 22:07:45
"My copy of ImgBurn is more than five years old and is rarely used"
Wasn't aimed at you, I use that as an example to everyone who gets infected by adware.

Your comp was quite clean, compared to most I work on.

I just googled Coupon Printer.
https://malwaretips.com/blogs/coupo...


Report •

#18
February 20, 2016 at 14:31:59
Not sure that pertained to us. The application she was using came from a specific site and was required to be able to print out coupons. We used it for a good while and didn't get any pop ups or anything like that. All that being said since it has not been in use I let one of those programs you asked me to download get rid of it anyway. Did a good job too as Revo uninstaller pro can't find it. Also it would seem that the issue is now gone or at least pretending to be. Have not had any hangups or temporary freezing since last night through several reboots and a couple shutdowns for hours.

At any rate fixed or not thank you very much for all your help.

Likely


Report •

#19
February 20, 2016 at 14:57:01
"The application she was using came from a specific site and was required to be able to print out coupons"
Two different issues, the program your wife installed was legitimate.
The nasty which we have removed, is as per the link, or my previous info.
In other words, they have nothing to do with each other, they just share a similar name. That is how a User gets tricked & installs it.

"Have not had any hangups or temporary freezing since last night through several reboots and a couple shutdowns for hours"
Sounds good, fingers crossed.

Run DelFix. Copy & Paste the contents of the log please.
https://toolslib.net/downloads/view...
DelFix is designed to delete all removal tools used during a disinfection.
Indeed, these tools are often updated. It's recommended not to have and use outdated versions on computer.
Run the tool by right click on the DelFix icon and Run as administrator option.
Make sure that these are checked:
Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge system restore
Reset system settings
Click Run and wait until the tool completes it's work.
Tool will create an report for you (C:\DelFix.txt)

message edited by Johnw


Report •

#20
February 20, 2016 at 18:21:43
# DelFix v1.011 - Logfile created 20/02/2016 at 20:18:17
# Updated 18/08/2015 by Xplode
# Username : Roger - MINE
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : HKLM\SOFTWARE\Soeperman Enterprises Ltd.
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...


New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

Likely


Report •

#21
February 20, 2016 at 18:30:59
"~ Cleaning system restore ...
New restore point created !"
Good, we now have all nasties removed & a nice healthy system restore.

Let me know if you get anymore issues.


Report •

Ask Question