Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Infection. Need Help.


  • Please log in to reply
16 replies to this topic

#1 lpstroker

lpstroker

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:50 PM

Posted 30 October 2017 - 02:29 PM

Helping my dad out. He is not computer savvy in the least and he clicked on some link that immediately said his computer was infected and that he had to call Microsoft to remedy the problem. He did and they accessed his computer. I'm certain it was a scam. Aside from changing all passwords ect... I'm trying to figure out if the computer now has malware, spyware, or a virus. Thank you in advance for any help. I did run frst64.exe but I don't think I'm supposed to post that log here.



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,116 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:50 PM

Posted 30 October 2017 - 03:30 PM

If the criminals were given credit card info or other form of payment then you should dispute the charge. These are criminals

and it is not unusual for criminals to use financial info in several ways. If a credit card was used then I suggest you replace it.

 

There may still be the program used to remotely access the computer along with some junk scanning program(s).

 

Use the programs below to clean, remove malware and remove adware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Malwarebytes - Clean Mode

  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

If you are unable to run a scan using MBAM:

Follow the instructions in the thread below. Make sure to download the MBAR linked in it. Let me know if you're not able to launch it and run a scan.
https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/

 

 

Download AdwCleaner by Xplode onto your desktop. (compatible with Windows 7, 8 and 10)

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

 

Download and run the FREE online scanner from Free Virus Scan | Online Virus Scan from ESET | ESET

  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Edited by buddy215, 30 October 2017 - 03:32 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 lpstroker

lpstroker
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:50 PM

Posted 31 October 2017 - 08:00 AM

Thank you for getting back to me. I'll post the logs below. The only issue I had was with the Junkware Removal Tool. It looks like it might not be available anymore. Everything else went fine. Please see the logs below. Again thank you for the help.

 

Malwarebytes

www.malwarebytes.com

 

-Log Details-

Scan Date: 10/31/17

Scan Time: 7:08 AM

Log File: dd3cacca-be2b-11e7-915b-6431508b0a8d.json

Administrator: Yes

 

-Software Information-

Version: 3.2.2.2029

Components Version: 1.0.212

Update Package Version: 1.0.3137

License: Free

 

-System Information-

OS: Windows 10 (Build 15063.674)

CPU: x64

File System: NTFS

User: trmp-PC\trmp

 

-Scan Summary-

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 447282

Threats Detected: 0

(No malicious items detected)

Threats Quarantined: 0

(No malicious items detected)

Time Elapsed: 2 min, 11 sec

 

-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Detect

PUM: Detect

 

-Scan Details-

Process: 0

(No malicious items detected)

 

Module: 0

(No malicious items detected)

 

Registry Key: 0

(No malicious items detected)

 

Registry Value: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Data Stream: 0

(No malicious items detected)

 

Folder: 0

(No malicious items detected)

 

File: 0

(No malicious items detected)

 

Physical Sector: 0

(No malicious items detected)

 

 

(end)

 

Here is the Adwcleaner scan log

 

# AdwCleaner 7.0.3.1 - Logfile created on Tue Oct 31 11:23:27 2017
# Updated on 2017/29/09 by Malwarebytes
# Database: 10-30-2017.1
# Running on Windows 10 Pro (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

PUP.Optional.Legacy, WtuSystemSupport
PUP.Adware.Heuristic, vToolbarUpdater40.3.8


***** [ Folders ] *****

PUP.Optional.Legacy, C:\ProgramData\AVG Secure Search
PUP.Optional.Legacy, C:\ProgramData\Application Data\AVG Secure Search
PUP.Optional.Legacy, C:\Program Files\Common Files\AVG Secure Search
PUP.Optional.Legacy, C:\Program Files (x86)\Common Files\AVG Secure Search
PUP.Optional.Legacy, C:\Users\All Users\AVG Secure Search
PUP.Optional.Legacy, C:\ProgramData\avg web tuneup
PUP.Optional.Legacy, C:\ProgramData\Application Data\avg web tuneup
PUP.Optional.Legacy, C:\Program Files\avg web tuneup
PUP.Optional.Legacy, C:\Program Files (x86)\avg web tuneup
PUP.Optional.Legacy, C:\Users\All Users\avg web tuneup
PUP.Optional.Legacy, C:\Users\Michael\AppData\Local\avg web tuneup
PUP.Optional.Legacy, C:\Users\trmp\AppData\Local\avg web tuneup
PUP.Optional.Spigot.Generic, C:\Program Files (x86)\Coupons
PUP.Adware.Heuristic, C:\ProgramData\Avg_Update_1215tb


***** [ Files ] *****

PUP.Optional.Legacy, C:\Users\trmp\AppData\Roaming\Mozilla\Firefox\Profiles\u4m6qhv3.default\searchplugins\avg-secure-search.xml


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Adware.Heuristic, 1215tbUpdateInfo
PUP.Adware.Heuristic, 1215tbUpdateInfo


***** [ Registry ] *****

PUP.Optional.Legacy, [Data] - HKCU\Software\Microsoft\Internet Explorer\Main | Start Page [https:\\mysearch.avg.com\?cid={1270E3D5-C622-4E80-BD54-67EE28A8900B}&mid=62329113828a47cc9ea6b578166fe37e-06f9fa32b7652a56619b606d5a082a331f1dfc45&lang=en&ds=ZEN&coid=avgtbdisZE&cmpid=1116tb&pr=fr&d=2015-11-16 11:19:24&v=4.3.6.255&pid=wtu&sg=&sap=hp]
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\AVG Tuneup
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\MozillaPlugins\@avg.com\AVG SiteSafety plugin,version=11.0.0.1,application\x-avg-sitesafety-plugin
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Legacy, Plugin found: AVG Web TuneUp -

/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271


*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

 

 

Here is the Adwcleaner clean log.

 

# AdwCleaner 7.0.3.1 - Logfile created on Tue Oct 31 11:24:43 2017
# Updated on 2017/29/09 by Malwarebytes
# Running on Windows 10 Pro (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

Deleted: WtuSystemSupport
Deleted: vToolbarUpdater40.3.8


***** [ Folders ] *****

Deleted: C:\ProgramData\AVG Secure Search
Deleted: C:\ProgramData\Application Data\AVG Secure Search
Deleted: C:\Program Files\Common Files\AVG Secure Search
Deleted: C:\Program Files (x86)\Common Files\AVG Secure Search
Deleted: C:\Users\All Users\AVG Secure Search
Deleted: C:\ProgramData\avg web tuneup
Deleted: C:\ProgramData\Application Data\avg web tuneup
Deleted: C:\Program Files\avg web tuneup
Deleted: C:\Program Files (x86)\avg web tuneup
Deleted: C:\Users\All Users\avg web tuneup
Deleted: C:\Users\Michael\AppData\Local\avg web tuneup
Deleted: C:\Users\trmp\AppData\Local\avg web tuneup
Deleted: C:\Program Files (x86)\Coupons
Deleted: C:\ProgramData\Avg_Update_1215tb


***** [ Files ] *****

Deleted: C:\Users\trmp\AppData\Roaming\Mozilla\Firefox\Profiles\u4m6qhv3.default\searchplugins\avg-secure-search.xml


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted: 1215tbUpdateInfo
Deleted: 1215tbUpdateInfo


***** [ Registry ] *****

Deleted: [Data] - HKCU\Software\Microsoft\Internet Explorer\Main|Start Page [https:\\mysearch.avg.com\?cid={1270E3D5-C622-4E80-BD54-67EE28A8900B}&mid=62329113828a47cc9ea6b578166fe37e-06f9fa32b7652a56619b606d5a082a331f1dfc45&lang=en&ds=ZEN&coid=avgtbdisZE&cmpid=1116tb&pr=fr&d=2015-11-16 11:19:24&v=4.3.6.255&pid=wtu&sg=&sap=hp]
Deleted: [Key] - HKLM\SOFTWARE\AVG Tuneup
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
Deleted: [Key] - HKLM\SOFTWARE\MozillaPlugins\@avg.com\AVG SiteSafety plugin,version=11.0.0.1,application\x-avg-sitesafety-plugin
Deleted: [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

Plugin deleted: AVG Web TuneUp -


*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [3250 B] - [2017/10/31 11:23:27]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

 

 

Here is the ESET Log

 

C:\AdwCleaner\Quarantine\bbSqWy6yhK\uninstall.exe    a variant of Win32/Adware.Coupons.AA application    cleaned by deleting
C:\Users\trmp\Downloads\CouponPrinterCPS.exe    a variant of Win32/Adware.Coupons.AA application    cleaned by deleting

 


 



#4 buddy215

buddy215

  • Moderator
  • 13,116 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:50 PM

Posted 31 October 2017 - 08:35 AM

You're the third member reporting a problem with JRT. I've reported this and hopefully have an answer to why this happening soon.

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 lpstroker

lpstroker
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:50 PM

Posted 31 October 2017 - 09:44 AM

Here are the three lists you asked for.

 

Here is the Startup list.

 

Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes    HKCU:Run    HP ENVY 7640 series (NET)    Hewlett-Packard Development Company, LP    "C:\Program Files\HP\HP ENVY 7640 series\Bin\ScanToPCActivationApp.exe" -deviceID "TH6964X10F0651:NW" -scfn "HP ENVY 7640 series (NET)" -AutoStart 1
Yes    HKCU:Run    OneDrive    Microsoft Corporation    "C:\Users\trmp\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
Yes    HKCU:Run    Spybot-S&D Cleaning    Safer-Networking Ltd.    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
Yes    HKLM:Run    AvgUi    AVG Technologies CZ, s.r.o.    "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw
Yes    HKLM:Run    AVGUI.exe    AVG Technologies CZ, s.r.o.    "C:\Program Files (x86)\AVG\Antivirus\AvLaunch.exe" /gui
Yes    HKLM:Run    ConnectionCenter    Citrix Systems, Inc.    "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
Yes    HKLM:Run    HotKeysCmds    Intel Corporation    "C:\WINDOWS\system32\hkcmd.exe"
No    HKLM:Run    HP Software Update    Hewlett-Packard    C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
Yes    HKLM:Run    IgfxTray    Intel Corporation    "C:\WINDOWS\system32\igfxtray.exe"
Yes    HKLM:Run    NUSB3MON    Renesas Electronics Corporation    "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
Yes    HKLM:Run    Persistence    Intel Corporation    "C:\WINDOWS\system32\igfxpers.exe"
Yes    HKLM:Run    Redirector    Citrix Systems, Inc.    "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
Yes    HKLM:Run    SDTray    Safer-Networking Ltd.    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
Yes    HKLM:Run    SecurityHealth    Microsoft Corporation    %ProgramFiles%\Windows Defender\MSASCuiL.exe
No    HKLM:Run    SunJavaUpdateSched    Oracle Corporation    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Yes    HKLM:Run    SynTPEnh    Synaptics Incorporated    %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Yes    HKLM:Run    SysTrayApp    IDT, Inc.    C:\Program Files\IDT\WDM\sttray64.exe
Yes    HKLM:Run    vProt        "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
Yes    Startup User    Send to OneNote.lnk    Microsoft Corporation    C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
 

 

Here is the Scheduled Tasks

 

Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    GoogleUpdateTaskMachineCore    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes    Task    GoogleUpdateTaskMachineUA    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes    Task    HPCustParticipation HP ENVY 7640 series    Hewlett-Packard Development Company, LP    "C:\Program Files\HP\HP ENVY 7640 series\Bin\HPCustPartic.exe" /UA 14.5 /DDV 0x0c05
Yes    Task    OneDrive Standalone Update Task-S-1-5-21-1920470104-55595162-222181009-1000    Microsoft Corporation    %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Yes    Task    {6075DA10-0057-4BF4-A458-DFCA4FB72454}    Microsoft Corporation    C:\Windows\system32\pcalua.exe -a "C:\Users\trmp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KPJTK8PW\sp60769.exe" -d C:\Users\trmp\Desktop
 

 

Here is the Installed Programs

 

Adobe Acrobat Reader DC    Adobe Systems Incorporated    8/29/2017    392 MB    17.012.20098
Adobe AIR    Adobe Systems Incorporated    6/29/2017    23.3 MB    19.0.0.213
Adobe Shockwave Player 12.1    Adobe Systems, Inc.    6/29/2017    17.4 MB    12.1.9.160
Adobe Shockwave Player 12.2    Adobe Systems, Inc    9/25/2015    42.0 MB    12.2.0.162
Alarms & Clock    Microsoft Corporation    10/7/2017        10.1709.2621.0
App connector    Microsoft Corporation    10/10/2016        1.3.3.0
App Installer    Microsoft Corporation    2/18/2017        1.0.10332.0
Apple Application Support    Apple Inc.    9/1/2015    83.6 MB    2.3.6
Apple Software Update    Apple Inc.    9/1/2015    4.53 MB    2.1.3.127
AVG AntiVirus FREE    AVG Technologies    10/31/2017    924 MB    17.7.3032
AVG PC TuneUp    AVG Technologies    10/23/2017    71.7 MB    16.75.3.10304
AVG Web TuneUp    AVG Technologies    10/21/2017        4.3.8.566
Calculator    Microsoft Corporation    10/17/2017        10.1709.2703.0
Camera    Microsoft Corporation    10/23/2017        2017.921.10.0
CCleaner    Piriform    10/31/2017        5.36
Citrix Receiver 4.6    Citrix Systems, Inc.    6/29/2017    13.7 MB    14.6.0.12010
Combined Community Codec Pack 2014-07-13    CCCP Project    9/1/2015    32.5 MB    2014.07.13.0
Feedback Hub    Microsoft Corporation    10/20/2017        1.1708.2831.0
Get Office    Microsoft Corporation    7/21/2017        17.8414.5925.0
Google Chrome    Google, Inc.    10/27/2015    42.9 MB    61.0.3163.100
Greenshot 1.2.6.7    Greenshot    9/1/2015    4.20 MB    1.2.6.7
Groove Music    Microsoft Corporation    10/17/2017        10.17083.18321.0
HP ENVY 7640 series Basic Device Software    Hewlett-Packard Co.    1/1/2017    122 MB    34.2.117.50647
HP ENVY 7640 series Help    Hewlett Packard    1/1/2017    8.81 MB    34.0.0
HP HD Webcam Driver    Sonix    9/1/2015    6.22 MB    6.0.1112.2_WHQL
HP Photo Creations    HP    6/29/2017    40.0 MB    1.0.0.22192
HP Support Solutions Framework    Hewlett-Packard Company    9/1/2015    12.3 MB    12.8.37.11
HP Update    Hewlett-Packard    1/1/2017    8.08 MB    5.005.002.002
IDT Audio    IDT    9/1/2015    206 MB    1.0.6428.0
Intel® Management Engine Components    Intel Corporation    9/1/2015        7.0.0.1144
Intel® Processor Graphics    Intel Corporation    3/15/2017        9.17.10.4229
Java 8 Update 144    Oracle Corporation    8/13/2017    190 MB    8.0.1440.1
JMicron Flash Media Controller Driver    JMicron Technology Corp.    6/29/2017    1.88 MB    1.0.72.4
Juniper Networks Host Checker    Juniper Networks    6/29/2017        7.4.0.30611
Juniper Networks, Inc. Setup Client    Juniper Networks, Inc.    6/29/2017    800 KB    7.4.9.44981
Juniper Networks, Inc. Setup Client 64-bit Activex Control    Juniper Networks, Inc.    6/29/2017        2.1.1.1
Juniper Networks, Inc. Setup Client Activex Control    Juniper Networks, Inc.    6/29/2017        2.1.1.1
Juniper Terminal Services Client    Juniper Networks    6/29/2017        7.4.0.30611
Mail and Calendar    Microsoft Corporation    10/17/2017        17.8600.40525.0
Malwarebytes version 3.2.2.2029    Malwarebytes    10/30/2017    141 MB    3.2.2.2029
Maps    Microsoft Corporation    10/17/2017        5.1708.2764.0
Messaging    Microsoft Corporation    6/30/2017        3.26.24002.0
Microsoft Office Professional Plus 2013 - en-us    Microsoft Corporation    10/23/2017    2.30 GB    15.0.4971.1002
Microsoft OneDrive    Microsoft Corporation    10/30/2017    100 MB    17.3.7074.1023
Microsoft Silverlight    Microsoft Corporation    9/1/2015    101 MB    5.1.40728.0
Microsoft Solitaire Collection    Microsoft Studios    9/28/2017        3.17.8162.0
Microsoft Sticky Notes    Microsoft Corporation    4/7/2017        1.8.0.0
Microsoft Store    Microsoft Corporation    10/27/2017        11709.1001.27.0
Microsoft Wi-Fi    Microsoft Corporation    10/10/2016        1.1604.4.0
Movies & TV    Microsoft Corporation    10/20/2017        10.17092.13511.0
Mozilla Firefox 56.0.1 (x64 en-US)    Mozilla    10/23/2017    140 MB    56.0.1
Mozilla Maintenance Service    Mozilla    10/20/2017    394 KB    56.0.1.6484
NetScaler Gateway Endpoint Analysis    Citrix Systems, Inc.    3/6/2017    6.48 MB    11.1.50.10
OneNote    Microsoft Corporation    10/25/2017        17.8625.20901.0
Paid Wi-Fi & Cellular    Microsoft Corporation    9/24/2017        2.1709.2484.0
Paint 3D    Microsoft Corporation    10/27/2017        3.1710.18037.0
People    Microsoft Corporation    6/8/2017        10.2.1451.0
Phone    Microsoft Corporation    10/10/2016        2.17.27003.0
Phone Companion    Microsoft Corporation    10/10/2016        10.1609.2561.0
Photos    Microsoft Corporation    10/7/2017        2017.39081.15820.0
Picasa 3    Google, Inc.    6/29/2017    61.8 MB    3.9.140.239
Product Improvement Study for HP ENVY 7640 series    Hewlett-Packard Co.    1/1/2017    19.5 MB    34.2.117.50647
QuickTime 7    Apple Inc.    9/1/2015    97.2 MB    7.78.80.95
Realtek Ethernet Controller Driver    Realtek    9/1/2015    18.9 MB    7.73.618.2013
Renesas Electronics USB 3.0 Host Controller Driver    Renesas Electronics Corporation    9/1/2015    2.51 MB    2.1.36.0
Skype    Skype    10/20/2017        12.7.597.0
Spybot - Search & Destroy    Safer-Networking Ltd.    10/30/2017    302 MB    2.6.46
Store Experience Host    Microsoft Corporation    10/25/2017        11709.1710.17001.0
Sway    Microsoft Corporation    10/30/2017        18.1710.52701.0
Synaptics Pointing Device Driver    Synaptics Incorporated    6/29/2017    46.4 MB    19.0.12.0
Tips    Microsoft Corporation    10/31/2017        5.12.2691.0
Tweaking.com - Registry Backup    Tweaking.com    10/31/2017    9.37 MB    3.5.3
Twitter    Twitter Inc.    7/8/2017        5.8.1.0
Validity Fingerprint Sensor Driver    Validity Sensors, Inc.    9/1/2015    43.6 MB    4.5.133.0
Visual Studio 2012 x64 Redistributables    AVG Technologies    11/16/2015    13.0 MB    14.0.0.1
Visual Studio 2012 x86 Redistributables    AVG Technologies CZ, s.r.o.    11/16/2015    40.0 KB    14.0.0.1
VLC media player    VideoLAN    6/29/2017    118 MB    2.2.1
Voice Recorder    Microsoft Corporation    10/17/2017        10.1709.2703.0
Wallet    Microsoft Corporation    8/12/2017        1.0.16328.0
Windows 10 Update and Privacy Settings    Microsoft Corporation    5/31/2017    2.10 MB    1.0.13.0
Windows DVD Player    Microsoft Corporation    10/10/2016        3.6.13291.0
Xbox    Microsoft Corporation    10/4/2017        33.33.15001.0
Xbox Game bar    Microsoft Corporation    10/29/2017        1.22.25001.0
Xbox Game Speech Window    Microsoft Corporation    8/12/2017        1.14.2002.0
Xbox Identity Provider    Microsoft Corporation    7/12/2017        11.29.23003.0
 



#6 lpstroker

lpstroker
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:50 PM

Posted 31 October 2017 - 09:56 AM

I should also note that when I go to the control panel to change the password for the admin account. It shows the little spinning icon then the control panel screen just closes.



#7 buddy215

buddy215

  • Moderator
  • 13,116 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:50 PM

Posted 31 October 2017 - 11:23 AM

Disable these Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes    HKCU:Run    CCleaner Monitoring    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes    HKCU:Run    HP ENVY 7640 series (NET)    Hewlett-Packard Development Company, LP    "C:\Program Files\HP\HP ENVY 7640 series\Bin\ScanToPCActivationApp.exe" -deviceID "TH6964X10F0651:NW" -scfn "HP ENVY 7640 series (NET)" -AutoStart 1
Yes    HKCU:Run    OneDrive    Microsoft Corporation    "C:\Users\trmp\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
Yes    HKCU:Run    Spybot-S&D Cleaning    Safer-Networking Ltd.    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean

Yes    HKLM:Run    ConnectionCenter    Citrix Systems, Inc.    "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

Yes    HKLM:Run    IgfxTray    Intel Corporation    "C:\WINDOWS\system32\igfxtray.exe"

Yes    HKLM:Run    Redirector    Citrix Systems, Inc.    "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
Yes    HKLM:Run    SDTray    Safer-Networking Ltd.    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

Yes    HKLM:Run    SysTrayApp    IDT, Inc.    C:\Program Files\IDT\WDM\sttray64.exe
Yes    HKLM:Run    vProt        "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
Yes    Startup User    Send to OneNote.lnk    Microsoft Corporation    C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe

 

Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)

Yes    Task    GoogleUpdateTaskMachineUA    Google Inc.    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes    Task    HPCustParticipation HP ENVY 7640 series    Hewlett-Packard Development Company, LP    "C:\Program Files\HP\HP ENVY 7640 series\Bin\HPCustPartic.exe" /UA 14.5 /DDV 0x0c05
Yes    Task    OneDrive Standalone Update Task-S-1-5-21-1920470104-55595162-222181009-1000    Microsoft Corporation    %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Yes    Task    {6075DA10-0057-4BF4-A458-DFCA4FB72454}    Microsoft Corporation    C:\Windows\system32\pcalua.exe -a "C:\Users\trmp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KPJTK8PW\sp60769.exe" -d C:\Users\trmp\Desktop

 

Uninstall these programs:

Adobe AIR    Adobe Systems Incorporated    6/29/2017    23.3 MB    19.0.0.213

AVG PC TuneUp    AVG Technologies    10/23/2017    71.7 MB    16.75.3.10304
AVG Web TuneUp    AVG Technologies    10/21/2017        4.3.8.566

Java 8 Update 144    Oracle Corporation    8/13/2017    190 MB    8.0.1440.1

Microsoft Silverlight    Microsoft Corporation    9/1/2015    101 MB    5.1.40728.0

Mozilla Maintenance Service    Mozilla    10/20/2017    394 KB    56.0.1.6484

Product Improvement Study for HP ENVY 7640 series    Hewlett-Packard Co.    1/1/2017    19.5 MB    34.2.117.50647
QuickTime 7    Apple Inc.    9/1/2015    97.2 MB    7.78.80.95

Spybot - Search & Destroy    Safer-Networking Ltd.    10/30/2017    302 MB    2.6.46

 

After doing the above and rebooting...let me know of any problems.

 

I would also like for you to attempt to run JRT again. Delete JRT by right clicking on its desktop icon and choose Delete.

Then go here to download it again to the desktop. Be sure to right-mouse click JRT.exe and select "Run as Administrator".

I asked another user to test it on Windows 10 and it worked as intended. If it doesn't work this time for you please start

another topic in the Windows 10 Forum here at BC to find out about your problem with changing admin password.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 lpstroker

lpstroker
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:50 PM

Posted 31 October 2017 - 11:42 AM

There is no link in your response for JRT.



#9 buddy215

buddy215

  • Moderator
  • 13,116 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:50 PM

Posted 31 October 2017 - 11:55 AM

OOOOPS...Junkware Removal Tool Download 


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 lpstroker

lpstroker
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:50 PM

Posted 31 October 2017 - 12:58 PM

I did as you said. When I tried to uninstall the "AVG Web TuneUp    AVG Technologies    10/21/2017        4.3.8.566" I got the error "Error 2 - System Could not Find File specified" and it still shows that program being there. When I went to uninstall Spybot - Search & Destroy    Safer-Networking Ltd.    10/30/2017    302 MB    2.6.46 I got the message saying "A problem occured in BitDefender Threat Scanner. A file containing error information has been created at C:\WINDOWS\TEMP\BitDefender Threat Scanner.dmp. You are strongly encouraged to send the file to the developers of the application for further investigation of the error."

 

Also I re-downloaded the JRT and when I right clicked run as administrator I got the message "Windows can not find C:\Users\trmp\Desktop\JRT.exe. Make sure you typed the name correctly, and then try again."



#11 buddy215

buddy215

  • Moderator
  • 13,116 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:50 PM

Posted 31 October 2017 - 01:24 PM

Uninstall both Bit Defender and Spybot using Download Revo Uninstaller Freeware

or boot into safe mode and uninstall from there.

 

I have no answer for what is causing the problem with JRT. It's possible that

the criminals corrupted some Windows files. It may be possible to correct that using Windows Repair.

 

zImGw67.pngWindows Repair All-In-One
NOTE: Before following to step below, please disable your Antivirus software or any other real-time security software that you have enabled.

  • Download the portable version of Windows Repair All-In-One;
  • Move the file (archive) on your Desktop, and extract it there;
  • Go in the tweaking.com_windows_repair_aio folder, then Tweaking.com - Windows Repair folder, right-click on Repair_Windows.exe and select Run as Administrator;
  • From there, click on the Next button until you are presented with an Open Repairs button and click on it;
  • Let the Registry back up complete, and move on to the check-list window;
  • Click on the Unselect All button at the bottom, then check the following items:
    • Reset Service Permissions;
    • Register System Files;
    • Repair WMI;
    • Remove Policies Set by Infections;
    • Repair Network;
    • Repair Safe Mode;
    • Restore Important Windows Services;
    • Set Windows Services To Default Startup;
  • Once done, click on the Start Repairs button and let the scan execute;
  • If you are being prompted with a Security Warning, allow it to go through;
  • Once the repair is complete, it'll ask you to restart your computer, please do it;

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#12 lpstroker

lpstroker
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:50 PM

Posted 31 October 2017 - 03:42 PM

When running the windows repair all in one. Avg caused it to not run 4 of the 8 operations. I restarted in safe mode and re-ran and it completed. I still can't run jrt or go into the control panel.

#13 buddy215

buddy215

  • Moderator
  • 13,116 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:50 PM

Posted 31 October 2017 - 04:12 PM

You must of missed this in the instructions for Windows Repair.....NOTE: Before following the step below, please disable your Antivirus software or any other real-time security software that you have enabled.

 

Okay...skip attempting to run JRT. Ask for help in the Windows 10 forum here at BC. Windows 10 Support


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#14 lpstroker

lpstroker
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:50 PM

Posted 01 November 2017 - 06:29 AM

Thanks. I'll disable AVG and run it again. So do you think that whatever was on there is removed and there are some corrupted files left?



#15 buddy215

buddy215

  • Moderator
  • 13,116 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:50 PM

Posted 01 November 2017 - 07:39 AM

I did a search using can't access control panel in Windows 10. Multiple solutions are mentioned in this link: Control panel won't open from start menu windows 10 - Microsoft Community

You are not the only user having this problem....many more are.

 

So, not being able to access the control panel may not of been caused by the criminal but some other bug/ glitch.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users