dalidali
Members-
Posts
12 -
Joined
-
Last visited
Reputation
0 Neutral-
Hello, I keep getting redirected to this googleadservices.com and cannot find the information I am looking for. I have been reading some and I think it is malaware, I don't know how to get rid of this and I would really appreciate some help. Thank you so very much.
-
Removed OpenCandy but the error message keeps appearing
dalidali replied to dalidali's topic in Resolved Malware Removal Logs
I did all you suggested. Do I delete the quarantine from Malawarebytes? Just your opinion. Is it bad to have more than one antivirus? is Microsoft antivirus better than AVG? Thanks again for all you have done. best wishes to you -
Removed OpenCandy but the error message keeps appearing
dalidali replied to dalidali's topic in Resolved Malware Removal Logs
well do I have to remove any of them? -
Removed OpenCandy but the error message keeps appearing
dalidali replied to dalidali's topic in Resolved Malware Removal Logs
Hi, I did not use those two things you mentioned. The other tech who helped me a bit and then just dropped out of sight before finishing the job asked me to use ADW, CCLEANER, OCC CLEAN UP TOOL, MICROSOFT FIXIT OTL. I also used the tools you suggested. -
Removed OpenCandy but the error message keeps appearing
dalidali replied to dalidali's topic in Resolved Malware Removal Logs
oh and yes that pesky Opencandy stopped showing up... thank you -
Removed OpenCandy but the error message keeps appearing
dalidali replied to dalidali's topic in Resolved Malware Removal Logs
Ok, here it is Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG AntiVirus Free Edition 2013 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Secunia PSI (3.0.0.6001) Malwarebytes Anti-Malware version 1.75.0.1300 TuneUp Utilities 2011 TuneUp Utilities Language Pack (en-US) TuneUp Utilities 2011 Java 7 Update 25 Adobe Flash Player 11.8.800.94 Adobe Reader XI Mozilla Firefox 20.0.1 Firefox out of Date! Google Chrome 29.0.1547.62 Google Chrome 29.0.1547.66 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe AVG avgwdsvc.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` -
Removed OpenCandy but the error message keeps appearing
dalidali replied to dalidali's topic in Resolved Malware Removal Logs
Hi,, the scan from malawarebytes found nothing. What should I do with the quarantined object? should this stuff be removed from these programs that find these problems? Also, I have a couple of questions regarding virus programs and I don't know if you would be the person to ask. Let me know. thanks for your help and patience. ciao -
Removed OpenCandy but the error message keeps appearing
dalidali replied to dalidali's topic in Resolved Malware Removal Logs
I did not click clean on ADW. should I? anything I need not remove... just waiting for your response. thanks -
Removed OpenCandy but the error message keeps appearing
dalidali replied to dalidali's topic in Resolved Malware Removal Logs
I scanned with adw and here is the log AdwCleaner v3.003 - Report created 08/09/2013 at 10:59:15# Updated 07/09/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : dali - DALI-PC# Running from : C:\Users\dali\Downloads\AdwCleaner.exe# Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\ENDFile Found : C:\Users\dali\AppData\Roaming\Mozilla\Firefox\Profiles\9serl3gi.default\searchplugins\Conduit.xmlFolder Found : C:\Users\dali\AppData\Roaming\Mozilla\Firefox\Profiles\9serl3gi.default\Extensions\{f0af464e-5167-45cf-9cf0-66b396d1918c}Folder Found C:\Program Files (x86)\ConduitFolder Found C:\Program Files (x86)\SearchProtectFolder Found C:\Users\dali\AppData\Local\ConduitFolder Found C:\Users\dali\AppData\Local\creFolder Found C:\Users\dali\AppData\Local\Temp\CT3287805Folder Found C:\Users\dali\AppData\LocalLow\ConduitFolder Found C:\Users\dali\AppData\Roaming\Mozilla\Firefox\Profiles\9serl3gi.default\CT3287805Folder Found C:\Users\dali\AppData\Roaming\SearchProtect ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AppDataLow\Software\ConduitKey Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopesKey Found : HKCU\Software\AppDataLow\Software\CrossriderKey Found : HKCU\Software\AppDataLow\Software\SmartBarKey Found : HKCU\Software\AppDataLow\Software\visualbeeKey Found : HKCU\Software\ConduitKey Found : HKCU\Software\SearchProtectKey Found : HKCU\Software\wscontbKey Found : [x64] HKCU\Software\ConduitKey Found : [x64] HKCU\Software\SearchProtectKey Found : [x64] HKCU\Software\wscontbKey Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2790392Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3287805Key Found : HKLM\Software\ConduitKey Found : HKLM\Software\SearchProtectValue Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_eihlgbnhhkigaajnpjohgjldcmdhjiol] ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16660 -\\ Mozilla Firefox v20.0.1 (en-US) [ File : C:\Users\dali\AppData\Roaming\Mozilla\Firefox\Profiles\9serl3gi.default\prefs.js ] Line Found : user_pref("CT3287805.FF19Solved", "true");Line Found : user_pref("CT3287805.UserID", "UN26331024792439132");Line Found : user_pref("CT3287805.browser.search.defaultthis.engineName", "true");Line Found : user_pref("CT3287805.fullUserID", "UN26331024792439132.IN.20130902171523");Line Found : user_pref("CT3287805.installDate", "02/09/2013 17:15:25"); this is the final log for the killer scan RogueKiller V8.6.9 _x64_ [sep 3 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : dali [Admin rights]Mode : Scan -- Date : 09/08/2013 10:54:31| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\dali\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND[RUN][sUSP PATH] HKCU\[...]\Run : CrossLoop ("C:\Users\dali\AppData\Local\CrossLoop\CrossLoopConnect.exe" -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server -minimize [7][x][x][x]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-1794967967-372989994-3207961994-1000\[...]\Run : Google Update ("C:\Users\dali\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-1794967967-372989994-3207961994-1000\[...]\Run : CrossLoop ("C:\Users\dali\AppData\Local\CrossLoop\CrossLoopConnect.exe" -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server -minimize [7][x][x][x]) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 5 ¤¤¤[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1794967967-372989994-3207961994-1000UA.job : C:\Users\dali\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1794967967-372989994-3207961994-1000Core.job : C:\Users\dali\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND[V2][sUSP PATH] Google Updater and Installer : C:\Users\dali\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1794967967-372989994-3207961994-1000Core : C:\Users\dali\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1794967967-372989994-3207961994-1000UA : C:\Users\dali\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ÿþ1 ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HN-M500MBB +++++--- User ---[MBR] 791fa9f763399648f6220099b008805e[bSP] 6d8fdf2b3a7e9f7c8c60afaf7b632449 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_09082013_105431.txt >>RKreport[0]_D_09082013_105135.txt;RKreport[0]_S_09082013_082408.txt;RKreport[0]_S_09082013_104628.txt thanks -
Removed OpenCandy but the error message keeps appearing
dalidali replied to dalidali's topic in Resolved Malware Removal Logs
oops, I just copied the wrong log.. here it is RogueKiller V8.6.9 _x64_ [sep 3 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : dali [Admin rights]Mode : Scan -- Date : 09/08/2013 08:24:08| ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤[sUSP PATH] CrossLoopService.exe -- C:\Users\dali\AppData\Local\CrossLoop\CrossLoopService.exe [7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 6 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\dali\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND[RUN][sUSP PATH] HKCU\[...]\Run : CrossLoop ("C:\Users\dali\AppData\Local\CrossLoop\CrossLoopConnect.exe" -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server -minimize [7][x][x][x]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-1794967967-372989994-3207961994-1000\[...]\Run : Google Update ("C:\Users\dali\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-1794967967-372989994-3207961994-1000\[...]\Run : CrossLoop ("C:\Users\dali\AppData\Local\CrossLoop\CrossLoopConnect.exe" -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server -minimize [7][x][x][x]) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 10 ¤¤¤[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1794967967-372989994-3207961994-1000UA.job : C:\Users\dali\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1794967967-372989994-3207961994-1000Core.job : C:\Users\dali\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND[V2][sUSP PATH] Google Updater and Installer : C:\Users\dali\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1794967967-372989994-3207961994-1000Core : C:\Users\dali\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1794967967-372989994-3207961994-1000UA : C:\Users\dali\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND[V2][sUSP PATH] OpenCandyHelperRun1E25395FBC654828A553DE9D80C09BEE : C:\windows\system32\rundll32.exe - "C:\Users\dali\AppData\Roaming\OpenCandy\1EBFA24C81B14BEC84A9D73D5EAE140E\OCBrowserHelper_1.0.4.106.dll",_OCRestartDll@16 [-][x][x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ÿþ1 ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HN-M500MBB +++++--- User ---[MBR] 791fa9f763399648f6220099b008805e[bSP] 6d8fdf2b3a7e9f7c8c60afaf7b632449 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_09082013_082408.txt >> -
Removed OpenCandy but the error message keeps appearing
dalidali replied to dalidali's topic in Resolved Malware Removal Logs
Hi, I have done what you advised. Here is the log (I wasn't sure if I should attach it or just post it like this, let me know): Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.08.25.06 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16660dali :: DALI-PC [administrator] 8/25/2013 8:41:18 PMmbam-log-2013-08-25 (20-41-18).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 220252Time elapsed: 4 minute(s), 31 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 1HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully. Registry Values Detected: 1HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0GtGtDtCtH1B1T1T1P1StG0KtF1U -> Quarantined and deleted successfully. Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 5C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.C:\Users\dali\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.C:\Users\dali\AppData\Roaming\OpenCandy\1A35709783DA4218A2FE68B83EA7B623 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.C:\Users\dali\AppData\Roaming\OpenCandy\1EBFA24C81B14BEC84A9D73D5EAE140E (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. Files Detected: 12C:\Users\dali\Downloads\PublicTransportSetup.exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.C:\Users\dali\Downloads\SetupImgBurn_2.5.7.0.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.C:\Users\dali\Downloads\SocialNetworksSetup (1).exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.C:\Users\dali\Downloads\SocialNetworksSetup.exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Setup.ico (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setup.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.C:\Users\dali\AppData\Roaming\OpenCandy\1A35709783DA4218A2FE68B83EA7B623\SendoriSetupx10403.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.C:\Users\dali\AppData\Roaming\OpenCandy\1EBFA24C81B14BEC84A9D73D5EAE140E\4823.ico (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.C:\Users\dali\AppData\Roaming\OpenCandy\1EBFA24C81B14BEC84A9D73D5EAE140E\AVG Safeguard.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.C:\Users\dali\AppData\Roaming\OpenCandy\1EBFA24C81B14BEC84A9D73D5EAE140E\AVG_Toolbar_CB_ALL_p3v0.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.C:\Users\dali\AppData\Roaming\OpenCandy\1EBFA24C81B14BEC84A9D73D5EAE140E\OCBrowserHelper_1.0.4.106.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. ANOTHER ONE ON 8/29 Folders Detected: 2C:\Users\dali\AppData\Roaming\OpenCandy\1EBFA24C81B14BEC84A9D73D5EAE140E (PUP.Optional.OpenCandy) -> No action taken.C:\Users\dali\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. Files Detected: 1C:\Users\dali\AppData\Roaming\OpenCandy\1EBFA24C81B14BEC84A9D73D5EAE140E\OCBrowserHelper_1.0.4.106.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. ANOTHER ONE FOR 8/25 olders Detected: 2C:\Users\dali\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.C:\Users\dali\AppData\Roaming\OpenCandy\1EBFA24C81B14BEC84A9D73D5EAE140E (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. Files Detected: 3C:\Users\dali\AppData\Roaming\OpenCandy\1EBFA24C81B14BEC84A9D73D5EAE140E\4823.ico (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.C:\Users\dali\AppData\Roaming\OpenCandy\1EBFA24C81B14BEC84A9D73D5EAE140E\AVG Safeguard.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.C:\Users\dali\AppData\Roaming\OpenCandy\1EBFA24C81B14BEC84A9D73D5EAE140E\OCBrowserHelper_1.0.4.106.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. ANOTHER ONE ON ANOTHER ONE ON 8/30Files Detected: 1C:\Users\dali\Desktop\Download\emusic_setup_standalone.exe (Adware.BHO) -> Quarantined and deleted successfully. -
Hello, I successfully, or so I think, removed all the Open Candy infections,however this error message keeps popping up when I reboot. It says that some OpenCandy dll is missing. Why is the system looking for this? I removed it... or did I? Is something still hiding somewhere? Thanks for any suggestions.