Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trying to mop up Opencandy Issues On Father's Computer


  • Please log in to reply
19 replies to this topic

#1 MML

MML

  • Members
  • 240 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 05 May 2016 - 06:16 AM

So I've gotten rid of a tiny issue on my father's computer and in the application manager of his Kaspersky I found an OpenCandy setup among his trusted files (ocsetuphlp.dll).  I've shifted the file down to the untrusted applications section for the moment but I can't seem to remove it; MWB doesn't recognize it as an issue, neither does jtr.  Any advice would be appreciated!



BC AdBot (Login to Remove)

 


m

#2 buddy215

buddy215

  • BC Advisor
  • 12,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:33 AM

Posted 05 May 2016 - 06:37 AM

You didn't mention AdwCleaner so see what it finds and removes.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

After doing the above...do this:

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 MML

MML
  • Topic Starter

  • Members
  • 240 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 05 May 2016 - 06:55 AM

ADwCleaner came up clean!  Log:

 

# AdwCleaner v5.115 - Logfile created 05/05/2016 at 07:48:17
# Updated 01/05/2016 by Xplode
# Database : 2016-05-04.2 [Server]
# Operating system : Windows 8.1  (X64)
# Username : Owner - HPLAPTOP
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
*************************
 
C:\AdwCleaner\AdwCleaner[R0].txt - [3085 bytes] - [08/03/2015 05:07:53]
C:\AdwCleaner\AdwCleaner[R10].txt - [1701 bytes] - [23/09/2015 07:30:30]
C:\AdwCleaner\AdwCleaner[R11].txt - [1494 bytes] - [23/09/2015 20:05:07]
C:\AdwCleaner\AdwCleaner[R1].txt - [2092 bytes] - [05/06/2015 13:22:00]
C:\AdwCleaner\AdwCleaner[R2].txt - [2151 bytes] - [05/06/2015 14:29:56]
C:\AdwCleaner\AdwCleaner[R3].txt - [1083 bytes] - [09/06/2015 13:29:38]
C:\AdwCleaner\AdwCleaner[R4].txt - [1142 bytes] - [11/06/2015 16:16:49]
C:\AdwCleaner\AdwCleaner[R5].txt - [1080 bytes] - [19/07/2015 17:16:30]
C:\AdwCleaner\AdwCleaner[R6].txt - [1139 bytes] - [21/07/2015 21:08:45]
C:\AdwCleaner\AdwCleaner[R7].txt - [1258 bytes] - [08/08/2015 11:28:37]
C:\AdwCleaner\AdwCleaner[R8].txt - [1844 bytes] - [08/08/2015 12:24:33]
C:\AdwCleaner\AdwCleaner[R9].txt - [1376 bytes] - [20/08/2015 21:33:07]
C:\AdwCleaner\AdwCleaner[S0].txt - [2251 bytes] - [05/06/2015 14:48:25]
C:\AdwCleaner\AdwCleaner[S1].txt - [3227 bytes] - [21/07/2015 21:18:09]
C:\AdwCleaner\AdwCleaner[S2].txt - [2093 bytes] - [20/04/2016 03:24:42]
C:\AdwCleaner\AdwCleaner[S3].txt - [1837 bytes] - [20/04/2016 03:30:49]
C:\AdwCleaner\AdwCleaner[S4].txt - [1783 bytes] - [05/05/2016 07:48:17]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1856 bytes] ##########
 
 
RE CC Cleaner; it's refusing to install; should I use MiniToolbox or the like instead?


#4 buddy215

buddy215

  • BC Advisor
  • 12,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:33 AM

Posted 05 May 2016 - 07:21 AM

That is a bit unusual. Try disabling your security programs...especially antivirus..then attempt to install 

CCleaner. You may have a corrupted download of the CCleaner installer. Suggest removing it and downloading again.

Download CCleaner from Start Download


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 MML

MML
  • Topic Starter

  • Members
  • 240 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 05 May 2016 - 04:00 PM

OK!  Shall do so now!

 

Worked this time; I must've been trying to download it without a connection running; this is what happens when I do anything when i'm exhausted

 

Yes HKCU:Run Aim AOL Inc. "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKLM:Run HotKeysCmds Intel Corporation "C:\Windows\system32\hkcmd.exe"
Yes HKLM:Run HP Software Update Hewlett-Packard C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
Yes HKLM:Run HPMessageService Hewlett-Packard Development Company, L.P. C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
Yes HKLM:Run IgfxTray Intel Corporation "C:\Windows\system32\igfxtray.exe"
Yes HKLM:Run OPBHOBroker Hewlett-Packard C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
Yes HKLM:Run OPBHOBrokerDesktop Hewlett-Packard C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
Yes HKLM:Run Persistence Intel Corporation "C:\Windows\system32\igfxpers.exe"
Yes HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
Yes HKLM:Run SimplePass Hewlett-Packard C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe /hideui
Yes HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Yes HKLM:Run SynTPEnh Synaptics Incorporated %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
 
 
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task HPCeeScheduleForOwner Hewlett-Packard C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForOwner (null)
Yes Task HPCustParticipation HP Deskjet 2540 series Hewlett-Packard Co. "C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe" /UA 12.5 /DDV 0x0b00
No Task Optimize Start Menu Cache Files-S-1-5-21-3592305354-2552889772-2643866286-1001
Yes Task Optimize Start Menu Cache Files-S-1-5-21-3592305354-2552889772-2643866286-500
Yes Task Synaptics TouchPad Enhancements Synaptics Incorporated "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
 
ETA: After using the program I uninstalled it because the monitoring tool was a bit irritating; if you think it's advisable I'll re-install it but I'm gonna keep it uninstalled for the time being!

Edited by MML, 05 May 2016 - 04:14 PM.


#6 buddy215

buddy215

  • BC Advisor
  • 12,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:33 AM

Posted 05 May 2016 - 05:27 PM

You need to reinstall it. You missed posting the list of Installed programs using it. You can easily stop the monitoring

using its settings. It's been a while since I installed it....years....the settings may appear during install...not sure.

Note that it is in your Windows Startups....I'll ask you to disable that.

 

It is a good idea to have it and use it to clean up the computer often.


Edited by buddy215, 05 May 2016 - 05:31 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#7 buddy215

buddy215

  • BC Advisor
  • 12,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:33 AM

Posted 05 May 2016 - 05:41 PM

Disable these Windows Startups: Use CCleaner by clicking on each item and choosing disable on the right.
Yes HKCU:Run Aim AOL Inc. "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKLM:Run HP Software Update Hewlett-Packard C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
Yes HKLM:Run HPMessageService Hewlett-Packard Development Company, L.P. C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
Yes HKLM:Run IgfxTray Intel Corporation "C:\Windows\system32\igfxtray.exe"
Yes HKLM:Run OPBHOBroker Hewlett-Packard C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Don't disable if you actually use it)
Yes HKLM:Run OPBHOBrokerDesktop Hewlett-Packard C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (Don't disable if you actually use it)

Yes HKLM:Run SimplePass Hewlett-Packard C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe /hideui (Don't disable if you actually use it)

 

Disable These Scheduled Tasks: Use CCleaner by clicking on each item and then choose Disable on the right.

Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task HPCeeScheduleForOwner Hewlett-Packard C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForOwner (null)
Yes Task HPCustParticipation HP Deskjet 2540 series Hewlett-Packard Co. "C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe" /UA 12.5 /DDV 0x0b00
Yes Task Optimize Start Menu Cache Files-S-1-5-21-3592305354-2552889772-2643866286-500

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#8 MML

MML
  • Topic Starter

  • Members
  • 240 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 05 May 2016 - 05:44 PM

Oop,here you go!

 

- Games App - WildTangent Games 6/28/2015 1.0.3.28
1st Page 2000 2.00 Free 7/24/2014
7-Zip 9.20 (x64 edition) Igor Pavlov 3/7/2014 4.53 MB 9.20.00.0
Adobe Digital Editions 4.5 Adobe Systems Incorporated 5/2/2016 19.8 MB 4.5.1
Adobe Shockwave Player 12.0 Adobe Systems, Inc. 5/19/2014 12.0.4.144
AIM 7 8/16/2014
AIM for Windows AOL Inc. 7/24/2014
Bejeweled 2 Deluxe 1.1 PopCap Games 7/24/2014 1.1
Bejeweled Twist PopCap Games 7/24/2014
Bonjour Apple Inc. 5/19/2014 2.00 MB 3.0.0.10
Box for Windows 8 Box, Inc. 11/12/2015 2.1.4.4
CCleaner Piriform 5/5/2016 5.17
Cisco EAP-FAST Module Cisco Systems, Inc. 5/19/2014 1.53 MB 2.2.14
Cisco LEAP Module Cisco Systems, Inc. 5/19/2014 632 KB 1.0.19
Cisco PEAP Module Cisco Systems, Inc. 5/19/2014 1.22 MB 1.1.6
CyberLink LabelPrint CyberLink Corp. 5/19/2014 280 MB 2.5.5.6902
CyberLink Media Suite 10 CyberLink Corp. 7/31/2014 61.0 MB 10.0.6.3728
CyberLink Power2Go 8 CyberLink Corp. 5/19/2014 405 MB 8.0.5.3416
CyberLink PowerDVD 12 CyberLink Corp. 10/16/2014 341 MB 12.0.4.4223
CyberLink YouCam CyberLink Corp. 5/19/2014 281 MB 5.0.2.3618
eBay eBay, Inc 11/4/2014 1.6.0.34
Energy Star Hewlett-Packard Company 5/19/2014 3.39 MB 1.0.9
ESET Online Scanner v3 8/8/2015
Games Microsoft Corporation 7/24/2014 2.0.139.0
Getting Started with Windows 8 Hewlett-Packard Company 3/3/2015 1.6.0.0
Google Chrome Google Inc. 7/24/2014 50.0.2661.94
HP Connected Drive HP Inc. 1/6/2016 4.4.32.190
HP Deskjet 2540 series Basic Device Software Hewlett-Packard Co. 12/14/2014 154 MB 32.2.188.47710
HP Deskjet 2540 series Help Hewlett Packard 12/14/2014 6.69 MB 30.0.0
HP Documentation Hewlett-Packard 5/19/2014 247 MB 1.1.0.0
HP Photo Creations HP 12/15/2014 14.6 MB 1.0.0.7702
HP Registration Hewlett-Packard Company 11/28/2014 1.2.1.166
HP Registration Service Hewlett-Packard 5/19/2014 30.1 MB 1.2.7372.4698
HP SimplePass Softex Inc. 3/7/2014 33.8 MB 8.00.57
HP SimplePass Hewlett-Packard 3/7/2014 8.00.57
HP Support Assistant Hewlett-Packard Company 3/7/2014 85.1 MB 7.5.2.12
HP Support Solutions Framework Hewlett-Packard Company 7/21/2015 7.36 MB 11.51.0049
HP System Event Utility Hewlett-Packard Company 7/31/2014 6.79 MB 1.1.4
HP Update Hewlett-Packard 12/14/2014 4.04 MB 5.005.002.002
HP Utility Center Hewlett-Packard Company 5/19/2014 4.85 MB 2.3.4
HP Wireless Button Driver Hewlett-Packard Company 5/19/2014 765 KB 1.1.2.1
HPDiagnosticCoreDll Hewlett Packard 12/17/2014 9.16 MB 1.0.15.0
Intel® Processor Graphics Intel Corporation 6/6/2015 10.18.10.3408
Intel® Sideband Fabric Device Driver Intel Corporation 5/19/2014 1.70.305.16316
Intel® Trusted Execution Engine Intel Corporation 5/19/2014 1.0.0.1064
Ipswitch WS_FTP 12 Ipswitch 11/16/2015 12.4
Jasc Animation Shop 3 Jasc Software Inc 7/24/2014 11.9 MB 3.11
Jasc Paint Shop Pro 9 Jasc Software Inc 7/25/2014 185 MB 9.00.0000
Java 8 Update 91 (64-bit) Oracle Corporation 4/19/2016 102 MB 8.0.910.14
Kaspersky Internet Security Kaspersky Lab 8/8/2015 16.0.0.614
Kindle AMZN Mobile LLC 6/20/2015 2.1.0.2
Mail, Calendar, and People 7/3/2015
Malwarebytes Anti-Malware version 2.2.1.1043 Malwarebytes 4/13/2016 66.9 MB 2.2.1.1043
Maps Microsoft Corporation 9/11/2014 2.1.3230.2048
Microsoft Mahjong Microsoft Studios 9/29/2015 2.5.1508.1801
Microsoft Office Microsoft Corporation 3/7/2014 296 MB 15.0.4454.1510
Microsoft Office File Validation Add-In Microsoft Corporation 7/29/2014 10.9 MB 14.0.5130.5003
Microsoft Office Home and Student 2007 Microsoft Corporation 7/25/2014 12.0.6612.1000
Microsoft Silverlight Microsoft Corporation 1/12/2016 348 MB 5.1.41212.0
Microsoft Solitaire Collection Microsoft Studios 9/17/2015 2.7.1508.1402
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 3/7/2014 1.92 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 5/19/2014 4.84 MB 8.0.59193
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Corporation 12/22/2014 8.14 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 12/23/2014 13.2 MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 12/22/2014 7.40 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 5/19/2014 8.85 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 5/19/2014 8.69 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 7/24/2014 10.1 MB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 3/7/2014 13.8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 3/7/2014 11.1 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 1/12/2016 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 1/14/2016 17.3 MB 11.0.61030.0
MSN Food & Drink Microsoft Corporation 7/15/2015 3.0.4.336
MSN Health & Fitness Microsoft Corporation 7/15/2015 3.0.4.336
MSN Money Microsoft Corporation 4/28/2016 3.0.4.344
MSN News Microsoft Corporation 4/28/2016 3.0.4.344
MSN Sports Microsoft Corporation 4/29/2016 3.0.4.345
MSN Travel Microsoft Corporation 7/15/2015 3.0.4.336
MSN Weather Microsoft Corporation 4/28/2016 3.0.4.344
Music Microsoft Corporation 3/14/2015 2.6.672.0
Netflix Netflix, Inc. 3/26/2016 2.18.0.19
Peggle Deluxe 1.0 PopCap Games 7/24/2014 1.0
Peggle Nights PopCap Games 7/24/2014
Pinger Pinger Inc. 3/7/2014 1.4.0.1
Plants vs. Zombies PopCap Games 7/24/2014
Product Improvement Study for HP Deskjet 2540 series Hewlett-Packard Co. 12/14/2014 9.67 MB 32.2.188.47710
Reader Microsoft Corporation 3/9/2016 6.4.9926.18228
Realtek Card Reader Realtek Semiconductor Corp. 5/19/2014 6.3.9600.29075
Realtek Ethernet Controller All-In-One Windows Driver Realtek 5/19/2014 8.24.1218.2013
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 5/19/2014 6.0.1.7156
REALTEK Wireless LAN Driver REALTEK Semiconductor Corp. 5/19/2014 1.00.13.1216
Skype Skype 6/20/2015 3.1.0.1016
Snapfish HP Inc. 5/4/2016 5.5.0.8
Sophos Virus Removal Tool Sophos Limited 6/6/2015 123 MB 2.5.4
Synaptics Pointing Device Driver Synaptics Incorporated 5/19/2014 46.4 MB 18.0.4.0
Video Microsoft Corporation 11/6/2015 2.6.446.0
WildTangent Games WildTangent 3/7/2014 1.0.4.0
Windows Alarms Microsoft Corporation 7/24/2014 6.3.9654.20335
Windows Calculator Microsoft Corporation 7/24/2014 6.3.9600.20278
Windows Help+Tips Microsoft Corporation 8/8/2014 6.3.9654.20559
Windows Live Essentials Microsoft Corporation 3/7/2014 16.4.3508.0205
Windows Reading List Microsoft Corporation 8/13/2015 6.3.9654.20947
Windows Scan Microsoft Corporation 11/5/2014 6.3.9654.17133
Windows Sound Recorder Microsoft Corporation 7/24/2014 6.3.9600.20280
YouCam for HP CYBERLINKCOM CORP 7/25/2014 1.0.2.29632
Zuma Deluxe 1.0.0.0 PopCap Games 7/24/2014 1.0.0.0
Zuma's Revenge! PopCap Games 7/24/2014

 

I've checked around on the settings but I can't seem to find anything that completely disables it.  I tend to use TFC regularly to clean my temp files out, at least on my personal PC; is CC Cleaner better?  And please let me know how to get all the fragments out eventually!

 

Done!

 

ETA: if I've got the OpenCandy prog under High Restricted it shouldn't be able to do anything, right?

 

Double ETA: Isn't it also advisable to keep my HP Update searcher as part of my start-up?  Or will it run as a scheduled task otherwise?


Edited by MML, 05 May 2016 - 05:57 PM.


#9 buddy215

buddy215

  • BC Advisor
  • 12,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:33 AM

Posted 05 May 2016 - 06:16 PM

You disabled CCleaner in the Windows Startup...good enough. I don't think TFC has the tools that CCleaner has...nothing wrong with

having both.

 

As to fragments...I assume that's Open Candy....many times you can delete that .dll by booting into Safe Mode.

I'm a bit surprised that one of the programs I asked you to use or MBAM didn't delete or quarantine the .dll. Perhaps

rerunning MBAM after using the settings below will do the trick.

 

  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

 

 

Suggest uninstalling these programs: You can use CCleaner by clicking on each item and then choosing Uninstall on the right.

- Games App - WildTangent Games 6/28/2015 1.0.3.28

AIM 7 8/16/2014

AIM for Windows AOL Inc. 7/24/2014

Bonjour Apple Inc. 5/19/2014 2.00 MB 3.0.0.10

eBay eBay, Inc 11/4/2014 1.6.0.34

Snapfish HP Inc. 5/4/2016 5.5.0.8 (Keep if you intentionally downloaded this recently...)

Sophos Virus Removal Tool Sophos Limited 6/6/2015 123 MB 2.5.4

WildTangent Games WildTangent 3/7/2014 1.0.4.0


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#10 MML

MML
  • Topic Starter

  • Members
  • 240 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 05 May 2016 - 11:22 PM

I'm going to keep AIM, as it gets used regularly from this computer.  Deleted everything else - is the Snapfish discovery important at all?  I think it came with the HP printer we bought last year (which refuses to route remotely through this laptop, but that's another subject).  The last thing Dlded  onto the computer outside of CC Cleaner was an e-reader from Adobe a couple of days ago - from Adobe's website, so I know the DL was legal and verified.

 

I'm super serious about doing anti-rootkit scans on all my computers after learning a big old personal experience lesson re that.  Already had those detection points checked and ran a Kaspersky Rootkit check through both the VP and their stand-alone tool along with a MAB anti-rootkit search (in fact I employ the auto scan option through my VP); nothing got quarantined or popped up - here's the log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 5/5/2016
Scan Time: 10:57 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.05.05.05
Rootkit Database: v2016.04.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Owner
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 343546
Time Elapsed: 1 hr, 20 min, 17 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

ETA: there is indeed an Open Candy in the quarantine but it's from back in July!



#11 buddy215

buddy215

  • BC Advisor
  • 12,139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:33 AM

Posted 06 May 2016 - 04:52 AM

The install date for Snapfish is given as 5/ 4/ 2016....that's the reason I asked about it.

 

If you couldn't remove the .dll while in Safe Mode I wouldn't be concerned about that since you have blocked

Open Candy from calling home and the rest of it is history.

 

The chances of HP issuing an update for a 2 year old comp is not likely.

 

I'd say you are good to go....


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#12 MML

MML
  • Topic Starter

  • Members
  • 240 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 06 May 2016 - 04:27 PM

Oh phew!   That is good to hear -  and I imagine that it's showing up in the application control section because it stored the program's rules (CC Cleaner's rules are still there even though I uninstalled it for instance).   

 

I think my printer software might have auto-updated when I ran an HP software update, so that's a possible source for it.  I uninstalled Snapfish anyway, since I don't really use it.

 

Thank you!  I'll be giving this back to my father tomorrow!



#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,953 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:33 AM

Posted 06 May 2016 - 04:59 PM

For future reference, you may want to read my explanation in regards to OpenCandy in this topic.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 MML

MML
  • Topic Starter

  • Members
  • 240 posts
  • OFFLINE
  •  
  • Local time:06:33 AM

Posted 06 May 2016 - 07:45 PM

Thank you so much!!



#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,953 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:33 AM

Posted 06 May 2016 - 07:48 PM

Not a problem.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users