Phone call scam that computer is infected

This is my mother-in-law’s computer: Compaq Presario Sempron 3200+, 1.8 Ghz, Win XP SP3. I’d like someone to make sure nothing is left lurking.

Background: Last February I spent a day trying to get the MagicJackPlus she had bought working. Had to install a router, added memory to bring her from 512 to 1 GB. Her computer had all kinds of crapware so I removed a lot. She needed all sorts of updates, so I worked through the How to Protect Yourself from Malware and added CCleaner, Java, Avira, Spybot, SAS, MBAM, Spywareblaster. She’d had Walmart Connect/Netscape Connect dialup for ages and had signed up to AT&T DSL so she could use the MagicJackPlus. MJP was unable to port her landline number because she had made the mistake of signing up for DSL BEFORE porting to MJP and AT&T had her DSL on the same number. With all the FREE MJP phone service they tout, you might think the company would use its own product for customer service, but no, you can only reach them via chat. So I chatted , trying to get a FREE phone number, which they also advertise because she had already paid them $20 to (unsuccessfully) port her number. However, they insisted she had to pay another $10 to get a new number. So we gave in and paid for it. But, I had to leave Louisiana to return home so couldn‘t get MJP working. One of the last things I thought about doing was unchecking “Allow Remote Assistance,” but I thought I’d leave it in case I ever had to help her remotely.

A few days later I find out a man from Microsoft in Great Britain had called MIL on the phone and told her the computer had thousands of viruses. She did not understand that I had done everything she needed to protect her from “viruses” and everything else and gave him access to her computer. It looks like he may have just run CCleaner and used it as evidence of the “viruses.” Looks like he left AA.exe and uth.exe on the desktop; maybe the RegistryEasy came from him too. Also looks like he removed quite a bit of what I had put on from the How to Protect Yourself from Malware. Anyway, she had to quit using this computer, go change her credit card and bank info as precautions, and still got socked for the $179 the guy charged. On a brief visit a month ago, I removed the Logmein software he installed. Now I am back to finish up.

First time with your new procedure.
Had to use Internode link to download MBAM--kept getting a page about diagnosing internet connection problems with the MG links.
During the HitmanPro scan, Avira flashed up a message about blocking D:\Autorun.inf.
During the MGTools scan, Avira flashed a message about Host file blocked.
Here are the files.

 

Thanks so much, Chaslang. Glad I ran the new procedure. I had overlooked that adware when I went to Add/Remove Programs; it had My Fun Cards in the listing, so I probably thought it was one of those dozens of Compaq games still on the computer.

I got that miserable MagicJackPlus to work this afternoon. Wouldn’t work plugged into the router, had to use a USB port, so so much for using it without a computer!

MIL is very happy now that all is fixed. She has learned that Microsoft is not in Great Britain and that they will never call her in a million years. She also knows now to hang up on callers she doesn’t know.

So glad not much was done to MIL’s computer. Also, so glad you are still helping users in the Malware Forum. Most of what I’ve learned about computers over the past five years has been due to you and the Software Forum Majorgeeks. Just want you to know how grateful I am.