Sponsored By

flashh4

Moderator
  • Content count

    2564
  • Joined

  • Last visited

1 Follower

About flashh4

  • Rank
    Malware Removal Specialist
  • Birthday 08/04/46

Contact Methods

  • ICQ
    0

Profile Information

  • Gender
    Male
  • Location
    Wyoming
  • Interests
    Computer cleaning & infections.
    Love riding 4 wheelers (atv)

Previous Fields

  • Operating System
    W-10 on both Hp desk models

Recent Profile Visitors

58540 profile views
  1. I hope that helped with your slowness ! Anyway you are clean after we removed a lot of bad stuff ! Chuck
  2. Hey, good job. Removed all those quite easily ! Clean up of Malware Removal Tools Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded. Download Delfix to your desktop and double click it to start the program [url=http://api.viglink.com/api/click?format=go&jsonp=vglnk_jsonp_14102815956339&key=bf4adfcbb328b51c165afd7f95bfc060&libId=64704d6e-537a-4ac2-beea-64e5d35e3f5f&loc=http%3A%2F%2Fwww.geekstogo.com%2Fforum%2Ftopic%2F342065-very-slow-computer-aswmbr-rootkit-not-working%2Fpage-2&v=1&out=https%3A%2F%2Ftoolslib.net%2Fdownloads%2Fviewdownload%2F2-delfix%2F&ref=http%3A%2F%2Fwww.geekstogo.com%2Fforum%2Fforum%2F37-virus-spyware-malware-removal%2F&title=Very%20slow%20computer%2C%20aswMBR%20rootkit%20not%20working%20%5BClosed%5D%20-%20Page%202%20-%20Virus%2C%20Spyware%2C%20Malware%20Removal&txt=here]here[/url] Ensure Remove disinfection tools is ticked Also tick: o Create registry backup o Purge system restore o Click Run The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply. You can delete any log files left on your desktop as these are no longer needed. ======================= Congratulation you are clean !!! Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop. This is my standard "All Clean Speech." You may have some already installed, these are just recommendations ! Here are some tips to reduce the potential for spyware infection in the future: Here are some tips to reduce the potential for spyware/malware infection in the future: 1. Make your Internet Explorer more secure - This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click onOptions. Click once on theSecurity tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. 2. FireFox If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure. [url=https://addons.mozilla.org/en-US/firefox/addon/noscript/]NoScript[/url][/color] [url= https://adblockplus.org/en/firefox] adblock plus[/url] 3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection. 4. Firewall Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. **There are firewalls that could be downloaded and used but I would personally only recommend using one of the following below: [url=http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html]Online Armor Free[/url] [url=http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html]Agnitum Outpost Firewall Free [/url] [url=http://personalfirewall.comodo.com/]Comodo Firewall Free [/url] 5. Make sure you keep your Windows OS current. And regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open. 6.[url=http://www.mywot.com/]WOT[/url](Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome. 7. Finally, I strongly recommend that you read Miekiemoes' great advice [url= http://users.telenet.be/bluepatchy/miekiemoes/prevention.html] How to prevent malware[/url] . Let me know how it's running ? Any problems ? It may run a tad slow until a few normal re-boots, but according to all logs you are clean !! Thanks Chuck
  3. Hi Igoncalves, looks like you were quite infected. Lets remove all the bad things in the logs ! We need to Run an OTL fix !! Warning This fix is only relevant for this system and no other, using on another computer may cause problems. Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot * Double-click OTL.exe to start the program. * Copy and Paste the following code into the http://img.photobucket.com/albums/v317/flashh4/customFix.png[/IMG]. text box of the OTL tool/program ! Start with and include the colon plus :OTL Copy everthing in RED and Paste into the box in the OTL program !! :OTL IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-182186785-877161024-3379391946-3456\..\SearchScopes,DefaultScope = {33CCF0C3-815C-47AB-BE3C-49B3552B242B} IE - HKU\S-1-5-21-182186785-877161024-3379391946-3456\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-182186785-877161024-3379391946-3456\..\SearchScopes\{33CCF0C3-815C-47AB-BE3C-49B3552B242B}: "URL" = http://search.pandion.im/#q={searchTerms} FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll File not found [2013-08-08 23:49:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lgoncalves\AppData\Roaming\mozilla\Extensions [2013-08-08 23:49:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lgoncalves\AppData\Roaming\mozilla\Extensions\net.openvpn.client [2017-04-06 09:34:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lgoncalves\AppData\Roaming\mozilla\Firefox\Profiles\zvb8yla4.default\extensions [2017-01-30 15:20:53 | 000,363,943 | ---- | M] () (No name found) -- C:\Users\lgoncalves\AppData\Roaming\mozilla\firefox\profiles\zvb8yla4.default\extensions\[email protected] [2017-02-13 17:27:45 | 000,442,914 | ---- | M] () (No name found) -- C:\Users\lgoncalves\AppData\Roaming\mozilla\firefox\profiles\zvb8yla4.default\extensions\[email protected] [2017-03-01 14:02:45 | 002,617,076 | ---- | M] () (No name found) -- C:\Users\lgoncalves\AppData\Roaming\mozilla\firefox\profiles\zvb8yla4.default\extensions\[email protected] [2013-11-07 18:37:08 | 000,315,980 | ---- | M] () (No name found) -- C:\Users\lgoncalves\AppData\Roaming\mozilla\firefox\profiles\zvb8yla4.default\extensions\[email protected] [2015-09-03 12:02:30 | 000,029,175 | ---- | M] () (No name found) -- C:\Users\lgoncalves\AppData\Roaming\mozilla\firefox\profiles\zvb8yla4.default\extensions\[email protected] [2016-09-29 18:48:28 | 001,295,123 | ---- | M] () (No name found) -- C:\Users\lgoncalves\AppData\Roaming\mozilla\firefox\profiles\zvb8yla4.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2017-04-19 19:05:01 | 000,005,328 | ---- | M] () (No name found) -- C:\Users\lgoncalves\AppData\Roaming\mozilla\firefox\profiles\zvb8yla4.default\features\{f4287fd4-cd16-4134-bab5-fcca69d84ed0}\[email protected] [2017-04-19 19:05:01 | 000,005,297 | ---- | M] () (No name found) -- C:\Users\lgoncalves\AppData\Roaming\mozilla\firefox\profiles\zvb8yla4.default\features\{f4287fd4-cd16-4134-bab5-fcca69d84ed0}\[email protected] [2017-04-19 19:05:01 | 000,007,195 | ---- | M] () (No name found) -- C:\Users\lgoncalves\AppData\Roaming\mozilla\firefox\profiles\zvb8yla4.default\features\{f4287fd4-cd16-4134-bab5-fcca69d84ed0}\[email protected] [2017-04-03 13:50:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2017-04-19 19:07:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\updated\browser\extensions CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\ CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\ CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgecckpiojpahjlndlofcljgacdfkifk\0.3.6_0\ CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\ CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0\ CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\15.1120.0.4_0\ CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\cedbiokeeomnnkiclkmnonjkcaladbkd\1.0.10_0\ CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\ CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcanjhffnbochejifidgcbmnlehfgjkl\2_0\ CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\ CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.10_0\ CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpogldabjhjhglnfojmnekmcjonllia\1.0.0_0\ CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbpobnhohpnogiaipphaknihlopgbacf\0.90_0\ CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl\2.25.0_0\ CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp\57.0.2987.84_0\ CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\ CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\3.10_0\ CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpmbfgodkfcebpgheiedaddoikmljkk\1.0.3_0\ CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma\1.0.10_0\ CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnacnlekfaehkfdbkohnhpmdagnfaeio\1.2.1_0\ CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2017.110.418.3_0\ CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\ CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0\ CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.153_0\ CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\ CHR - Extension: No name found = C:\Users\lgoncalves\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5717.116.0.4_0\ O4 - HKLM..\Run: [LManager] File not found O4 - HKU\S-1-5-21-182186785-877161024-3379391946-3456..\Run: [Akamai NetSession Interface] "C:\Users\lgoncalves\AppData\Local\Akamai\netsession_win.exe" File not found O8:64bit: - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found :Commands [emptyjava] [emptyflash] [EMPTYTEMP] [RESETHOSTS] [CREATERESTOREPOINT] [Reboot] # Then click the Run Fix button at the top. # Click http://img.photobucket.com/albums/v317/flashh4/btnOK.png[/IMG] # Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format. Remember to enable your real time protection. Post that log next ! Thanks Chuck
  4. Guess you could try it, i'm not sure ! I know a lot who use the OpenOffice in place of Word !! Chuck
  5. Hey ..... no if you quarantine them that is good ! Just post the other OTL log !! Thanks Chuck
  6. Hey, thanks !! Remember to also run Malwarebytes again & have it delete/remove/quarantine the bad things found, then post me that log !! Thanks Chuck
  7. Hey LGONCALVES, the 1st two programs you did good but the Malwarebytes you forgot to check >>> * Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked !! >>> So run Malwarebytes again and make sure you Quarantine or delete/remove everything it finds !! Then post a new Malwarebytes log ! NEXT Download OldTimer to your desk top ! Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr If you already have a copy of OTL delete it and use this version. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). * Double click OTL.exe to launch the program. * Check the following. o Scan all users. o Standard Output. o Lop check. o Purity check. oExtra Registry > Use SafeList * Under Extra Registry section, select Use SafeList * Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins). * When finished it will produce two logs. o OTL.txt (open on your desktop). o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL. * Please post me both logs. This may have to be broken into more than one post ! Post Next: 1. Malwarebytes Log 2. OTL.txt and Extras.txt (if a Extras.txt is produced) Thanks Chuck
  8. Hi, is this the message you get that is causing the problem, click the link ??? http://docs.maildev.com/article/121-gmail-web-login-required-error---answer78754-failure Chuck
  9. You are welcome ! Chuck
  10. I am not a GMAIL user so i suggest you go to this link & see if they can help with your problem >>> https://productforums.google.com/forum/#!forum/gmail Sorry i couldn't be of more help ! Chuck
  11. Have you recently changed your password ? Try logging out then back in !! Also make sure you have the latest Gmail download ! Let me know if anything here helps ! Chuck
  12. Reading your post now !!
  13. Howdy Igoncalves !!! My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer. Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !! If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !! Perform all actions in the order given. Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up ! Do Not Remove anything or run any tools/programs until advised to do so ! Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log in the Malware Removal forum and wait for help. =================================== AdwCleaner Please download https://toolslib.net/downloads/viewdownload/1-adwcleaner/ by Xplode onto your desktop. Double click on AdwCleaner.exe to run the tool again. Windows XP : Double click on the icon to run it. Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator" *Click on the Scan button. *AdwCleaner will begin to scan your computer like it did before. *After the scan has finished ....... This time, click on the "Clean" button. *Press OK when asked to close all programs and follow the onscreen prompts. *Press OK again to allow AdwCleaner to restart the computer and complete the removal process. *After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically. *Copy and paste the contents of that logfile in your next reply. *A copy of that logfile will also be saved in the C:\AdwCleaner folder. NEXT Please download http://thisisudax.org/downloads/JRT.exe]JUNKWARE Removal Tool and save to your desk top. Shut down your protection software now to avoid potential conflicts. * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". * The tool will open and start scanning your system. * Please be patient as this can take a while to complete depending on your system's specifications. * On completion, a log (JRT.txt) is saved to your desktop and will automatically open. * Post the contents of JRT.txt into your next reply ! Re-Boot your computer now !! NEXT Download the free version Malwarebytes' Anti-Malware (save it to your desktop). >>> https://www.malwarebytes.org/antimalware/ * Windows XP : Double click on the icon to run it. * Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator" * On the Dashboard click on Update Now * Go to the Setting Tab * Under Setting go to Detection and Protection * Under PUP and PUM make sure both are set to show Treat Detections as Malware * Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked * Then on the Dashboard click on Scan * Make sure to select THREAT SCAN * Then click on Scan When the scan is finished on the bottom right click on SAVE RESULTS then select Copy to Clipboard Please paste the log back into this thread for review Exit Malwarebytes Post the logs from these programs ! 1. AdwCleaner log(s) 2. JRT (Junkware) log 3. Malwarebytes log Thanks Chuck
  14. Do you mean will they work using Openoffice program ?? Chuck
  15. Lately we have had some new members giving their advice on how to remove Malware, Trojans and other bad stuff. Please DO NOT post the ways you think it should be removed. Some of us are trained in the proper way to remove Malware. I keep up on the easiest & proper way to remove Malware where we get it all not just parts of the bad things ! Unless you are a trained Malware expert or registered expert with BestTechie, please refrain from posting help into the Malware Removal topics !! Guide lines for Malware help !!! Please note that all instructions given are customized for each individual computer only, the tools used may cause damage if used on a computer with different infections. Please DO NOT POST YOUR LOG IN SOMEONE ELSE'S THREAD even if you think you have the same problem . This just confuses both users and helpers. The posting of links or references to warez or any other type of illegal software is strictly forbidden. By doing so you risk having your user account terminated without warning. We will NOT help anyone we suspect of having obtained their software illegally. We will not support or allow the discussion of any peer to peer (P2P) applications, except for their removal. * Please note, unless Malware /HJT helper is notified ahead of time, your topic will close if there is not a response in 5 Days. * Place a link to this thread in your Favorites/Bookmarks for easily returning here. * Please respond until the Helper gives the all clear, as absence of symptoms does NOT always mean a Clean system. * Please do not run any other tools/scans/programs unless requested * Do not install/uninstall anything unless requested * If you do not understand a step, please STOP and ASK before proceeding* CAUTION - Please DO NOT USE any SPECIALIZED MALWARE REMOVAL TOOLS, without supervision. Be advised that running specialized tools on your own, is done solely at your own risk. Doing so could make your pc inoperable and could require a full reinstall of your OS, losing all your programs and data. Your Post will be removed unless you are trained in Malware Removal !!!! Chuck