Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I fell for a Creative Solutions scam and I feel stupid. Please help.


  • Please log in to reply
39 replies to this topic

#1 HelpIGotScammed

HelpIGotScammed

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southern California, USA
  • Local time:08:23 AM

Posted 22 June 2014 - 12:35 AM

Just today I got a call from someone named "Mike Anderson" (He gave a number claiming to be "Windows Tech Support" and he preyed on my lack of technical expertise. I feel like a freaking moron!

 

I am on the computer this happened to and do not have access to any other machines in order to download or transfer software. It runs Windows Vista Home Premium 32bit. I've had this computer very a very long time, and I feel so dumb that I fell for this! I thought stuff like this came in emails, not the phone! I don't even know how he got my number!

 

Anyway---

 

He connected to my PC using an Ammyy program and brought up a whole bunch of scary stuff. I told him "wait, I have McAfee, it blocks anything that doesn't belong. I also use Malwarebytes and it's done great for me."

 

The guy told me it's hackers, not a virus, and McAfee is useless, and proceeded to uninstall McAfee and my iObit defragmenter! He then installed CCleaner (I don't dare touch it). He had control of my PC and had me log into my email to send emails to a bunch of email addresses(he added them to my contact list).

 

I don't dare change any passwords until I'm sure there isn't anything still on this computer that can see what I change it to.

 

My Windows firewall is disabled and can't be reenabled. I tried to update Malwarebytes, but it failed and my computer rebooted itself. I went right to the malwarebytes site, downloaded and installed it without a problem. I ran in regular mode since I'm afraid to reboot in safe mode, but the scan picked up nothing. 

 

I'm going to go through the steps listed in another post and hopefully find out whether I'm safe to restore McAfee or even run a system restore.

 

 

First -

Download Screen317 Security Check and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so.

 

Next -

Please download MiniToolBox to Desktop and run it.
Checkmark following boxes:

* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

 

Next -

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

* Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

NOTE - If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.
NOTE. rKill.txt log will also be present on your desktop.

 

 

Last -

Please download Junkware Removal Tool by thisisu and save it to your Desktop.
* Close all open programs and shut down any protection/security software now to avoid potential conflicts.
* Double-click on JRT.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* The tool will open and start scanning your system.
* Please be patient as this can take a while to complete depending on your system's specifications.
* On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
* Copy and paste the contents of JRT.txt in your next reply.
This tool will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons, browser helper objects (BHOs) and other junkware to include many related registry entries (values, keys).

 

Please advise! Also, again, be aware that I am using the PC this happened on and I'm afraid to reboot it again and have it not start at all. I can't disconnect my router from the internet without cutting off the telephones as well(Time Warner).

 

The only other option for internet access in the house is my mother's iPad.

 

I feel like such a fool. This person sounded genuine and UGH! I'm crying and glad I have my vital stuff backed up, but I really don't want to lose everything!



BC AdBot (Login to Remove)

 


#2 HelpIGotScammed

HelpIGotScammed
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southern California, USA
  • Local time:08:23 AM

Posted 22 June 2014 - 12:52 AM

There is no edit function, oops! I forgot to mention that I will not run any software that will alter anything until advised. I'm working on using tools that scan things so I will have logs available if I am asked to post them in the log forum.



#3 HelpIGotScammed

HelpIGotScammed
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southern California, USA
  • Local time:08:23 AM

Posted 22 June 2014 - 12:57 AM

Post 3, sorry! I was able to reactivate my Windows firewall, but am still working on logs for when asked to present them. (I'm sorry for the repeated posts!)



#4 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:23 AM

Posted 22 June 2014 - 01:16 AM

G'day Help!GotScammed, and :welcome:  to BC !

We learn by experience !

 

The email addresses he inserted have me curious.....can you copy and paste them here please ?

AND......change your email account password NOW

 

1. Uninstall AMMYY from programs and features.

 

2.Please download MiniToolBox   to desktop and run it.
Checkmark the following boxes:

* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

 

3. Please download AdwCleaner by Xplode and save to your Desktop.
NOTE : Please close or save all work, as the computer will be Rebooted
Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
Click on the Scan button. (only once)
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
If you see any which you do not want removed, remove the check mark next to it.
Next: Click on the Clean button (only once) to remove the selected items.
You will receive a message telling you that all programs will be close so that the infections can be removed.
Click on OK, and then OK again to confirm the reboot.
When cleaning process is complete a log (AdwCleaner[S0].txt ) of what was removed will be on your desktop.
Please copy and the paste this log in your next post.

 

A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

4. Please download  Junkware Removal Tool to your desktop.

    Shut down your protection software now to avoid potential conflicts.
    Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message.


Edited by Condobloke, 22 June 2014 - 01:27 AM.

Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#5 HelpIGotScammed

HelpIGotScammed
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southern California, USA
  • Local time:08:23 AM

Posted 22 June 2014 - 01:38 AM

Oh NOW I find the edit tool! Okay anyhow, ETA I can't find AMMYY in the programs and features. I can find it if I search the computer, but I'm not sure if I can safely delete it. The "security" says "This file came from another computer and might be blocked to help protect this computer" and the button has "unblock" on it. (I don't dare touch it.)

 

ETA 2: I went through and denied all its permissions.

 

EMAILS BELOW.

 

Here you go.  This is all the more upsetting as it's happening when I'm about to be busy most of tomorrow. Here are the emails. Sorry if this is messy, the quote feature is being weird to me.
SERVICE EXTENSION MAIL
 
Today at 6:27 PM
HI,
ACCORDING TO THE AGREEMENT I WILL BE GETTING THE SERVICES FOR 2 YEARS..

REGARDS
Dxxxx H***** (mom's name)
I.P.-xx8.xx5.6x.7
 
PAYMENT AUTHORIZATION MAIL
HI,
I  Dxxxx H*****(xxx-xxx-xxxx) am authorizing payment of USD 199 to Ultimate(cc42) through my Visa/Master Card with last 4 digits (XXXX-XXXX-XXXX-xxxx) to avail technical support services for one year on my computer on 22/06/2014 willingly after being satisfied with my interaction with the company..

I understand Ultimate is an independent software service provider not associated with Microsoft,Dell,Norton,Mcafee,any ISP provider or with any other software or hardware manufacturer or reseller.

REGARDS
Dxxxx H*****
I.P.-xx8.xx5.x8.7
 
FEEDBACK CONFIRMATION MAIL
 
HI,
INTERACTION WAS FINE..THANKS FOR THE HELP..

REGARDS
Dxxxx H*****
I.P.-xx8.x5.x8.7

 

The guy on the phone claimed he was from "Windows Tech Support" and the number is 1 720 262 4764. He  claimed I would get a call back on Monday sometime, supposedly.

 

Working on the tools you suggested!

Mod Edit:  Removed names/phone number data - Hamluis.


Edited by hamluis, 22 June 2014 - 07:00 AM.


#6 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:23 AM

Posted 22 June 2014 - 01:40 AM

  • Change the passwords or PINs on all your online accounts that you think might be compromised.

  •  

  • Place a fraud alert on your credit reports. Check with your bank or financial advisor if you're not sure how to do this.

  •  

  • Contact the bank or the online merchant directly. Do not follow the link in the fraudulent email message.

  •  

  • If you know of any accounts that were accessed or opened fraudulently, close those accounts.

  •  

  • Routinely review your bank and credit card statements monthly for unexplained charges or inquiries that you didn't


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#7 HelpIGotScammed

HelpIGotScammed
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southern California, USA
  • Local time:08:23 AM

Posted 22 June 2014 - 01:47 AM

Oops, I was editing as you posted, so please reread my post above yours. Sorry! I'm in the USA, California, it's almost midnight here right now, but my mom is fully intent on taking care of the bank ASAP. I'm really afraid to change passwords until I know nothing is being keylogged.

 

Still working on scans!

 

ETA: I did change my email password. I'll change it again when I'm sure my PC is clean.


Edited by HelpIGotScammed, 22 June 2014 - 01:53 AM.


#8 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:23 AM

Posted 22 June 2014 - 01:56 AM

When you get a chance.....look carefully in programs and features for any programs there that you don't recognize.

 

I will also look here......one of the scans gives me a list of installed programs

 

yes...i agree with your mum.....the bank is a high priority.


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#9 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:23 AM

Posted 22 June 2014 - 02:05 AM

and.....when you have finished with scans.....

 

http://www.bleepingcomputer.com/download/revo-uninstaller/

 

Download and install Revo uninstaller....the FREE version

 

When installed.....use it to Uninstall AMMYY

 

This program will take care of it.

 

 


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#10 HelpIGotScammed

HelpIGotScammed
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southern California, USA
  • Local time:08:23 AM

Posted 22 June 2014 - 02:10 AM

Working on the scan. I'm not a technical person, so I'm not sure what is actually safe to delete and what isn't. The largest part of what came up on the scan(not removal yet) is registry items. Should I post the log I have so I can get some idea on what I can safely delete?

 

I'm so sorry if I'm slowing you down. I don't want to accidentally delete something my computer might need to run.



#11 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:23 AM

Posted 22 June 2014 - 02:17 AM

All is good here....I am in no hurry at all.

 

Any items found by AdwCleaner when you select Clean......the pc will be rebooted to finalize the cleaning process.

 

You can trust AdwCleaner not to select anything that will harm your PC.

 

We use it all day every day and havn't had a fatality yet.

 

However....you can certainly copy and paste the log here and i will look it over for you.


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#12 HelpIGotScammed

HelpIGotScammed
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southern California, USA
  • Local time:08:23 AM

Posted 22 June 2014 - 02:20 AM

Thanks. <3 Here is a log. Nothing has been removed yet. 

 

 

# AdwCleaner v3.212 - Report created 22/06/2014 at 00:00:09
# Updated 05/06/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium  (32 bits)
# Username : Cyndi - CYNDI-PC
# Running from : C:\Users\Cyndi\Downloads\BLARG\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : APNMCP
Service Found : Viewpoint Manager Service
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Cyndi\AppData\Roaming\Mozilla\Firefox\Profiles\ylhgda3f.default\user.js
Folder Found : C:\Program Files\AskPartnerNetwork
Folder Found : C:\Program Files\Viewpoint
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\AskPartnerNetwork
Folder Found : C:\ProgramData\Viewpoint
Folder Found : C:\Users\Cyndi\AppData\Roaming\Mozilla\Firefox\Profiles\ylhgda3f.default\Extensions\{11b496ea-481a-11dc-8314-0800200c9a66}
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AskPartnerNetwork
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\Zugo
Key Found : HKLM\Software\AskPartnerNetwork
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\Viewpoint
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v7.0.6000.17037
 
 
-\\ Mozilla Firefox v25.0 (en-US)
 
[ File : C:\Users\Cyndi\AppData\Roaming\Mozilla\Firefox\Profiles\ylhgda3f.default\prefs.js ]
 
Line Found : user_pref("extensions.TrafficLightSettings.ph_white", "thecrims.com\r\nhattrick.org\r\nraiffeisenonline.ro\r\nbrd-net.ro\r\ningonline.ro\r\nbancpost.ro\r\nbtrl.ro\r\ncrediteurope.ro\r\nalphabank.ro\r\[...]
Line Found : user_pref("extensions.proxytool.referers", "www.google.com,google.com,yahoo.com,bing.com,ask.com,currate.com,alwaysmath.com,facebook.com,twitter.com,craigslist.org");
Line Found : user_pref("extensions.rdr.whitelist", "abp:// ed2k:// file:// web.archive.org babelfish.altavista.com hxxp://*.*.*.*/translate_c? jigsaw.w3.org validator.w3.org .contentquality.com/mynewtester/*.exe? [...]
Line Found : user_pref("extensions.trustmyweb.addons.firefox@hotmail.com.install-event-fired", true);
Line Found : user_pref("livejournal_addons.ljaddLastViewed", "tf_twofates:%20Drabble%20fic:%20Belong%0Bhxxp://community.livejournal.com/tf_twofates/12172.html?format=light&view=flat&page=1000000%0CWhen%20Fates%20C[...]
 
-\\ Google Chrome v
 
[ File : C:\Users\Cyndi\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5207 octets] - [21/06/2014 23:54:59]
AdwCleaner[R1].txt - [5127 octets] - [22/06/2014 00:00:09]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [5187 octets] ##########


#13 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:23 AM

Posted 22 June 2014 - 02:27 AM

Hit CLEAN, and allow the reboot

 

Lots of toolbars, browser helper objects, media player,

and the associated reg entries that go with it all


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#14 HelpIGotScammed

HelpIGotScammed
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Southern California, USA
  • Local time:08:23 AM

Posted 22 June 2014 - 02:54 AM

ADW log after cleaning. Will now do Junk Removal.

 

# AdwCleaner v3.212 - Report created 22/06/2014 at 00:42:35
# Updated 05/06/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium  (32 bits)
# Username : Cyndi - CYNDI-PC
# Running from : C:\Users\Cyndi\Downloads\BLARG\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : APNMCP
[#] Service Deleted : Viewpoint Manager Service
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Program Files\AskPartnerNetwork
Folder Deleted : C:\Program Files\Viewpoint
[x] Not Deleted : C:\Users\Cyndi\AppData\Roaming\Mozilla\Firefox\Profiles\ylhgda3f.default\Extensions\{11b496ea-481a-11dc-8314-0800200c9a66}
[x] Not Deleted : C:\Users\Cyndi\AppData\Roaming\Mozilla\Firefox\Profiles\ylhgda3f.default\user.js
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\Software\AskPartnerNetwork
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v7.0.6000.17037
 
 
-\\ Mozilla Firefox v25.0 (en-US)
 
[ File : C:\Users\Cyndi\AppData\Roaming\Mozilla\Firefox\Profiles\ylhgda3f.default\prefs.js ]
 
Line Deleted : user_pref("extensions.TrafficLightSettings.ph_white", "thecrims.com\r\nhattrick.org\r\nraiffeisenonline.ro\r\nbrd-net.ro\r\ningonline.ro\r\nbancpost.ro\r\nbtrl.ro\r\ncrediteurope.ro\r\nalphabank.ro\r\[...]
Line Deleted : user_pref("extensions.proxytool.referers", "www.google.com,google.com,yahoo.com,bing.com,ask.com,currate.com,alwaysmath.com,facebook.com,twitter.com,craigslist.org");
Line Deleted : user_pref("extensions.rdr.whitelist", "abp:// ed2k:// file:// web.archive.org babelfish.altavista.com hxxp://*.*.*.*/translate_c? jigsaw.w3.org validator.w3.org .contentquality.com/mynewtester/*.exe? [...]
Line Deleted : user_pref("extensions.trustmyweb.addons.firefox@hotmail.com.install-event-fired", true);
Line Deleted : user_pref("livejournal_addons.ljaddLastViewed", "tf_twofates:%20Drabble%20fic:%20Belong%0Bhxxp://community.livejournal.com/tf_twofates/12172.html?format=light&view=flat&page=1000000%0CWhen%20Fates%20C[...]
 
-\\ Google Chrome v
 
[ File : C:\Users\Cyndi\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [5207 octets] - [21/06/2014 23:54:59]
AdwCleaner[R1].txt - [5267 octets] - [22/06/2014 00:00:09]
AdwCleaner[S0].txt - [5442 octets] - [22/06/2014 00:42:35]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5502 octets] ##########


#15 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:23 AM

Posted 22 June 2014 - 02:56 AM

Don't forget MiniToolBox 


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users