Solved Should I Be Worried About This E-Mail?

March 12, 2019 at 12:05:13
Specs: Windows 7 home, Intel Pent., cpu g630, 4.00 GB, 64 bit
I am unable to copy and paste the message I received. It is all not there as you can see.

message edited by WarrenTSI


See More: Should I Be Worried About This E-Mail?

Report •

✔ Best Answer
March 14, 2019 at 22:23:03
"my fault. running again"
That's better.

You are having a lot of AOL errors, are you still using it?
If not, uninstall. Use your > Advanced Uninstaller PRO.

Best you unistall AVG PC TuneUp, too old. Use your > Advanced Uninstaller PRO.

Replace AVG with this Wise program.

Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/Wise-D...
http://www.freewarefiles.com/screen...
http://www.wisecleaner.com/download...
http://i.imgur.com/Jecnfvb.gif
http://i.imgur.com/0xHwdom.gif
https://i.imgur.com/q8GRvVw.gif
https://i.imgur.com/ImAsNPL.gif
https://i.imgur.com/ad7SEKM.gif



#1
March 12, 2019 at 12:15:19
Is there an email address that I could forward the email to? It won't let me copy and past it.

Report •

#2
March 12, 2019 at 13:14:49
Can copy and paste the text to say a word document? If then try that, and then copy that text here.

What is the nature, content of the email?

Do not post your email info here though.


Report •

#3
March 12, 2019 at 13:29:41
If all else fails give us some idea what it says.

Always pop back and let us know the outcome - thanks


Report •

Related Solutions

#4
March 12, 2019 at 13:41:09
I can copy and paste to word but it won't let me paste it from there to here. It states he is a hacker that cracked my devices a few months ago and sent me an email from my hacked account, which I seem to remember. He said he setup a malware on the adult vids (porno) website and guess what, you visited this site to have fun, etc. which I don't believe I went on any porn site.
Then he says, while you were watching videos, your internet browser started out functioning as a RDP having a keylogger which gave him the accessibility to my screen and web cam. (which I do not have hooked up) after that his software program obtained all of my contacts and files. and that I entered passwords on the websites I visited and he intercepted it.
he then says he created a double-screen video. 1st part shows the video I was watching and second part shows the recording of my webcam.
He goes on to say he won't disturb me after I send him $650 in bitcoin.
and he gives me his bitcoin wallet address, very long, not including it here, unless you want it.
then says I got 48 hrs. and he has a facebook pixel in this mail and at this moment, know that I have read it.
That's the short of it.
I think it is probable a phishing thing, but who knows. thanks for replying.

Report •

#5
March 12, 2019 at 13:45:53
this was the end of his message, I could copy it and paste here.


This message is intended only for the use of the person to whom it is expressly addressed and may contain information that is confidential and legally privileged. If you are not the intended recipient, you are hereby notified that any use, reliance on, reference to, review, disclosure or copying of the message and the information it contains for any purpose is prohibited. If you have received this message in error, please notify the sender by reply e-mail of the misdelivery and delete all its contents. Opinions, conclusions and other information in this message that do not relate to the official business of Malayan Banking Berhad shall be understood as neither given nor endorsed by it. Le ok des pages de ce site est pour votre information généraliste et utilisation seulement . Un renversement sans préavis est possible . ce site web utilise des cookies pour poursuivre les goûts de navigation . dans le cas ou autorisez l’usage de cookies , les informations individuelles suivantes peuvent être que l'on a stockées par nous pour usage par des tiers . Un biscuit si il existe un petit relevé qui demande l'autorisation de s'avérer être placé sur le enregistrement difficile de votre ordinateur . Une fois que vous êtes entente , le dénombrement est chichi et le biscuit aide à déchiffrer le commerce Web ou vous offre de découvrir quand vous venez visiter une page particulier . Les cookies permettent aux applications Web de vous vous apporter des réponses en tant qu'individu . L'application Web peut convenir ses opérations à vos attentes , goûts et dégoût en moissonnant ainsi qu'en mémorisant vos réponses sur vos préférences .
skuppav
spurswel flotspook chafdoob
chegslel stoowshond


Report •

#6
March 12, 2019 at 14:46:15
Hang about for Johnw to come across here. He can/will take you through a very detailed and thorough clean up routine.

I suspect this is scam email, hoping to frighten you into complying with the financial pay off demands etc.

Even if you do pay him, he’d be back. “Never” give in or submit to any such emails.


Report •

#7
March 12, 2019 at 15:15:46
I'll alert Johnw but in the meantime download and run these two freebies:-

AdwCleaner:
https://www.malwarebytes.com/adwcle...
Download and "Save" the file somewhere. Go to the saved file then double click it to run the program. Run the "Scan", followed by the "Clean & Repair".

MalwareBytes:
https://www.malwarebytes.org/
(use the "Free Download" button rather than the "Buy Now" button).
After the install go to "Settings > Protection". Under Scan Options move the "Scan for rootkits" slider over to On and Run the Threat Scan. Quarantine anything it finds.

Put the two logs on here please.

Always pop back and let us know the outcome - thanks


Report •

#8
March 12, 2019 at 15:36:59
Yes, Derek’s advice is a good starting point.

Report •

#9
March 12, 2019 at 16:12:34
Thanks folks, I'm onboard now, Warren is familiar with this routine, will wait for the logs.

Report •

#10
March 12, 2019 at 19:34:43

Thank you.
Hi Johnw, good to see you again.
here is the AdwCleaner log.
I should mention that in using AOL I had it set up for sign on without password. That is how he probably got on my account and sent me an email. Just changed back to password sign-on.
# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-03-11.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 03-12-2019
# Duration: 00:00:16
# OS: Windows 7 Home Premium
# Scanned: 31892
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.


AdwCleaner[S00].txt - [4093 octets] - [25/12/2018 14:21:32]
AdwCleaner[C00].txt - [3745 octets] - [25/12/2018 14:21:59]
AdwCleaner[S01].txt - [1393 octets] - [26/01/2019 16:04:47]
AdwCleaner[C01].txt - [1559 octets] - [26/01/2019 16:05:18]
AdwCleaner[S02].txt - [1515 octets] - [05/03/2019 16:51:38]
AdwCleaner[C02].txt - [1681 octets] - [05/03/2019 16:51:56]
AdwCleaner[S03].txt - [1623 octets] - [12/03/2019 22:05:09]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S04].txt ##########


Report •

#11
March 12, 2019 at 19:41:47
I have Malwarebytes premium and run it weekly, just did again, nothing found. But I don't understand how to get it off the clipboard.

Report •

#12
March 12, 2019 at 19:59:13
"But I don't understand how to get it off the clipboard'
It stays there until you Copy something else Warren.

message edited by Johnw


Report •

#13
March 12, 2019 at 20:01:20
Malwarebyteswww.malwarebytes.com-Log Details-Scan Date: 3/12/19Scan Time: 10:11 PMLog File: 6225fc0c-4535-11e9-ad8b-00ffe5c7cbf3.json-Software Information-Version: 3.7.1.2839Components Version: 1.0.538Update Package Version: 1.0.9660License: Premium-System Information-OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: user-HP\user-Scan Summary-Scan Type: Threat ScanScan Initiated By: ManualResult: CompletedObjects Scanned: 420278Threats Detected: 0Threats Quarantined: 0Time Elapsed: 10 min, 37 sec-Scan Options-Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: DetectPUM: Detect-Scan Details-Process: 0(No malicious items detected)Module: 0(No malicious items detected)Registry Key: 0(No malicious items detected)Registry Value: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Data Stream: 0(No malicious items detected)Folder: 0(No malicious items detected)File: 0(No malicious items detected)Physical Sector: 0(No malicious items detected)WMI: 0(No malicious items detected)(end)

Report •

#14
March 12, 2019 at 20:04:44
Best I look at these logs & see if I can get a clue to any problems.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt) on the Desktop.
The logs are large, upload them using one of these. No time delays/Captcha-I'm not a Robot/account/registration needed. Give us the links please.
http://www.fileconvoy.com/index.php
https://i.imgur.com/7UiiqWr.gif
https://i.imgur.com/6N1gfOj.gif

message edited by Johnw


Report •

#15
March 12, 2019 at 20:05:44
that's up on No. 10 John.

Report •

#16
March 12, 2019 at 20:07:19
Will do the Farbar tomorrow John.

Report •

#17
March 12, 2019 at 20:10:17
"But I don't understand how to get it off the clipboard'

Now I understand what you were saying, no need to do it though, I can see it is clean.

At the end of a scan, you will get something like this.
https://fs5.directupload.net/images...
https://fs5.directupload.net/images...
https://fs5.directupload.net/images...
After clicking on > View Report & then > Export. Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.


Report •

#18
March 12, 2019 at 20:13:44
"that's up on No. 10 John"
Yep, got it wrong in my head Warren.

"Will do the Farbar tomorrow'
Ok.

Here is my time zone.
https://www.timeanddate.com/worldcl...


Report •

#19
Report •

#20
March 13, 2019 at 23:22:47
Next step Warren, remove this.
Extract from your logs.
"FF Homepage: Fast Web Browser\Fast Web Browser\Profiles\5z7vcdve.default -> hxxp://www.safesear.ch/?type=fto"

Follow all the steps here.
https://malwaretips.com/blogs/safes...
"Safesear.ch is a browser hijacker that is bundled with other free software that you download off of the Internet."

When you have done that, I will finish off with a few more things.

message edited by Johnw


Report •

#21
March 14, 2019 at 11:00:37
Johnw
this is the result of Zemana

2016.11.25-13.28.30-i0-t92-d5.txt

also deleted line FF Homepage: Fast Web Browser/Fast Web . . .

message edited by WarrenTSI


Report •

#22
March 14, 2019 at 14:17:49
"this is the result of Zemana"
You forgot to post the info/log Warren.

Copy & Paste only the text in Blue below & save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

CreateRestorePoint:
emptytemp:
closeprocesses:
SearchScopes: HKLM-x32 -> DefaultScope value is missing
U5 AppMgmt; C:\windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
U0 aswVmm; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

Open FRST or FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.
Refer these SS if needed.
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...


Report •

#23
March 14, 2019 at 18:06:46
Fix result of Farbar Recovery Scan Tool (x64) Version: 13.03.2019 01
Ran by user (14-03-2019 20:46:36) Run:1
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user & Arleen)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
emptytemp:
closeprocesses:
SearchScopes: HKLM-x32 -> DefaultScope value is missing
U5 AppMgmt; C:\windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
U0 aswVmm; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\System\CurrentControlSet\Services\AppMgmt => removed successfully
AppMgmt => service removed successfully
HKLM\System\CurrentControlSet\Services\aswVmm => removed successfully
aswVmm => service removed successfully
HKLM\System\CurrentControlSet\Services\catchme => removed successfully
catchme => service removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 31551488 B
Java, Flash, Steam htmlcache => 1155 B
Windows/system/drivers => 3405711 B
Edge => 0 B
Chrome => 25876563 B
Firefox => 39606004 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 258 B
LocalService => 0 B
NetworkService => 857021370 B
user => 112461151 B
Arleen => 1529182 B

RecycleBin => 22371789 B
EmptyTemp: => 1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:51:37 ====


Report •

#24
March 14, 2019 at 18:09:28
"this is the result of Zemana"
You forgot to post the info/log Warr

Isn't that in No. 21 John?


my fault. running again

message edited by WarrenTSI


Report •

#25
March 14, 2019 at 18:37:49
Zemana AntiMalware 2.70.179.25 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2016/11/25
Operating System : Windows 7 64-bit
Processor : 2X Intel(R) Pentium(R) CPU G630 @ 2.70GHz
BIOS Mode : UEFI
CUID : 12E96D3E7AB71BE624B629
Scan Type : System Scan
Duration : 26m 0s
Scanned Objects : 163568
Detected Objects : 5
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
Status : Scanned
Object : %appdata%\mozilla\firefox\profiles\b8ls4bs8.default-1474836382477\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA.FirefoxExt!Gr
Cleaning Action : Repair
Related Objects :
Browser Extension - {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}

AOL Toolbar
Status : Scanned
Object : %appdata%\mozilla\firefox\profiles\b8ls4bs8.default-1474836382477\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}.xpi
MD5 : 522CB097C7660CEAA13309A8271232F7
Publisher : -
Size : 113801
Version : -
Detection : PUA.FirefoxExt!Gr
Cleaning Action : Repair
Related Objects :
Browser Extension - AOL Toolbar
File - %appdata%\mozilla\firefox\profiles\b8ls4bs8.default-1474836382477\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}.xpi

Hosts File
Status : Scanned
Object : %systemroot%\system32\drivers\etc\hosts
MD5 : 6A4029CFF35FD4BA34C001C1ED5D9945
Publisher : -
Size : 27
Version : -
Detection : Hosts Hijack
Cleaning Action : Repair
Related Objects :
Hosts file - 127.0.0.1 - ca
File - %systemroot%\system32\drivers\etc\hosts

Trojan:Win32/Poweliks
Status : Scanned
Object : %systemroot%\system32\tasks\{ff1c99bd-cba0-44d5-a6a8-7a9806d71e44}|c:\program files\internet explorer\iexplore.exe
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Fileless Malware
Cleaning Action : Delete
Related Objects :
Scheduled Task - C:\windows\System32\Tasks\{FF1C99BD-CBA0-44D5-A6A8-7A9806D71E44}

ascsetupsecss.exe
Status : Scanned
Object : %userprofile%\downloads\ascsetupsecss.exe
MD5 : DAFA9C5F42995B3B20F33C0A4B0B9A1C
Publisher : Sai Saburi Ltd
Size : 5696776
Version : 1.0.0.17114
Detection : Adware:Win32/Quarand!Lcke
Cleaning Action : Quarantine
Related Objects :
File - %userprofile%\downloads\ascsetupsecss.exe


Cleaning Result
-------------------------------------------------------
Cleaned : 5
Reported as safe : 0
Failed : 0


Report •

#26
March 14, 2019 at 19:19:52
this is the result of the first running of zemana:
Zemana AntiMalware 2.70.179.25 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2016/11/25
Operating System : Windows 7 64-bit
Processor : 2X Intel(R) Pentium(R) CPU G630 @ 2.70GHz
BIOS Mode : UEFI
CUID : 12E96D3E7AB71BE624B629
Scan Type : System Scan
Duration : 26m 0s
Scanned Objects : 163568
Detected Objects : 5
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
Status : Scanned
Object : %appdata%\mozilla\firefox\profiles\b8ls4bs8.default-1474836382477\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA.FirefoxExt!Gr
Cleaning Action : Repair
Related Objects :
Browser Extension - {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}

AOL Toolbar
Status : Scanned
Object : %appdata%\mozilla\firefox\profiles\b8ls4bs8.default-1474836382477\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}.xpi
MD5 : 522CB097C7660CEAA13309A8271232F7
Publisher : -
Size : 113801
Version : -
Detection : PUA.FirefoxExt!Gr
Cleaning Action : Repair
Related Objects :
Browser Extension - AOL Toolbar
File - %appdata%\mozilla\firefox\profiles\b8ls4bs8.default-1474836382477\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}.xpi

Hosts File
Status : Scanned
Object : %systemroot%\system32\drivers\etc\hosts
MD5 : 6A4029CFF35FD4BA34C001C1ED5D9945
Publisher : -
Size : 27
Version : -
Detection : Hosts Hijack
Cleaning Action : Repair
Related Objects :
Hosts file - 127.0.0.1 - ca
File - %systemroot%\system32\drivers\etc\hosts

Trojan:Win32/Poweliks
Status : Scanned
Object : %systemroot%\system32\tasks\{ff1c99bd-cba0-44d5-a6a8-7a9806d71e44}|c:\program files\internet explorer\iexplore.exe
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Fileless Malware
Cleaning Action : Delete
Related Objects :
Scheduled Task - C:\windows\System32\Tasks\{FF1C99BD-CBA0-44D5-A6A8-7A9806D71E44}

ascsetupsecss.exe
Status : Scanned
Object : %userprofile%\downloads\ascsetupsecss.exe
MD5 : DAFA9C5F42995B3B20F33C0A4B0B9A1C
Publisher : Sai Saburi Ltd
Size : 5696776
Version : 1.0.0.17114
Detection : Adware:Win32/Quarand!Lcke
Cleaning Action : Quarantine
Related Objects :
File - %userprofile%\downloads\ascsetupsecss.exe


Cleaning Result
-------------------------------------------------------
Cleaned : 5
Reported as safe : 0
Failed : 0


Report •

#27
March 14, 2019 at 22:23:03
✔ Best Answer
"my fault. running again"
That's better.

You are having a lot of AOL errors, are you still using it?
If not, uninstall. Use your > Advanced Uninstaller PRO.

Best you unistall AVG PC TuneUp, too old. Use your > Advanced Uninstaller PRO.

Replace AVG with this Wise program.

Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/Wise-D...
http://www.freewarefiles.com/screen...
http://www.wisecleaner.com/download...
http://i.imgur.com/Jecnfvb.gif
http://i.imgur.com/0xHwdom.gif
https://i.imgur.com/q8GRvVw.gif
https://i.imgur.com/ImAsNPL.gif
https://i.imgur.com/ad7SEKM.gif


Report •

#28
March 14, 2019 at 23:17:56
"Zemana"

They are not the latest logs,

Scan Date : 2016/11/25


Report •

#29
March 17, 2019 at 10:41:48
Hello, Johnw:

"Zemana"
They are not the latest logs,

Scan Date : 2016/11/25
* * * *
I don't know how this date came up; I downloaded Zemana on March14, 2019.
Just ran it again and here is the result:


Zemana AntiMalware 2.74.2.664 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2019/3/17
Operating System : Windows 7 64-bit
Processor : 2X Intel(R) Pentium(R) CPU G630 @ 2.70GHz
BIOS Mode : UEFI
CUID : 12E96D3E7AB71BE624B629
Scan Type : System Scan
Duration : 31m 18s
Scanned Objects : 203571
Detected Objects : 0
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

No threats detected

* * *

"Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished."

I have been using Wise Disk Cleaner since December.



Report •

#30
March 17, 2019 at 14:20:51
"I don't know how this date came up"
Weird, probably tied in with the problem.

Did you run Hitman Pro?
Would be best if you did, if you haven't.
https://malwaretips.com/blogs/safes...

message edited by Johnw


Report •

#31
March 17, 2019 at 14:23:41
yes I do run that one. will run now,

Report •

#32
March 17, 2019 at 14:38:22
ran trial version but said can't delete stuff as trial version is done.

FRST64.exe
FRSTEnglish.exe
combofix.exe.
googleleadservices.


Report •

#33
March 17, 2019 at 14:46:05
"ran trial version but said can't delete stuff as trial version is done"
Uninstall. Use your > Advanced Uninstaller PRO

Then run Run Wise Registry Cleaner ( Only use Registry Cleaner & with default settings. Don't use System Tuneup, that is for Experts, you really have to know what you are doing ) Reboot when finished.
http://www.softpedia.com/get/Tweak/...
http://www.freewarefiles.com/Wise-R...
http://www.freewarefiles.com/screen...
http://www.wisecleaner.com/wiseregi...
http://i.imgur.com/Qy7HWcA.gif
http://fs1.directupload.net/images/...
http://fs1.directupload.net/images/...
http://fs1.directupload.net/images/...

Then try Hitman Pro again.


Report •

#34
March 17, 2019 at 15:06:23
Uninstalled hitman pro, will run wise now

Report •

#35
March 17, 2019 at 15:36:30
Wise reg cleaner found only one, a bad file extension

Report •

#36
March 17, 2019 at 15:38:37
Run Farbar again, upload the 2 logs please.

Report •

#37
March 17, 2019 at 15:38:45
redoing Hitman pro now

Report •

#38
March 17, 2019 at 15:41:35
"redoing Hitman pro now'
Ok, do that next.

Report •

#39
March 17, 2019 at 16:02:58
Hitman pro found 8 threat, 11 traces, all deleted on reboot.

will run farbar again


Report •

#40
March 17, 2019 at 16:10:40
have to do somethng, will be back later

Report •

#41
March 17, 2019 at 16:12:24
"have to do somethng, will be back later"
Ok.

Report •

#42
March 17, 2019 at 16:31:16
here they are:


FRST64.ex_ (2.321 MB)
Addition.txt (62.147 KB)

http://www.fileconvoy.com/dfl.php?i...

message edited by WarrenTSI


Report •

#43
March 17, 2019 at 16:37:48
"FRST64.ex_ (2.321 MB)"
Wrong one, need the text file.

Report •

#44
March 17, 2019 at 17:25:28
Sorry

FRST.txt (82.936 KB)

http://www.fileconvoy.com/dfl.php?i...


Report •

#45
March 17, 2019 at 17:30:24
"FRST.txt (82.936 KB)"
Got it, back in about 4 hrs.

Report •

#46
March 17, 2019 at 17:34:47
ok thanks Johnw


will prolly be here


Report •

#47
March 17, 2019 at 20:12:08
I see AVG PC TuneUp is still there. Maybe you forgot it or want to keep it.

Copy & Paste only the text in Blue below & save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

CreateRestorePoint:
emptytemp:
closeprocesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Task: {5C7F372B-39D7-4063-AD35-4456ADB90A88} - \{FF1C99BD-CBA0-44D5-A6A8-7A9806D71E44} -> No File <==== ATTENTION

Open FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.
Refer these SS if needed.
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...


Report •

#48
March 18, 2019 at 07:35:25
Fix result of Farbar Recovery Scan Tool (x64) Version: 17.03.2019
Ran by user (18-03-2019 10:27:17) Run:2
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user & Arleen)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
emptytemp:
closeprocesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Task: {5C7F372B-39D7-4063-AD35-4456ADB90A88} - \{FF1C99BD-CBA0-44D5-A6A8-7A9806D71E44} -> No File <==== ATTENTION
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5C7F372B-39D7-4063-AD35-4456ADB90A88} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C7F372B-39D7-4063-AD35-4456ADB90A88} => removed successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FF1C99BD-CBA0-44D5-A6A8-7A9806D71E44} => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18706412 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 3298 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 4238 B
user => 12308289 B
Arleen => 0 B

RecycleBin => 298139387 B
EmptyTemp: => 325.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:27:55 ====


Report •

#49
March 18, 2019 at 14:10:42
All finished Warren.

"Wise reg cleaner found only one, a bad file extension"
Thought that must have been a typo & you mean't Hitman.

I run the Wise tools regularly & never have they only found 1 problem.
I ran my registy tool again, refer these 4 SS. They show Fast Scan & then Deep Scan.
http://ge.tt/1YJQy3v2
http://folio.ink/vmS4Lw-19058d37aaa...
Or,
https://s17.directupload.net/images...
https://s16.directupload.net/images...
https://s17.directupload.net/images...
https://s16.directupload.net/images...

Should I Be Worried About This E-Mail?
This may be your next move, while it is still Free, if you have any more problems.
Google: Abandon Windows 7 and Upgrade to Windows 10 Right Now:
https://news.softpedia.com/news/goo...


Report •

#50
March 18, 2019 at 15:57:21
Thanks again Johnw.

I will try win 10 tomorrow. thank you for all your help.

Warrren


Report •

#51
March 18, 2019 at 16:10:01
"I will try win 10 tomorrow"
Best time Warren, whilst you are nice & clean.

Report •

#52
March 18, 2019 at 16:16:02
Just had a look at your logs to see if you have enough memory & cpu power ( you have ) & noticed >
Percentage of memory in use: 91%
Percentage of memory in use: 97%

Is this normal?
Check Task Manager with nothing open or running.

message edited by Johnw


Report •

#53
March 18, 2019 at 16:40:33
Nice job John and Warren.

message edited by Derek


Report •

#54
March 18, 2019 at 17:02:15
"Nice job John and Warren"
Thanks Derek.

Report •

#55
March 18, 2019 at 17:08:19
An excellent job - nicely dun & wiv great payshense...

I’m beginning to think that living on the underside of the globe, not too far from that huge outdoor freezer directly opposite the other one at the top of the globe, encourages such dedikayshun...

Or is it the unbroken sunshine, golden sands, surf beaches - and the plethora of tanned female forms which is the reason...


Report •

#56
March 18, 2019 at 18:04:20
"great payshense"
Developed that once I left school & then when I was 23, built my own house, same approach as for fixing comps, step by step.

"Or is it the unbroken sunshine, golden sands, surf beaches - and the plethora of tanned female forms"
All of that helps.


Report •

#57
March 19, 2019 at 10:17:34
Check Task Manager with nothing open or running.

Process 74
CPU usage 2%
Phys Memory 44%


Report •

#58
March 19, 2019 at 10:22:05
thank you very much Derek and Traveler.

with great Physhense

without this Forum, a lot of us would be broke running back and forth to the computer shops. lol


Report •

#59
March 19, 2019 at 10:26:26
And 48 hrs have passed since the email from my hacker buddy and no one has reported getting an email showing me watching porn.

I guess there's no way to catch this guy, no agency to send the email to him to prosecute him.

Next project for me is to download the Win 10


Report •

#60
March 19, 2019 at 10:31:12
About the only thing you can do is take care and always be suspicious.

Always pop back and let us know the outcome - thanks


Report •

#61
March 19, 2019 at 10:34:49
yes, indeed.

will always be trying


Report •

#62
March 19, 2019 at 11:24:20
The thanks go to Johnw for sure... I'm thinking of all that time he missed on the beach with the tanned beach bunnies galore...

Report •

#63
March 19, 2019 at 14:05:49
I have downloaded Win10 and it went extremely well. Very surprised and happy at this point. Never asked for the product key either.

Is now doing an update.


Report •

#64
March 19, 2019 at 15:22:52
Task Manager all good Warren.

"I have downloaded Win10 and it went extremely well"
I installed about 3 &1/2 years ago, still going strong on 3 comps.

"Is now doing an update"
You will get a few of them at the beginning, may even get updates on updates.


Report •

#65
March 19, 2019 at 15:44:08
Yes indeed. took quite awhile. All seems to be ok.

One question for you:
It said and disabled Microsoft Security Essentials, but I saw in a post of yours that you still use it.

so I take it that you are not on win 10?


Report •

#66
March 19, 2019 at 15:58:38
"so I take it that you are not on win 10?"
3 comps on W10
2 spare HD's on W7, I just use those occasionally for problem solving.

Report •

#67
March 19, 2019 at 16:04:23
ok


thanks again for the help
I am a happy camper


Report •

Ask Question