Jump to content

dalidali

Members
  • Posts

    12
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hello, I keep getting redirected to this googleadservices.com and cannot find the information I am looking for. I have been reading some and I think it is malaware, I don't know how to get rid of this and I would really appreciate some help. Thank you so very much.
  2. I did all you suggested. Do I delete the quarantine from Malawarebytes? Just your opinion. Is it bad to have more than one antivirus? is Microsoft antivirus better than AVG? Thanks again for all you have done. best wishes to you
  3. I don't know how to thank you MrCharlie... you are awesome. You stuck there with all my questions, were superfast and quite patient. I shall follow all your suggestions and hopefully not get in trouble again. Blessings to you

  4. Hi, I did not use those two things you mentioned. The other tech who helped me a bit and then just dropped out of sight before finishing the job asked me to use ADW, CCLEANER, OCC CLEAN UP TOOL, MICROSOFT FIXIT OTL. I also used the tools you suggested.
  5. oh and yes that pesky Opencandy stopped showing up... thank you
  6. Ok, here it is Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG AntiVirus Free Edition 2013 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Secunia PSI (3.0.0.6001) Malwarebytes Anti-Malware version 1.75.0.1300 TuneUp Utilities 2011 TuneUp Utilities Language Pack (en-US) TuneUp Utilities 2011 Java 7 Update 25 Adobe Flash Player 11.8.800.94 Adobe Reader XI Mozilla Firefox 20.0.1 Firefox out of Date! Google Chrome 29.0.1547.62 Google Chrome 29.0.1547.66 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe AVG avgwdsvc.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  7. Hi,, the scan from malawarebytes found nothing. What should I do with the quarantined object? should this stuff be removed from these programs that find these problems? Also, I have a couple of questions regarding virus programs and I don't know if you would be the person to ask. Let me know. thanks for your help and patience. ciao
  8. I did not click clean on ADW. should I? anything I need not remove... just waiting for your response. thanks
  9. I scanned with adw and here is the log AdwCleaner v3.003 - Report created 08/09/2013 at 10:59:15# Updated 07/09/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : dali - DALI-PC# Running from : C:\Users\dali\Downloads\AdwCleaner.exe# Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\ENDFile Found : C:\Users\dali\AppData\Roaming\Mozilla\Firefox\Profiles\9serl3gi.default\searchplugins\Conduit.xmlFolder Found : C:\Users\dali\AppData\Roaming\Mozilla\Firefox\Profiles\9serl3gi.default\Extensions\{f0af464e-5167-45cf-9cf0-66b396d1918c}Folder Found C:\Program Files (x86)\ConduitFolder Found C:\Program Files (x86)\SearchProtectFolder Found C:\Users\dali\AppData\Local\ConduitFolder Found C:\Users\dali\AppData\Local\creFolder Found C:\Users\dali\AppData\Local\Temp\CT3287805Folder Found C:\Users\dali\AppData\LocalLow\ConduitFolder Found C:\Users\dali\AppData\Roaming\Mozilla\Firefox\Profiles\9serl3gi.default\CT3287805Folder Found C:\Users\dali\AppData\Roaming\SearchProtect ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AppDataLow\Software\ConduitKey Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopesKey Found : HKCU\Software\AppDataLow\Software\CrossriderKey Found : HKCU\Software\AppDataLow\Software\SmartBarKey Found : HKCU\Software\AppDataLow\Software\visualbeeKey Found : HKCU\Software\ConduitKey Found : HKCU\Software\SearchProtectKey Found : HKCU\Software\wscontbKey Found : [x64] HKCU\Software\ConduitKey Found : [x64] HKCU\Software\SearchProtectKey Found : [x64] HKCU\Software\wscontbKey Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2790392Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3287805Key Found : HKLM\Software\ConduitKey Found : HKLM\Software\SearchProtectValue Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_eihlgbnhhkigaajnpjohgjldcmdhjiol] ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16660 -\\ Mozilla Firefox v20.0.1 (en-US) [ File : C:\Users\dali\AppData\Roaming\Mozilla\Firefox\Profiles\9serl3gi.default\prefs.js ] Line Found : user_pref("CT3287805.FF19Solved", "true");Line Found : user_pref("CT3287805.UserID", "UN26331024792439132");Line Found : user_pref("CT3287805.browser.search.defaultthis.engineName", "true");Line Found : user_pref("CT3287805.fullUserID", "UN26331024792439132.IN.20130902171523");Line Found : user_pref("CT3287805.installDate", "02/09/2013 17:15:25"); this is the final log for the killer scan RogueKiller V8.6.9 _x64_ [sep 3 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : dali [Admin rights]Mode : Scan -- Date : 09/08/2013 10:54:31| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\dali\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND[RUN][sUSP PATH] HKCU\[...]\Run : CrossLoop ("C:\Users\dali\AppData\Local\CrossLoop\CrossLoopConnect.exe" -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server -minimize [7][x][x][x]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-1794967967-372989994-3207961994-1000\[...]\Run : Google Update ("C:\Users\dali\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-1794967967-372989994-3207961994-1000\[...]\Run : CrossLoop ("C:\Users\dali\AppData\Local\CrossLoop\CrossLoopConnect.exe" -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server -minimize [7][x][x][x]) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 5 ¤¤¤[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1794967967-372989994-3207961994-1000UA.job : C:\Users\dali\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1794967967-372989994-3207961994-1000Core.job : C:\Users\dali\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND[V2][sUSP PATH] Google Updater and Installer : C:\Users\dali\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1794967967-372989994-3207961994-1000Core : C:\Users\dali\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1794967967-372989994-3207961994-1000UA : C:\Users\dali\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ÿþ1 ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HN-M500MBB +++++--- User ---[MBR] 791fa9f763399648f6220099b008805e[bSP] 6d8fdf2b3a7e9f7c8c60afaf7b632449 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_09082013_105431.txt >>RKreport[0]_D_09082013_105135.txt;RKreport[0]_S_09082013_082408.txt;RKreport[0]_S_09082013_104628.txt thanks
  10. oops, I just copied the wrong log.. here it is RogueKiller V8.6.9 _x64_ [sep 3 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : dali [Admin rights]Mode : Scan -- Date : 09/08/2013 08:24:08| ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤[sUSP PATH] CrossLoopService.exe -- C:\Users\dali\AppData\Local\CrossLoop\CrossLoopService.exe [7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 6 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\dali\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND[RUN][sUSP PATH] HKCU\[...]\Run : CrossLoop ("C:\Users\dali\AppData\Local\CrossLoop\CrossLoopConnect.exe" -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server -minimize [7][x][x][x]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-1794967967-372989994-3207961994-1000\[...]\Run : Google Update ("C:\Users\dali\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-1794967967-372989994-3207961994-1000\[...]\Run : CrossLoop ("C:\Users\dali\AppData\Local\CrossLoop\CrossLoopConnect.exe" -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server -minimize [7][x][x][x]) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 10 ¤¤¤[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1794967967-372989994-3207961994-1000UA.job : C:\Users\dali\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1794967967-372989994-3207961994-1000Core.job : C:\Users\dali\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND[V2][sUSP PATH] Google Updater and Installer : C:\Users\dali\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1794967967-372989994-3207961994-1000Core : C:\Users\dali\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1794967967-372989994-3207961994-1000UA : C:\Users\dali\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND[V2][sUSP PATH] OpenCandyHelperRun1E25395FBC654828A553DE9D80C09BEE : C:\windows\system32\rundll32.exe - "C:\Users\dali\AppData\Roaming\OpenCandy\1EBFA24C81B14BEC84A9D73D5EAE140E\OCBrowserHelper_1.0.4.106.dll",_OCRestartDll@16 [-][x][x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ÿþ1 ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HN-M500MBB +++++--- User ---[MBR] 791fa9f763399648f6220099b008805e[bSP] 6d8fdf2b3a7e9f7c8c60afaf7b632449 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_09082013_082408.txt >>
  11. Hi, I have done what you advised. Here is the log (I wasn't sure if I should attach it or just post it like this, let me know): Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.08.25.06 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16660dali :: DALI-PC [administrator] 8/25/2013 8:41:18 PMmbam-log-2013-08-25 (20-41-18).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 220252Time elapsed: 4 minute(s), 31 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 1HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully. Registry Values Detected: 1HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0GtGtDtCtH1B1T1T1P1StG0KtF1U -> Quarantined and deleted successfully. Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 5C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.C:\Users\dali\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.C:\Users\dali\AppData\Roaming\OpenCandy\1A35709783DA4218A2FE68B83EA7B623 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.C:\Users\dali\AppData\Roaming\OpenCandy\1EBFA24C81B14BEC84A9D73D5EAE140E (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. Files Detected: 12C:\Users\dali\Downloads\PublicTransportSetup.exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.C:\Users\dali\Downloads\SetupImgBurn_2.5.7.0.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.C:\Users\dali\Downloads\SocialNetworksSetup (1).exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.C:\Users\dali\Downloads\SocialNetworksSetup.exe (PUP.Optional.Inbox) -> Quarantined and deleted successfully.C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\Setup.ico (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setup.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.C:\Users\dali\AppData\Roaming\OpenCandy\1A35709783DA4218A2FE68B83EA7B623\SendoriSetupx10403.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.C:\Users\dali\AppData\Roaming\OpenCandy\1EBFA24C81B14BEC84A9D73D5EAE140E\4823.ico (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.C:\Users\dali\AppData\Roaming\OpenCandy\1EBFA24C81B14BEC84A9D73D5EAE140E\AVG Safeguard.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.C:\Users\dali\AppData\Roaming\OpenCandy\1EBFA24C81B14BEC84A9D73D5EAE140E\AVG_Toolbar_CB_ALL_p3v0.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.C:\Users\dali\AppData\Roaming\OpenCandy\1EBFA24C81B14BEC84A9D73D5EAE140E\OCBrowserHelper_1.0.4.106.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. ANOTHER ONE ON 8/29 Folders Detected: 2C:\Users\dali\AppData\Roaming\OpenCandy\1EBFA24C81B14BEC84A9D73D5EAE140E (PUP.Optional.OpenCandy) -> No action taken.C:\Users\dali\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. Files Detected: 1C:\Users\dali\AppData\Roaming\OpenCandy\1EBFA24C81B14BEC84A9D73D5EAE140E\OCBrowserHelper_1.0.4.106.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. ANOTHER ONE FOR 8/25 olders Detected: 2C:\Users\dali\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.C:\Users\dali\AppData\Roaming\OpenCandy\1EBFA24C81B14BEC84A9D73D5EAE140E (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. Files Detected: 3C:\Users\dali\AppData\Roaming\OpenCandy\1EBFA24C81B14BEC84A9D73D5EAE140E\4823.ico (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.C:\Users\dali\AppData\Roaming\OpenCandy\1EBFA24C81B14BEC84A9D73D5EAE140E\AVG Safeguard.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.C:\Users\dali\AppData\Roaming\OpenCandy\1EBFA24C81B14BEC84A9D73D5EAE140E\OCBrowserHelper_1.0.4.106.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. ANOTHER ONE ON ANOTHER ONE ON 8/30Files Detected: 1C:\Users\dali\Desktop\Download\emusic_setup_standalone.exe (Adware.BHO) -> Quarantined and deleted successfully.
  12. Hello, I successfully, or so I think, removed all the Open Candy infections,however this error message keeps popping up when I reboot. It says that some OpenCandy dll is missing. Why is the system looking for this? I removed it... or did I? Is something still hiding somewhere? Thanks for any suggestions.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.