Tech Problem Aggregator

# My father got scammed - Gave remote access to someone impersonating Microsoft

Q: My father got scammed - Gave remote access to someone impersonating Microsoft

Hello,

My father saw a pop-up that said his computer had an error and was infected with malware.  The pop-up had a phone number to call.  He talked to someone who said he was a certified Microsoft technician and got my dad scared about the Zeus virus.  My dad gave him access to his computer and they did a remote session.

The person did not ask for a credit card number, he asked to be mailed a check but wasn't too worried about getting paid.

I know that my dad should not have done what he did  But now I'm trying to clean the computer from what may be compromised.  I am currently running SpyHunter and it has already found 217 threats detected.  It looks like the scary one is HawkEye keylogger and there is also Conduit Search/Toolbar and FindYourMaps Toolbar.  I'm 70% done.

I'd love to know what to do next and if someone could please walk me through all the things I need to make sure and take care of to keep my dad safe.  Thank you for your help and support!

More replies

I got a pop up that was loud and wouldn't let me close it saying, "your computer has been infected call Microsoft" and I did because I turned it off and it was still yelling st me when I turned it back on. I gave the tech remote access and he said I had a tiny something trojan virus. Well I didn't fall for paying, got off the phone, held power button down and turned computer off. Am able to use it fine now with no more warning but am I safe after giving the remote access? I was on the phone for about 30 mins while he was going around to different areas in my computer telling me what all of the "problems" were.

It wasn't Microsoft, it was a scam.   I suggest you have a look here and create a new post asking for assistance to ensure your computer has not been compromised .

1 more replies

Hi,

I have just been online with Microsoft who were trying to help me as I have a laptop that will not install Windows 10. They remote accessed my laptop and took my name, email address and phone number. They then performed some tests on the laptop, took some machine information from me and advised that they could see what the problem was and could easily resolve the issue for me.

After some time the person I was chatting to online advised that there would be a charge for the help as the problem was so complicated. Now I am not sure that the person I was speaking to was actually from Microsoft.
I was quoted the price of £106 to fix the problem (the problem seemed to be a corrupt Windows installer and problems with the 'source engine'). The link I clicked on to access the help was displayed on-screen after my latest attempt to install Windows 10 failed.

I'm now fearing that the person who accessed my PC wasn't actually from Microsoft, what should I do?

More replies

My elderly father was taken in by some kind of pop-up ad that claimed he had viruses when he was online. He clicked on it and he filled out their form so they called him and before I'm aware of any of this, he had granted them remote access to his computer.
They are a company called Rhombus located (supposedly) in Texas although they all seem to have Indian accents. They got him to agree to pay them over $800 for continued technical support. They're supposed to send FedEx to his house today to pick up his check. I've told him I think it's a rip-off. That$800 tech support supposedly includes a lifetime subscription to Malwarebytes.
I also turned off the computer so they can't get remote access without us knowing it and I told him not to touch it until I have a chance to look at it.
I want to disconnect the computer from the router so they can't stop me from deleting the software they installed that allows remote access. They left a shortcut for it on the desktop so it can be easily found, but I don't remember the name of the software (I'm posting from work).
Thing is, I don't really know what else they may have done to the computer. It may have files or software that is hidden and I'm not sure how to find it.
I also noticed that our Wifi that I use to access the internet for my own PC, laptop, and tablets is down, so I can't get online. I checked, and it says I have access to a Wifi network (which seems to be a new one th... Read more

A:My Father Granted Someone Remote Access To His Computer; What Should I Do

Welcome to MajorGeeks!

Sorry, about my first post - I have been up all night.
*Do NOT pay anymore money out on that scam!

jrasicmark said:

I also noticed that our Wifi that I use to access the internet for my own PC, laptop, and tablets is down, so I can't get online.Click to expand...

There is nothing that we can do for you & your Dad without logs to review.

Regretfully,
dr.m

9 more replies

I went to Symantecs web site for tech support on my virus product and they asked for remote access for my computer and I allowed it. Well it took them 2 hours to fix a 45 minute problem. The person wasnt paying attention to me and I did most of the work fixing my problem and so when the company sent out the survey on tech support I complained and gave out the persons name. Ever since then My computer has lost the cd rom in which i finally got back and then it lost the scanner and I am working on recovering its drivers and such. Now when I email people it take forever to type a line and every time i turn on MSN messenger I have to type in my info even after I have clicked save all information. I have attached my hijack log. and I am aware of silentbug, i have it to watch my childrens activities online lol

More replies

Boy do I feel stupid, I was having trouble with figuring out my new outlook email. I got frustrated looking online for information and called what I thought was a Microsoft tech help ctr. The person on the phone told me she would connect me with a tech. thru a chat window at chat123.us. I proceeded to follow prompts and began chat with the tech. the tech stated I was probably infected with third party spyware and my email was hacked.During the process the tech asked to check some things. she pulled up a command prompt window and started looking at my ip address, she also got my start-up window open. When done she said I was infected and showed me where. She said she could fix for a fee. Already suspicious I declined and logged off. I ran my avira free antivirus and it came up clean and my computer seems to be ok but I fear I may have compromized my system. What now?
Thank you, Jim

A:I gave someone remote access, am I infected?

From what I've read online that chat123.us uses LogMeIn Rescue to remotely connect to your
computer.

Link to LogMeIn: How LogMeIn Rescue Works: Remote Computer Support Solution | LogMeIn Rescue

QUOTE: With the customer's permission, this small .exe file automatically downloads to the remote PC. It's the interface through which technicians communicate with Customers and conduct remote support. The applet automatically removes itself from the remote PC at session conclusion.
The applet provides remote Customers with:
Interactive Chat and detailed Session History
File Transfer to the technician
Ability to stop Remote Control or disconnect at any time
You could do a search for LogMeIn on your computer to verify that it is no longer installed.

3 more replies

Hello.  This account is being used by two people: the PC owner and a neighbor who is trying to help.  The PC owner had a cold call at the beginning of September which claimed to be able to tell that the PC owner was sending infected files.  A week later, the neighbor heard about this and recognized this as a tech support scam.  The neighbor was able to determine that the tech support scammer had installed the free version of AVG AntiVirus, but not much else.

The neighbor attempted to run a few free tools to find out if any malicious software was left behind, but due to problems with saving the logs or virus scanners apparently crashing, the neighbor and the PC owner never found any conclusive results for most of those.  The neighbor was following some advice given on a different forum to the victim of a similar scam (link), so dds logs have already been created, but the neighbor would rather have someone who understands them take a look at them.

The neighbor also ran TDSSKiller, but set to Verify Driver Digital Signature and Detect TDLFS file system.  No actions were taken to remove anything using this tool, but a TDSS file system was detected; we don't know what is on it, yet.

The scammers apparently used TeamViewer to access the PC owner's computer, and maybe LogMeIn Rescue.  An empty folder was left for LogMeIn Rescue, but program files remained for TeamViewer.  The neighbor copied... Read more

A:Gave remote access, might have malware.

5 more replies

Hello.  We posted in the Am I Infected? forum previously in this topic.  To recap, there are two people using this account, the PC owner and a neighbor helping out.  The PC owner gave remote access to someone running a tech support scam, the neighbor has been trying to do some scans to figure out what (if any) malicious software may have been left behind and remove it.  One of the performed scans was with TDSSKiller and after we posted the log we were directed to make a topic here.  Logs are still posted in the other topic, but DDS logs were created previously which have not been posted.  We also just ran DDS again, to give you fresher logs to look at, should that make a difference after running SUPERAntiSpyware.  SUPERAntiSpyware found only found tracking cookies, which have been removed.

GMER was also suggested by the previous helper, but we have been unable to reach the website to download it, either on the owner's PC or on the neighbor's.   We did not run Malwarebytes AntiMalware a 3rd time (the 2nd time had no detections, the 1st time had maybe 2, but the log wasn't saved before the neighbor could view it).  The other scans which have been attempted were with Microsoft Security Essentials (which found nothing) and an online ESET scan which crashed before its results could be viewed.

Here is the newest set of DDS logs.
DDS.txt

DDS (Ver_2012-11-20.01) - NTFS_x86

A:Gave remote access, have a TDSS rootkit, at least.

22 more replies

Same problem as astanley86 has recently posted. My mother turned on her computer and had a warning pop up that said she needed to call an 800 # within five minutes or the files on the computer would be destroyed. She called and this guy got her to give him her Credit Card #. When I got home she told me and I could see he was remotely accessing her computer. I would like help in making sure her computer is not compromised. I would also like to know if this guy can access any other devices using the wi-fi account? In looking at astanley86 post I started the process used there by running CCleaner and Malwarebytes.

Windows 8.1 (x64) (build 9600)

A:My elderly mom got scammed by a Microsoft Impersonator

Oh my gosh. That sickens me we have humans on this planet that do this to people!  I recently had a phone call telling me that since I was such a good citizen I won $9,000 per a Grant from the government. I only needed to call another number and give them "my information". It's sad too that someone lowers themselves to this kind of crime. Well, I also was infected by a so called virus and a Microsoft "official" told me I needed to buy a special cleaner. They just had me look at the event errors and it was supposed to frighten me. First things first. If he got into your computer they want financial and Identity information. I doubt they actually put a virus on the computer since they got in the old fashioned way. Trust of someone helping. This burns me up. So check her credit cards and bank accounts and all of that and notify officials as soon as you can. Check with social security to be sure they aren't diverting her direct deposit. There is an online site called my social security that is helpful with that. Or, just call social security immediately. They can put a hold or pause on anyone making changes with he payments. What else? Hm. Those are the two biggies. Call the credit card people/bank/ social security and also any online groups she may not want another person accessing. Change all of her user ID's and passwords. It's a big hassle but if they find any sort of path... Read more 2 more replies Answer Match 63% So I was partially scammed. Got a phone call from a person stating he is from Microsoft and a serious threat has been detected in my computer and they will help me fix it. I was suspicious so the guy made me go to my computer, click computer, manage, event viewers, then custom and I see warnings and errors so i started to be worried. He asked access to my computer through Teamviewer again suspicious he makes me go a website enter a number for Microsoft company and I see it listed. Stupidily I let him access. He opens a few windows I see him running CMD and at the end of the CMD where I see all the data running ultra fast I get the message your microsoft licence has expired risk of crash imminent renew so the guy said I have to renew and when he said I will be directed to a payment page I switched off the computer forced from buttom and hanged the phone. I changed my passwords for everything from another computer just in case (online banking, emails etc...) and after restarting my pc again run all kind of anti viruses. Ad-ware finds issues but after cleaning keep finding the same. Spybot detects 2 Win32.downloader.gen but I keep getting the same threat after cleaning over and over which brings me to Bleepingcomputer website looking for solutions. I had to uninstall teamviewer. When checking the activity log I saw "he" was connected again without permission. Every time I ended teamviewer in task manager it started over and over so I exited programme and un... Read more A:Scammed with a microsoft licence security update There are several legitimate security programs like Spybot S&D, Webroot Spy Sweper, STOPzilla, etc which can add numerous entries to the HOSTS file.If you open the Hosts file, the note at the top and bottom will show the entries were inserted by other security programs like Spybot:# Start of entries inserted by Spybot - Search & Destroy # This list is Copyright 2000-2008 Safer Networking Limited 127.0.0.1 007guard.com 127.0.0.1 www.007guard.com 127.0.0.1 008i.com 127.0.0.1 008k.com 127.0.0.1 www.008k.com 127.0.0.1 00hq.com 127.0.0.1 www.00hq.com 127.0.0.1 legal-at-spybot.info 127.0.0.1 www.legal-at-spybot.info 127.0.0.1... # This list is Copyright 2000-2007 Safer Networking Limited # End of entries inserted by Spybot - Search & Destroy A better example of Spybot's Host file is shown here.Anything that appears in your HOSTS file with a pound sign # are comments, and its main function is to write descriptions.Anything that appears in your HOSTS file without an # at the beginning, except from the 127.0.0.1 localhost line, should be viewed with suspicion unless a security program you use or a custom HOSTS file has created them to block unwanted connections to malicious sites.If you see 127.0.0.1 next to the domain name of security related sites such as an antivirus vendor, then your HOSTS file has likely been altered by malware so that it blocks access to those sites. When redirecting to another site, malware will substitute an illegitimate IP address for the legiti... Read more 7 more replies Answer Match 61.74% I cannot get access to my Microsoft Outlook personal e-mail account so that I can view my Inbox from any Web Browser. I can log on to my personal account but cannot read my e-mail or send messages. When I click on a message nothing happens. If I just place the cursor on a email, on the bar at the bottom of the page is this message "javascriptarent.openNewWindow "/exchange/forms/IPM/NOTE/frmRoot.asp" This has been going on for a couple of months. Thanks More replies Answer Match 60.48% Hiya This whitepaper describes how to configure RSA ACE/Server to provide a secure authentication solution for VPN and Windows XP 802.1X wireless clients running Microsoft Windows XP Service Pack 1 with the PEAP QFE installed. This is accomplished by using Internet Authentication Service (IAS) with any Extensible Authentication Protocol (EAP) standard–compatible virtual private network (VPN) server or Protected EAP (PEAP)-compatible wireless access point. System Requirements Supported Operating Systems: Windows Server 2003 Microsoft Word or Word Viewer. http://www.microsoft.com/downloads/...e3-231b-46b5-ae1e-0e5d3c3cacad&DisplayLang=en Regards eddie More replies Answer Match 60.48% Hi The process svchost.exe maxes out my cpu after my computer has been on for about 2 days. There is nothing special happening when it starts running. I have used Process Explorer to investigate and it is only when i stop the service "Routing and Remote Access" that the cpu usage comes back down to normal. However, this messes up my internet connection so it really is not an optimal solution. I would really appreciate if anyone could help me with this! I am running XP Pro (I think SP2) on an IBM X40. A:svchost.exe CPU usage - NOT Microsoft Update - Maybe Routing and Remote Access Hello tiggerGutt Try This 1. Click Start->Run, type "services.msc" (without quotation marks) in the open box and click OK. 2. Double click the service "Automatic Updates". 3. Click on the Log On tab, please ensure the option "Local system account" is selected and the option "Allow service to interact with desktop" is unchecked. 4. Check if this service has been enabled on the listed Hardware Profile. If not, please click the Enable button to enable it. 5. Click on the tab "General "; make sure the "Startup Type" is "Automatic". Then please click the button "Start" under "Service Status" to start the service. 6. Repeat the above steps with the other service: Background Intelligent Transfer Service (BITS) ================================ NEXT ================================ Re-register Windows Update components and Clear the corrupted Windows Update temp folder 1. Click on Start and then click Run, 2. In the open field type "REGSVR32 WUAPI.DLL" (without quotation marks) and press Enter. 3. When you receive the "DllRegisterServer in WUAPI.DLL succeeded" message, click OK. 4. Please repeat these steps for each of the following commands: REGSVR32 WUAUENG.DLL REGSVR32 WUAUENG1.DLL REGSVR32 ATL.DLL REGSVR32 WUCLTUI.DLL REGSVR32 WUPS.DLL REGSVR32 WUPS2.DLL REGSVR32 WUWEB.DLL REGSVR32 QMGR.DLL REGSVR32 QMGRPRXY.dll After the a... Read more 2 more replies Answer Match 56.28% Howdy, I need to set up my Win7 desktop so I can access it (and my home cloud) from the road with my Win7 Laptop. Should be pretty simple...except, the Remote Access Functions DO NOT APPEAR on the [System Properties] pop-up on the [Remote] Tab See pic attached.. Cannot fill in the form, if the form ain't there. Heeeep, please. A:Remote Access: SystemProp>Remote>NO Remote Functions Visible What version of Windows 7 is installed on your computer? 9 more replies Answer Match 54.18% Updated PCs running Trend Micro's Antivirus on Windows can be hijacked, infected with malware, or wiped clean by any website, thanks to a vulnerability in the security software. The design blunders were discovered by Google Project Zero bod Tavis Ormandy. A patch is now available to address the remote-code execution flaw, so Trend Micro users should update their software as soon as possible. Ormandy, who has been auditing widely used security packages, analyzed a component in Trend's AV software dubbed the Password Manager. He found that multiple HTTP RPC ports for handling API requests were accessible. "It took about 30 seconds to spot one that permits arbitrary command execution, openUrlInDefaultBrowser, which eventually maps to ShellExecute()," he wrote in a bug report to Trend. This means that any webpage visited by a victim could run a script that uses Trend Micro's AV to run commands directly on the machine – such as RD C:\ /S /Q to wipe the system drive, or commands to download and install malware. As another example, this code uninstalls Trend Micro's security software on a PC without the owner's knowledge or consent. Article The software has been patched via an update but I am surprised Trend Micro let this get through. A:Trend Micro AV gave any website command-line access to Windows PCs Not surprised of this at all. Hell, they don't even include signature based detections for Cryptoware if you're not on the latest version of their product and they don't warn you at all about it. It's when you directly ask them that they finally answer. Seriously, TrendMicro isn't worth using at all, at home like at work. 2 more replies Answer Match 52.08% The title says it all! Basically I have a comp running XP pro and I want to be able to work locally on one user account, with some kind of remote access server running on another XP user account so that the remote account and the local account can be used simultaniously. I know that this cannot be done with XP Pro remote desktop and could be by Windows Server 2003 remote desktop, but i need an alternate solution to make this happen. Thanks! -Jeff A:Alternate Remote Desktop application for Simultanious Local/Remote Access 7 more replies Answer Match 52.08% I have a home network of 4 Win 7 computers which I leave running when I'm away from home to provide data to my website, among other things. In the past, I've been using Remote Desktop to access my home computers. It works very well, but it's always a challenge getting everything set up to work right before I go. I was wondering if others who have used Remote Desktop as well as other means of remote access would care to share their experience and express a preference, if any. Thanks. A:Care to recommend a remote access method beside Remote Desktop? Everyone seems to like > TeamViewer - Free Remote Control, Remote Access & Online Meetings 9 more replies Answer Match 52.08% I asked a question in another thread wanting to know if there were any good free alternatives to programs PCAnywhere or GoToMyPC. Boy did I ever get more than I expected in TeamViewer that EAFiedler suggested. Now I have a technical question about how TeamViewer works. It connects to remote systems across the internet not by an IP number that I enter but rather by an arbitrary nine-digit number assigned to the system when the program is set up. It connects so quickly that I know it cannot be scanning every IP address on the 'net looking for a TeamViewer connection at every one of them. So, I have deduced that there must be a server out there somewhere that stores TeamViewer information. Does anyone know enough about this to confirm this and/or explain it to me somewhat? Next question: What about security? Are there any security issues I should be concerned about, other than the obvious, of course? A:Technical question about TeamViewer remote access/remote office 14 more replies Answer Match 51.66% This morning, I heard a nationally syndicated computer expert state that some Chinese hackers were "getting into" Windows based computers through "Remote Access/Remote Desktop" even if the service is turned off. According to the guru, "They will turn it on for you." Being very concrete, as well as, somewhat dull concerning computers, I find this hard to believe. Could someone, in layman's terms, tell me the circumstances needed that would allow a hacker to take control of someone's system when a necessary service is turned off ?? A:Infection Of Windows Through Remote Access/Remote Desktop Easy to do and best NOT described here. 5 more replies Answer Match 51.66% I am running a wireless Network with D-Link 714P+ Router. My PC is wired to the Router, with 2 other computers running wireless. I am running XP Pro. When accessing my PC (or at least attempting to) from a remote Computer using Remote Desktop, I think I have to add something after the IP Address when typing in the Computer Name/IP Address. I have RD working successfully within my Network. Can someone clarify what I need to do here to access my PC through the Internet then Network (Even though I have got this far with setting up my network, please go easy on me with the computer lingo) A:Solved: How do I access my PC in a network using Remote Desktop from remote PC 10 more replies Answer Match 50.82% Hi there, My PC has been infected by malware that claims to be from the UK police. It says I have violated the British criminal code and my computer will be locked until I pay £100 through either Ukash or Paysafe. A screen comes up with loads of text and a photo of a policeman. The computer is unresponsive. I was eventually able to restore my PC to a time when it worked and now it seems OK, but I understand the malware is still there. Is this correct, and do I still need to remove it? I downloaded Malwarebytes Anti-Malware and tried to use that to clean my PC, but it kept crashing (although it did tell me there were 6 items on my computer that shouldn't be there). My computer is an Acer Aspire M1641 (32-bit) running Windows Vista. The dds.txt log is below. The Attach.txt file is attached. I'd be grateful for any help that anyone can give. Jim ------------- Attach.txt 16.95KB 0 downloads DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.19418 BrowserJavaVersion: 10.17.2 Run by jim at 20:06:09 on 2013-05-30 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3071.1119 [GMT 1:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\atiesrxx.exe C:\Windows\system32\SLsvc.exe C:\Windows\system3... Read more A:Malware impersonating police Hello jimcamp I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same",... Read more 10 more replies Answer Match 50.4% Hello All I have a windows server 2008 and I want to install Remote Access/VPN role on it. Unfortunately there is confilict between Remote Desktop and VPN Server role in Windows Server and when enable VPN Server role, Remote Desktop is disabled and vice versa unless you have 2 NICs and enable each on separate NIC. Do you know a way to keep both enabled and functional on the same NIC. Any help is appreciated. More replies Answer Match 49.98% Hi!! I have been getting a message "Impersonating Worker Thread" and my PC shuts down 2 times today and once yesterday. It is interfering with my work and extremely frustrating. Any ideas on what it is and how I can fix it? A:Impersonating Worker Thread - PC shuts down hullo ... https://support.microsoft.com/en-gb/kb/319615 ... may, or may not, help. 3 more replies Answer Match 49.98% Need continued help with an old persistent problem. My computer is old (6 years), its an HP Tablet tc4200, I run Windows XP. 6 months ago it was working fine, i could stream videos via chrome/youtube, seemed to open programs normally. I started noticing slow down problems in the Fall, and in late Dec I noticed I had a major Virus. I used bleepingcomputer in Dec to eliminate what turned out to be a nasty Rootkit of some kind. The long forum can be seen below: http://www.bleepingcomputer.com/forums/topic478451.html/page__st__30__p__2925763#entry2925763 Much of the time in my last effort, i complained of losing hard drive space, from 4 gigs to 70mbs...etc. This problem was for sure related to the rootkit, but doesn't appear fully gone. I'm writing today in a new post to see if I may still be infected. My CPU, runs better than it did with the rootkit, but not much. In general it opens programs slowly, I struggle to stream even 240p videos, and a lot of times chrome takes 3-4 minutes just to even open. I am not running any extensions that I know of and I ran defrag recently. I could be very wrong, but i believe it may still be a virus issue. (Using my task manager) I noticed that FcsSas.exe will occasionally take up 99% of the CPU usage for 10-15 minutes. This is odd as I have Micro Forefront turned totally off, disabled, etc. I then also quite often, have explorer.exe taking up 70%+ CPU usage even if i have only one tab open in chrome. When either or these happ... Read more A:Potential FcsSas.exe impersonating Virus I have new information to report. Upon clearing out some HD to run a defrag...i noticed the following odd issue: Help please? In my C:, Docs and Settings, All Users, Application Data, Microsoft, Media Tools, plugins, media hash, downloads I found 700gigs + of movies...loads and loads of movie files. My laptop only has an 80gig hd, so I'm assuming this is not actually on my hard drive. I have never seen or downloaded these movies, some of them are brand new (just came out). I tried to move one to my desktop to see if i could play it, see if it a genuine movie file. My cpu recognized it as an avi file, but VLC won't play it claiming it is undf. I believe this to be a recent occurance, as I ran the same cpu scan in December and didn't find all these files, although it may have been starting then explaining my past issues. When running it yesterday suddenly there was an extra several hundred gigs of files i hadn't noticed. I believe this might be what has cause my cpu to run slowly recently. 33 more replies Answer Match 49.56% When i bought this system and brought it home I knew within 5 minutes that this OS sucked. 2 months later and the slowest piece of crap later i am thouroghly convinced. Vista is without a doubt the lousiest, most worthliest piece of cow flop I have EVER used. ME was faster and easier to use then this operating system. This disaster from micro$oft has got me seriously thining about buying an apple....LOL

Loading pages is a chore changing pages and views is slowww. It's not my ISP, i am running cable and have checked it numerous times. My DL speeds are great. The system seems to load EVERYTHING slowly and always seems to be laggy. not to mention as a whole it just doesn't seem to be very stable

Before I go an nuke this OS imposter are there any tweaks of any kind that can actually make this system go past slow and into .... well lets face it anything is faster then this lousy thing. So lets just say faster. I would hate to go into the bother of reformating it but unless I can get this to be faster then my old Dell 800 Mhz 512 RAM then it's going to be made into an xp Pro gunner.
I would love some suggestions on tweaking this into a real operating system instead of this pretend one

Stats:

HP Pavillion a1730n
4600+ AMD Athlon 64 X2 Dual Core Processor
2048 MB RAM
329 GB HDD
Nvidia GeForce 6160 LE

A:Vista Arrested for impersonating an operating system

9 more replies

ogfile of Trend Micro HijackThis v2.0.2Scan saved at 2:48:23 PM, on 4/25/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18226)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Windows\System32\WLTRAY.EXEC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Dell\MediaDirect\PCMService.exeC:\Program Files\Common Files\aol\1171073801\ee\aolsoftware.exeC:\Program Files\TomTom HOME\TomTomHOME.exeC:\Windows\sttray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Windows\System32\wpcumi.exeC:\Program Files\DellSupport\DSAgnt.exeC:\Program Files\Digital Line Detect\DLG.exeC:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\AIM6\aolsoftware.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\explorer.exeC:\Program Files\Internet Explorer\ieuser.exeC:\Program Files\Trend Micro\Internet Security 14\pccmain.exeC:\Program Files\Trend Micro�... Read more

A:virus creates impersonating user names and takes over

2 more replies

Hiya

This step-by-step guide describes how to configure remote access policies through the Routing and Remote Access snap-in when Routing and Remote Access is configured to use a Windows authentication provider and through the Internet Authentication Service (IAS) snap-in when Routing and Remote Access is configured to use a Remote Authentication Dial-In User Service (RADIUS) authentication provider. This guide offers only step-by-step procedures for configuring remote access policies, not strategies for implementing remote access connectivity. It is intended for administrators who have experience managing the remote access features of Microsoft® Windows Server™ 2003 operating systems.
System Requirements
Supported Operating Systems: Windows Server 2003

Microsoft Word or Word Viewer

Regards

eddie

More replies

People using Internet Explorer and possibly other Windows applications could be at risk of attacks that abuse counterfeit encryption certificates recently discovered masquerading as legitimate credentials for Google, Yahoo and possibly an unlimited number of other Internet properties.
Crypto certificates impersonating Google and Yahoo pose threat to Windows users

A:Crypto certificates impersonating Google and Yahoo pose threat to Windows users

Update.

Emergency Windows update revokes dozens of bogus Google, Yahoo SSL certificates

2 more replies

DDS (Ver_09-05-14.01) - NTFSx86
Run by Kelly Siske at 14:08:33.73 on Wed 06/24/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.222 [GMT -5:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe

A:infected by unknown threat?? redirecting my browser to sites impersonating security software

2 more replies

Before updating to windows 7 from XP, remote access was working. Now enableing remote terminal access, we get access denied. The pc trying to gain access are a Vista and 7. The pc being accessed is using a sticky IP. We have been accessing for sometime until upgrade.
This is between 2 cities. NLR has sticky IP and is to be accessed, Searcy had dynamic, class C.

Jack Privitt

16 more replies

I remember months ago I plugged in my Microsoft Media Center Edition IR Remote and it worked fine. (This was using Windows 7.)

I just did it today and I cannot get it working! The light on the IR receiver flashes when I press a button on the remote, but there is no response from the computer. I'm using Windows Media Center (which comes with Windows 7)

A:My Microsoft MCE Remote is not working!

Have you tried the obvious like replacing the batteries and rebooting the computer? Those would be the first things to check....

7 more replies

Hi, I have an access Database that has a form wich contains 2 OLE Object fields in one I use it to paste a link to an excel field and the other field I use it to paste a link to a word document. This is running under windows 7 and office 2010. Every was working fine. I had to change my notebook harddisk and mother board. After this I reinstall windows 7 and office 2010. The problem that I have is the following: When I double click in the excel link it works fine an open my excel file. When I do the same with the word link I got the following message (translated because I have my notebook with spanish language "Error during an operation over an Object Document. It is possible the OLE Server is not registered. To Register it, reinstall it" Its very extrange because my database worked fine before I reinstalled windows and office and the thing the it works fine with the excel link but not with the word link. Please if anyone have and idea of what is going on??? Thanks a lot in advance for your help.

A:Issue linking to a Microsoft Word document in Microsoft Access

Welcome to TSG jcantini,
Since no one is offering any thing here I'm going to suggest you save the document in the current version of word and reistablish/rebuild the link. I suspect this is an older version of access running with office 2010? mdb file type?

If you google "the ole server isn't registered access 2010" there are tons of confusing suggestions out there! Good luck..

2 more replies

so some dopper scammed me claiming he was from microsoft on the phone, i stubidily clicked on a remote host button and let him in past my firewall, iv got rid of some of the mess with malware bites, bullguard, tddskiller, rogue killer (this was actually a good one for rootkits), rkiller, emsisoft emercency kit, hitman pro and maybe a few others, im not sure if i got it all though think theres someone still in my comp from a netstat -ano search, any help much appreciated.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:35:18, on 27/05/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\BullGuard Ltd\BullGuard\files32\spamfilter\LittleHook.exe
C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fw... Read more

A:i got scammed

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041
Run by Stigums at 16:35:52 on 2014-05-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8174.5899 [GMT 10:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: BullGuard Antivirus *Enabled/Updated* {C3CCAC61-52F7-A056-1860-6406566E2578}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: BullGuard Firewall *Enabled* {FBF72D44-1898-A10E-333F-CD33A8BD6203}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe

2 more replies

I recently gor an email with Hey Kathy in subject line and I opened it and the link about jobs. A week later ( which was yesterday) some of my email contacts got the same email from me. Today I go to go on my email and my password has been changed. I cannot access it and it directs me to call At&T. I do. They go thru several techs who tell me my email is permantly gone and no longer accessible and that my computer is now at risk. The suggest I need an expert to fix it and direct me to a company called PC Care Experts. After I pay them and allow them remote access to my computer I start thinking have I been scammed? I currently am having no issues with the computer but don't know if they did anything while they had remote access. I gave them my CC info to charge and that charge is on my CC. I searched and everything I am reading says they are a scam. I called them and someone does answer and denies that they are a legit company. I am not sure what to do at this point - they did post once on here http://www.bleepingcomputer.com/forums/topic324874.html/page__p__1804071__hl__pcexperts__fromsearch__1#entry1804071
at above link - I am asking if anyone knows if they are legit or not and were they lying that my email is gone (this is a ten year old email with lots of saved info)!!
Thanks for any help anyone can provide. I hope I havent made this to confusing.

A:Did I get scammed??

1 more replies

Hi,
I'm really upset, I just fell for the scam hawks tech live I let them have access to my computer but ended the phone call when they asked for money. The AMMYY is still in my computer as well as the pc optimizer pro. Please help me how do I remove them?
And what harm could they have done to my computer?
Are they still watching what I am doing now?

Thanks

More replies

First i know this is really stupid, don't tell me ! Last night i got scammed by the pcsolutions company. I gave them my remote access but i did'nt pay for their services. For now, i did change all my password from another computer and i did few fullscan with malwarebytes and microsoft essentials. My question is : how can i be sure they will not get access anymore and it is possible that they have copied some files from my desktop without having me noticing something ?

I have learned from that situation i will never do taht again.
Thanks for the help.

More replies

i downloaded a legal copy of windows. but i have no key with it! it was a scam! it works fine but i need to know where to buy JUST a key from Microsoft!!! i want to avoid a re-install!

A:Help! i'v been scammed!

do you have another pc with the same windows on it that ur not using if so use that key it should work if not then you need to find a pc or someone who has an old pc to use that key but it has to be the same windows

7 more replies

I was advised to send my topic here - this is my original post. Also is my email truly lost, I gave them my password. I usualy am so careful about opening emails I feel so stupid .
I recently got an email with Hey Kathy in subject line and I opened it and the link about jobs. A week later ( which was yesterday) some of my email contacts got the same email from me. Today I go to go on my email and my password has been changed. I cannot access it and it directs me to call At&T. I do. They go thru several techs who tell me my email is permantly gone and no longer accessible and that my computer is now at risk. The suggest I need an expert to fix it and direct me to a company called PC Care Experts. After I pay them and allow them remote access to my computer I start thinking have I been scammed? I currently am having no issues with the computer but don't know if they did anything while they had remote access. I gave them my CC info to charge and that charge is on my CC. I searched and everything I am reading says they are a scam. I called them and someone does answer and denies that they are a legit company. I am not sure what to do at this point - they did post once on here http://www.bleepingcomputer.com/forums/topic324874.html/page__p__1804071__hl__pcexperts__fromsearch__1#entry1804071
at above link - I am asking if anyone knows if they are legit or not and were they lying that my email is gone (this is a ten year old email with lots of saved info)!!

A:Did i get scammed ???

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

17 more replies

Hello fellow people, I need your help. I want to buy this four wheeler, but she wants to ship it to me. I asked if i could trade and she never mentioned it in the email. Please read the following email to help me know if I am being scammed or not!
"
Hello,

My name is Jenny Sylvester and I'm so glad to see your interest in purchasing my 2007 Yamaha YFZ4 50SE. What I can tell you in a few words is that I am an individual seller, I am not a dealer and this is my first action of this kind on the Internet. The atv was used to hunting, has title clean with only 20 miles, 450 cc, 2-Wheel drive, transmission manual, due to me never reideing it bought it brand new the summer of 2009 rode it enough to do 1 oli change on it and have never touched it again due to work an kids. It has itp pims and tires all the way around renthall handle bars and pro armor front middle and rear skid plates pro armor grab bar and pro armor nerf bars. My atv starts right up and runs great as it should, was garage kept like the Best toy for joy. Bought it when i was serving in U.S. Army base near Salt Lake City, Utah and now I am deployed in Roma, Italy. The atv will be delivered from Salt Lake City, UTAH, US.
Since the atv is in a military base, with no access you can not go there and take it ( I thought you might want to see it there, so I've asked them to allow viewers to inspect the atv but their reply was: "We are not a showroom!" and they are right ), only the Logistic Departm... Read more

A:Am I Being Scammed?

7 more replies

I received a phone call asking for help on her computer. When I first answered the phone she put me on hold for about 30 seconds and start telling me what the problem was. It was about a black screen with the mouse working. Ask if I could repair it and requested they/she bring it to me. A couple hours later she calls again and the same thing happened, put on hold for 45 seconds to a minute. Asked me where I lived and said she was going to bring it to me. Then 15 minutes later she said she got called into to work and couldn't bring it. Could they take my phone, home address and first name and scam me some how??

A:Not sure if I was scammed

Hello nsilvis

Beware of Phone Scamming.

Cybercriminals don't just send fraudulent email messages and set up fake websites. They might also call you on the telephone and claim to be from Microsoft. They might offer to help solve your computer problems or sell you a software license...Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes...Do not trust unsolicited calls. Do not provide any personal information.

Avoid tech support phone scams: What you need to knowDon’t fall for phony phone tech supportAvoid scams that use the Microsoft name fraudulently

Could they take my phone, home address and first name and scam me some how??

NOTE :This is an odd case you list, unless you advertise to be a Computer Repair person.
If that is the case, then you should confirm their name and contact details first.

Often these people may claim to be working for Microsoft Security contractors, but they are all scams.
Microsoft has no idea of you or any of your computer(s).

Your Internet Service Provider may have some idea if you have problems, but again contact is rare.
Always check who is calling, and you can contact your ISP if they claim to be the caller.
Have you had any further calls ??

8 more replies

i got the log readout from HJT, which i will post in alittle. first i think i bin scammed. got a chat going and there were long long pauses whichsent my avg and firewall went a bit flakythen my wireless keyboard which has new batteries and is sitting about 6 inches from the pickup started mistyping a few letters and missing the spaces occasionally, next the mouse went beserk so i down loaded hjt on a friends advice, and now i would like you to look at the log and see if there is anything peculiar or dangerous. i have abit of pc experience but am not a mastermind, more a harware type than a soft ware man. sooo. here is the log ugh, somewhere as an attachment. any clues? help much appreciated thanks
Tombe de miste.

More replies

Hi everyone!

Ok, so not sure that this is in the correct forum, so mods please move if not.

So we got a new laptop a little while back, it's my first time with an authentic copy of windows, my partner kept recieving calls from windows support.
They finally called while I was in about an hour ago, she handed over the phone to me.

Now because my partner said they were from Microsoft, I didn't question it.
They told me they were recieving error reports from my computer and they wanted to help me out, I've sent error reports before so thought fair enough.

Thought it seeemed a bit dodgy, but went ahead after asking a few questions.
They asked to connect to my computer through teamview, like an idiot I did.
I watched them open google chrome and go to a site 'majorgeeks' and tried to download something.

At this point the smell of a rat was too strong and I disconnected and switched off the computer.
I then entered safe mode and ran Malwarebytes' anti malware, it got rid of a trojan (I ran MAM last night so this was new)
I then deleted all internet history and any references I could find to teamview.

So, my question is;

What should I do now?
What harm could they have done?

I'm very angry with myself for being such an idiot.

Thanks,
Ben

A:Scammed!

Were you watching them the whole time? If so, then there was not much they could that you could not see.

13 more replies
Q: Scammed

My acer notebook has been blocked by a scammer who said it was being hacked and is unlicensed . They wanted 250£ to unblock it , it's on windows 8, just get acer logo then plain green screen, they remotely accessed the notebook, can you help restore it ?

More replies

Last night I got an alarm that said "Windows Immediate Action Alert & Alarm" complete with warning sounds. It said I needed to call 877.242.8595 immediately to work through this issue. My computer was acting up all day, screen turning milky white, freezing up, I couldn't get much done.

Long story short, after 2.5 hours of them working inside my computer, I paid $210 for 5 years of Norton and 1 yr of tech support from them. Today, I'm having second thoughts but the computer does work nicely. American Express (which they didn't want to take but I insisted) said they seem to be legitimate according to PCWorld. The name of the company is WebWareWorld, Inc. 8800 167th Place, Orland Hills, Ill. 60847 Has anyone ever had this happen? Should I shut my life down and start over from scratch? New credit cards? New bank cards? New passwords? Why doesn't Microsoft step in to help people? A:HELP! Have I just been scammed?? Originally Posted by DeeC Last night I got an alarm that said "Windows Immediate Action Alert & Alarm" complete with warning sounds. It said I needed to call 877.242.8595 immediately to work through this issue. My computer was acting up all day, screen turning milky white, freezing up, I couldn't get much done. Long story short, after 2.5 hours of them working inside my computer, I paid$210 for 5 years of Norton and 1 yr of tech support from them. Today, I'm having second thoughts but the computer does work nicely.

American Express (which they didn't want to take but I insisted) said they seem to be legitimate according to PCWorld.
The name of the company is WebWareWorld, Inc. 8800 167th Place, Orland Hills, Ill. 60847

Has anyone ever had this happen? Should I shut my life down and start over from scratch? New credit cards? New bank cards? New passwords?

Why doesn't Microsoft step in to help people?

Hi DeeC and welcome to Tenforums.

That's not a good story.

Want a chance to scam a scammer? Call 877-242-8595 or 800-239-0148 - YouTube

Solved Scammers Exploit Windows 10 Upgrade Rollout-What You Need to Know - Windows 10 Forums

EDIT: Please run an ESET Online Scan to see if there are any nasties left in your system from them.

0 more replies

I am having a hard time connecting to Microsoft remote desktop when I am at home and not other places. I had the Remote desktop setup at work by the IT department. We tested the connection at work using two different internet connections and everything worked
just fine. I brought my computer home and tried to connect and I get a box saying that I cannot connect to the Remote PC. I brought my computer back to work and had no problem connecting and I did nothing different. When i brought my computer home I am still
unable to connect. I recently went on vacation and was able to connect remotely with the two different hotel internet connections with no problem. When I got home I tried again and am still not able to connect. The only thing that I can come up with is that
the problem is with my internet provider, might this be the case? It is possible that it is something that I am able to adjust in my setting or might I have to get a hold of the internet provider to try to get this fixed as I am getting ready to be on maternity
leave and am in need of accessing the program.
Thanks for the help.

More replies

Hey all,

trying to set up our system so that we cna do remote mmc administration of some machines (win 7).

when I connect to it, I get access denied errors for specific modules, however I can connect to Computer management, but the same modules still disallow access. I am using the domain admin to try this.

any reasons why it may not work?

More replies

If I was to set up a VPN between my home computer and the office computer, could the user at the office still use their computer as normal while I was accessing it? I would only need to use the one program on her computer but she may need to use that program as well? Will this work?

Thanks
Julie

A:VPN access and remote access at the same time

I assume your Office Computer is XP Pro.
Now I do believe there is a hack out there to allow a Remote session and local session to use the Desktop at the same time. Do this at your own risk.

http://www.golod.com/2005/10/enabli...p-professional-and-media-center-edition-2005/

2 more replies

i got it yesterday, i dont even know how... my msn isnt working, most of the pages i normaly visit are either redirected or unavailable.... and all the adresses i try to go to send me to myfamily.com... its happening to my PC running windows XP as well as a MAC OSX on the same network...

HELP!!!

A:MyFamily.Com scammed me!!

I forgot to add the HJT log!
PS. How do I go about cleaning my Mac?

Logfile of HijackThis v1.99.1
Scan saved at 06:42:10 a.m., on 25/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Archivos de programa\Synaptics\SynTP\Toshiba.exe
C:\Archivos de programa\Toshiba\Toshiba Applet\thotkey.exe
C:\Archivos de programa\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\ARCHIV~1\SYMANT~1\VPTray.exe
C:\WINDOWS\vsnpstd.exe
C:\Archivos de programa\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Windows Media Player\... Read more

1 more replies

Hi folks, Some scammers went to enormous trouble to get me to give them remote access to my laptop.  I'm ashamed to admit that they managed to bully me into it, eventually; I don't know if they did anything that I couldn't see as we went along together, but they claimed they saw evidence of viruses.  Anyway, they turned out to be illegitimate, I immediately uninstalled the software they'd used to access me remotely, but... Well, better safe than sorry.  I really hope you can help me, because I'm quite alarmed by this experience.  If they have some kind of keylogger for my bank account, that could be really bad.... Anyway, below is my DDS log.  Thank you very, very much for your time and patience.  DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16464  BrowserJavaVersion: 10.17.2Run by Liz at 11:30:59 on 2013-04-23Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8086.3617 [GMT -7:00].AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\... Read more

A:Scammed, maybe hacked?

18 more replies

I saw some good reviews for ReImage Software and ASAP Tech Help in a video on the big PC News Magazine...or one of them that I am familiar with but cant remember the name.  I clicked on a link and because PC "whatever" recommended it and said it was the new thing...Real Time Protection...I fell for it.  When I called the support line a smooth operating person said something to the effect that "do I have your permission to log onto your computer and see if you have malware etc."  I said yes (hey PC "whatever" said they were wonderful...and he said he found all kinds of issues with my computer...all kinds of malware, viruses, trojans (I did have a popup recently that said a file called monitor.exe was a trojan...a couple weeks previous.  Anyway I bought their software for RealTime protection for $199 and then he said "do you have a Staples or somewhere where you live that you could take your computer to and have it repaired? I said yes...we have Staples...then (here's where he smoozed me) "Well Staples will fix it for you..for alot of money and they will have your computer for a week or more...we can fix it for you remotely for$299.

Hey guys,  I am old...70 to be exact and on a fixed income but I fell for it and paid $499 for something they have not delivered. They did download their software ReImage to my computer and ran a thing saying they had run it but still had some issues thus they would need access to continue th... Read more A:I screwed up and got scammed...I think. Oh, before AND after I was scammed by them, I ran the free Trend Micro online virus scan and both times it said they found no problems. Thanks! 16 more replies Answer Match 44.52% I received a phone call this morning saying that my IP address was targeted by hackers. I let them into my computer and now I think that I should not have done that. They charged me$200 and it is on my credit card but I should be able to get that reversed. What else should I do?

A:I think I was scammed today

Change all your passwords for a start as the scammer may well now have all your existing ones. Then run a full anti virus scan and malware scan to find out if any nasties have been installed on your PC.

2 more replies

So I was downloading music one day, then 2-3 days later I get a pop up on my computer, it said 'call this number, you computer had a virus'. I called the number and some person with an indian accent told me a password to get in my computer. Since then it keeps telling me to put in a start up password and when I do, it is wrong and I cannot restart it.

A:I got scammed by a hacker

Hi, Very sad. Why did you do that ? You should never give anyone password of your computer(s). I don't even get password of my wife's computers, phone, tablets even I set them up for her from beginning. Now, back to your computer, I think they may ask you some money for a new password. My suggestion: wipe out everything by re-installing Windows over the top. Regards.

1 more replies

So I stumbled upon these guys.hxxp://www.digitaltoast.co.uk/suppor...temrecure-scam Mod. note: Link as provided is incomplete. Deactivated anyway. ~ OBThey seemed to be fishy right away, but they kept calling and calling so I eventually let them use this seemingly legitimate logmein123 program thingy.The guys claimed to be MS employees and they said Windows Live had detected some stuff on my computer. They had some trouble because my computer's regional configuration is set to Spanish and everything is in that language. He tried to change it to US English, then UK English, then Afghanistanian Indian...by then he tried to open IE and I manually shut off my modem so they didn't get do anything. I called MS and checked online. Their phone number is supposed to be a Michigan one, but I'm guessing they're doing some kinda wiring. Anyway, I ran a few scans and cleaned my computer but I wanna see if anything else is missing so here's my log.So here are my file logs but GMER would not work for me. I tried 3 times and each time my computer crashed. This happened 3 tiems and it had never happened to me before this. I have these HijackThis logs, though.safe mode from today:hxxp://freetexthost.com/t4hnwcgj2nWhile trying to get out of safe mode, it said:which roughly translates to: "Other users have logged in on this machine. If you restart windows, they could lose unsaved information. Do you want to reboot?"normal log from a few days ago:hxxp://freetexthost... Read more

A:Possible Hijack/Scammed

2 more replies

HI, I have very choppy audio with Microsoft Remote Desktop.
I am connecting to 2 very powerful windows 8.1 Desktops from my Macbook Pro over my local Wifi ( both systems are on my local network " the 8.1 desktop's are hardwired to my gigabit router with Cat6" ) My Macbook Pro is pulling over 170 mpb down
speeds over the wifi. and the desktops are pulling over 330mbps..... i don't think i have a connection speed issue.
I use Remote Desktop daily from my Macbook Pro to My PC's and it's worked very well up until about a month ago. I am not sure how to trouble shoot this problem as their aren't any options other than "Play on Device" in the preferences.
I do have another Macbook thats quite a bit older and the Audio is working fine via RDC....
I have removed the program from my Macbook Pro and re-installed it - this didn't help...
id like to solve this without re-installing OS X

More replies

Hi
In your experience can any fails on the above be attributed to over busy servers?

A:Remote Procedure Call Microsoft servers

Welcome to the forum.

The question is very vague. If you could explain the question more fully a meaningful answer can be provided.

2 more replies

Hi
Can anyone tell me how to stop svchost.exe at running continuously at 50% + after a remote assistance session with Microsoft support?
I am running Windows 7 in a Toshiba satelitte
Thanks.

More replies

Does anyone know if there is a zero user visible tool to remotely administer the Microsoft Security Essentials product over a LAN? I'm trying to avoid having to administer via Remote Desktop.

A:Microsoft Security Essentials - Remote Administration

MSE is a home product, and you will probably never see any remote management feature.

1 more replies

Hi,
I had Windows 8 on both my laptop and PC and was able to use RDP to connect from my laptop into my PC without any problems.
I've since updated to Windows 8.1 on both machines.
In the process I "upgraded" my local account on the laptop to a Microsoft Account (bad idea ) but kept my PC as a local account
I'm no longer able to RDP into my PC from the laptop, when I try to connect it says the credentials are not recognized

A:Problems with Remote Desktop and Microsoft Accoun

I covered about every possible detail of remote desktop connections in the following link. Look it over and see if you can find where a mistake was made in credentials or using the correct combination of PC name and user name which are different.

Remote Desktop Connection - How to find my IP?

1 more replies

Hey guys,

i want to connect my iphone with my pc which has windows 8. Downloaded the "Microsoft Remote Desktop" app for my iphone but i can't seem to make it work.
For me it looks different... i only have "Remote Assistance"... "Remote Desktop" does exist for me :/
Here a picture how it looks for me: Link

Why is this not showing up for me? :/

A:Microsoft Remote Desktop / iPhone - Windows 8

Hi KeyGee and welcome to Eightforums,

It appears you are running a 'normal' version of Windows 8 on your desktop. You'll need the PRO version in order to enable remote access.

Greetz,

Rover

1 more replies

I am writing this from my phone because right now I am having my computer remotely controlled by supposedly Microsoft trained tech person who is removing the Clampi virus.
It feels suspicious, on the other hand they showed me that there are infections. It also showed that the network servers aren't protected. I asked them how I can fix that and - you guessed it - only Microsoft can.
I feel so stupid right now, and totally violated.
Their sales pitch was, if I don't let them remove the virus my computer will be shut down and unusable.
I asked how their info popped up on my screen and they said the manufacturer puts tech contacts on there in case there is a problem.
I had to pay them to remove the virus and to fix the network servers. I now have a one year contract for service, and protection of my computer and two others in our network.
Does it sound like I was being played?
I am waiting to hear what caused all this, if they'll even know. I saw they used Hitman Pro, maybe some other things too. They are installing anti virus protection etc.

A:How can I tell if I am being scammed by impostor techs?

I suggest you immediately hang up. Disconnect from the internet, contact your bank, explain what has happened, they are familiar with these type of Scams, & cancel any credit card transactions, request a new credit card. Post back for additional help.

5 more replies

I’ve been running a program called System Mechanic. I got a call from them today where they said I was getting attempts from Hackers trying to invade my computer. In the Event Viewer it showed 77 Warnings and Errors (see pic). For all I know it could’ve been THEIR program that installed them in the first place! But I’m not that paranoid…normally. And I wouldn’t have been now if it wasn’t for the fact that after they took over my computer online they then tried to sell me a package to clean up my computer that consisted of the following:

Remove all infection & errors & warnings
Remove red infection
Remove all Hackers zone & trojan virus

Reprogram Network
Home Network security with Internet security lifetime
Block the getway service for Hackers
Reinstal all protection & programing service
Replace all currupted fiels with working files
Replace system mechanic with latest version 12.7 pro with licence key (free Updation)
====================================================
Software warranty with Unlimited tech support(24x7) hrs

2 hrs 2 Tech

3 years - 1comp=$199.99 Lifetime- 5 comp + all device=$299.99

303-351-5186 phone ext 221
I told them I’d let them know.
So now I don’t know what to believe! I’m sure there is something slowing up my computer but I know it’s not worth the $300.00 they want to charge me. They went on to show me all of the things in the System Configuration box that are STOPPED and... Read more A:Hacked or scammed, that is the question! 11 more replies Answer Match 44.1% Got a call from a guy claiming to work for Microsoft and he had software named Supremo. I downloaded it and he showed me some errors and warning signs and luckily we got disconnected before he could steal any info. But now opera is not working? Could they be connected? Since it was opera that I downloaded the software with? What should I do? Please hellppp A:got scammed and now opera is not working??? We recommend that you read this article… NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help follow the instructions very carefully; then, post all the requested logs and information; as instructed, in the Virus/Trojan/Spyware Help section of the forum. (Simply, click on the colored links to be re-directed.) Please ensure that you create a new thread in the Virus/Trojan/Spyware HelpForum; not back here in this one. When carrying out The Malware Removal Steps, if you cannot complete any of them for whatever reason, just continue on with the next one until they are all completed. However,it is extremely important to make mention of the fact that you could not complete any of the steps in your post to the Virus/Trojan/Spyware Help Forum; where an Analyst will assist you with other workarounds. Once done, please be patient, as the Security Team Analysts are usually very busy; one of them will answer your request as soon as they can. 1 more replies Answer Match 44.1% Mod Edit: moved to appropriate forum for DDS logs ~~ boopmeI posted a few weeks ago about getting scammed on the internet by ReImage company who "sold" me some computer repairs and an RealTime protection program for$499.  They never did the work and I have made the proper attempts to report them and get my money back from the credit card company but now I think I am infected with viruses and malware.  My computer is running really slow and freezing up and just not working correctly.  I would be sooooo grateful if someone can help me with this! I went to the instruction forums and saw that I must run some logs and post them here...so...here is the DDS log I ran: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.17420  BrowserJavaVersion: 11.25.2Run by Sharon at 19:45:50 on 2014-12-26Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5962.4410 [GMT -6:00].AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.e... Read more

A:I was scammed online and now I think I am infected!

I am so sorry!  I thought I was in the right place!

17 more replies

Doug from Tullos, Louisiana, want to know how to find out if an Internet business is reputable. He's interested in researching money-making opportunities he's heard about online.

Leo recommends the following resources.

Can only tell you if a company has received complaints.
Reseller Ratings, http://resellerratings.com
Epinions, http://www.epinions.com
Consumer reviews.
ConsumerReview, http://www.consumerreview.com
Community of sites offering aficionado reviews for various product categories.
Enforces a variety of federal antitrust and consumer protection laws. Check the Formal Actions, Opinions, & Activities section for questionable behavior

A:for the scammed and thoes who dont want to be!!

This is a tech forum not an ad..... This is a tech forum not an ad

3 more replies

I had received a call in March from someone posing as a HP representative saying that I has several virus on my computer and that they needed to be resolved immediately.  After being on the phone with this person for 4hr and still nothing resolve, he called back the next night and same story. No resolution.  I contacted HP Support and a rep. took my call and had my issues resolved in 10-15 minutes.  About a month later I received another call from the same tech (scammer) saying my computer was about to crash and he was going to help fix it.  He said that the Virus Protector program I had purchased a month before was infected with a virus and therefore so was my computer.  He assured me that I would get a refund of ($89) cost of protection. Sounds great right? Well yesterday 7-30-16 he contacted me and said my computer was going to crash if I didn't send him$300 by moneygram.  I refused to do so and he kept calling and harrassing me, and when my husband got home I let him talk to him and he did the same to him even went and try to get money sent to western union from his account in somebody elses name and continued to crash my computer if we did not comply.  He hacked into my debit card and now I can't use it, he deleted several files and pictures and jammed all my passwords. I want to know what can I do to get this person  out of the system.  I know there are some good honest people but this doesn't look good for HP.&nbs... Read more

More replies

I got the sxs key removed because my pc was scammed and now all my apps are completely gone and I can't download any apps or even work cortona

More replies

I had received a call in March from someone posing as a HP representative saying that I has several virus on my computer and that they needed to be resolved immediately.  After being on the phone with this person for 4hr and still nothing resolve, he called back the next night and same story. No resolution.  I contacted HP Support and a rep. took my call and had my issues resolved in 10-15 minutes.  About a month later I received another call from the same tech (scammer) saying my computer was about to crash and he was going to help fix it.  He said that the Virus Protector program I had purchased a month before was infected with a virus and therefore so was my computer.  He assured me that I would get a refund of ($89) cost of protection. Sounds great right? Well yesterday 7-30-16 he contacted me and said my computer was going to crash if I didn't send him$300 by moneygram.  I refused to do so and he kept calling and harrassing me, and when my husband got home I let him talk to him and he did the same to him even went and try to get money sent to western union from his account in somebody elses name and continued to crash my computer if we did not comply.  He hacked into my debit card and now I can't use it, he deleted several files and pictures and jammed all my passwords. I want to know what can I do to get this person  out of the system.  I know there are some good honest people but this doesn't look good for HP.&nbs... Read more

More replies

Hi
Long story as short as possible.
Just upgraded to full version Windows 10. In the previous 2 tech builds IE stopped working. Error
Microsoft x 3 Techs 5 hours of remote assistance could not resolve the issue. I had no terminate the connection as was taking too long. Their final suggestion was that they feel there must be some (add-ons) preventing IE from starting.

I cannot cover all they did here over 5 hours
However, here are some key areas of trouble shooting done

Remediation
Reset Winsock and Network Settings
Reset Proxy Settings
Created another admin account (IE did not run with different user)
Removed Kaspersky Security
Internet options > advanced > restore default > Reset IE settings
All IE add-ons have been disabled within IE settings
Msconfig > turned off all services

Has anyone else had an issue like this? I’ve just created and attached a diagnostics scan as this is beyond me level.
Thanks all

A:IE not working. Microsoft Tech 5 Hours remote support did not fix

Just a second part to this question.

In the attached file diagnostic file. I see the following file .exe

Program: Live Support Chat for Web Site Operator Console - Version: 5.7.3.r15174 by Provide Support, LLC 5.7.3 ("C:\Program Files (x86)\Provide Support\Live Support Chat for Web Site\unins000.exe")

Should this be there ?

6 more replies

I'm thinking about buying this unit to get TV: Hauppauge Computer Works : WinTV-HVR-2250

I don't need to get the remote do I? The remote that came with my Dell (Vista) works when plugged into the new machine... I'm going to set the TV up through Media Center anyway, right?

Thanks. Novice with computers.

A:Is the Microsoft Media Center remote still good for Win7x64?

ok if i understand you correctly ,you are saying you have installed the driver for the remote that you had for vista and the remote works for you in windows seven ( thats exactly what i did) if so it will work fine when you install your tv tuner card.

5 more replies

Please help... I need to configure my Office 365 onto Outlook 2010. Unable to get the server.
The "About" button is missing but managed to find the POP3, IMAP and SMTP server.

But..Not using POP3 or IMAP.

I do not know what server I'm using. Tried using the Microsoft Remote Connectivity Analyzer to get the server but test failed. Even tried my Gmail still can't.

I've keyed in slowly to make sure I keyed correctly. Again failed. Frustrated. (-_-)"""

More replies

Hiya
A remote code execution vulnerability exists in Excel. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of the affected system.

Affected Software:

• Microsoft Office 2000 Software Service Pack 3
• Excel 2000

• Microsoft Office XP Software Service Pack 2
• Excel 2002

• Microsoft Office 2001 for Mac
• Excel 2001 for Mac

• Microsoft Office v. X for Mac
• Excel v. X for Mac

http://www.microsoft.com/technet/security/bulletin/ms04-033.mspx

Regards

eddie

More replies

Posting here to help others hopefully spend less time figuring this out.

I had some issues where remote desktop stopped working.  I could connect, but it would not accept my username password.  Everything looked OK...the user had access, remote desktop was enabled, etc.  It turns out that Windows 10 merged my local computer account with my Microsoft account.  It resulted in Store errors ("Something went wrong on our end") and Remote Desktop not accepting my password.  I tried using my local password, my Microsoft password, etc.  Nothing worked.  I tried changing my username...had to restore the system since it fully deleted it after letting me change it.  I gave up Googling for the remote desktop and decided to test with the Windows Remote Desktop app in the Store to see if it was the iOS version.  I got the store error and went on a tangent trying to resolve that.  Lo and behold, I discovered the fix here that resolved both issues:

In the end, the simple solution is to make the account a local account. You'll have to sign back into your Microsoft account again, but RD and the Store both work great!

-etavares

More replies

I have established a working VPN into a Server 2003 office network, and used to be able to use remote desktop to connect to my computer by the network IP address. a week ago, after installing Windows 7 updates, I can no longer connect to my work computer. Using Win 7 Home Premium here, XP pro at office. My desktop computer here (XP) can still connect... I've spent hours on this to no avail.. PLEASE HELP!! Thank you!
Also, once I have established the VPN, I can ping my office IP address... so it is there!

A:VPN works, Remote Desktop fails. AFTER Microsoft updates

to all the microsoft techs that monitor this forum: I'm happy to see that you don't have the balls to address an issue that your employer is respnosible for. Be proud. Stand up. Be recognized for touting crap, while blaming other software, while at the same time, providing no support for any OEM operating systems that micky-(mouse) - soft puked on the public. thank you very much.

7 more replies

I am trying to help my father fix issues with his PC and it seems to be full of redirects and other issues. Here is the output from hijackthis.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:47:21 AM, on 5/3/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16521)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Users\larry\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,S... Read more

A:Father's PC

16 more replies

Hi all,

New here and don't know what I'm doing. PC is being hijacked in a way that's new to me but may be common to you -- each time we click a link in a search engine (Google, Yahoo, etc), we end up going to a different page instead of the one we want.

I've installed and run AdAware, but it's still happening. The HijackThis logfile is below. Can anyone out there help?

Matthew Bender

Logfile of HijackThis v1.99.1
Scan saved at 10:48:58 AM, on 10/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe

A:Help me help my father-in-law

Looks like Spybot S&D did the trick. Next time, I really *will* ready the "read this before posting" before posting.

Thanks!

1 more replies

My father's desktop PC is apparently behaving oddly/badly, and I would like to make sure that if it's because of anything to be found by Hijack This, etc., I can get the proper help in getting it removed or in getting advice in what to tell someone who can. Platform can be found just below.

As requested, the following are the log files:

Hijack This File -
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:11:40 PM, on 9/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton 360\Engine\4.2.0.12\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe

A:Father's PC

Just a few notes:

I'm posting this after I was told that there might be a virus in the recovery section. Also, startup and shut-down are very slow (a few minutes at a time). It tends to lock up during the "movie" sections of games or even when doing other things. Sometimes this is fixable with a ctrl-alt-del, and other times you have to restart it completely.

It's mostly malware that I'm worried about at this stage that might've hidden something that Norton hasn't yet found or that bypassed it as a "safe" program. Any help would be appreciated.

2 more replies

pls help my 71yr old dad- i thought we had this licked ( he and i ) but its back with a vengence- i was FINALLY able to get a hijackthis log- could someone PLEASE review? im afraid we will lose his system again--THANKS!Logfile of Trend Micro HijackThis v2.0.4Scan saved at 9:38:50 PM, on 10/4/2010Platform: Windows 7 (WinNT 6.00.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exeC:\Program Files (x86)\AIM\aim.exeC:\Program Files (x86)\Java\jre6\bin\jusched.exeC:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exeC:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exeC:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exeC:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Windows\SysWOW64\NOTEPAD.EXEC:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Users\tonybonce\Downloads\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1R1 - HKLM\Software ... Read more

A:HELP for my Father

2 more replies

Hello, I appreciate any help that can be provided for the problems I have been having in trying to fix my father's PC. I have Ad-Aware, SbyBot and even Microsoft's new program but have yet to solve the problem with these. Whatever he has is nasty and replicates. One thing that he has is a hijack search screen even when the browser is set to about:blank. I have been able to make it disappear sometimes by tracking down the offending .dll and changing the html but it often comes back. In addition, there are multiple pop-ups that are almost impossible to remove at times. Whatever is on there effects SpyBot as well because I am not able to immunize all bad products, I have to reimmunize every time I start it. Also, I am not even able to check the Permanent blocker of bad addresses from the Browser Helper.I hope this log is not too "clean", thanks for any inputLogfile of HijackThis v1.99.1Scan saved at 9:49:06 PM, on 5/8/2005Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\LEXPPS.... Read more

A:Help with Father's PC

2 more replies

with this hijack log? I got excellent help last time I seeked, so I try again.

Something has to be wrong with this PC, since every process takes an hour to proceed. Here:

Logfile of HijackThis v1.99.1
Scan saved at 19:07:35, on 08.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\MXOALDR.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programfiler\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Fellesfiler\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programfiler\Bonjour\mDNSResponder.exe
C:\Programfiler\Symantec AntiVirus\DefWatch.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Symantec AntiVirus\Rtvscan.exe
C:\Programfiler\Grisoft\AVG Free\avgwb.dat

9 more replies

Clicked on something that shouldn't have been clicked!  Multiple issues have occured since, including being scammed into buying a "Norton" product.
Other issues:  "an error occured" during installs/uninstalls, MBAM unresponsive, Untrusted Connections in Firefox, date/time incorrect.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576  BrowserJavaVersion: 10.0.0
Run by hank at 16:48:49 on 2011-01-13
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3563.2173 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe

A:Scammed, unsure of specific virus

9 more replies

Hello everyone,

I was just wondering if anyone has been scammed and wants to share their experiences. If so, comment it below and try to spread the word.

Thanks,

jman005

A:Have you ever been scammed by a tech support scam?

The only scam that is current are calls from "Microsoft" telling the victim that they have been alerted to a virus infection on the computer and they will help the victim clean his machine for a fee. These are always from India. My sister-in-law got one recently but was forewarned by me and she told the guy to go soak his head.
I have seen these scam websites appear near the top when a search is made for "computer help" or "virus help", etc.
Of course there are various independent brick & mortar shops that will overcharge, etc.

21 more replies

He stole someone's ID and username from a "friend" on Facebook. I thought it was my friend private messaging me, but it was an imposter. I gave to my friend my email address so I could correspond with this "new possible friend" and we exchanged a lot of emails and pics for about a week. The very last comment he made was "I have 1.2 million dollars in my account, how much do you have to help the underpriviledged kids" I told him I have no savings account and that was the last I heard from him. He led me to believe that he was going to relocate and meet me. I was able to copy/paste here for you the full message source.

x-store-info:sbevkl2QZR7OXo7WID5ZcVBK1Phj2jX/
Authentication-Results: hotmail.com; spf=pass (sender IP is 209.85.213.173; identity alignment result is pass and alignment mode is relaxed) smtp.mailfrom=[email protected]; dkim=pass (identity alignment result is pass and alignment mode is relaxed) header.d=gmail.com; x-hmca=pass header.id=[email protected]
X-SID-PRA: [email protected]
X-AUTH-Result: PASS
X-SID-Result: PASS
X-Message-Status: n:n
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0xO0Q9MTtHRD0xO1NDTD0y
X-Message-Info: gamVN+8Ez8V+RHg+F+brAfDaei/IGNqwdMGcggYHi/OH92lhkDHPn7b+QtitTaoIMTf9MGiDs4cuJAmD8zVRPEoTCSVtYQ5uwlTYQboOjFHG2+Zgth1q99yfDQe2eMlrK6/JTsuSCr+KiHoM35nO29jxHQAQBV4wPd7SSqpCLGy7gvkCyTUHiX4iZNOiN1+uXXS7BoEUEmUHopUs+GWc1Dl4tU3JL5eO

A:Solved: Was scammed by an imposter on email

linsjean said:

Is there a way to:

1. Find out where that IP address is coming from
He was using Gmail Click to expand...

For security and/or privacy reasons, Google does not include the source IP address of senders in the email header.

7 more replies

I think I am being scammed by repair shop. I dont know much about computers although in an effort to prove i am being scammed i am learning fast today.
Firstly my partner and I own 2 laptops 1 is Hewlett Packard other is Toshiba.
Hewlett is Ubuntu Toshiba is windows.
The Internet switch on the Hewlett was not working and the Toshiba had a run in with a cup of coffee and about 4-5 keys would not work.
The repairer said the Hewlett was fixed but needed to buy new keyboard for Toshiba. When we picked up the hewlet we paid and when we got it home found that the Internet switch was still not working. We were also charged for having it cleaned although we had a good look and it was still really dirty inside. The repairer said that they needed to talk to toshiba as the new keypad had not worked.
We questioned the wireless internet switch inside the hewlet was still not working and were told this was bacause I was using Ubuntu and had to put windows back. I am in communication with Umbuntu who have tried many ideas with me today and they think it is probubly a hardware problem although the repairer says the diagnosed problem was umbuntu software and as such she could not repair it. surely a computer repairer should be able to deal with all operating systems. I paid for a repair and didnt get one. Now have been told that i need a new motherboard on the Toshiba as this is what is stopping the keys working. I have been given a price for this which isnt much less than the laptop is worth... Read more

A:Am I a beginer being scammed by repair shop

7 more replies

Windows 8.1, MS Word 2013 and MS PPT 2013. I installed office remote (OR). OR worked in MS Word, even in Excel, but not in PPT.
How can it be?

More replies

Can I display portrait screen on Microsoft Remote Desktop app for Android ?

I want to connect Windows 8.1 by portrait screen from Google Nexus 7 by Microsoft Remote Desktop app.

Currently I connect Windows 8.1 by landscape screen from Google Nexus 7 by Microsoft Remote Desktop app.

Regards,
Yoshihiro Kawabata

A:Can I display portrait screen on Microsoft Remote Desktop app for Android ?

Hi,
Sorry for my dilatory reply, Windows 8.1 app had a Screen resolution requirement. if portrait screen could meet its requirements, I thought you can achive your goals successfully. you can refer to the
link below for more details about Windows 8 APP screen resolution requirement.

http://blogs.msdn.com/b/b8/archive/2012/03/21/scaling-to-different-screens.aspx
I'm sorry for did't have enough condition to make a test for you.
Roger Lu
TechNet Community Support

2 more replies

My dad gave remote control to a fake MS tech today for about an hour until I hit the power off button. I am a novice computer user.   I ran Malwarebytes & it said there are PUPs.I took no action but kept the MBam log as follows
Malwarebytes Anti-Malwarewww.malwarebytes.org
Scan Date: 7/21/2016
Scan Time: 5:42 PM
Logfile: mbam.txt
Version: 2.2.1.1043
Malware Database: v2016.07.21.07
Rootkit Database: v2016.05.27.01
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 10
CPU: x64
File System: NTFS
User: Tino
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 303974
Time Elapsed: 16 min, 55 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 2
PUP.Optional.HomePageHelper, HKU\S-1-5-21-2777425413-3077147864-879318077-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{88EFA772-006F-11E5-8270-F8A963F40B15}, , [4a612402a8f21e185a47fda845be946c],
PUP.Optional.Trovi, HKU\S-1-5-21-2777425413-3077147864-879318077-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AA5B1B25-91CE-11E4-8266-F8A963F40B15}, , [b0fbb76f3b5f60d6d3b58138659e639d],
Registry Values: 7

More replies

Hiya

This is two-fold:

A vulnerability exists in Microsoft Word that could allow an attacker to run arbitrary code on a users system.
If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges.
Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
A vulnerability exists in Microsoft Word that could allow an attacker to run arbitrary code on a users system.
If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges.
Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
Affected Software:

• Microsoft Word 2000 and Microsoft Works Suite 2001
• Microsoft Word 2002, Microsoft Works Suite 2002, Microsoft Works Suite 2003, and Microsoft Works Suite 2004
• Microsoft Office Word 2003

http://www.microsoft.com/technet/security/Bulletin/MS05-023.mspx

Regards

eddie

A:Vulnerabilities in Microsoft Word May Lead to Remote Code Execution

unsticking

1 more replies

Sorry if doing this wrong i couldnt run the system info thing as it is for another computer..heres the problem my dads comp is running vista..i went to kickass torrents and tried to download it..and BAM 15 different apps went on desk top then couldnt use fire fox..now explorer, went to delete any programs that were added to system and it wont uninstall now anything that comes up is in chinese..i cant even run it in safe mode to try and run malware bytes i was able to run malwarebytes normally i had 197 issues some trojens and it removed most but not all.. i cant do anything..please ..HELP

More replies

Hi everyone.
My father got malware or something bad like this! Everything started wheno he phoned me crying "my internet explorer doesn't start anymore". I was very far from my home that period, so i liquidated hime with a generic "ok, use firefox for now and don't bother me".
Now I returned home and my father blocked me saying "now YOU MUST revive my internet explorer, because I'm not able to use firefox".
Completely amazed by this sentence (how a person can be unable to use firefox??), I approached the problem and, sadly, I recognized that, maybe, there are some other problems on my father's pc.
So, these are the problem I found:
- INTERNET EXPLORER DOESN'T START when i click the icon. Hard drive works for a second and the hourglass appears, but...nothing else happen.
- I.E. STARTS NORMALLY only when requested by a specific hyperlinked element on a software GUI (i.e. the "send log to TrenMicro" button on hijackthis v2).
- ALL THE ICONS ON THE SYSTRAY DISAPPEARED. I checked on the "toolbar properties", to see if the option "hide" was selected. I found that ALL the elements are tagged as "hide if inactive" and this cannot be changed (is the only choice). Here I also found some oddities like the default icon of AdAware Adwatch associated with a strange "MSN occupied IRC offline ICQ occupied" sentence, probably relative to the last time i used mirand IM on my father's p... Read more

More replies

Well, a week ago my computer didnt respond so I shut it down then started it back up and it gave me this message saying that i needed to choose either
1. normal start mode
2. safe mode with prompt
3. safe mode
4. last working configuration

I tried them all but the computer would just restart and display that message screen again. Then, my 'father' got mad and put in the xp restore discs and wiped out all of my important files and we started from scratch

"Dad it says all files will be deleted"
"Deeeerrrr, it says a lot of things! derrrr"

Well there you have it, everything that was so important to me is gone now, and Im wondering, is there a way to get any of them back?

12 more replies

hi there,

my dad has an 8-year-old PC that is slower than a snail and I'm trying to pick some parts for a custom one for him. he's very frustrated with it. I don't want the new one to have any hiccups. all he really does is browse the web, watch movies both online and offline, and transfer media from his camera.

this is what I put together so far.

would this be okay for that or is there a cheaper/better route that I can take in order to make him a fast PC for his basic needs?

thank you.

A:PC for my father. Is this alright?

No one can give advice unless we have some idea what he is going to use it for

3 more replies