phone scam hack

Page 2 - Seeking answers? Join the Tom's Guide community: where nearly two million members share solutions and discuss the latest tech.
Sidebar Sidebar
M

masufa

Commendable
Apr 26, 2016
25
0
1,580
mom fell for the phone scam that said she had a virus and let them into her computer then refused to pay them to fix it . Now internet and sound will not work. She has Win 7 should she reinstall W7 or what?
 
Solution
ffg7
1.Turn off the computer.

2. Disconnect all connected devices and cables such as Personal Media Drives, USB drives, printers, and faxes. Remove media from internal drives, and remove any recently added internal hardware. Do not disconnect the monitor, keyboard, mouse, or power cord.

3.Turn on the computer and repeatedly press the F11 key, about once every second, until Recovery Manager opens.

4.Under I need help immediately, click System Recovery.

5.When System Recovery prompts you to back up your files, select a backup option:

•If you have already backed up personal files or you do not want to back up personal files, select Recover without backing up your files, and then click Next. Continue to the next step.

6.Click OK in the...
Sort by date Sort by votes


I was talking about getting it from the website, When I click download from the website it starts downloading to the download folder on the laptop (other files in the past would let me choose the USB drive).
So download Combofix.exe to the laptop and then move it to the USB drive then run it on the infected computer. Right?

 
Upvote 0 Downvote
Being pedantic, you move or copy it to the flash drive, plug that into the affected machine and double click on that file. That way it installs to the place that needs it most. Scrap the original download because when you need it again, you want a fresh version.

sUBS is always bringing it up to date.and hopefully the day will soon come when it can run on Windows 10.
 
Upvote 0 Downvote


Ran Combofix here is the txt file.
ComboFix 16-04-29.01 - Administrator 04/30/2016 13:07:09.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2866 [GMT -7:00]
Running from: G:\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\uninstaller.exe
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((( Files Created from 2016-03-28 to 2016-04-30 )))))))))))))))))))))))))))))))
.
.
2016-04-28 19:40 . 2016-04-30 19:31 351 ----a-w- C:\prefs.js
2016-04-28 19:38 . 2016-04-28 19:39 -------- d-----w- c:\users\Administrator
2016-04-27 14:49 . 2016-04-27 14:49 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-04-27 14:49 . 2016-04-27 14:49 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-04-27 14:49 . 2016-04-27 14:49 -------- d-----w- c:\programdata\Malwarebytes
2016-04-27 14:49 . 2016-03-10 21:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-04-27 14:49 . 2016-03-10 21:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-04-27 14:49 . 2016-03-10 21:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-04-23 17:02 . 2016-04-23 17:02 -------- d-----w- c:\programdata\PC Optimizer Pro
2016-04-23 17:02 . 2014-02-19 05:52 159032 ----a-w- c:\windows\system32\ATL90.dll
2016-04-23 17:02 . 2016-04-25 17:29 -------- d-----w- c:\program files\PC Optimizer Pro
2016-04-13 18:39 . 2016-03-29 17:53 3216896 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-07 18:34 . 2012-04-12 13:23 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-04-07 18:34 . 2011-05-16 13:07 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-03-17 22:24 . 2016-04-13 18:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-03-09 00:12 . 2016-03-09 00:12 71456 ----a-w- c:\windows\system32\drivers\avguniva.sys
2016-03-09 00:12 . 2016-03-09 00:12 306976 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2016-03-07 21:39 . 2016-03-07 21:39 246560 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2016-02-16 23:07 . 2016-02-16 23:07 162592 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2016-02-16 23:05 . 2016-02-16 23:05 360736 ----a-w- c:\windows\system32\drivers\avgloga.sys
2016-02-12 18:52 . 2016-03-09 14:20 98816 ----a-w- c:\windows\system32\wudriver.dll
2016-02-12 18:52 . 2016-03-09 14:20 3169792 ----a-w- c:\windows\system32\wucltux.dll
2016-02-12 18:52 . 2016-03-09 14:20 192512 ----a-w- c:\windows\system32\wuwebv.dll
2016-02-12 18:44 . 2016-03-09 14:20 91136 ----a-w- c:\windows\system32\WinSetupUI.dll
2016-02-12 18:39 . 2016-03-09 14:20 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll
2016-02-12 18:22 . 2016-03-09 14:20 2610688 ----a-w- c:\windows\system32\wuaueng.dll
2016-02-12 18:19 . 2016-03-09 14:20 709120 ----a-w- c:\windows\system32\wuapi.dll
2016-02-12 18:18 . 2016-03-09 14:20 37888 ----a-w- c:\windows\system32\wuapp.exe
2016-02-12 18:18 . 2016-03-09 14:20 140288 ----a-w- c:\windows\system32\wuauclt.exe
2016-02-12 18:18 . 2016-03-09 14:20 36864 ----a-w- c:\windows\system32\wups.dll
2016-02-12 18:18 . 2016-03-09 14:20 37888 ----a-w- c:\windows\system32\wups2.dll
2016-02-12 18:18 . 2016-03-09 14:20 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2016-02-12 18:06 . 2016-03-09 14:20 573440 ----a-w- c:\windows\SysWow64\wuapi.dll
2016-02-12 18:05 . 2016-03-09 14:20 93696 ----a-w- c:\windows\SysWow64\wudriver.dll
2016-02-12 18:05 . 2016-03-09 14:20 30208 ----a-w- c:\windows\SysWow64\wups.dll
2016-02-12 18:05 . 2016-03-09 14:20 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2016-02-09 09:57 . 2016-03-09 14:14 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2016-02-09 09:57 . 2016-03-09 14:14 14634496 ----a-w- c:\windows\system32\wmp.dll
2016-02-09 09:56 . 2016-03-09 14:14 5120 ----a-w- c:\windows\system32\msdxm.ocx
2016-02-09 09:56 . 2016-03-09 14:14 5120 ----a-w- c:\windows\system32\dxmasf.dll
2016-02-09 09:55 . 2016-03-09 14:14 30720 ----a-w- c:\windows\system32\seclogon.dll
2016-02-09 09:54 . 2016-03-09 14:14 9728 ----a-w- c:\windows\system32\spwmp.dll
2016-02-09 09:51 . 2016-03-09 14:14 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2016-02-09 09:13 . 2016-03-09 14:14 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx
2016-02-09 09:13 . 2016-03-09 14:14 4096 ----a-w- c:\windows\SysWow64\dxmasf.dll
2016-02-09 09:13 . 2016-03-09 14:14 8192 ----a-w- c:\windows\SysWow64\spwmp.dll
2016-02-05 18:54 . 2016-03-09 14:14 41472 ----a-w- c:\windows\system32\lpk.dll
2016-02-05 18:54 . 2016-03-09 14:14 100864 ----a-w- c:\windows\system32\fontsub.dll
2016-02-05 18:53 . 2016-03-09 14:14 14336 ----a-w- c:\windows\system32\dciman32.dll
2016-02-05 18:53 . 2016-03-09 14:14 46080 ----a-w- c:\windows\system32\atmlib.dll
2016-02-05 18:50 . 2016-03-09 14:14 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2016-02-05 18:44 . 2016-03-09 14:14 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2016-02-05 18:42 . 2016-03-09 14:14 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2016-02-05 17:48 . 2016-03-09 14:14 372736 ----a-w- c:\windows\system32\atmfd.dll
2016-02-05 17:43 . 2016-03-09 14:14 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2016-02-05 17:43 . 2016-03-09 14:14 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2016-02-05 01:19 . 2016-03-09 14:14 381440 ----a-w- c:\windows\system32\mfds.dll
2016-02-04 18:41 . 2016-03-09 14:14 296448 ----a-w- c:\windows\SysWow64\mfds.dll
2016-02-03 18:58 . 2016-03-09 14:20 862208 ----a-w- c:\windows\system32\oleaut32.dll
2016-02-03 18:52 . 2016-03-09 14:20 84992 ----a-w- c:\windows\system32\asycfilt.dll
2016-02-03 18:49 . 2016-03-09 14:20 572416 ----a-w- c:\windows\SysWow64\oleaut32.dll
2016-02-03 18:43 . 2016-03-09 14:20 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll
2016-02-03 18:07 . 2016-03-09 14:20 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}]
2010-09-28 21:35 817576 ----a-w- c:\program files (x86)\alot\bin\BHO\alotBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2016-04-13 12:21 2439240 ----a-w- c:\program files (x86)\AVG Web TuneUp\4.2.9.726\AVG Web TuneUp.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}"= "c:\program files (x86)\alot\bin\alot.dll" [2010-09-28 817576]
.
[HKEY_CLASSES_ROOT\clsid\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"Lexmark 5400 Series"="c:\program files (x86)\Lexmark 5400 Series\fm3032.exe" [2006-11-22 304048]
"AVG_UI"="c:\program files (x86)\AVG\Av\avuirunnerx.exe" [2016-04-07 32528]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvgUi"="c:\program files (x86)\AVG\Framework\Common\avguirnx.exe" [2016-04-15 186640]
"vProt"="c:\program files (x86)\AVG Web TuneUp\vprot.exe" [2016-04-13 2885704]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2009-6-3 430080]
Wireless Connection Manager.lnk - c:\program files (x86)\D-Link\DWA-130 revE\wirelesscm.exe [2010-7-5 505152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R3 AvgAMPS;AvgAMPS;c:\program files (x86)\AVG\Av\avgamps.exe;c:\program files (x86)\AVG\Av\avgamps.exe [x]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
R4 avgsvc;AVG Service;c:\program files (x86)\AVG\Framework\Common\avgsvca.exe;c:\program files (x86)\AVG\Framework\Common\avgsvca.exe [x]
R4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R4 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R4 vToolbarUpdater40.2.9;vToolbarUpdater40.2.9;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\ToolbarUpdater.exe [x]
R4 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 WlanWpsSvc;WlanWpsSvc;c:\program files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe;c:\program files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe [x]
R4 WtuSystemSupport;WtuSystemSupport;c:\program files (x86)\AVG Web TuneUp\WtuSystemSupport.exe;c:\program files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 Avguniva;AVG Universal Driver;c:\windows\system32\DRIVERS\avguniva.sys;c:\windows\SYSNATIVE\DRIVERS\avguniva.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\Av\avgidsagent.exe;c:\program files (x86)\AVG\Av\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\Av\avgwdsvcx.exe;c:\program files (x86)\AVG\Av\avgwdsvcx.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-21 18:30 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.87\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-04-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 18:34]
.
2016-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-29 13:03]
.
2016-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-29 13:03]
.
2016-04-21 c:\windows\Tasks\HPCeeScheduleForfarekian.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16 17:51]
.
2014-01-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-18 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-18 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-18 365592]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-14 610360]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"lxctmon.exe"="c:\program files (x86)\Lexmark 5400 Series\lxctmon.exe" [2006-11-22 291760]
"EzPrint"="c:\program files (x86)\Lexmark 5400 Series\ezprint.exe" [2006-11-22 82864]
"LXCTCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCTtime.dll" [2006-11-21 31744]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{79C54A05-F146-4EA0-8A70-D4EFE6181E52} - c:\program files (x86)\InstallShield Installation Information\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-957180447-2833310546-2392720342-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}"=hex:51,66,7a,6c,4c,1d,3b,1b,45,c0,78,
f9,8c,9a,a4,04,87,1f,c6,e2,99,62,7c,c1
.
[HKEY_USERS\S-1-5-21-957180447-2833310546-2392720342-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,31,07,40,b3,1e,e2,4d,b1,2f,97,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,cc,31,07,40,b3,1e,e2,4d,b1,2f,97,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\PictureMover\Bin\PictureMover.exe
c:\program files (x86)\AVG\Framework\Common\avguix.exe
c:\program files (x86)\AVG\Av\avgui.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2016-04-30 13:29:02 - machine was rebooted
ComboFix-quarantined-files.txt 2016-04-30 20:29
.
Pre-Run: 645,767,622,656 bytes free
Post-Run: 649,498,963,968 bytes free
.
- - End Of File - - 96C91B51F72A1F11F5C7B78FEA7AD128
CDE0425852D770E64BC2B3533C638A85


 
Upvote 0 Downvote
Not sure what that is please explain

 
Upvote 0 Downvote
Given that they had access to the system, wipe and reinstall.
AND, from a whole different PC, change all of her online passwords. Do this today.

Some scammer from the other side of the planet...there is no telling what they read from her PC, or installed on it.
Fixing sound and internet is the least of the issues.

Malwarebytes, the anti-virus, whatever...there is no guarantee that they've caught everything that may have been done.
 
Upvote 0 Downvote


 
Upvote 0 Downvote
yeah but ffg7 I'll bet you never talked to them, I get them also but I hang up on them she went all the way. I did try a system restore today . and after it got about 3/4 of the way done it said "an unspecified error occurred during System restore (0x800700b7)

How would I get Windows 7 to reinstall to the day she got the computer? She has no disk, no back ups.
 
Upvote 0 Downvote
That reminds me why I didn't suggest it. Most folks aren't in a position to do that, even though it's the easiest and safest way out. We have to be pragmatic and work with what the poster has left. There's no data to steal and e-mail addresses and passwords are traded on the Net seven days a weekl so let's press on with fixing the Net connection and put reinstallation down to the bottom of the last resort list.
 
Upvote 0 Downvote
you would have lost the bet with me as I have talked to them a number of times. I let them walk me thru on my netbook to show these problems that they are getting reports back to their site from the netbook. I told them they are wrong as this was just freshly installed & has never been on the net as I had not installed the network drivers. click then dialtone. recently I've being telling them I've been making money because of their screwing around with people's computer, they just sputter & hangup.
have you tried doing system restore thru safemode? what is the make & model# of the laptop to see if there is a recovery partition on the hard drive?
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

HarryUrschel
  • Locked
How did AT&T rep get pics from cell phone?
Replies
4
Views
6K
Cell Phone General Discussion
Webby Frederick
W
B
  • Locked
Help me get my old external hard drive working again, to recover sentimental files!
Replies
2
Views
6K
Off-Topic / General Discussion
biancahatfield
B
I
Question Methods to restore corrupted combined program files made into zip files
Replies
11
Views
4K
Laptop Tech Support
COLGeek
COLGeek
S
  • Locked
  • Question Question
Question Help getting former Lifeline phone working
Replies
2
Views
4K
Android Smartphones
COLGeek
COLGeek
a.don84
  • Question Question
Question Help! Disk usage at 100% after recently doing a system restore
Replies
2
Views
3K
Laptop Tech Support
a.don84
a.don84

TRENDING THREADS

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom