Jump to content

zinniaqueen

Members
  • Posts

    15
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thank you so much for you help! I truly appreciate your patience, easy to understand instrux, and expertise.

  2. OK, I think I've done everything on the list. A few questions/comments: Ran OTC and it left JRT and SecurityCheck on the desktop--I can just delete, as in hit the delete key and click yes when it asks if I really wanna delete them, right? (vs "uninstalling" them, right?) Had to leave for a few hours, so ran MBAM on a complete scan. It found PUP.Optional.OpenCandy. Can I just delete via MBAM or do I need to go through more elaborate process like we just did?
  3. Results of screen317's Security Check version 0.99.72 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG Free 9.0 `````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.75.0.1300 JavaFX 2.1.0 Java 7 Update 9 Java version out of Date! Adobe Flash Player 11.7.700.224 Adobe Reader 8 Adobe Reader out of Date! Adobe Reader XI (KB403742..) ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe AVG avgtray.exe AVG avgrsx.exe AVG avgnsx.exe AVG avgemc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 31% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````
  4. Just finished the AVG scan. It didn't find anything (but it also didn't find the 13 items in the first place). The RealDownloader plugin message, you mean? No, it does not keep reappearing, although when I look in my plugins container in Chrome, it's there, and active (although I didn't tell it to activate when I was asked).
  5. Oh, when I started Google Chrome, I had a message that "another program has downloaded RealDownloader". Don't know how or why or if that's a problem. Any thoughts?
  6. Definitely faster than it was, although I hadn't noticed it slowing down until yesterday. Do I need to re-scan to be sure the bad stuff is all gone?
  7. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.13.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Linda :: TULINDALAPTOP [administrator] 8/13/2013 9:01:50 AM MBAM-log-2013-08-13 (09-27-24).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 356692 Time elapsed: 23 minute(s), 41 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Documents and Settings\Linda\My Documents\Downloads\WiseConvert_B2.exe (PUP.Optional.Conduit.A) -> No action taken. (end)
  8. JRT. log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.4.4 (08.12.2013:1)OS: Microsoft Windows XP x86Ran by Linda on Tue 08/13/2013 at 8:40:39.79~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayNameSuccessfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181104}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181104}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9FB6B030-BC91-4038-82EE-2F52C20405C6}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} ~~~ Files Successfully deleted: [File] "C:\WINDOWS\wininit.ini" ~~~ Folders Successfully deleted: [Folder] "C:\Documents and Settings\Linda\Application Data\uniblue\speedupmypc"Successfully deleted: [Folder] "C:\Documents and Settings\Linda\Local Settings\Application Data\cre" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Tue 08/13/2013 at 8:43:59.09End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  9. AdwCleaner[s1} log: # AdwCleaner v2.306 - Logfile created 08/13/2013 at 08:06:46# Updated 19/07/2013 by Xplode# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)# User : Linda - TULINDALAPTOP# Boot Mode : Normal# Running from : C:\Documents and Settings\Linda\Desktop\adwcleaner.exe# Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\AskFolder Deleted : C:\Documents and Settings\All Users\Application Data\TrymediaFolder Deleted : C:\Documents and Settings\All Users\Application Data\ViewpointFolder Deleted : C:\Documents and Settings\Linda\Application Data\ViewpointFolder Deleted : C:\Program Files\Viewpoint ***** [Registry] ***** Key Deleted : HKCU\Software\APN PIPKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.comKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.comKey Deleted : HKCU\Software\PIPKey Deleted : HKCU\Software\YahooPartnerToolbarKey Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKLM\Software\MetaStreamKey Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayerKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMPKey Deleted : HKLM\Software\PIPKey Deleted : HKLM\Software\Viewpoint ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Google Chrome v28.0.1500.95 File : C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Documents and Settings\wrist\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [4087 octets] - [12/08/2013 23:03:16]AdwCleaner[R2].txt - [4147 octets] - [13/08/2013 08:06:12]AdwCleaner[s1].txt - [4146 octets] - [13/08/2013 08:06:46] ########## EOF - C:\AdwCleaner[s1].txt - [4206 octets] ##########
  10. Just discovered this on the desktop, which I'd overlooked before. Looks to be the RogueKiller log? Not sure if it's complete or useful but here it is. debug.log
  11. Dazz, I believe that you are supposed to start your own new topic, not comment on already existing topics, when you need help. The idea is to not create confusion for everyone involved by talking about 2 entirely different cases in the same topic string. Not to be rude, but I need this to be as unconfusing as possible. Thanks and good luck.
  12. OK, here's the report from AdwCleaner: # AdwCleaner v2.306 - Logfile created 08/12/2013 at 23:03:16# Updated 19/07/2013 by Xplode# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)# User : Linda - TULINDALAPTOP# Boot Mode : Normal# Running from : C:\Documents and Settings\Linda\Desktop\adwcleaner.exe# Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Documents and Settings\All Users\Application Data\AskFolder Found : C:\Documents and Settings\All Users\Application Data\TrymediaFolder Found : C:\Documents and Settings\All Users\Application Data\ViewpointFolder Found : C:\Documents and Settings\Linda\Application Data\ViewpointFolder Found : C:\Program Files\Viewpoint ***** [Registry] ***** Key Found : HKCU\Software\APN PIPKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.comKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.comKey Found : HKCU\Software\PIPKey Found : HKCU\Software\YahooPartnerToolbarKey Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Found : HKLM\Software\MetaStreamKey Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayerKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMPKey Found : HKLM\Software\PIPKey Found : HKLM\Software\Viewpoint ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Google Chrome v28.0.1500.95 File : C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Documents and Settings\wrist\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [3958 octets] - [12/08/2013 23:03:16] ########## EOF - C:\AdwCleaner[R1].txt - [4018 octets] ##########
  13. Attempted to download and run RogueKiller for 2nd time with identical results: crash and notification that "the system has recovered from a serious error" upon restart. Kinda freaking out here (breathe breathe breathe). What now? I did uninstall Coupon Companion Plugin.
  14. YIKES! Clicked on the link to download RogueKiller and it started instantly when I clicked open--didn't realize it would being to run and hadn't shut down Chrome, so maybe this caused the following to happen: got a screen that looked like DOS (black w/blue text) saying windows had shut down to prevent serious damage, other scary sounding stuff. Said to restart computer if I haven't seen this message before, otherwise consult my system administrator for further assistance. Wish I had a system administrator.... When I restarted computer, I got message from Windows that there'd been a serious error..... So, should I attempt to run Roguekiller again? Anyway, notes that were part of the RogueKiller message may be relevant, I dunno: stop:0x0000008E (oxc0000005, oxA73C1289, OxBA506F4C, 0x0000000) dxec02.sys Address A73C1289 Base at A73AE000, Datestamp 454a3986 Beginning dump physical memory Physical memory complete Contact your system administrator or tech support group for further assistance.
  15. Ok, have attached dds results. Hope this is the proper way to do it (don't know whether I was supposed to attach or copy and paste). Will move on to next step. Stay tuned. And THANK YOU. dds.txt attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.