Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Granpa called tech scam number, they accessed his laptop


  • Please log in to reply
12 replies to this topic

#1 4on4off

4on4off

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:43 AM

Posted 25 November 2016 - 01:59 PM

Changed his email and banking access passwords. Been running scans but nothing severe detected. Does anyone have an opinion on the following security check results?

 

 Results of screen317's Security Check version 1.014 --- 12/23/15 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java™ 6 Update 17 
 Java version 32-bit out of Date!
 Adobe Reader 9 Adobe Reader out of Date!
 Google Chrome (54.0.2840.71)
 Google Chrome (54.0.2840.99)
 Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````
 



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,505 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:43 AM

Posted 25 November 2016 - 03:01 PM

Uninstall Java and Adobe Reader. Most don't need Java and if you need a pdf reader...use this one:  Free PDF Reader - Sumatra PDF

 

I don't see an antivirus or antispyware program installed.

 

If a credit card was used to pay these criminals..you should dispute the charges. Keep in mind that depending on how the CC was used the

criminals may have the number. If that is the case you should cancel the card.

 

Tell me what programs you scanned with.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


Edited by buddy215, 25 November 2016 - 03:02 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:43 AM

Posted 25 November 2016 - 03:55 PM

I don't see an antivirus or antispyware program installed.

I didn't see any either but thought it was odd that there was no warning about not being protected.

 

 

If a credit card was used to pay these criminals..you should dispute the charges. Keep in mind that depending on how the CC was used the

criminals may have the number. If that is the case you should cancel the card.

 

It is my understanding that he does not have a card and he was caught while on the phone while they were attempting to get him to pay 2 grand, His laptop was unplugged and shut down until I could bet to it. When I turned it on there was a window trying to connect using Logmein and it stated that he gave full access to his laptop. He has his banking set up with passwords remembered so we got his passwords changed for banking and email.

 

Tell me what programs you scanned with

 

I scanned with:

 

malware bytes antimalware

malware bytes anti rootkit

eset online scanner

rogue killer

adware cleaner

JRT

Sophos

 

Here is the three lists:

 

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run HPADVISOR Hewlett-Packard C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
Yes HKCU:Run LightScribe Control Panel Hewlett-Packard Company C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
No HKCU:Run MoneyAgent Microsoft Corporation "C:\Program Files (x86)\Microsoft Money\System\Money Express.exe"
No HKCU:Run msnmsgr Microsoft Corporation "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
No HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
Yes HKCU:Run swg Google Inc. "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
No HKCU:Run swg Google Inc. "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run Adobe Reader Speed Launcher Adobe Systems Incorporated "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Yes HKLM:Run Corel File Shell Monitor Corel Corporation C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
No HKLM:Run HP Software Update Hewlett-Packard C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
Yes HKLM:Run HPCam_Menu CyberLink Corp. "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
No HKLM:Run Microsoft Works Portfolio Microsoft® Corporation C:\Program Files (x86)\Microsoft Works\WksSb.exe /AllUsers
No HKLM:Run Microsoft Works Update Detection Microsoft® Corporation C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
No HKLM:Run MoneyStartUp10.0 Microsoft Corporation "C:\Program Files (x86)\Microsoft Money\System\Activation.exe"
No HKLM:Run NortonOnlineBackupReminder Symantec Corporation "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
Yes HKLM:Run QlbCtrl.exe  Hewlett-Packard Development Company, L.P. C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
No HKLM:Run QuickTime Task Apple Computer, Inc. "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
No HKLM:Run SmartMenu Hewlett-Packard Company C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
Yes HKLM:Run StartCCC Advanced Micro Devices, Inc. "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
No HKLM:Run SunJavaUpdateSched Sun Microsystems, Inc. "C:\Program Files\Java\jre6\bin\jusched.exe"
Yes HKLM:Run SynTPEnh Synaptics Incorporated %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Yes HKLM:Run SysTrayApp IDT, Inc. C:\Program Files\IDT\WDM\sttray64.exe
No HKLM:Run UpdatePRCShortCut CyberLink Corp. "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
Yes HKLM:Run WirelessAssistant Hewlett-Packard Company C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
No HKLM:Run WorksFUD Microsoft® Corporation C:\Program Files (x86)\Microsoft Works\wkfud.exe
Yes Startup Common HP Digital Imaging Monitor.lnk Hewlett-Packard Co. C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
Yes Startup Common Microsoft Office.lnk Microsoft Corporation C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE

 

 

 

Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

 

 

 

 

Acrobat.com Adobe Systems Incorporated 8/14/2009 1.60 MB 1.6.65
Activate Norton Online Backup Symantec 8/14/2009 1.73 MB 1.1.20.0
Adobe AIR Adobe Systems Inc. 12/20/2009  1.5.3.9120
Adobe Flash Player 15 ActiveX Adobe Systems Incorporated 12/3/2014 6.00 MB 15.0.0.189
Adobe Reader 9.5.0 Adobe Systems Incorporated 2/19/2012 103 MB 9.5.0
AMD USB Filter Driver Advanced Micro Devices, Inc. 11/6/2009 56.0 KB 1.0.10.84
Atheros Driver Installation Program Atheros 6/10/2010  9.0
ATI Catalyst Install Manager ATI Technologies, Inc. 11/6/2009 18.2 MB 3.0.732.0
Bing Bar Microsoft Corporation 10/15/2011 26.7 MB 7.0.822.0
CCleaner Piriform 11/25/2016  5.24
Cisco EAP-FAST Module Cisco Systems, Inc. 6/10/2010 1.55 MB 2.2.14
Cisco LEAP Module Cisco Systems, Inc. 6/10/2010 644 KB 1.0.19
Cisco PEAP Module Cisco Systems, Inc. 6/10/2010 1.23 MB 1.1.6
Compatibility Pack for the 2007 Office system Microsoft Corporation 11/10/2016 674 MB 12.0.6612.1000
Corel Paint Shop Pro Photo X2 Corel Corporation 11/6/2009 380 MB 12.50.0001
Corel VideoStudio 12 Corel Corporation 11/6/2009 1.01 GB 12.0.0.0000
Coupon Printer for Windows Coupons.com Incorporated 9/14/2010  5.0.0.0
CyberLink DVD Suite CyberLink Corp. 8/14/2009 17.4 MB 6.0.3101
Dell ResourceCD  11/28/2009  
ENE CIR Receiver Driver ENE 11/6/2009  2.7.4.0
Google Chrome Google Inc. 12/12/2010  54.0.2840.99
Google Toolbar for Internet Explorer Google Inc. 5/10/2016  7.5.7619.1252
Homepage Protection AOL Products 11/6/2009 812 MB 
HP 3D DriveGuard Hewlett-Packard 11/6/2009 3.27 MB 4.0.3.1
HP Advisor Hewlett-Packard 4/11/2010 51.3 MB 3.2.9652.3188
HP Customer Participation Program 14.0 HP 9/14/2010  14.0
HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5 HP 9/14/2010  14.0
HP Games WildTangent 11/6/2009  1.0.0.71
HP Imaging Device Functions 14.0 HP 9/14/2010  14.0
HP Integrated Module with Bluetooth wireless technology Broadcom Corporation 11/6/2009 144 MB 6.2.0.9600
HP MediaSmart DVD Hewlett-Packard 11/6/2009 101 MB 3.0.3123
HP MediaSmart Internet TV Hewlett-Packard 11/6/2009 52.2 MB 3.0.1916
HP MediaSmart Live TV Hewlett-Packard 11/6/2009 77.6 MB 3.0.1924
HP MediaSmart Movie Themes Hewlett-Packard 11/6/2009 399 MB 3.0.3102
HP MediaSmart Music/Photo/Video Hewlett-Packard 11/6/2009 401 MB 3.0.3123
HP MediaSmart SlingPlayer Sling Media, Inc. 11/6/2009 70.8 MB 2.1.1.60
HP MediaSmart SmartMenu Hewlett-Packard 11/6/2009 1.85 MB 3.0.30.1
HP MediaSmart Software Notebook Demo Hewlett-Packard 11/6/2009 47.7 MB 1.00.0000
HP MediaSmart Webcam Hewlett-Packard 11/6/2009 81.7 MB 3.0.1913
HP Photo Creations HP Photo Creations Powered by RocketLife 9/14/2010 14.6 MB 1.0.0.2024
HP Photosmart 5510 series Basic Device Software Hewlett-Packard Co. 10/31/2011 155 MB 24.0.342.0
HP Photosmart 5510 series Help Hewlett Packard 10/31/2011 9.84 MB 140.0.2.2
HP Photosmart 5510 series Product Improvement Study Hewlett-Packard Co. 10/31/2011 8.28 MB 24.0.342.0
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 HP 12/1/2010  14.0
HP Quick Launch Buttons Hewlett-Packard 8/14/2009  6.50.3.1
HP Setup Hewlett-Packard 8/14/2009  1.2.3220.3079
HP Smart Web Printing 4.60 HP 9/14/2010  4.60
HP Solution Center 14.0 HP 9/14/2010  14.0
HP Support Assistant Hewlett-Packard Company 11/15/2012 91.4 MB 7.0.39.15
HP Update Hewlett-Packard 12/23/2011 3.98 MB 5.003.001.001
HP User Guides 0153 Hewlett-Packard 8/14/2009 177 MB 1.01.0000
HP Wireless Assistant Hewlett-Packard 6/10/2010 4.00 MB 3.50.11.2
IDT Audio IDT 11/6/2009  1.0.6225.0
Java™ 6 Update 14 (64-bit) Sun Microsystems, Inc. 8/15/2009 90.6 MB 6.0.140
Java™ 6 Update 17 Sun Microsystems, Inc. 8/15/2009 97.4 MB 6.0.170
LabelPrint CyberLink Corp. 8/14/2009 280 MB 2.5.1913
LightScribe System Software LightScribe 11/6/2009 22.5 MB 1.18.6.1
LSI HDA Modem LSI Corporation 11/6/2009 16.0 KB 2.1.94
Malwarebytes Anti-Malware version 2.2.1.1043 Malwarebytes 11/23/2016 66.8 MB 2.2.1.1043
Microsoft .NET Framework 4.6.1 Microsoft Corporation 11/10/2016 38.8 MB 4.6.01055
Microsoft Live Search Toolbar Microsoft Live Search Toolbar 11/6/2009  3.0.560.0
Microsoft Money 2002 Microsoft 3/21/2010 135 MB 10.0.50
Microsoft Money 2002 System Pack Microsoft 3/21/2010 6.33 MB 10.0.80
Microsoft Office File Validation Add-In Microsoft Corporation 7/10/2016 10.9 MB 14.0.5130.5003
Microsoft Office Home and Student 2007 Microsoft Corporation 3/22/2012  12.0.6612.1000
Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Corporation 11/10/2016 136 MB 12.0.6612.1000
Microsoft Office Suite Activation Assistant Microsoft Corporation 11/28/2009 8.36 MB 2.9
Microsoft Silverlight Microsoft Corporation 11/10/2016 646 MB 5.1.50901.0
Microsoft Streets and Trips 2002 Microsoft 3/21/2010 243 MB 9.00.17.0200
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Corporation 11/29/2009 260 KB 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 11/29/2009 252 KB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 6/16/2011 300 KB 8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 6/16/2011 572 KB 8.0.61000
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Corporation 4/13/2011 580 KB 8.0.51011
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 11/29/2009 200 KB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 4/13/2011 598 KB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 9/18/2011 782 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 9/20/2011 788 KB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 11/6/2009 596 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 6/16/2011 600 KB 9.0.30729.6161
Microsoft Word 2002 Microsoft Corporation 4/1/2013 165 MB 10.0.6626.0
Microsoft Works Microsoft Corporation 10/12/2012 1.21 GB 9.7.0621
Microsoft Works 2002 Setup Launcher  3/21/2010  
Microsoft Works 6-9 Converter Microsoft Corporation 4/16/2012 6.39 MB 9.7.0621
Microsoft Works 6.0 Microsoft Corporation 3/21/2010 65.1 MB 06.00.0000
Microsoft Works Suite Add-in for Microsoft Word Microsoft Corporation 11/28/2009 13.8 MB 2.0.0.0000
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 11/29/2009 1.27 MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 11/29/2009 1.33 MB 4.20.9876.0
Power2Go CyberLink Corp. 8/14/2009 199 MB 6.0.3101
PowerDirector CyberLink Corp. 8/14/2009 545 MB 7.0.3101
QuickTime Apple Computer, Inc. 11/6/2009 70.0 MB 7.1.3.100
Realtek 8136 8168 8169 Ethernet Driver Realtek 11/6/2009  1.00.0007
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 11/6/2009  6.1.7100.30094
Shop for HP Supplies HP 9/14/2010  14.0
Skype Toolbars  12/12/2010  
Skype™ 7.0 Skype Technologies S.A. 4/24/2015 47.9 MB 7.0.102
SlingBoxWatchYourTVAnyWhere Sling Media 11/6/2009 43.9 MB 2.1.1.58
Smilebox Smilebox, Inc. 12/3/2014 7.81 MB 1.0.0.28051
Synaptics Pointing Device Driver Synaptics Incorporated 3/27/2013 46.4 MB 15.3.29.0
Windows Live Essentials Microsoft Corporation 8/14/2009  14.0.8064.0206
Windows Live Sign-in Assistant Microsoft Corporation 8/14/2009 1.93 MB 5.000.818.5
Windows Live Upload Tool Microsoft Corporation 8/14/2009 224 KB 14.0.8014.1029
Windows Media Encoder 9 Series  11/6/2009  


 I will now run CC cleaner



#4 buddy215

buddy215

  • Moderator
  • 13,505 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:43 AM

Posted 25 November 2016 - 04:28 PM

Uninstall these programs:

Acrobat.com Adobe Systems Incorporated 8/14/2009 1.60 MB 1.6.65
Activate Norton Online Backup Symantec 8/14/2009 1.73 MB 1.1.20.0
Adobe AIR Adobe Systems Inc. 12/20/2009  1.5.3.9120
Adobe Flash Player 15 ActiveX Adobe Systems Incorporated 12/3/2014 6.00 MB 15.0.0.189 (Use Uninstall Flash Player for Windows )
Adobe Reader 9.5.0 Adobe Systems Incorporated 2/19/2012 103 MB 9.5.0

Bing Bar Microsoft Corporation 10/15/2011 26.7 MB 7.0.822.0

Coupon Printer for Windows Coupons.com Incorporated 9/14/2010  5.0.0.0

Google Toolbar for Internet Explorer Google Inc. 5/10/2016  7.5.7619.1252
Homepage Protection AOL Products 11/6/2009 812 MB

HP Advisor Hewlett-Packard 4/11/2010 51.3 MB 3.2.9652.3188
HP Customer Participation Program 14.0 HP 9/14/2010  14.0

HP Games WildTangent 11/6/2009  1.0.0.71

HP Photosmart 5510 series Product Improvement Study Hewlett-Packard Co. 10/31/2011 8.28 MB 24.0.342.0

Java™ 6 Update 14 (64-bit) Sun Microsystems, Inc. 8/15/2009 90.6 MB 6.0.140
Java™ 6 Update 17 Sun Microsystems, Inc. 8/15/2009 97.4 MB 6.0.170

Microsoft Live Search Toolbar Microsoft Live Search Toolbar 11/6/2009  3.0.560.0

QuickTime Apple Computer, Inc. 11/6/2009 70.0 MB 7.1.3.100

Shop for HP Supplies HP 9/14/2010  14.0
Skype Toolbars  12/12/2010

Windows Live Essentials Microsoft Corporation 8/14/2009  14.0.8064.0206

 

Suggest Disabling these Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Some of these startups may not exist after you do the uninstall of the programs above.

Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run HPADVISOR Hewlett-Packard C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW

Yes HKCU:Run swg Google Inc. "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

Yes HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes HKLM:Run Adobe Reader Speed Launcher Adobe Systems Incorporated "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

Yes HKLM:Run HPCam_Menu CyberLink Corp. "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"

Yes Startup Common Microsoft Office.lnk Microsoft Corporation C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE

 

Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)

Yes Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler


Edited by buddy215, 25 November 2016 - 04:28 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:43 AM

Posted 25 November 2016 - 04:59 PM

All suggested programs for removal are removed

All suggested starts up for disabling are disabled

All suggested tasks for disabling are disabled


Edited by 4on4off, 25 November 2016 - 05:00 PM.


#6 buddy215

buddy215

  • Moderator
  • 13,505 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:43 AM

Posted 25 November 2016 - 05:59 PM

I don't see that anything else needs to be done. You ran the scans that I would of recommended.

 

Emphasize to Granddad that NO legit company will call him to tell him there is a problem with his computer and popups with phone numbers in them

are ALL scams. If he sees another one of those he should close his browser and run CCleaner.

 

Two suggestions....if there is no ad blocker installed I suggest using Adblock Plus - Chrome Web Store  Once you have installed it click on the

ABP icon and choose Filter Preferences. UNcheck the box next to Allow some non-intrusive advertisements.

 

Block the install of third party cookies....aka...ad/ tracking cookies. Once blocked...run CCleaner to remove the ones presently installed.

How to disable third-party cookies in all major web browsers


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:43 AM

Posted 25 November 2016 - 06:08 PM

I alson installed MSE after looking to see all notifications were turned off which is why I never get a warning about protection.

 

I will consider the adblocker.

 

Thank you for your assistance.



#8 buddy215

buddy215

  • Moderator
  • 13,505 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:43 AM

Posted 25 November 2016 - 06:47 PM

You're welcome...


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:43 AM

Posted 27 November 2016 - 01:41 PM

One thing that concerns me. I couldn't find the Logmein app used to access his pc until I ran combofix. I know I am not suppose to run combofix without specific direction from an expert bit I ran it to see what I figured it would show recent installations.

 

I just removed the folder manually for LogMeIn but when I run combofix again it shows LogMeIn file created for todays date.

 

After I installed MSE, I noticed all notifications were turned off in the security for windows. They are on now, that is why there was no notice of no protection.


Edited by 4on4off, 27 November 2016 - 01:44 PM.


#10 buddy215

buddy215

  • Moderator
  • 13,505 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:43 AM

Posted 27 November 2016 - 05:16 PM

If you haven't deleted the LogMein folder from the Recycle Bin then put it back and see if you can uninstall it from the lists

of installed programs or use Download Revo Uninstaller Freeware  to uninstall it.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:43 AM

Posted 27 November 2016 - 05:19 PM

I emptied the recycle bin already. Also, the trouble finding it was the fact it didnt show up in the list of installed programs.



#12 buddy215

buddy215

  • Moderator
  • 13,505 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:43 AM

Posted 27 November 2016 - 05:23 PM

I did find a manual uninstall page....take a look at that. MANUAL UNINSTALL - LogMeIn Community


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 4on4off

4on4off
  • Topic Starter

  • Members
  • 402 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:43 AM

Posted 27 November 2016 - 05:26 PM

 Thank you. I will look it over






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users