Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

gave remote access


  • Please log in to reply
14 replies to this topic

#1 SUTTY4

SUTTY4

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 11 September 2017 - 09:13 AM

hi

i stupidly gave someone remote acess to my computer thinking they were from

gmail

luckily i changed my password before they could ransomware me but can someone check if everything is okay please



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:33 AM

Posted 11 September 2017 - 12:42 PM

Welcome to BC....

 

Were you able to see what files they accessed? For instance, passwords stored in the browsers.

 

How much time did the criminals have access?

 

Did they ask for a CC number or other method of payment and did you give that info?

 

Did the criminal install a security program to scan the commuter and is it still on the computer? The program is likely

a junky one that is known to report a lot false info.

 

They usually leave a program used to access the computer. I would suggest removing that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 SUTTY4

SUTTY4
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 11 September 2017 - 05:12 PM

they went into my email and got the 6 digit google rreset code for maybe 5minutes. didnt think no more until they mentioned £99 for a gmail

they said my account was comprimised and would have to pay to secure the account so making out they were helping me

 

they took off my 2 layer on my phone gmail and recovery email but as i told them i would call them back when i realised what was

happenig they didnt change my password so managed to change my password and recovery email. I realised it was a scam and bought more time byu saying would call them in 2 hours when i got the money, i never called back

 

no idea if they put anything on but i did allow this and got remote https://broker.gotoassist.com/joinFlow/sessionRate.tmpl?_sid=5703793%3AC902F2475ED872EEC162A164353D1C90&Action=rgoto&Portal=alivenetsolution&_sf=6

 

i need the email address to access my cell phone but is it safe now i have changed the password?  this was from india



#4 buddy215

buddy215

  • BC Advisor
  • 12,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:33 AM

Posted 11 September 2017 - 05:43 PM

If they called you then it is not likely they can charge your phone account. If there was any chance of them getting any banking passwords, shopping website passwords or

PayPal passwords...then I would suggest you change those passwords.

 

Other than that...I think you are good to go based on what you report as to the extent of their access.

 

If you saw one of the criminal's popups and clicked on that then you may have adware or malware. Is that what happened or did you get a "cold call" from the criminals?


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#5 SUTTY4

SUTTY4
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 11 September 2017 - 06:36 PM

no my phone company told me contact google customer and i googled it and it wasnt a real site they pretended to be google.

my anti virus link warned me when went onto check later but when clicked on it originally it didnt warn me

 

is there any way i can just run a check for anything on my pc please?



#6 buddy215

buddy215

  • BC Advisor
  • 12,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:33 AM

Posted 11 September 2017 - 07:17 PM

Did you call a premium phone number? I am very aware of all the criminals' counterfeit sites. It would be great if the Search providers such as

Google would identify and block them. Always go to the home page of businesses and then look for links to assistance. NEVER do a search such as

HELP WITH GMAIL or NEED HELP WITH WORD, etc.

 

You can use the programs below to clean, remove adware and remove malware. Though I doubt the criminals installed any, it would be a good idea

to use them if you haven't done so recently.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Malwarebytes - Clean Mode

  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

If you are unable to run a scan using MBAM:

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.
https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

 

 

Download AdwCleaner by Xplode onto your desktop. (compatible with Windows 7, 8 and 10)

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#7 SUTTY4

SUTTY4
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 12 September 2017 - 03:29 AM

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/12/17
Scan Time: 9:03 AM
Log File:
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2782
License: Free

-System Information-
OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: DELL-530\Chris

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 254441
Threats Detected: 1
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 25 min, 38 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
PUP.Optional.InstallCore, C:\$RECYCLE.BIN\S-1-5-21-3299710142-3868310564-1978959094-1001\$R4XYB83.EXE, No Action By User, [2], [387958],1.0.2782

Physical Sector: 0
(No malicious items detected)


(end)



#8 SUTTY4

SUTTY4
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 12 September 2017 - 03:37 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows Vista ™ Home Premium x86
Ran by Chris (Administrator) on 12/09/2017 at  9:33:17.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 18

Failed to delete: C:\Windows\System32\wscm32.dll (File)
Failed to delete: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L4N56F0 (Temporary Internet Files Folder)
Failed to delete: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LTLMQDOB (Temporary Internet Files Folder)
Failed to delete: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OIB641AB (Temporary Internet Files Folder)
Failed to delete: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZPM66AH2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8L4N56F0 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ETXO6QBG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXV9G0ZL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LTLMQDOB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OIB641AB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RW4F76BZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WDVRCXRN (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZPM66AH2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ETXO6QBG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXV9G0ZL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RW4F76BZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WDVRCXRN (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/09/2017 at  9:37:03.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#9 buddy215

buddy215

  • BC Advisor
  • 12,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:33 AM

Posted 12 September 2017 - 06:11 AM

Missing AdwCleaner scan log.

 

Rerun MBAM and be sure to allow it to remove that one threat that it found.

 

Due to what JRT found...do this:

 

Download and run the FREE online scanner from Free Virus Scan | Online Virus Scan from ESET | ESET

  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#10 SUTTY4

SUTTY4
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 13 September 2017 - 06:32 AM

C:\$RECYCLE.BIN\S-1-5-21-3299710142-3868310564-1978959094-1001\$R34FF7I.exe    Win32/InstallCore.AVJ potentially unwanted application    cleaned by deleting
C:\$RECYCLE.BIN\S-1-5-21-3299710142-3868310564-1978959094-1001\$RA922MV.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
C:\$RECYCLE.BIN\S-1-5-21-3299710142-3868310564-1978959094-1001\$RMH0ELX.exe    Win32/InstallCore.AVJ potentially unwanted application    cleaned by deleting
C:\$RECYCLE.BIN\S-1-5-21-3299710142-3868310564-1978959094-1001\$RXTRX47.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
C:\Users\Chris\Downloads\ccsetup512pro.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
C:\Users\Chris\Downloads\ccsetup513.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
C:\Users\Chris\Downloads\ccsetup534.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
C:\Users\Chris\Downloads\PhotoScapeSetup_V3.7.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
C:\Users\Chris\Downloads\spsetup130.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
 

# AdwCleaner 7.0.2.1 - Logfile created on Mon Sep 11 13:43:19 2017
# Updated on 2017/29/08 by Malwarebytes
# Database: 09-08-2017.1
# Running on Windows Vista ™ Home Premium (X86)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [1087 B] - [2017/3/10 0:38:32]
C:/AdwCleaner/AdwCleaner[C2].txt - [1828 B] - [2017/6/9 22:21:40]
C:/AdwCleaner/AdwCleaner[C3].txt - [2228 B] - [2017/6/21 12:55:43]
C:/AdwCleaner/AdwCleaner[C4].txt - [3675 B] - [2017/7/12 23:55:46]
C:/AdwCleaner/AdwCleaner[S0].txt - [1188 B] - [2017/3/9 21:41:39]
C:/AdwCleaner/AdwCleaner[S10].txt - [2055 B] - [2017/6/11 23:12:30]
C:/AdwCleaner/AdwCleaner[S11].txt - [2128 B] - [2017/6/14 21:20:8]
C:/AdwCleaner/AdwCleaner[S12].txt - [2203 B] - [2017/6/16 13:34:24]
C:/AdwCleaner/AdwCleaner[S13].txt - [2353 B] - [2017/6/20 21:28:10]
C:/AdwCleaner/AdwCleaner[S14].txt - [3153 B] - [2017/7/12 23:55:13]
C:/AdwCleaner/AdwCleaner[S15].txt - [2248 B] - [2017/8/1 14:56:43]
C:/AdwCleaner/AdwCleaner[S16].txt - [2316 B] - [2017/8/10 17:18:43]
C:/AdwCleaner/AdwCleaner[S17].txt - [2385 B] - [2017/8/13 21:58:49]
C:/AdwCleaner/AdwCleaner[S18].txt - [2454 B] - [2017/9/10 20:24:13]
C:/AdwCleaner/AdwCleaner[S1].txt - [1312 B] - [2017/3/15 15:59:11]
C:/AdwCleaner/AdwCleaner[S2].txt - [1385 B] - [2017/3/15 18:31:24]
C:/AdwCleaner/AdwCleaner[S3].txt - [1458 B] - [2017/3/23 19:24:37]
C:/AdwCleaner/AdwCleaner[S4].txt - [1539 B] - [2017/4/4 16:29:48]
C:/AdwCleaner/AdwCleaner[S5].txt - [1612 B] - [2017/4/11 21:48:5]
C:/AdwCleaner/AdwCleaner[S6].txt - [1679 B] - [2017/4/13 0:22:9]
C:/AdwCleaner/AdwCleaner[S7].txt - [1751 B] - [2017/4/30 22:0:36]
C:/AdwCleaner/AdwCleaner[S8].txt - [1831 B] - [2017/5/23 16:20:48]
C:/AdwCleaner/AdwCleaner[S9].txt - [1953 B] - [2017/6/9 22:20:0]
 

 

Yes    Task    Adobe Flash Player Updater    Adobe Systems Incorporated    C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    GoogleUpdateTaskMachineCore    Google Inc.    C:\Program Files\Google\Update\GoogleUpdate.exe /c
Yes    Task    GoogleUpdateTaskMachineUA    Google Inc.    C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes    Task    SafeZone scheduled Autoupdate 1499187360    Avast Software    C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
 

Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
No    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
Yes    HKCU:Run    ehTray.exe    Microsoft Corporation    C:\Windows\ehome\ehTray.exe
Yes    HKCU:Run    Kaspersky Software Updater    AO Kaspersky Lab    "C:\Program Files\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe" ksu autorun
Yes    HKCU:Run    KSS    AO Kaspersky Lab    "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
Yes    HKCU:Run    uTorrent    BitTorrent Inc.    C:\Users\Chris\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED
No    HKCU:Run    WMPNSCFG    Microsoft Corporation    C:\Program Files\Windows Media Player\WMPNSCFG.exe
No    HKLM:Run    Adobe ARM        "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Yes    HKLM:Run    AvastUI.exe    AVAST Software    "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
Yes    HKLM:Run    DelaypluginInstall    Wondershare software CO., LIMITED    C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
Yes    HKLM:Run    Malwarebytes TrayApp    Malwarebytes    C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
Yes    HKLM:Run    RtHDVCpl    Realtek Semiconductor    RtHDVCpl.exe
Yes    HKLM:Run    Wondershare Helper Compact.exe        C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
No    HKLM:Run    ZAM        "C:\Program Files\Zemana AntiMalware\ZAM.exe" /minimized
No    Startup Common    HDDHealth.lnk    PANTERASoft    C:\PROGRA~1\HDDHEA~1\HDDHEA~1.EXE
 

7-Zip 17.00 beta    Igor Pavlov    02/07/2017    3.71 MB    17.00 beta
Adobe Flash Player 27 ActiveX    Adobe Systems Incorporated    12/09/2017        27.0.0.130
Adobe Flash Player 27 NPAPI    Adobe Systems Incorporated    12/09/2017        27.0.0.130
Adobe Shockwave Player 12.2    Adobe Systems, Inc.    09/11/2015    38.2 MB    12.2.9.199
Apple Software Update    Apple Inc.    27/10/2016    2.39 MB    2.1.4.131
AudibleManager    Audible, Inc.    20/02/2017    13.8 MB    3484544.-2.2005037430.2005036444
Avast Internet Security    AVAST Software    07/09/2017    1.29 GB    17.6.2310
CCleaner    Piriform    13/09/2017    9.36 MB    5.34
Compatibility Pack for the 2007 Office system    Microsoft Corporation    13/09/2017    206 MB    12.0.6612.1000
ConvertXtoDVD 4.0.9.322        27/12/2011    57.4 MB    4.0.9.322
CryptoPrevent    Foolish IT LLC    02/07/2017    45.7 MB    8.0.4.2
EasyBCD 1.7    NeoSmart Technologies    22/12/2013    1.60 MB    1.7
ffdshow [rev 2180] [2008-10-04]        23/10/2008    11.1 MB    1.0
FlashPeak Slimjet    FlashPeak Inc.    20/06/2017    162 MB    10.0.13.0
Google Chrome    Google Inc.    20/06/2017    318 MB    49.0.2623.112
HDD Health v4.2        24/03/2014    5.32 MB    
InPlay IPTV    Cobain ltd    25/11/2015    11.2 MB    4.0.0
Intel® Graphics Media Accelerator Driver    Intel Corporation    22/12/2013        
K-Lite Codec Pack 7.0.0 (Standard)        14/03/2013    34.6 MB    7.0.0
Kaspersky Security Scan    Kaspersky Lab    12/09/2017    119 MB    16.0.0.1344
Kaspersky Software Updater    Kaspersky Lab    12/09/2017    102 MB    2.0.0.623
Leawo Video Converter version  5.1.0.0        18/03/2012        
Malwarebytes version 3.1.2.1733    Malwarebytes    18/06/2017    104 MB    3.1.2.1733
Microsoft .NET Framework 4.5.2    Microsoft Corporation    28/08/2015    255 MB    4.5.51209
Microsoft Office Excel Viewer 2003    Microsoft Corporation    14/06/2017    132 MB    11.0.8173.0
Microsoft Office Word Viewer 2003    Microsoft Corporation    13/09/2017    126 MB    11.0.8173.0
Microsoft Silverlight    Microsoft Corporation    21/04/2017    221 MB    5.1.50906.0
Microsoft Visual C++ 2005 Redistributable    Microsoft Corporation    18/03/2012    294 KB    8.0.61001
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        18/08/2013        
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148    Microsoft Corporation    03/02/2011    590 KB    9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161    Microsoft Corporation    25/12/2011    594 KB    9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219    Microsoft Corporation    09/04/2013    14.1 MB    10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030    Microsoft Corporation    10/08/2016    452 KB    11.0.61030.0
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501    Microsoft Corporation    07/09/2017    456 KB    12.0.30501.0
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215    Microsoft Corporation    07/09/2017    808 KB    14.0.24215.1
Mozilla Firefox 52.3.0 ESR (x86 en-GB)    Mozilla    13/08/2017    90.8 MB    52.3.0
Mozilla Maintenance Service    Mozilla    13/08/2017    552 KB    52.3.0.6423
MPC-HC 1.7.0    MPC-HC Team    30/07/2014    30.9 MB    1.7.0.7858
MSXML 4.0 SP3 Parser    Microsoft Corporation    09/02/2012    1.47 MB    4.30.2100.0
MSXML 4.0 SP3 Parser (KB2721691)    Microsoft Corporation    12/07/2012    1.53 MB    4.30.2114.0
MSXML 4.0 SP3 Parser (KB2758694)    Microsoft Corporation    07/01/2013    1.54 MB    4.30.2117.0
MSXML 4.0 SP3 Parser (KB973685)    Microsoft Corporation    10/02/2012    1.53 MB    4.30.2107.0
Nero 7 Lite 7.10.1.2    UpdatePack.nl    23/10/2008    60.3 MB    7.10.1.2
PressReader    PressReader Inc.    27/04/2016    9.97 MB    5.16.0115.0
Realtek High Definition Audio Driver        22/12/2013        
Samsung Story Album Viewer    Samsung Electronics Co., Ltd.    08/09/2013    40.6 MB    1.0.0.13054_1
Samsung USB Driver for Mobile Phones    Samsung Electronics Co., Ltd.    22/12/2013    34.5 MB    1.5.59.0
Skitch    Evernote Corp.    11/06/2016    90.9 MB    2.2.0.4
Visual Studio 2012 x86 Redistributables    AVG Technologies CZ, s.r.o.    02/06/2014    10.2 MB    14.0.0.1
VLC media player    VideoLAN    10/09/2017    124 MB    2.2.6
WinRAR 5.40 beta 1 (32-bit)    win.rar GmbH    22/03/2015    4.69 MB    5.40.1
Wondershare Helper Compact 2.5.0    Wondershare    26/08/2016    6.72 MB    2.5.0
Wondershare Video Converter Ultimate(Build 8.8.0.3)    Wondershare Software    18/08/2016    188 MB    8.8.0.3
µTorrent    BitTorrent Inc.    07/08/2017    7.03 MB    3.5.0.43916
 



#11 buddy215

buddy215

  • BC Advisor
  • 12,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:33 AM

Posted 13 September 2017 - 08:15 AM

Disable these Tasks: Use CCleaner by clicking on each item and selecting Disable on the right.

Yes    Task    GoogleUpdateTaskMachineUA    Google Inc.    C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes    Task    SafeZone scheduled Autoupdate 1499187360    Avast Software    C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)

 

Suggest Disabling these Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR

Yes    HKCU:Run    ehTray.exe    Microsoft Corporation    C:\Windows\ehome\ehTray.exe

Yes    HKCU:Run    Kaspersky Software Updater    AO Kaspersky Lab    "C:\Program Files\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe" ksu autorun
Yes    HKCU:Run    KSS    AO Kaspersky Lab    "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
Yes    HKCU:Run    uTorrent    BitTorrent Inc.    C:\Users\Chris\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED

Yes    HKLM:Run    DelaypluginInstall    Wondershare software CO., LIMITED    C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe

Yes    HKLM:Run    Wondershare Helper Compact.exe        C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

 

Uninstall these programs:

Mozilla Firefox 52.3.0 ESR (x86 en-GB)    Mozilla    13/08/2017    90.8 MB    52.3.0 (Or Update...)
Mozilla Maintenance Service    Mozilla    13/08/2017    552 KB    52.3.0.6423

 

Use Download Revo Uninstaller Freeware  to uninstall the below programs.

Wondershare Helper Compact 2.5.0    Wondershare    26/08/2016    6.72 MB    2.5.0
Wondershare Video Converter Ultimate(Build 8.8.0.3)    Wondershare Software    18/08/2016    188 MB    8.8.0.3
µTorrent    BitTorrent Inc.    07/08/2017    7.03 MB    3.5.0.43916

 

I note that you have recently installed the free Kaspersky scanner....did it find any malware?


Edited by buddy215, 13 September 2017 - 08:18 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#12 SUTTY4

SUTTY4
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 14 September 2017 - 09:27 AM

i did what u asked was there any malware therre?

kapersky just scanned a few files not all and didnt find anything



#13 buddy215

buddy215

  • BC Advisor
  • 12,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:33 AM

Posted 14 September 2017 - 12:29 PM

Just adware and some ad intensive programs/ PUPS.

 

Looks to me like you are good to go...happy surfin'


Edited by buddy215, 14 September 2017 - 12:37 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#14 SUTTY4

SUTTY4
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 14 September 2017 - 04:36 PM

thanks very much for your help



#15 buddy215

buddy215

  • BC Advisor
  • 12,912 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:33 AM

Posted 14 September 2017 - 06:16 PM

You're welcome..


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users