Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RKill Process To Terminate


  • Please log in to reply
7 replies to this topic

#1 Taylor7

Taylor7

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 24 February 2018 - 01:55 PM

Hello everyone and thank you in advance for your help. I'm new here and not computer savvy in the least so I am hoping someone can help me.  A family member called a number for Google Photos support and allowed someone to access my laptop.  Dang.  There is no support number for Google Photos so you know where this is going......I ran Malwarebytes and found three PUP files that were deleted. I also ran Rkill and these two showed up.  I have no idea what I am looking at or what my next step is from here.  Would anyone be able to help me please?

C:\Windows\Samsung\PanelMgr\SSMMgr.exe (PID: XXXX) [WD-HEUR]

C:\Windows\Samsung\PanelMgr\caller64.exe (PID: XXXX) [WD-HEUR]
 
I was told to remove the numbers and insert XXXX.....I don't know why!

Edited by hamluis, 24 February 2018 - 04:08 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:17 PM

Posted 24 February 2018 - 03:57 PM

Both of those .exe are legit.

 

You can look in your list of programs and remove whatever program was used to connect remotely by the criminals.

 

If no credit card number or PayPal account was used then that is a plus...if payment was made to the criminals then

you should definitely dispute it.

 

Without knowing what files were accessed such as ones containing passwords and financial info I can only give a generic

suggestion which is to change ALL important passwords including email passwords.

 

Since PUPS were found it would be a good idea to use the programs below to clean, remove adware and remove malware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of Google Chrome and Avast.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download AdwCleaner by Xplode onto your desktop. (compatible with Windows 7, 8 and 10)

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

Download and run the FREE online scanner from Free Virus Scan | Online Virus Scan from ESET | ESET

  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Taylor7

Taylor7
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 24 February 2018 - 08:25 PM

Hi. Thank you so very much for the reply. Thank you for letting me know the two above are legit.

Let me give you as much info. as I can......
I immediately looked in my programs trying to figure out how they gained control. I did not see anything in programs that looked unusual to me but then again I don't know exactly what I am looking for.   I saw a remote desktop connection icon under the Accessories folder but it looked like something that came with the laptop. I asked her how they took control of the laptop and she could only remember hitting the windows icon button on the lower left of the keyboard.  She did not have a credit card so they received nothing but gave her a phone for me to call when I got home which I did not.
I do not store passwords on my laptop but I did immediately start changing all the passwords that I had.
I already had CC Cleaner downloaded from years back and ran that immediately also. So that was already completed.
I did download AdwCleaner as you suggested and used your link but it came up Malwarebytes not Xplode.  The same PUP files came up as before which I requested be deleted so that is confusing to me. They were deleted again and the system rebooted as you said. Here is the logfile you requested. I also downloaded ESET per your instructions and it scanned for 2 1/2 hours). I could not find 'Remove found Threats" in the advanced settings but I did checkmark everything else. Scan window shows 6 items as "Unable to Open" and no threats.
So what do you think the verdict is? I still don't understand how they took control........Thank you again for all your help!!!
 
# AdwCleaner 7.0.8.0 - Logfile created on Sat Feb 24 22:24:18 2018
# Updated on 2018/08/02 by Malwarebytes 
# Running on Windows 7 Home Premium (X64)
# Mode: clean
 
***** [ Services ] *****
No malicious services deleted.
***** [ Folders ] *****
Deleted: C:\Users\Owner\AppData\LocalLow\HPAppData
Deleted: C:\Program Files (x86)\Coupons
 
***** [ Files ] *****
No malicious files deleted.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks deleted.
***** [ Registry ] *****
Deleted: [Key] - HKLM\SOFTWARE\MimarSinan
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries deleted.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries deleted.
*************************
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0


#4 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:17 PM

Posted 24 February 2018 - 09:41 PM

No passwords stored on the computer and no credit card....that had to be a relief.

 

Compare what AdwCleaner deleted to what Malwarebytes deleted and it is likely same names were in different locations.

That would explain why you see similar.

 

You can view some Windows Startups, Scheduled Tasks and Installed programs using CCleaner. If you would like

I can take a look at those to see if there is any mention of something used to remote connect and possibly give suggestions

that will reduce boot time and use less RAM. Follow the directions below for posting those three lists if you want to do that.

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 Taylor7

Taylor7
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 25 February 2018 - 06:48 PM

Hi. Thank you again for your help.  I received 2 threats from ESET today.

Users\Owners\Downloads\ccsetup522.exe     Windows\Installer\94349.msi

Here is the info you asked for from CC Cleaner. Is it safe for me to be listing all this.....I'm gun shy now.....oh boy.  Now what are my next steps? I lost my job otherwise I'd take my computer in but when I called they wanted $300 which I don't have.  Just don't understand why people want to cause misery for others and then there are others that help. Here goes:

Startup

Yes HKCU:Run CCleaner Monitoring Piriform Ltd Owner "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Fitbit Connect Fitbit, Inc. Owner "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
Yes HKCU:Run Google+ Auto Backup Owner "C:\Users\Owner\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
Yes HKCU:Run GoogleDriveSync Owner "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
No HKCU:Run PCShowServer Owner "C:\Users\Owner\AppData\Local\Charter\Charter TV Player\PCShowServerPMWrapper.exe"
Yes HKLM:Run CarboniteSetupLite Carbonite, Inc. All users "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
Yes HKLM:Run egui ESET All users "C:\Program Files\ESET\ESET Security\ecmds.exe" /launch /hide
Yes HKLM:Run ETDCtrl ELAN Microelectronics Corp. All users %ProgramFiles%\Elantech\ETDCtrl.exe
Yes HKLM:Run Fitbit Connect Fitbit, Inc. All users "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
Yes HKLM:Run HP Software Update Hewlett-Packard All users C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
No HKLM:Run IntelWirelessWiMAX Intel® Corporation All users "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
Yes HKLM:Run MaxMenuMgr Seagate LLC All users "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
Yes HKLM:Run Microsoft Default Manager Microsoft Corporation All users "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
Yes HKLM:Run RtHDVCpl Realtek Semiconductor All users C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
Yes HKLM:Run Samsung PanelMgr All users C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
Yes Startup Common HP Digital Imaging Monitor.lnk Hewlett-Packard Co. All users C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
Yes Startup User OneNote 2010 Screen Clipper and Launcher.lnk Microsoft Corporation Owner C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
Yes Startup User Seagate 2GET3C5L Product Registration.lnk Leader Technologies/Seagate Owner C:\Users\Owner\AppData\Roaming\Leadertech\PowerRegister\Seagate 2GET3C5L Product Registration.exe
Scheduled
Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated All users C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task advSRS5 SEC All users "C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe"
Yes Task CCleanerSkipUAC Piriform Ltd Owner "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes Task GoogleUpdateTaskMachineCore Google Inc. All users C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
Yes Task GoogleUpdateTaskMachineUA Google Inc. All users C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task Scheduled scanning task F-Secure Corporation All users C:\Program Files (x86)\Charter Security Suite\fsscan.exe --sched
Yes Task SidebarExecute Microsoft Corporation All users C:\Program Files\Windows Sidebar\sidebar.exe
Yes Task SRS Premium Sound SRS Labs, Inc. All users C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe /h
Yes Task {26619AF0-2BEC-4D5B-9512-0479FD5107A4} Microsoft Corporation Owner C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" -d C:\Users\Owner\Desktop -c /preinstalled /pausefor=0 /interactive
Install
Adobe Acrobat Reader DC Adobe Systems Incorporated 2/24/2018 256 MB 18.011.20038 All users
Adobe AIR Adobe Systems Incorporated 3/12/2017 24.0.0.180 All users
Adobe Flash Player 24 NPAPI Adobe Systems Incorporated 3/12/2017 19.4 MB 24.0.0.221 All users
Adobe Flash Player 25 ActiveX Adobe Systems Incorporated 4/20/2017 18.8 MB 25.0.0.148 All users
Adobe Shockwave Player 12.2 Adobe Systems, Inc 10/7/2016 52.3 MB 12.2.5.195 All users
BatteryLifeExtender Samsung 12/9/2010 31.4 MB 1.0.10 All users
Best Buy pc app 12/8/2010 All users
Carbonite Online Backup Setup Carbonite Inc. 2/20/2012 310 MB 3.8.0 All users
CCleaner Piriform 2/24/2018 5.40 All users
CyberLink Media Suite CyberLink Corp. 12/9/2010 37.1 MB 8.0.2227 All users
CyberLink Media+ Player10 CyberLink Corp. 12/9/2010 103 MB 10.0.1110.00 All users
CyberLink MediaShow CyberLink Corp. 12/9/2010 381 MB 5.0.1130a All users
CyberLink PowerDirector CyberLink Corp. 12/9/2010 287 MB 8.0.3306 All users
CyberLink YouCam CyberLink Corp. 3/12/2011 134 MB 3.1.3509 All users
Easy Content Share Samsung Electronics Co., LTD 12/9/2010 12.4 MB 1.0 All users
Easy Display Manager Samsung Electronics Co., Ltd. 12/9/2010 3.2 All users
Easy Migration Samsung Electronics Co., Ltd. 12/9/2010 1.0.0.5 All users
Easy Network Manager Samsung 12/9/2010 45.5 MB 4.4.6 All users
Easy SpeedUp Manager Samsung Electronics Co.,Ltd. 12/8/2010 2.1.1.1 All users
EasyBatteryManager Samsung 12/9/2010 4.0.0.4 All users
EasyFileShare Samsung 12/9/2010 29.4 MB 1.0.11 All users
ESET Security ESET, spol. s r.o. 2/24/2018 206 MB 11.0.159.9 All users
ETDWare PS/2-X64 10.7.14.12_WHQL ELAN Microelectronic Corp. 2/2/2013 10.7.14.12 All users
Family Tree Maker 2011 Ancestry.com 2/20/2012 512 MB 20.0.379 All users
Fast Start SAMSUNG 12/9/2010 2.2.0.0 All users
Fitbit Connect Fitbit Inc. 11/30/2017 103 MB 2.0.2.6982 All users
Google Chrome Google Inc. 2/8/2018 64.0.3282.140 All users
HP Customer Participation Program 14.0 HP 2/19/2012 14.0 All users
HP Imaging Device Functions 14.0 HP 2/19/2012 14.0 All users
HP Photo Creations HP Photo Creations Powered by RocketLife 2/17/2012 14.6 MB 1.0.0.2024 All users
HP Photosmart Prem C310 All-In-One Driver Software 14.0 Rel. 7 HP 2/19/2012 14.0 All users
HP Product Detection HP 6/2/2012 1.86 MB 11.14.0001 Owner
HP Smart Web Printing 4.60 HP 2/19/2012 4.60 All users
HP Solution Center 14.0 HP 2/19/2012 14.0 All users
HP Update Hewlett-Packard 10/25/2014 3.99 MB 5.005.002.002 All users
Intel WiMAX Tutorial Intel Corporation 12/9/2010 6.75 MB 1.5.3.1 All users
Intel® Control Center Intel Corporation 12/8/2010 1.2.1.1007 All users
Intel® Graphics Media Accelerator Driver Intel Corporation 12/9/2010 8.15.10.2202 All users
Intel® Management Engine Components Intel Corporation 12/9/2010 6.0.0.1179 All users
Intel® PROSet/Wireless WiFi Software Intel Corporation 12/9/2010 145 MB 13.04.0000 All users
Intel® Rapid Storage Technology Intel Corporation 2/24/2018 9.6.3.1001 All users
Intel® Wireless Display Intel Corporation 12/9/2010 103 MB 1.3.9.0 All users
Intel® PROSet/Wireless WiMAX Software Intel Corporation 12/9/2010 13.5 MB 2.03.2000 All users
Internet TV for Windows Media Center Microsoft Corporation 5/28/2012 13.6 MB 4.2.2.0 Owner
Malwarebytes version 3.3.1.2183 Malwarebytes 2/9/2018 179 MB 3.3.1.2183 All users
Microsoft .NET Framework 4.7.1 Microsoft Corporation 2/24/2018 38.8 MB 4.7.02558 All users
Microsoft Office Home and Student 2010 Microsoft Corporation 1/7/2014 14.0.7015.1000 All users
Microsoft Primary Interoperability Assemblies 2005 Microsoft Corporation 2/20/2012 7.71 MB 8.0.50727.42 All users
Microsoft Silverlight Microsoft Corporation 6/18/2017 795 MB 5.1.50907.0 All users
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 3/26/2015 1.69 MB 3.1.0000 All users
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2/17/2012 300 KB 8.0.56336 All users
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 12/9/2010 788 KB 9.0.30729 All users
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 12/9/2010 784 KB 9.0.30729.4148 All users
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 2/17/2012 788 KB 9.0.30729.6161 All users
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 12/9/2010 596 KB 9.0.30729 All users
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 12/9/2010 592 KB 9.0.30729.4148 All users
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 2/17/2012 600 KB 9.0.30729.6161 All users
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 Microsoft Corporation 2/14/2015 13.8 MB 10.0.40219 All users
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 2/14/2015 11.1 MB 10.0.40219 All users
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 2/14/2015 10.0.50903 All users
Microsoft WSE 3.0 Runtime Microsoft Corp. 2/20/2012 942 KB 3.0.5305.0 Owner
Movie Color Enhancer Samsung Electronics Co., Ltd. 12/9/2010 1.0 All users
Mozilla Firefox 52.0.2 (x86 en-US) Mozilla 4/4/2017 91.5 MB 52.0.2 All users
Mozilla Maintenance Service Mozilla 4/4/2017 461 KB 52.0.2 All users
MSN Toolbar Microsoft Corporation 2/17/2012 4.0.0357.1 All users
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 2/17/2012 1.27 MB 4.20.9870.0 All users
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 2/17/2012 1.33 MB 4.20.9876.0 All users
Picasa 3 Google, Inc. 3/12/2017 82.7 MB 3.9.141.259 All users
Quicken 2002 New User Edition 4/1/2017 All users
Realtek Ethernet Controller Driver Realtek 12/9/2010 7.33.1125.2010 All users
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 12/9/2010 6.0.1.6257 All users
Samsung AnyWeb Print Samsung Electronics Co., Ltd. 12/9/2010 1.1.21.0 All users
Samsung Recovery Solution 5 Samsung 12/9/2010 5.0.0.8 All users
Samsung Support Center 1.0 Samsung 3/24/2012 83.8 MB 1.1.38 All users
Samsung Universal Print Driver Samsung Electronics Co., Ltd. 12/8/2010 2.01.06.00:16 All users
Samsung Universal Scan Driver Samsung Electronics Co., Ltd. 12/8/2010 1.2.1.0 All users
Samsung Update Plus Samsung Electronics Co., Ltd. 12/9/2010 3.0.0.17 All users
Seagate Manager Installer Seagate 2/20/2012 46.6 MB 2.01.0600 All users
Security Suite F-Secure Corporation 11/8/2017 2.93.175.0 All users
Shop for HP Supplies HP 2/19/2012 14.0 All users
Shutterfly Express Uploader Shutterfly, Inc. 3/5/2013 1.2.0.0 All users
Skype™ 7.0 Skype Technologies S.A. 3/26/2015 47.9 MB 7.0.102 All users
SRS Premium Sound Control Panel SRS Labs, Inc. 12/9/2010 2.52 MB 1.10.1000 All users
SSA Benefit Calculator Social Security Administration 2/6/2016 1.65 MB 1.15.0002 Owner
User Guide 12/8/2010 1.0 All users
Windows Live Essentials Microsoft Corporation 3/26/2015 15.4.3502.0922 All users
Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 3/26/2015 5.37 MB 15.4.5722.2 All users
Windows Media Encoder 9 Series 2/20/2012 All users
 


#6 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:17 PM

Posted 25 February 2018 - 07:48 PM

You can look in your downloads and delete the installer for CCleaner..the CCleaner.exe...

 

Suggest you Disable these Windows Startups: Use CCleaner by clicking on each item and choosing Disable on the right. (Keep in mind you can Reenable any item if

it becomes to much of hassle not to have in Startup.)

Yes HKCU:Run CCleaner Monitoring Piriform Ltd Owner "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
Yes HKCU:Run Fitbit Connect Fitbit, Inc. Owner "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
Yes HKCU:Run GoogleDriveSync Owner "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
Yes HKLM:Run CarboniteSetupLite Carbonite, Inc. All users "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
Yes HKLM:Run Fitbit Connect Fitbit, Inc. All users "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
Yes HKLM:Run HP Software Update Hewlett-Packard All users C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
Yes Startup User OneNote 2010 Screen Clipper and Launcher.lnk Microsoft Corporation Owner C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
Yes Startup User Seagate 2GET3C5L Product Registration.lnk Leader Technologies/Seagate Owner C:\Users\Owner\AppData\Roaming\Leadertech\PowerRegister\Seagate 2GET3C5L Product Registration.exe
 
 
Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.
Yes Task Adobe Acrobat Update Task Adobe Systems Incorporated All users C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Yes Task GoogleUpdateTaskMachineUA Google Inc. All users C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
Yes Task Scheduled scanning task F-Secure Corporation All users C:\Program Files (x86)\Charter Security Suite\fsscan.exe --sched
Yes Task SidebarExecute Microsoft Corporation All users C:\Program Files\Windows Sidebar\sidebar.exe
Yes Task {26619AF0-2BEC-4D5B-9512-0479FD5107A4} Microsoft Corporation Owner C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" -d C:\Users\Owner\Desktop -c /preinstalled /pausefor=0 /interactive
 
Uninstall these programs:
Adobe AIR Adobe Systems Incorporated 3/12/2017 24.0.0.180 All users  (Unless you actually use it)
Best Buy pc app 12/8/2010 All users
ESET Security ESET, spol. s r.o. 2/24/2018 206 MB 11.0.159.9 All users  (Unless you purchased it)
Mozilla Firefox 52.0.2 (x86 en-US) Mozilla 4/4/2017 91.5 MB 52.0.2 All users  (Or Update Firefox...)
MSN Toolbar Microsoft Corporation 2/17/2012 4.0.0357.1 All users
Security Suite F-Secure Corporation 11/8/2017 2.93.175.0 All users (Keep if you uninstall Eset)
Windows Live Essentials Microsoft Corporation 3/26/2015 15.4.3502.0922 All users
Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 3/26/2015 5.37 MB 15.4.5722.2 All users
 
I didn't see anything related to remote control that the criminal installed.
After completing the above and rebooting let me know of any problem....otherwise...happy surfin'
 
EDIT:

If you don't have an ad blocker installed I suggest using Adblock Plus.

Adblock Plus :: Add-ons for Firefox     Adblock Plus - Chrome Web Store

Adblock Plus for Edge browser   Adblock Plus for IE

 

You can block the ad and tracking cookies from installing on your computer by blocking third party cookies.

How to disable third-party cookies in all major web browsers

Once you have blocked the install of those cookies then run CCleaner to remove the existing ones.


Edited by buddy215, 25 February 2018 - 07:54 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 Taylor7

Taylor7
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 01 March 2018 - 05:05 PM

Thank you for all your help.  I completed everything you suggested.  No issues so far.  I appreciate you!



#8 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:17 PM

Posted 01 March 2018 - 05:33 PM

Good....you're welcome...happy surfin'


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users