[PUP.optional.CrossRider and more...really don't know what to do]

OK, I think I've done everything on the list. A few questions/comments:

 

Ran OTC and it left JRT and SecurityCheck on the desktop--I can just delete, as in hit the delete key and click yes when it asks if I really wanna delete them, right? (vs "uninstalling" them, right?)

 

Had to leave for a few hours, so ran MBAM on a complete scan. It found PUP.Optional.OpenCandy.  Can I just delete via MBAM or do I need to go through more elaborate process like we just did?

[PUP.optional.CrossRider and more...really don't know what to do]

 Results of screen317's Security Check version 0.99.72  

 Windows XP Service Pack 3 x86   

 Internet Explorer 8  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

 AVG Free 9.0    

`````````Anti-malware/Other Utilities Check:````````` 

 MVPS Hosts File  

 Spybot - Search & Destroy 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 JavaFX 2.1.0    

 Java 7 Update 9  

 Java version out of Date! 

 Adobe Flash Player 11.7.700.224  

 Adobe Reader 8 Adobe Reader out of Date! 

 Adobe Reader XI (KB403742..) 

````````Process Check: objlist.exe by Laurent````````  

 AVG avgwdsvc.exe 

 AVG avgtray.exe 

 AVG avgrsx.exe 

 AVG avgnsx.exe 

 AVG avgemc.exe 

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:: 31% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log`````````````````````` 

[PUP.optional.CrossRider and more...really don't know what to do]

Just finished the AVG scan. It didn't find anything (but it also didn't find the 13 items in the first place).

 

The RealDownloader plugin message, you mean? No, it does not keep reappearing, although when I look in my plugins container in Chrome, it's there, and active (although I didn't tell it to activate when I was asked). 

[PUP.optional.CrossRider and more...really don't know what to do]

Oh, when I started Google Chrome, I had a message that "another program has downloaded RealDownloader". Don't know how or why or if that's a problem. Any thoughts?

[PUP.optional.CrossRider and more...really don't know what to do]

Definitely faster than it was, although I hadn't noticed it slowing down until yesterday. 

 

Do I need to re-scan to be sure the bad stuff is all gone?

[PUP.optional.CrossRider and more...really don't know what to do]

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.08.13.02

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Linda :: TULINDALAPTOP [administrator]

 

8/13/2013 9:01:50 AM

MBAM-log-2013-08-13 (09-27-24).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 356692

Time elapsed: 23 minute(s), 41 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 1

C:\Documents and Settings\Linda\My Documents\Downloads\WiseConvert_B2.exe (PUP.Optional.Conduit.A) -> No action taken.

 

(end)

[PUP.optional.CrossRider and more...really don't know what to do]

JRT. log:

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.4.4 (08.12.2013:1)

OS: Microsoft Windows XP x86

Ran by Linda on Tue 08/13/2013 at  8:40:39.79

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181104}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181104}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9FB6B030-BC91-4038-82EE-2F52C20405C6}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

 

 

 

~~~ Files

 

Successfully deleted: [File] "C:\WINDOWS\wininit.ini"

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Documents and Settings\Linda\Application Data\uniblue\speedupmypc"

Successfully deleted: [Folder] "C:\Documents and Settings\Linda\Local Settings\Application Data\cre"

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 08/13/2013 at  8:43:59.09

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[PUP.optional.CrossRider and more...really don't know what to do]

AdwCleaner[s1} log:

 

 

 

# AdwCleaner v2.306 - Logfile created 08/13/2013 at 08:06:46

# Updated 19/07/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Linda - TULINDALAPTOP

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Linda\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint

Folder Deleted : C:\Documents and Settings\Linda\Application Data\Viewpoint

Folder Deleted : C:\Program Files\Viewpoint

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

Key Deleted : HKCU\Software\PIP

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKLM\Software\MetaStream

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP

Key Deleted : HKLM\Software\PIP

Key Deleted : HKLM\Software\Viewpoint

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

[OK] Registry is clean.

 

-\\ Google Chrome v28.0.1500.95

 

File : C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

File : C:\Documents and Settings\wrist\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [4087 octets] - [12/08/2013 23:03:16]

AdwCleaner[R2].txt - [4147 octets] - [13/08/2013 08:06:12]

AdwCleaner[s1].txt - [4146 octets] - [13/08/2013 08:06:46]

 

########## EOF - C:\AdwCleaner[s1].txt - [4206 octets] ##########

[PUP.optional.CrossRider and more...really don't know what to do]

Just discovered this on the desktop, which I'd overlooked before. Looks to be the RogueKiller log? Not sure if it's complete or useful but here it is.

debug.log

[PUP.optional.CrossRider and more...really don't know what to do]

Dazz, I believe that you are supposed to start your own new topic, not comment on already existing topics, when you need help. The idea is to not create confusion for everyone involved by talking about 2 entirely different cases in the same topic string. Not to be rude, but I need this to be as unconfusing as possible. Thanks and good luck.

[PUP.optional.CrossRider and more...really don't know what to do]

OK, here's the report from AdwCleaner:

 

 

# AdwCleaner v2.306 - Logfile created 08/12/2013 at 23:03:16

# Updated 19/07/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Linda - TULINDALAPTOP

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Linda\Desktop\adwcleaner.exe

# Option [search]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Found : C:\Documents and Settings\All Users\Application Data\Ask

Folder Found : C:\Documents and Settings\All Users\Application Data\Trymedia

Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint

Folder Found : C:\Documents and Settings\Linda\Application Data\Viewpoint

Folder Found : C:\Program Files\Viewpoint

 

***** [Registry] *****

 

Key Found : HKCU\Software\APN PIP

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

Key Found : HKCU\Software\PIP

Key Found : HKCU\Software\YahooPartnerToolbar

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Found : HKLM\Software\MetaStream

Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP

Key Found : HKLM\Software\PIP

Key Found : HKLM\Software\Viewpoint

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

[OK] Registry is clean.

 

-\\ Google Chrome v28.0.1500.95

 

File : C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

File : C:\Documents and Settings\wrist\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R1].txt - [3958 octets] - [12/08/2013 23:03:16]

 

########## EOF - C:\AdwCleaner[R1].txt - [4018 octets] ##########

[PUP.optional.CrossRider and more...really don't know what to do]

Attempted to download and run RogueKiller for 2nd time with identical results: crash and notification that "the system  has recovered from a serious error" upon restart.

 

 

 

Kinda freaking out here (breathe    breathe     breathe). What now? I did uninstall Coupon Companion Plugin.

[PUP.optional.CrossRider and more...really don't know what to do]

YIKES! Clicked on the link to download RogueKiller and it started instantly when I clicked open--didn't realize it would being to run and hadn't shut down Chrome, so maybe this caused the following to happen: got a screen that looked like DOS (black w/blue text) saying windows had shut down to prevent  serious damage, other scary sounding stuff. Said to restart computer if I haven't seen this message before, otherwise consult my system administrator for further assistance. Wish I had a system administrator....   When I restarted computer, I got message from Windows that there'd been a serious error.....  So, should I attempt to run Roguekiller again?

 

Anyway, notes that were part of the RogueKiller message may be relevant, I dunno:

 

stop:0x0000008E (oxc0000005, oxA73C1289, OxBA506F4C, 0x0000000)

dxec02.sys Address A73C1289 Base at A73AE000, Datestamp 454a3986

Beginning dump physical memory

Physical memory complete

Contact your system administrator or tech support group for further assistance.

[PUP.optional.CrossRider and more...really don't know what to do]

Ok, have attached dds results. Hope this is the proper way to do it (don't know whether I was supposed to attach or copy and paste).

 

Will move on to next step. Stay tuned. And THANK YOU.

dds.txt

attach.txt

[PUP.optional.CrossRider and more...really don't know what to do]

I try to run Malwarebytes scan weekly, and today's came up with 13 malicious items. 10 are registry keys with vendor name PUP.Optional.CrossRider and PUP.Optional.Wajam. The other 3 are files: PUP.Optional.Conduit.A, PUP.Optional.OpenCandy and PUP.Optional.CrossRider. 

 

I really don't know what these mean, but perusing the forums I see some folks have had these and run into Big Issues when simply removing them. Can you please provide me some idiot-proof instrux on how to proceed?  (I do computer kinda like I do car: as long as everything's working I can make it go anywhere, but if anything goes wrong under the hood, I'm totally helpless.) Thanks.