Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple windows open followed by a freeze/Google Chrome - Sponsorship p


  • This topic is locked This topic is locked
25 replies to this topic

#1 melasurej69

melasurej69

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:05 AM

Posted 28 August 2013 - 11:19 AM

Hi, I find myself with a couple of strange issues, so I’m wondering if any of you had similar PC issues and can help.

Issue one, every now and then especially when moving my curser at speed across the desk top or task bar multiple windows open in rapid succession coupled by a miniature logo image of a magnifying glass with a + mark within its circle. I often manage to control that by just clicking on an open website or by miniaturising and re opening windows etc, or on other occasions my PC freezes and I either have to wait until it unfreezes or a reboot is required. This happened despite using updated AVG anti virus etc,

 

The 2nd issue happens in Google Chrome involving Sponsorship popups which I may have resolved by increasing to a higher level of Popup blocker. My PC is windows XP SP3 32 bit. Thanks in advance.  


Edited by hamluis, 10 September 2013 - 11:14 AM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:05 PM

Posted 28 August 2013 - 12:16 PM

FWIW:  http://support.mozilla.org/en-US/questions/965048 .

 

Louis



#3 buddy215

buddy215

  • Moderator
  • 13,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:05 PM

Posted 28 August 2013 - 02:02 PM

(1) Do you have Adblock Plus Installed? If so, that could be the source of the ads. Click on Adblock Plus

icon and choose preferences > uncheck allow unobtrusive ads

 

(2) Look for Update for Zip Opener in your Add/ Remove program list and uninstall.

 

(3) Go into Folder Options and make hidden files visible. Then delete the dsite folder from c:\users\[yourname]\AppData\Roaming.

Go to your task scheduler, (My Computer, right click, manage, Task Scheduler, Task Scheduler Library) and delete the dsite task.

 

One or all of the above has helped other users to get rid of the ads.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 melasurej69

melasurej69
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:05 AM

Posted 29 August 2013 - 09:08 AM

Hi buddy215,

 

Many thanks for your speedy response.

 

(1) I don’t have Adblock installed.

 

(2) I uninstalled Zip Opener.

 

(3) I made hidden files visible > My Computer - right click > manage, but unfortunately couldn't find Task Scheduler. Sorry, I overlooked to mention that my PC is version 2002 (Home edition). There’s a Scheduled Tasks in Control panel but no dsite task within it.

 

Regrettably so far, removing Zip Opener hasn't helped with the multiple windows issue. As for the Sponsorship popups that may have stopped but it’s a bit early to be sure. (I’ll confirm of course if it has gone) 

If you have other suggestions which you think may resolve things I'll be most grateful.

Best regards,

melasurej69



#5 buddy215

buddy215

  • Moderator
  • 13,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:05 PM

Posted 29 August 2013 - 11:09 AM

What add-ons do you have in Chrome? I suspect one of them is responsible. Try deleting or disabling the 

ones you don't recognize or have been installed about the same time as the problem started.

 

You can run these two free programs designed to find and remove adware/ crapware.

AdwCleaner Download

Junkware Removal Tool Download

 

EDIT:  Block the install of Third Party Cookies...ad/ tracking cookies

Disable third-party cookies in IE, Firefox, and Google Chrome | How To - CNET

 

Once you have blocked them then run this free program to delete the cookies presently installed. Allow it 

to remove all that it finds.

SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!


Edited by buddy215, 29 August 2013 - 11:19 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#6 melasurej69

melasurej69
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:05 AM

Posted 05 September 2013 - 06:38 AM

Hi buddy215,

 

I meticulously followed all your advice which has resulted in successfully removing Sponsorship popups – many thanks, but unfortunately made no impression on the multiple window issue, this continuously occurs together with a miniature magnifying glass logo which behaves like a hostile intruder – freezing my PC.

 

It appears that this issue is very different from the Sponsorship popup add type. I just wonder what other info I can provide that could be helpful in resolving this problem.

 

Kind regards,

 

Melasurej69



Hi luis,

 

Thanks for offering your advice in resolving my Sponsorship popup problem. Please excuse my late response, I thought I’d start with buddy215’s advice first, and follow it with yours. His remedies appeared to have cleared it up, but just to make sure I followed them using Malwarebytes which did pickup a fare bit of stuff. The good news is that Sponsorship popup is gone, for which I thank you both. Unfortunately the multiple window + issue remains unresolved.

 

Kind regards,

 

melasurej69



#7 buddy215

buddy215

  • Moderator
  • 13,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:05 PM

Posted 05 September 2013 - 07:39 AM

Post the log of Malwarebytes scan that you mentioned in your last post. That may offer some clue as to what is causing the multiple windows. Or is it multiple tabs?

 

Run a scan using Free ESET Online Antivirus Scanner

Post the results of that scan.

 

Did you check the add-ons in IE for unknown or suspicious ones? You can uninstall or disable the ones you don't recognize

as being installed by you.

 

EDIT: You can also try this...

You can follow the instructions for repairing or reinstalling IE in link below.

Repair or reinstall Internet Explorer in Windows


Edited by buddy215, 05 September 2013 - 07:44 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 melasurej69

melasurej69
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:05 AM

Posted 09 September 2013 - 05:53 AM

Hi buddy215,

 

Firstly, I’m posting the latest Malwarebytes log followed by results of the ESET scan which unfortunately I had to do manually. Please advise if you need the associated info. I’ve reset IE 8 keeping my personal settings. As for Add-ons, I only have a couple of Java plug in helpers enabled, the rest show as unavailable.

 

This morning the bizarre activity started immediately after start up, before opening anything or going online. Moving my curser speedily across the screen resulted in several windows opening including Display properties x 2, Administrator folder, Confirm file delete and the Start list sprung up, always accompanied by that foreign intruder “magnifier logo” on the prowl. Btw, my cursor was also displaced to the opposite side of the screen. I have to move my mouse cursor very slowly to try to avoid bringing on that magnifier logo and the accompanying instability.

 

I hope the little info I’m forwarding helps.

 

Kind regards,

 

Melasurej99

 

 

Ps. Btw, for several weeks I’ve been unable to use System restore even with creating a restore point

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.09.05.07

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Owner :: SALLY [administrator]

 

08/09/2013 09:44:07

mbam-log-2013-09-08 (09-44-07).txt

 

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 369355

Time elapsed: 2 hour(s), 32 minute(s), 48 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

ESET scan results 

 

Threats:

 

HTML/Iframe.B.Gen virus

Win32/Adware.MultiPlug.H application

 

 

  

 

 

 

 

 



#9 melasurej69

melasurej69
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:05 AM

Posted 09 September 2013 - 06:50 AM

Sorry buddy215,

 

I overlooked to confirm that it's multiple windows not tabs.

 

Rgds

 

melasurej69 



#10 buddy215

buddy215

  • Moderator
  • 13,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:05 PM

Posted 09 September 2013 - 07:07 AM

The MBAM log you posted is a new scan log. I would really like to see the one before that.

 

Let's see what the program below finds.

RogueKiller Download

Download & SAVE to your Desktop

 

  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 melasurej69

melasurej69
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:05 AM

Posted 09 September 2013 - 09:31 AM

Hi buddy215, 

 

It looks like it wasn't Malwarebytes which came across a load of stuff after all, but instead either AdwCleaner or Junkware removal. Supera picked up Trojan.agent/Gen-nullo(short). 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.29.06
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: SALLY [administrator]
 
29/08/2013 16:20:15
mbam-log-2013-08-29 (16-20-15).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 373543
Time elapsed: 2 hour(s), 48 minute(s), 3 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 8
HKCR\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899} (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA} (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 6
C:\Documents and Settings\All Users\Application Data\Tarma Installer (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Program Files\Search Results Toolbar\Datamngr (PUP.Optional.Datamngr) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
 
Files Detected: 45
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\Movdap\WebCakeDesktop.exe (PUP.WebCake.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\My Documents\Downloads\ZipOpenerSetup.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.
C:\Program Files\Movdap\WBDesktop.Updater.exe (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
C:\Program Files\Vuze\.install4j\user\mism.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6A884A8D-D3EB-4B2A-9234-2B5B8BDA73E0}\RP297\A0358245.exe (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6A884A8D-D3EB-4B2A-9234-2B5B8BDA73E0}\RP300\A0359342.exe (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6A884A8D-D3EB-4B2A-9234-2B5B8BDA73E0}\RP300\A0359344.dll (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6A884A8D-D3EB-4B2A-9234-2B5B8BDA73E0}\RP300\A0359345.exe (PUP.WebCake.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6A884A8D-D3EB-4B2A-9234-2B5B8BDA73E0}\RP300\A0359353.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\1.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\2229.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\2255.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\a.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\b.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\c.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\d.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\e.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\f.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\g.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\h.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\i.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\j.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\k.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\l.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\m.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\mru.xml (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\n.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\o.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\p.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\q.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\r.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\s.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\t.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\u.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\v.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\w.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\wlu.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\x.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\y.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Application Data\PriceGong\Data\z.txt (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
 
(end)
 

rgads

 

melasurej69



#12 melasurej69

melasurej69
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:05 AM

Posted 09 September 2013 - 09:33 AM

Further to the Rkiller scan:

 

RogueKiller V8.6.10 [Sep  9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Remove -- Date : 09/09/2013 15:26:38
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] RogueKiller.exe -- C:\Documents and Settings\Owner\My Documents\RogueKiller.exe [-] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Google Update ("C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [7]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-117609710-492894223-725345543-1003\[...]\Run : Google Update ("C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [7]) -> [0x2] The system cannot find the file specified. 
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 2 ¤¤¤
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-117609710-492894223-725345543-1003UA.job : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> DELETED
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-117609710-492894223-725345543-1003Core.job : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe - /c [7] -> DELETED
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: ST380011A +++++
--- User ---
[MBR] 43b7d3362ba33ffdcf6ee73025c4bb81
[BSP] 2468a660f170ee48731548b639ea8402 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76285 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_09092013_152638.txt >>
RKreport[0]_S_09092013_152347.txt


#13 buddy215

buddy215

  • Moderator
  • 13,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:09:05 PM

Posted 09 September 2013 - 01:13 PM

You really had a lot of adware/ crapware on your computer. But that doesn't explain why all the windows

open during a quick mouse over.

 

Suggest you use Ccleaner to cleanup the temporary files, logs, etc.. Use the default settings. Be sure to Uncheck

the offer of the Yahoo Toolbar or other during the install. Do not use the Registry Cleaner tool..could cause problems.

CCleaner - PC Optimization and Cleaning - Free Download

 

After cleaning do a chkdsk scan.

After the chkdsk scan, defragment the hdd.

 

How to run Chkdsk from My Computer or from Windows Explorer
  1. Double-click My Computer, and then right-click the hard disk that you want to check.
  2. Click Properties, and then click Tools.
  3. Under Error-checking, click Check Now
  4. Note The Check disk options dialog box appears.
  5. Use one of the following procedures:
    • To run Chkdsk in read-only mode, click Start.
    • To repair errors without scanning the volume for bad sectors, select the Automatically fix file system errors check box, and then click Start.
    • To repair errors, locate bad sectors, and recover readable information, select the Scan for and attempt recovery of bad sectors check box, and then click Start.   (choose this)

Click Yes to schedule the disk check, and then restart your computer to start the disk check.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 melasurej69

melasurej69
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:05 AM

Posted 10 September 2013 - 04:24 AM

Hi bunny215,

 

Before using CCleaner I thought I best mention that I've been using it (the free version) regularly for several years as well as Supera. I've used CCleaner setup as follows,

 

Among my exclusions so far were:

 

APPLICATIONS

 

CLEANER  

 

Firefox

Internet cache

Cookies

Saved passwords

Site preferences

 

Google Chrome

Internet cache

Cookies

Saved passwords

 

Utilities

Excluded in total

 

WINDOWS

 

Internet Explorer

Cookies

Saved passwords

Auto complete from history

 

 

Windows Explorer

Internet passwords

 

System

DNS cache

Font cache

Start menu shortcuts

Desktop shortcuts

 

Advanced

Excluded in total

 

REGISTRY

Included in full

 

Given the above position please confirm how best to proceed.

 

rgds

 

melasurej69



#15 hamluis

hamluis

    Moderator


  • Moderator
  • 56,415 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:05 PM

Posted 10 September 2013 - 11:13 AM

Topic moved to Am I Infected.

 

Louis

 

EDIT:  Sent PM to OP suggesting that he initiate new topic in MRL sans the excess baggage of this topic.


Edited by hamluis, 14 September 2013 - 06:53 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users