Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Triage after likely BSOD scam


  • Please log in to reply
8 replies to this topic

#1 Jen526

Jen526

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 26 April 2016 - 05:16 PM

My parents recently were encountering frequent BSOD events where the blue screen text gave them an 800-number to call "Microsoft" to fix the problem.  They got suckered, and paid $100 for someone to access their computer and "fix" the problem, with a guarantee of no problems for a month.  The "tech support" person was on their computer for an hour, doing who knows what.   I'm just finding out about this a week later.

 

They don't seem to be encountering any blatant problems since the "fix", but I'd like to get some sense of whether they've added more malware that will conveniently require another payment in another month.

 

I've run a Malware Bytes check and it came up clean, but I'd welcome any other suggestions for checking, to give them some peace of mind going forward.

 

(And, sorry, I left off system info:  Windows 7)


Edited by Jen526, 26 April 2016 - 05:23 PM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,876 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:40 AM

Posted 26 April 2016 - 07:27 PM

There may be an email from the criminals. Look in the Sent folder for an email the criminal sent to himself, too.

 

I suggest you cancel the credit card if that was what was used to pay the criminals.

It wouldn't hurt to protest the charge. I'm sure you won't be the first to do that.....or the last.

 

There may still be evidence of the remote program used by the criminal. There may be some useless/ risky 'security' program installed

on the computer....some of the criminals install those and charge extra for that.

 

Suggest you run the programs below to start the cleanup. Post the results except for CCleaner.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 


Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

Edited by buddy215, 26 April 2016 - 07:38 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 Jen526

Jen526
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 04 May 2016 - 04:48 PM

Sorry for delayed response.  Here are the log results:

 

ADW CLEANER

======================================================

# AdwCleaner v5.115 - Logfile created 04/05/2016 at 17:29:10
# Updated 01/05/2016 by Xplode
# Database : 2016-05-04.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Jim - JIM-PC
# Running from : C:\Users\Jim\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : swdumon

***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Public\Documents\Downloaded Installers
[-] Folder Deleted : C:\Users\Jim\AppData\Local\iac
[-] Folder Deleted : C:\Users\Jim\AppData\LocalLow\iac
[-] Folder Deleted : C:\Users\Jim\AppData\Roaming\iWin

***** [ Files ] *****

[-] File Deleted : C:\Windows\SysNative\drivers\swdumon.sys

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1454 bytes] - [04/05/2016 17:29:10]
C:\AdwCleaner\AdwCleaner[S1].txt - [1546 bytes] - [04/05/2016 17:27:18]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1600 bytes] ##########

 

===========================================================

JRT:

===========================================================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Home Premium x64
Ran by Jim (Administrator) on Wed 05/04/2016 at 17:34:49.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 30

Successfully deleted: C:\Users\Jim\AppData\Local\{20CD6E71-DE99-4FDD-A49C-DE2107D8CC1C} (Empty Folder)
Successfully deleted: C:\Users\Jim\AppData\Local\{33B672F7-E8DD-4662-B709-50359F71F3F8} (Empty Folder)
Successfully deleted: C:\Users\Jim\AppData\Local\{D1DE143C-01F0-47C5-9A27-DCC3B688B5C3} (Empty Folder)
Successfully deleted: C:\Windows\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\Windows\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
Successfully deleted: C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2VDMQZ22 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7RX55GLN (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AIVLVZ4E (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DYGTAZCK (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HD3E8JQI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOP36HGV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R4S3HAI6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SP2UYK87 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\prefetch\FREECELL.EXE-1723859A.pf (File)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2VDMQZ22 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7RX55GLN (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AIVLVZ4E (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DYGTAZCK (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HD3E8JQI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOP36HGV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R4S3HAI6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SP2UYK87 (Temporary Internet Files Folder)

 

Registry: 3

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CB5F5E59-62C5-46CC-8519-0BAF535DB4F5} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 05/04/2016 at 17:37:48.49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#4 buddy215

buddy215

  • BC Advisor
  • 12,876 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:40 AM

Posted 04 May 2016 - 06:20 PM

Were you able to successfully refute the CC charge? Just curious....

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 Jen526

Jen526
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 05 May 2016 - 04:28 PM

Thanks.  My dad opted not to pursue contesting the charge, and I haven't been able to be as accessible for him to really push on it.

 

I did find the confirmation email in his mailbox, which was signed as being from www.pcsupportwizard.com

 

===========

STARTUP

===========

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKLM:Run AccuWeatherWidget  "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
Yes HKLM:Run Adobe Reader Speed Launcher Adobe Systems Incorporated "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
Yes HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Yes HKLM:Run AVG_UI AVG Technologies CZ, s.r.o. "C:\Program Files (x86)\AVG\Av\avuirunnerx.exe" C:\Program Files (x86)\AVG\Av\avgui.exe
Yes HKLM:Run AvgUi AVG Technologies CZ, s.r.o. "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw
Yes HKLM:Run Broadcom Wireless Manager UI Dell Inc. C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
Yes HKLM:Run Dell DataSafe Online Dell, Inc. C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
Yes HKLM:Run Dell Webcam Central Creative Technology Ltd "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
Yes HKLM:Run DellStage Unlimited Realities "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
Yes HKLM:Run ETDCtrl ELAN Microelectronics Corp. %ProgramFiles%\Elantech\ETDCtrl.exe
Yes HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
Yes HKLM:Run IAStorIcon Intel Corporation C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
Yes HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
Yes HKLM:Run MSC Microsoft Corporation "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
Yes HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
Yes HKLM:Run QuickSet Dell Inc. c:\Program Files\Dell\QuickSet\QuickSet.exe
Yes HKLM:Run SmartAudio Conexant Systems, Inc. C:\Program Files\CONEXANT\SA3\SACpl.exe /sa3 /nv:3.0 /dne /s
Yes HKLM:Run Stage Remote ArcSoft, Inc. C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
Yes HKLM:Run USB3MON Intel Corporation "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
Yes Startup Common Bluetooth.lnk Broadcom Corporation. C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

 

==================

SCHEDULED TASKS

==================

Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task Adobe Flash Player Updater Adobe Systems Incorporated C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task Dell SupportAssistAgent AutoUpdate Dell Inc. C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe AutoUpdate
Yes Task PCDDataUploadTask  "uaclauncher.exe" -lloc dataupload --ignoresecondarysplash --runsilently --skipidlewait
Yes Task PCDEventLauncherTask PC-Doctor, Inc. "C:\Program Files\Dell\SupportAssist\sessionchecker.exe"
Yes Task SystemToolsDailyTest  "uaclauncher.exe" -silentenumeration -st SystemToolsDailyTest --ignoresecondarysplash --runsilently

 

=============================

UNINSTALL

=============================

 

Accidental Damage Services Agreement Dell Inc. 5/25/2012  2.0.0
Adblock Plus for IE (32-bit and 64-bit) Eyeo GmbH 4/13/2016 7.08 MB 1.5
Adobe AIR Adobe Systems Incorporated 5/25/2012  2.6.0.19120
Adobe Flash Player 21 ActiveX Adobe Systems Incorporated 4/8/2016 5.09 MB 21.0.0.213
Adobe Reader X (10.1.16) MUI Adobe Systems Incorporated 10/22/2015 481 MB 10.1.16
Advanced Audio FX Engine Creative Technology Ltd 5/25/2012  1.12.05
Apple Application Support (32-bit) Apple Inc. 3/22/2016 117 MB 4.3
Apple Application Support (64-bit) Apple Inc. 3/22/2016 131 MB 4.3
Apple Mobile Device Support Apple Inc. 3/22/2016 28.5 MB 9.3.0.15
Apple Software Update Apple Inc. 3/21/2016 2.69 MB 2.2.0.150
AVG Protection AVG Technologies 5/4/2016  2016.71.7596
Banctec Service Agreement Dell Inc. 5/25/2012  2.0.0
Blio K-NFB Reading Technology, Inc. 5/25/2012 65.7 MB 2.3.7140
Bonjour Apple Inc. 9/20/2015 2.01 MB 3.1.0.1
CCleaner Piriform 5/5/2016  5.17
Complete Care Business Service Agreement Dell Inc. 5/25/2012  2.0.0
Conexant SmartAudio HD Conexant 5/25/2012  8.54.29.0
Consumer In-Home Service Agreement Dell Inc. 5/25/2012  2.0.0
Cozi Cozi Group, Inc. 5/25/2012 4.00 KB 1.0.6505.38692
Dell Data Vault  5/25/2012  
Dell DataSafe Local Backup Dell Inc. 5/25/2012  9.4.67
Dell DataSafe Local Backup - Support Software Dell Inc. 5/25/2012  9.4.67
Dell DataSafe Online Dell 5/25/2012 6.46 MB 2.1.19634
Dell Getting Started Guide Dell Inc. 5/25/2012  1.00.0000
Dell Home Systems Service Agreement Dell Inc. 5/25/2012  2.0.0
Dell MusicStage Fingertapps 5/25/2012  1.6.225.0
Dell PhotoStage ArcSoft 5/25/2012 165 MB 1.5.0.130
Dell Stage Fingertapps 5/25/2012  1.6.301.0
Dell Stage Remote ArcSoft 5/25/2012 80.8 MB 2.0.0.43
Dell SupportAssist Dell 3/26/2016 197 MB 1.2.6793.01
Dell SupportAssistAgent Dell 5/3/2016 18.3 MB 1.2.2.8
Dell Touchpad ELAN Microelectronic Corp. 6/12/2015  11.3.16.1
Dell Update Dell Inc. 8/30/2015 2.91 MB 1.7.1015.0
Dell VideoStage CyberLink Corp. 5/25/2012  1.3.0.2513
Dell Webcam Central Creative Technology Ltd 5/25/2012  2.00.44
DW WLAN Card Utility Dell Inc. 5/25/2012  6.20.55.49
iCloud Apple Inc. 2/22/2016 119 MB 5.1.0.34
Intel® Control Center Intel Corporation 12/23/2012  1.2.1.1007
Intel® Management Engine Components Intel Corporation 12/23/2012  8.0.1.1399
Intel® Processor Graphics Intel Corporation 12/23/2012  8.15.10.2626
Intel® Rapid Storage Technology Intel Corporation 12/23/2012  11.0.0.1032
Intel® USB 3.0 eXtensible Host Controller Driver Intel Corporation 12/23/2012  1.0.3.214
Intel® Trusted Connect Service Client Intel Corporation 5/25/2012 10.6 MB 1.23.219.2
iTunes Apple Inc. 3/22/2016 215 MB 12.3.3.17
Malwarebytes Anti-Malware version 2.2.1.1043 Malwarebytes 4/26/2016 66.8 MB 2.2.1.1043
Microsoft .NET Framework 4.5.1 Microsoft Corporation 2/10/2014 38.8 MB 4.5.50938
Microsoft Mouse and Keyboard Center Microsoft Corporation 12/16/2014  2.3.188.0
Microsoft Office Home and Business 2010 Microsoft Corporation 11/5/2013  14.0.7015.1000
Microsoft Security Essentials Microsoft Corporation 2/24/2016  4.9.218.0
Microsoft Silverlight Microsoft Corporation 1/13/2016 547 MB 5.1.41212.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 5/25/2012 1.69 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 1/6/2013 298 KB 8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 5/25/2012 708 KB 8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 5/25/2012 788 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 1/6/2013 788 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 5/25/2012 608 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 5/25/2012 230 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 5/25/2012 596 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 1/6/2013 600 KB 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 2/12/2015 13.8 MB 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 2/12/2015 11.1 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 1/13/2016 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 1/14/2016 17.3 MB 11.0.61030.0
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 2/12/2015  10.0.50903
PlayReady PC Runtime x86 Microsoft Corporation 5/25/2012 1.65 MB 1.3.0
Premium Service Agreement Dell Inc. 5/25/2012  2.0.0
QualxServ Service Agreement Dell Inc. 5/25/2012  2.0.0
Quickset64 Dell Inc. 5/25/2012  10.14.010
QuickTime 7 Apple Inc. 2/22/2016 69.1 MB 7.79.80.95
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 5/25/2012  6.1.7601.39019
Skype™ 6.11 Skype Technologies S.A. 3/4/2014 26.9 MB 6.11.102
Visual Studio 2012 x64 Redistributables AVG Technologies 5/4/2016 1.89 MB 14.0.0.1
Visual Studio 2012 x86 Redistributables AVG Technologies CZ, s.r.o. 5/4/2016 1.69 MB 14.0.0.1
WIDCOMM Bluetooth Software Broadcom Corporation 5/25/2012 289 MB 6.5.1.2300
WildTangent Games WildTangent 5/25/2012  1.0.2.5
WildTangent Games WildTangent 1/6/2013  1.0.4.0
Windows Live Essentials Microsoft Corporation 5/25/2012  15.4.3508.1109
Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 5/25/2012 5.57 MB 15.4.5722.2
Zinio Reader 4 Zinio LLC 5/25/2012  4.2.4164


 



#6 buddy215

buddy215

  • BC Advisor
  • 12,876 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:40 AM

Posted 05 May 2016 - 06:40 PM

Too bad he doesn't want to pursue it...remind him that it is a criminal operation and they have his CC info. They will likely

try to charge him again. I was wondering who installed the SlimWare utilities...if it was he or the criminals.

 

Disable these Windows Startups: Use CCleaner by clicking on each item and then choose Disable on the right.

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKLM:Run AccuWeatherWidget  "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
Yes HKLM:Run Adobe Reader Speed Launcher Adobe Systems Incorporated "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
Yes HKLM:Run APSDaemon Apple Inc. "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

Yes HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
Yes HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"

 

Disable these Scheduled Tasks: Use CCleaner by clicking on each item and then choose Disable on the right.

Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task Dell SupportAssistAgent AutoUpdate Dell Inc. C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe AutoUpdate
Yes Task PCDDataUploadTask  "uaclauncher.exe" -lloc dataupload --ignoresecondarysplash --runsilently --skipidlewait
Yes Task PCDEventLauncherTask PC-Doctor, Inc. "C:\Program Files\Dell\SupportAssist\sessionchecker.exe"
Yes Task SystemToolsDailyTest  "uaclauncher.exe" -silentenumeration -st SystemToolsDailyTest --ignoresecondarysplash --runsilently

 

Suggest uninstalling these programs:

Adobe AIR Adobe Systems Incorporated 5/25/2012  2.6.0.19120

WildTangent Games WildTangent 5/25/2012  1.0.2.5
WildTangent Games WildTangent 1/6/2013  1.0.4.0

 

Note that Apple has ended support of QuickTime for Windows. You should uninstall...especially if you don't use it.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#7 Jen526

Jen526
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 07 May 2016 - 05:18 PM

I'm not sure about the Slimware Utilities, but I'm pretty from the install dates that the AdBlocker Plus that I see on the install list was put there by the scammers.

 

(Steps above done, except I didn't remove the games thing.  It came with the computer, and they use it.)



#8 buddy215

buddy215

  • BC Advisor
  • 12,876 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:40 AM

Posted 07 May 2016 - 05:25 PM

Adblock Plus is legit....I use it in Firefox. You can click on its Icon and choose filter preferences. Then uncheck Allow some non-intrusive advertisments.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#9 Jen526

Jen526
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 07 May 2016 - 05:29 PM

OK, thanks, good to know. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users