zinniaqueen
-
Posts
15 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by zinniaqueen
-
-
Results of screen317's Security Check version 0.99.72Windows XP Service Pack 3 x86Internet Explorer 8``````````````Antivirus/Firewall Check:``````````````Windows Firewall Enabled!AVG Free 9.0`````````Anti-malware/Other Utilities Check:`````````MVPS Hosts FileSpybot - Search & DestroyMalwarebytes Anti-Malware version 1.75.0.1300JavaFX 2.1.0Java 7 Update 9Java version out of Date!Adobe Flash Player 11.7.700.224Adobe Reader 8 Adobe Reader out of Date!Adobe Reader XI (KB403742..)````````Process Check: objlist.exe by Laurent````````AVG avgwdsvc.exeAVG avgtray.exeAVG avgrsx.exeAVG avgnsx.exeAVG avgemc.exe`````````````````System Health check`````````````````Total Fragmentation on Drive C:: 31% Defragment your hard drive soon! (Do NOT defrag if SSD!)````````````````````End of Log``````````````````````
-
Just finished the AVG scan. It didn't find anything (but it also didn't find the 13 items in the first place).
The RealDownloader plugin message, you mean? No, it does not keep reappearing, although when I look in my plugins container in Chrome, it's there, and active (although I didn't tell it to activate when I was asked).
-
Oh, when I started Google Chrome, I had a message that "another program has downloaded RealDownloader". Don't know how or why or if that's a problem. Any thoughts?
-
Definitely faster than it was, although I hadn't noticed it slowing down until yesterday.
Do I need to re-scan to be sure the bad stuff is all gone?
-
Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.08.13.02Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702Linda :: TULINDALAPTOP [administrator]8/13/2013 9:01:50 AMMBAM-log-2013-08-13 (09-27-24).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 356692Time elapsed: 23 minute(s), 41 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\Documents and Settings\Linda\My Documents\Downloads\WiseConvert_B2.exe (PUP.Optional.Conduit.A) -> No action taken.(end)
-
JRT. log:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.4.4 (08.12.2013:1)OS: Microsoft Windows XP x86Ran by Linda on Tue 08/13/2013 at 8:40:39.79~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry ValuesSuccessfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayNameSuccessfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181104}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181104}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9FB6B030-BC91-4038-82EE-2F52C20405C6}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}~~~ FilesSuccessfully deleted: [File] "C:\WINDOWS\wininit.ini"~~~ FoldersSuccessfully deleted: [Folder] "C:\Documents and Settings\Linda\Application Data\uniblue\speedupmypc"Successfully deleted: [Folder] "C:\Documents and Settings\Linda\Local Settings\Application Data\cre"~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Tue 08/13/2013 at 8:43:59.09End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -
AdwCleaner[s1} log:
# AdwCleaner v2.306 - Logfile created 08/13/2013 at 08:06:46# Updated 19/07/2013 by Xplode# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)# User : Linda - TULINDALAPTOP# Boot Mode : Normal# Running from : C:\Documents and Settings\Linda\Desktop\adwcleaner.exe# Option [Delete]***** [services] ********** [Files / Folders] *****Folder Deleted : C:\Documents and Settings\All Users\Application Data\AskFolder Deleted : C:\Documents and Settings\All Users\Application Data\TrymediaFolder Deleted : C:\Documents and Settings\All Users\Application Data\ViewpointFolder Deleted : C:\Documents and Settings\Linda\Application Data\ViewpointFolder Deleted : C:\Program Files\Viewpoint***** [Registry] *****Key Deleted : HKCU\Software\APN PIPKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.comKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.comKey Deleted : HKCU\Software\PIPKey Deleted : HKCU\Software\YahooPartnerToolbarKey Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKLM\Software\MetaStreamKey Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayerKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMPKey Deleted : HKLM\Software\PIPKey Deleted : HKLM\Software\Viewpoint***** [internet Browsers] *****-\\ Internet Explorer v8.0.6001.18702[OK] Registry is clean.-\\ Google Chrome v28.0.1500.95File : C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences[OK] File is clean.File : C:\Documents and Settings\wrist\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[R1].txt - [4087 octets] - [12/08/2013 23:03:16]AdwCleaner[R2].txt - [4147 octets] - [13/08/2013 08:06:12]AdwCleaner[s1].txt - [4146 octets] - [13/08/2013 08:06:46]########## EOF - C:\AdwCleaner[s1].txt - [4206 octets] ########## -
Just discovered this on the desktop, which I'd overlooked before. Looks to be the RogueKiller log? Not sure if it's complete or useful but here it is.
-
Dazz, I believe that you are supposed to start your own new topic, not comment on already existing topics, when you need help. The idea is to not create confusion for everyone involved by talking about 2 entirely different cases in the same topic string. Not to be rude, but I need this to be as unconfusing as possible. Thanks and good luck.
-
OK, here's the report from AdwCleaner:
# AdwCleaner v2.306 - Logfile created 08/12/2013 at 23:03:16# Updated 19/07/2013 by Xplode# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)# User : Linda - TULINDALAPTOP# Boot Mode : Normal# Running from : C:\Documents and Settings\Linda\Desktop\adwcleaner.exe# Option [search]***** [services] ********** [Files / Folders] *****Folder Found : C:\Documents and Settings\All Users\Application Data\AskFolder Found : C:\Documents and Settings\All Users\Application Data\TrymediaFolder Found : C:\Documents and Settings\All Users\Application Data\ViewpointFolder Found : C:\Documents and Settings\Linda\Application Data\ViewpointFolder Found : C:\Program Files\Viewpoint***** [Registry] *****Key Found : HKCU\Software\APN PIPKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.comKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.comKey Found : HKCU\Software\PIPKey Found : HKCU\Software\YahooPartnerToolbarKey Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Found : HKLM\Software\MetaStreamKey Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayerKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMPKey Found : HKLM\Software\PIPKey Found : HKLM\Software\Viewpoint***** [internet Browsers] *****-\\ Internet Explorer v8.0.6001.18702[OK] Registry is clean.-\\ Google Chrome v28.0.1500.95File : C:\Documents and Settings\Linda\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences[OK] File is clean.File : C:\Documents and Settings\wrist\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[R1].txt - [3958 octets] - [12/08/2013 23:03:16]########## EOF - C:\AdwCleaner[R1].txt - [4018 octets] ########## -
Attempted to download and run RogueKiller for 2nd time with identical results: crash and notification that "the system has recovered from a serious error" upon restart.
Kinda freaking out here (breathe breathe breathe). What now? I did uninstall Coupon Companion Plugin.
-
YIKES! Clicked on the link to download RogueKiller and it started instantly when I clicked open--didn't realize it would being to run and hadn't shut down Chrome, so maybe this caused the following to happen: got a screen that looked like DOS (black w/blue text) saying windows had shut down to prevent serious damage, other scary sounding stuff. Said to restart computer if I haven't seen this message before, otherwise consult my system administrator for further assistance. Wish I had a system administrator.... When I restarted computer, I got message from Windows that there'd been a serious error..... So, should I attempt to run Roguekiller again?
Anyway, notes that were part of the RogueKiller message may be relevant, I dunno:
stop:0x0000008E (oxc0000005, oxA73C1289, OxBA506F4C, 0x0000000)
dxec02.sys Address A73C1289 Base at A73AE000, Datestamp 454a3986
Beginning dump physical memory
Physical memory complete
Contact your system administrator or tech support group for further assistance.
-
Ok, have attached dds results. Hope this is the proper way to do it (don't know whether I was supposed to attach or copy and paste).
Will move on to next step. Stay tuned. And THANK YOU.
-
I try to run Malwarebytes scan weekly, and today's came up with 13 malicious items. 10 are registry keys with vendor name PUP.Optional.CrossRider and PUP.Optional.Wajam. The other 3 are files: PUP.Optional.Conduit.A, PUP.Optional.OpenCandy and PUP.Optional.CrossRider.
I really don't know what these mean, but perusing the forums I see some folks have had these and run into Big Issues when simply removing them. Can you please provide me some idiot-proof instrux on how to proceed? (I do computer kinda like I do car: as long as everything's working I can make it go anywhere, but if anything goes wrong under the hood, I'm totally helpless.) Thanks.
PUP.optional.CrossRider and more...really don't know what to do
in Resolved Malware Removal Logs
Posted
OK, I think I've done everything on the list. A few questions/comments:
Ran OTC and it left JRT and SecurityCheck on the desktop--I can just delete, as in hit the delete key and click yes when it asks if I really wanna delete them, right? (vs "uninstalling" them, right?)
Had to leave for a few hours, so ran MBAM on a complete scan. It found PUP.Optional.OpenCandy. Can I just delete via MBAM or do I need to go through more elaborate process like we just did?