PC crash followed by phone call scam

porgorg

Baseband Member
Messages
79
Location
UK
I'm sure most people have heard about these phone call scams where they offer to fix your PC over the phone. A friend of a friend had this recently and wants me to secure his PC (he's running Windows 10).
I was told all of a sudden his PC crashed and then he got a call on his mobile claiming they were from BT and they apologise for the crash and would give him £100 compensation. They then made out that they paid him £200 by mistake and that could he pay back £100. :wtf:

Anyway I've been asked to clean his PC to get rid of any access 'they' have. I think they were able to see his screen but unsure if they have access to his email.
Just wondering if a few virus checks with Anti Malwarebytes and the like would sort it or is a reinstall of Windows 10 recommended?
I haven't spoken to the guy about it yet so I'll add things if they seem relevant.

Thanks
 
I have not seen one single instance of this where the person on the phone legitimately knows that the computer has an issue or has crashed. I'm going to presume that this was simply a coincidence. If you ask MOST basic users if their computer is slow at times, they're going to say yes. It's a pretty broad scope they dip into to scare people. They usually also show them the "errors" on the computer by using the Event Viewer to show them the common and completely normal things that show up as a scare tactic.

That said, if you want to check it out and make sure it's clean then run a scan with MBAM. You can also run MBAR to check for any rootkits. No need to re-install Windows unless there's a giant mess of the OS files, which is rare.
 
I have not seen one single instance of this where the person on the phone legitimately knows that the computer has an issue or has crashed. I'm going to presume that this was simply a coincidence.
Thanks, I hope this was the case as otherwise I suppose that would mean they had total control of his machine and a reinstall was in order. I still haven't talked to the guy yet to get the full story.

You can also run MBAR to check for any rootkits. No need to re-install Windows unless there's a giant mess of the OS files, which is rare.
Will give this a go, cheers. Was thinking that there might be some blatently obvious ad/malware programs in the Programs list. I've seen that before when someone installed an adblock program they found searching Google.
 
Firstly, run a scan with Malwarebytes Antimalware (the Free version is fine, you don't need to activate the Pro trial). Scan with it, delete whatever it finds, reboot and post the log here. Download it from here:
https://www.malwarebytes.org/mwb-download/

Secondly, run a scan with AdwCleaner. Same as above, scan with it, delete what it finds, post the log file here. Download from here:
AdwCleaner Download

Thirdly, run a scan with HiJackThis. Run it as Admin, pick the "scan and generate log" option, and then post the logfile here. Do NOT remove ANYTHING unless told to do so, as removing the wrong entry can damage your system. Download it from here:
HiJackThis | SourceForge.net
 
Finally got to scan the computer.
The results of the Malwarebytes scan were too long to post, but it quarantined 1475 infections.

After that ADW didn't really find anything but here are the results:
# AdwCleaner v5.119 - Logfile created 11/06/2016 at 16:51:39
# Updated 30/05/2016 by Xplode
# Database : 2016-06-10.1 [Server]
# Operating system : Windows 10 Home (X64)
# Username : Mark - ILMPC_GAME
# Running from : C:\Users\Mark\AppData\Local\Microsoft\Windows\INetCache\IE\D7IUZIFH\AdwCleaner.exe
# Option : Scan
# Support : ToolsLib - Forum: Ask for help or share your experience.

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\PicRec
Folder Found : C:\Program Files (x86)\TotalRecipeSearch_14
Folder Found : C:\Program Files (x86)\TotalRecipeSearch_14
Folder Found : C:\WINDOWS\Microsoft\sogr
Folder Found : C:\Users\Mark\AppData\Local\TotalRecipeSearch_14
Folder Found : C:\Users\Mark\AppData\Local\TotalRecipeSearch_14
Folder Found : C:\Users\Mark\AppData\LocalLow\iac
Folder Found : C:\Users\Mark\AppData\LocalLow\Yahoo! Companion
Folder Found : C:\Users\Mark\AppData\LocalLow\Yahoo!\Companion
Folder Found : C:\Users\Mark\AppData\LocalLow\IAC
Folder Found : C:\Users\Mark\AppData\Roaming\Search Protection
Folder Found : C:\Users\Mark\AppData\Roaming\Yahoo!\Companion

***** [ Files ] *****


***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****

Shortcut Infected : C:\Users\Mark\Desktop\Search.lnk ( hxxp://feed.helperbar.com/?publisher=YahooTR&dpid=YahooTR&co=GB&userid=7beb57bd-645f-4248-0f3a-44d50895e549&searchtype=sc&fr=linkury-tb&installDate=12/08/2014&barcodeid=37903&um=0&type=hp2000 )
Shortcut Infected : C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk ( hxxp://feed.helperbar.com/?publisher=YahooTR&dpid=YahooTR&co=GB&userid=7beb57bd-645f-4248-0f3a-44d50895e549&searchtype=sc&fr=linkury-tb&installDate=12/08/2014&barcodeid=37903&um=0&type=hp2000 )
Shortcut Infected : C:\Users\Mark\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk ( hxxp://feed.helperbar.com/?publisher=YahooTR&dpid=YahooTR&co=GB&userid=7beb57bd-645f-4248-0f3a-44d50895e549&searchtype=sc&fr=linkury-tb&installDate=12/08/2014&barcodeid=37903&um=0&type=hp2000 )

***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
Key Found : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
Key Found : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
Key Found : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
Key Found : HKLM\SOFTWARE\Classes\AppID\YCAPlugin.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YTabBar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YTBM.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YTMsgr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YTSingleInstance.DLL
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TotalRecipeSearch_14bar Uninstall Firefox
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TotalRecipeSearch_14bar Uninstall Internet Explorer
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
Key Found : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
Key Found : HKLM\SOFTWARE\Classes\Sample.BrowserHandler
Key Found : HKLM\SOFTWARE\Classes\Sample.BrowserHandler.1
Key Found : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample
Key Found : HKLM\SOFTWARE\Classes\Sample.YTBPartnerSample.1
Key Found : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.FeedManager
Key Found : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.FeedManager.1
Key Found : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.HTMLMenu
Key Found : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.HTMLMenu.1
Key Found : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.HTMLPanel
Key Found : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.HTMLPanel.1
Key Found : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.MultipleButton
Key Found : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.MultipleButton.1
Key Found : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.PseudoTransparentPlugin
Key Found : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.PseudoTransparentPlugin.1
Key Found : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.Radio
Key Found : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.Radio.1
Key Found : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.RadioSettings
Key Found : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.RadioSettings.1
Key Found : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.ScriptButton
Key Found : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.ScriptButton.1
Key Found : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.SettingsPlugin
Key Found : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.SettingsPlugin.1
Key Found : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.ThirdPartyInstaller
Key Found : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.ThirdPartyInstaller.1
Key Found : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.ToolbarProtector
Key Found : HKLM\SOFTWARE\Classes\TotalRecipeSearch_14.ToolbarProtector.1
Key Found : HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin
Key Found : HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin.6
Key Found : HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin
Key Found : HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Key Found : HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin
Key Found : HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin.1
Key Found : HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl
Key Found : HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1
Key Found : HKLM\SOFTWARE\Classes\YPUBC.DataStore
Key Found : HKLM\SOFTWARE\Classes\YPUBC.DataStore.1
Key Found : HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler
Key Found : HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1
Key Found : HKLM\SOFTWARE\Classes\YPUBC.StringList
Key Found : HKLM\SOFTWARE\Classes\YPUBC.StringList.1
Key Found : HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl
Key Found : HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl.1
Key Found : HKLM\SOFTWARE\Classes\YTBM.YTBMButton
Key Found : HKLM\SOFTWARE\Classes\YTBM.YTBMButton.1
Key Found : HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance
Key Found : HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance.1
Key Found : HKLM\SOFTWARE\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{39DCCEAF-C749-4390-9953-527CF916935C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345}
Key Found : HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{7375D127-3955-4654-8E7D-1949A7A9C902}
Key Found : HKCU\Software\Classes\CLSID\{8a7d2060-824d-4b17-b00a-759b1b5f30d9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B33BD6CF-BF4C-4CF0-AC84-B2974BC14ABD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9A10D86-182A-4946-869B-70C3D109D14D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03f3147c-cea6-4aae-b0ae-8d8abe7a8080}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2502086b-5a46-4d05-8d5b-a1e77ab8bb32}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{396a4e14-83e7-4941-b0d9-b598e1b97197}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{76f3207c-3a0a-461b-b958-5653c5718243}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{895f3dbd-2484-4a14-a0ea-c3252ebb0ff7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8c4b563e-52a1-4a10-b700-f8bf1cd7b726}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9e5c950c-93f2-46b4-a47e-8450fff4d841}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{a0154e07-2b48-475c-a82a-80efd84ea33e}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4503EC3-1111-4B62-8F46-0D88508F8A7B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{a9c524bf-4044-402a-aa00-8c3b3da86125}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{b38fbaed-ded1-4ba6-ba2e-f2515fd49442}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{b5ede79d-b004-47dd-93f9-152b0d145914}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{d0690e53-168c-4632-99b2-5700228f760f}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{e1f82c34-7195-49a8-9c9b-47c064c22132}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{e8106344-16d4-41d1-9a2a-0521a59199ea}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{f62d46cc-3eb0-4b4f-a11a-663f834e78b3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{fc1025d1-c5d8-4a1b-bb68-6b79c51c54e4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
Key Found : HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
Key Found : HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0384459A-9D5E-4AE1-B154-8EAC39721C97}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0CE10DC6-DB5B-4255-BB4C-420C9B8D4F60}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23A73CDC-711C-4D7E-AECC-D9AECFA152AA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2D465563-7CA8-45EC-83F2-6F5C293762F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{377DB814-EBF3-464B-8688-AAE2798E1999}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3B0C32DB-699F-4B5E-BE81-1E78693D50D9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{40FE5A09-64EC-411D-B743-7EA5EC3CBD60}
Key Found : HKLM\SOFTWARE\Classes\Interface\{41CA38C7-E4D6-4DE4-A667-0AB3D17E2312}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4874BC7B-0681-49E4-A9B8-631B218F90D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4FFED4E7-CF5A-467C-965C-0E425314E0CF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6A01347F-FD7B-4EDF-871D-5143F104BFE6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6A6B3763-2264-4710-B165-26DB0B35920C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6D2D2DDF-CFF7-47A0-B4E9-F9043DF6C2C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81C8B625-F505-4E26-84F9-207AF4240B00}
Key Found : HKLM\SOFTWARE\Classes\Interface\{831C6B3A-02D4-4639-90E4-3D381CD5480C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0384459A-9D5E-4AE1-B154-8EAC39721C97}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0CE10DC6-DB5B-4255-BB4C-420C9B8D4F60}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23A73CDC-711C-4D7E-AECC-D9AECFA152AA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2D465563-7CA8-45EC-83F2-6F5C293762F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{377DB814-EBF3-464B-8688-AAE2798E1999}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3B0C32DB-699F-4B5E-BE81-1E78693D50D9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{40FE5A09-64EC-411D-B743-7EA5EC3CBD60}
Key Found : HKLM\SOFTWARE\Classes\Interface\{41CA38C7-E4D6-4DE4-A667-0AB3D17E2312}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4874BC7B-0681-49E4-A9B8-631B218F90D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4FFED4E7-CF5A-467C-965C-0E425314E0CF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6A01347F-FD7B-4EDF-871D-5143F104BFE6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6A6B3763-2264-4710-B165-26DB0B35920C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6D2D2DDF-CFF7-47A0-B4E9-F9043DF6C2C4}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{0548C79F-7B8C-455D-B228-97D35371BB62}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{06A16622-19D9-47E8-9FEC-6CA8CF275BD7}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{0B41B972-09C0-4406-B15C-0310E138F2F1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{20F60738-FCC6-4CF0-9526-A61F321BBF38}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{398035F8-0621-4534-AEF6-B5592A68F6D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{529B4045-715C-46E7-BC81-81E3AAEC9060}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{829E44ED-CB4F-4CCC-990F-428FBD0B128A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0676B02-1367-4651-88C0-28DCC456365F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B7B60F9D-F1E4-4694-9A40-1538EA07A795}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BCF02409-9333-44E7-96E8-01890EA9D58E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CC748B11-E10D-4C87-9A24-93E429FDD1FD}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{FFED91AD-6369-48F5-B351-2A42D09CB27C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a0154e07-2b48-475c-a82a-80efd84ea33e}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b38fbaed-ded1-4ba6-ba2e-f2515fd49442}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{e8106344-16d4-41d1-9a2a-0521a59199ea}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{a0154e07-2b48-475c-a82a-80efd84ea33e}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2502086b-5a46-4d05-8d5b-a1e77ab8bb32}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{76f3207c-3a0a-461b-b958-5653c5718243}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A4503EC3-1111-4B62-8F46-0D88508F8A7B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{b38fbaed-ded1-4ba6-ba2e-f2515fd49442}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e8106344-16d4-41d1-9a2a-0521a59199ea}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{a0154e07-2b48-475c-a82a-80efd84ea33e}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{a0154e07-2b48-475c-a82a-80efd84ea33e}]
Key Found : HKCU\Software\Browser
Key Found : HKCU\Software\Yahoo\Companion
Key Found : HKCU\Software\Yahoo\YFriendsBar
Key Found : HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKLM\SOFTWARE\SpeedBrowser
Key Found : HKLM\SOFTWARE\Yahoo\Companion
Key Found : HKU\.DEFAULT\Software\Browser
Key Found : HKU\.DEFAULT\Software\Yahoo\Companion
Key Found : HKU\.DEFAULT\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKU\S-1-5-21-715770824-369694339-256802149-1001\Software\Browser
Key Found : HKU\S-1-5-21-715770824-369694339-256802149-1001\Software\Yahoo\Companion
Key Found : HKU\S-1-5-21-715770824-369694339-256802149-1001\Software\Yahoo\YFriendsBar
Key Found : HKU\S-1-5-21-715770824-369694339-256802149-1001\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKU\S-1-5-18\Software\Browser
Key Found : HKU\S-1-5-18\Software\Yahoo\Companion
Key Found : HKU\S-1-5-18\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\DF917BEA0BDE9E345B42099FC7E14699
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\DF917BEA0BDE9E345B42099FC7E14699
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DF917BEA0BDE9E345B42099FC7E14699
Key Found : [x64] HKLM\SOFTWARE\Classes\Installer\Products\DF917BEA0BDE9E345B42099FC7E14699
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{A3FDA73C-9456-44C2-BE5C-7BC3A80EBFB9}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{5CD22858-C6FB-49DB-B5DD-2483259AAA92}]
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E29DB3C0-EAA4-4DDC-803C-966D205E1A82}
Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {E29DB3C0-EAA4-4DDC-803C-966D205E1A82}
Key Found : HKU\S-1-5-21-715770824-369694339-256802149-1001\Software\Microsoft\Internet Explorer\SearchScopes\{E29DB3C0-EAA4-4DDC-803C-966D205E1A82}
Data Found : HKU\S-1-5-21-715770824-369694339-256802149-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {E29DB3C0-EAA4-4DDC-803C-966D205E1A82}
Value Found : HKU\S-1-5-21-715770824-369694339-256802149-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Browser Infrastructure Helper]
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\sogr

***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [20971 bytes] - [11/06/2016 16:51:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [21045 bytes] ##########
 
These are the results from Hijackthis:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 17:04:40, on 11/06/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0020)


Boot mode: Normal

Running processes:
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
C:\Users\Mark\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Users\Mark\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = BT | Using the power of communication to make a better world
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Google
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Google
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Google
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Google
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: BT Toolbar - {aba8d0e6-0d4d-4cb8-836a-04d69824b108} - C:\Program Files (x86)\bttb\bttbX.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (file missing)
O3 - Toolbar: BT Toolbar - {aba8d0e6-0d4d-4cb8-836a-04d69824b108} - C:\Program Files (x86)\bttb\bttbX.dll
O3 - Toolbar: TotalRecipeSearch - {a0154e07-2b48-475c-a82a-80efd84ea33e} - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14bar.dll (file missing)
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
O4 - HKCU\..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Mark\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: Registration Tom Clancy's Rainbow Six
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O23 - Service: McAfee Application Installer Cleanup (0071471465661046) (0071471465661046mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\007147~1.EXE
O23 - Service: AdaptiveSleepService - Unknown owner - C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
O23 - Service: McAfee Boot Delay Start Service (McBootDelayStartSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\1.9.656.0\McCSPServiceHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Service Controller (mfemms) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: McAfee Module Core Service (ModuleCoreService) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Intel Security PEF Service (PEFService) - Intel Security, Inc. - C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11430 bytes

Also discovered that he had no wireless password and his McAfee firewall was clashing with the WIndows 10 one, so for now the Windows one is turned off.
 
Remove the following entries from HJT:
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstan ce.dll (file missing)
O3 - Toolbar: TotalRecipeSearch - {a0154e07-2b48-475c-a82a-80efd84ea33e} - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\14bar.dll (file missing)

Otherwise, looks good. Looks like the scans definitely removed a lot of stuff... Did you run the anti-rootkit software suggested as well?

Also discovered that he had no wireless password and his McAfee firewall was clashing with the WIndows 10 one, so for now the Windows one is turned off.
Definitely put a wifi password on; that'll protect more than just malware...that'll protect from anybody that decides to connect to their wireless and use WireShark and sniff their packets/intercept unencrypted data.

As for McAfee...I highly suggest ditching it and moving to something like Avast or Avira (both are free).
 
Great, thanks for that. I'll delete them once I get to his machine again.

I forgot to run the Rootkit scan, will have to remember to do that as well.

I think he's paid for McAfee, or the prebuild PC came with a subscription so unsure if he'll be willing to change as yet. I've used Avast in the past, the only thing that gets me about it are the popups 'Do you know who's spying on you?' and so on.

He was running Trusteer Rapport which is supposed to be an extra layer of security. I uninstalled it as I know people who have had trouble with it slowing their computers, is it worth reinstalling though seeing as the scammers got into his account regardless?
 
I have not seen one single instance of this where the person on the phone legitimately knows that the computer has an issue or has crashed. I'm going to presume that this was simply a coincidence.
Speaking to him I think what actually happened is that the scammers called him up while viewing his PC (maybe due to having a disabled firewall) and said they will fix the McAfee disabling firewall. Convinced him to install Teamviewer, installed infections on his PC (the 1475 MBAM found) which persuaded him to install other software (maybe disabling McAfee and Rapport) to combat the infections. Said they would reimburse him, that weird part about overpayment, he logs into his account, the screen goes black and they empty his account.
 
Back
Top Bottom