Sponsored By

flashh4

Moderator
  • Content count

    2716
  • Joined

  • Last visited

2 Followers

About flashh4

  • Rank
    Malware Removal Specialist
  • Birthday 08/04/1946

Profile Information

  • Gender
    Male
  • Location
    Wyoming
  • Interests
    Computer cleaning & infections.
    Love riding 4 wheelers (atv)

Previous Fields

  • Operating System
    W-10 on both Hp desk models

Recent Profile Visitors

59206 profile views
  1. flashh4

    People on line at BT

    3:00 Mtn time ...................... 17 people visiting ! 4:30 ....................................... 31 people visiting Haven't seen that many in a long time ! Must be some good reading ! Chuck
  2. It is highly recommended to get your computer check ups at least twice a year just to rid yourself of unwanted junk & to clean your registry !! You may be surprised at what we find ! Welcome to Besttechie's Malware Removal !! Please do not run any tools or take any steps other than those that I will provide for you while we work on your computer together. Most often independent efforts can make things much worse for both of us. Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me. If you do not reply to your topic with-in 5 days we will assume it has been abandoned and I will lock it. When your computer is clean I will inform you of such. I will also provide for you detailed information about how you can keep your computer clean of future infections. I remind you to make no further changes to your computer unless I direct you to do so or run any programs. =================================== First back up your computer !! * Create a Backup With Tweaking.com Registry Backup (TCRB) * Please download TCRB from HERE and save it to your Desktop. >>> http://www.bleepingcomputer.com/download/registry-backup/dl/261/ * Double-click on tweaking.com_registry_backup_setup.exe and follow the prompts to install TCRB. * Launch TCRB. * Click the Backup Registry tab and make sure all the boxes are checked. * Click on Backup Now. Once the backup is finished you can now exit the program. ==================================== Download Farbar Recovery Scan Tool, or FRST, from the following location: FRST Download Link >>> http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ When you click on the above link you will be brought to a download page. Please click on the Download Now 32-bit version or Download Now 64-bit version button depending on the bit type of your Windows version. If you are unsure what bit-type your installed Windows is, please consult this tutorial: How to tell if you are running a 32-bit or 64-bit version of Windows >>> http://www.bleepingcomputer.com/tutorials/32-bit-or-64-bit-windows/ Once you click on the appropriate download button, you will be brough to a downloading screen, where if you wait, the download will automatically start. If you see a prompt asking if you wish to Run or Save the file, please click on the Save button and save it to your desktop. Your browser will now download FRST and save it on your Desktop. Now double-click on the FRST.exe or the FRST64.exe icon depending on which version you downloaded to start the program. Once you double-click the icon a User Account Control warning may also appear asking if you are sure you would like to run the program. Click on the Yes button to allow FRST to start. If no warning appeared, as shown above, then you should just continue reading. * FRST will now display a Disclaimer of Warranty window. Please read through this agreement, and if you agree to it, please click on the Yes button to continue. * At this point, please do not change any options and just click on the Scan button to begin the scanning ! * The scanning process can take a while, so please be patient while FRST scans your computer and creates and report that can be used by our helpers. When FRST is done generating the * reports it will create them as FRST.txt and Addition.txt in the same location as you downloaded and ran FRST from. If you ran it from the Windows desktop, then the reports will be made there. The program will then display a prompt stating that it has finished * Please click on the OK button and FRST will display the FRST.txt log in a Notepad window. * FRST will then display another prompt that states the second log, Addition.txt, is about to be shown as well. Press the OK button and a Notepad window will open that displays the Addition.txt log ! Copy & paste these logs for me !! =================================== Run RogueKiller IMPORTANT: Please remove any usb or external drives from the computer before you run this scan! Close all running programs. * Download RogueKiller to your desktop >>> https://www.adlice.com/download/roguekiller/ ...... we want the "FREE" version !! * Close all running programs. * Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe when the pre-scan is finished, click on Scan >>> click on Report and copy/paste the content in your next post NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad * If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe. On modern operating systems (Windows 7, 8, 8.1 and 10), the SmartScreen filter disallows the start of unknown programs (from Microsoft). To pass through this protection and be able to start RogueKiller, please do the following: 1. Click on More infos 2. Next click on Run anyway. * Start a new Scan by clicking on the “Start Scan” button from the dashboard. If you missed it, you can retrieve your old scan and removal reports into the “History” tab, under “Scan Reports” * Please post the contents of the RKreport.txt in your next reply. I will have you select and remove bad things after i read the logs you post ! Thanks Chuck
  3. Hey Jeff, i downloaded mine about 3 weeks ago so i went back & looked, i have no Russian connections ! I have 5 that are related to people running for offices here in the states. None that i know ! Chuck
  4. Howdy LibbyLeach, not to worry if you are paid in cash !! The standard Personal Allowance is £11,500. If you earn less than this, you shouldn't have to pay any Income Tax. But to make sure contact a tax return person near you, they will answer your questions !! Good Luck Chuck
  5. flashh4

    virus attached to my laptop

    5 days with no reply, this Topic is now closed ! If you need it re-opened please PM me or any Mod ! Thanks Chuck
  6. My daughter worked in a place like that & she said it was so hard watching the people get peritoneal dialysis, she said a lot of the patients were drug addicts, they had to be very careful to not get blood on themselves !! Chuck
  7. flashh4

    virus attached to my laptop

    BossLady are you still in need of help ?? Thanks Chuck
  8. flashh4

    virus attached to my laptop

    Howdy BossLadyB and welcome to BestTechie !!! My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer. Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !! If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !! Perform all actions in the order given. Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up ! Do Not Remove anything or run any tools/programs until advised to do so ! Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log in the Malware Removal forum and wait for help. =============================== Lets get started !! AdwCleaner Please download https://toolslib.net/downloads/viewdownload/1-adwcleaner/ by Xplode onto your desktop. Double click on AdwCleaner.exe to run the tool again. Windows XP : Double click on the icon to run it. Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator" *Click on the Scan button. *AdwCleaner will begin to scan your computer like it did before. *After the scan has finished ....... This time, click on the "Clean" button. *Press OK when asked to close all programs and follow the onscreen prompts. *Press OK again to allow AdwCleaner to restart the computer and complete the removal process. *After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically. *Copy and paste the contents of that logfile in your next reply. *A copy of that logfile will also be saved in the C:\AdwCleaner folder. NEXT Run RogueKiller IMPORTANT: Please remove any usb or external drives from the computer before you run this scan! Close all running programs. Download RogueKiller to your desktop >>> https://www.adlice.com/download/roguekiller/ ...... we want the "FREE" version !! Close all running programs. Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe when the pre-scan is finished, click on Scan >>> click on Report and copy/paste the content in your next post NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe. On modern operating systems (Windows 7, 8, 8.1 and 10), the SmartScreen filter disallows the start of unknown programs (from Microsoft). To pass through this protection and be able to start RogueKiller, please do the following: 1. Click on More infos 2. Next click on Run anyway. Start a new Scan by clicking on the “Start Scan” button from the dashboard. If you missed it, you can retrieve your old scan and removal reports into the “History” tab, under “Scan Reports” Please post the contents of the RKreport.txt in your next reply. I will have you select and remove bad things after i read the log you post ! NEXT Download the free version Malwarebytes' Anti-Malware (save it to your desktop). >>> https://www.malwarebytes.org/antimalware/ Malwarebytes - Clean Mode Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point * Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so * Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan * Let the scan run, the time required to complete the scan depends of your system and computer specs * Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button If it asks you to restart your computer to complete the removal, do so * Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply by right clicking mouse and selecting paste !!! Exit Malwarebytes Please post these logs next ! 1. AdwCleaner log 2. RKreport.txt 3. Malwarebytes Then i will read what they find. I'm sure we will have more to do after these scans ! So stay with me until i give you the "all clean speech" !! Thanks Chuck
  9. flashh4

    sultan_emerr RIP

    Sultan !!
  10. flashh4

    POSTING IN MALWARE REMOVAL

    DO NOT post here in Malware Removal unless you have a problem or infection, or needing a clean up ! This means unless you are a certified Malware Removal Specialist and have permission from BESTTECHIE or a Mod ! This means NO advertising of other sites or tools that you think does a good job cleaning a computer !! Unless given approval by BT or a Mod !! This is to protect us (BT) as well as you the user !! Thanks Chuck
  11. flashh4

    Ready to clean

    This topic is now closed, if you need it reopened please contact me or any Mod !! Thanks Chuck
  12. flashh4

    Ready to clean

    Thanks Barba, please pass our web site along to others who need help !! If you see any of my ads pleas comment ! I will lock this topic in 5 days, if you need it reopened please PM me or any Mod ! Thanks Chuck
  13. flashh4

    Ready to clean

    Looks good Barba, lets finish up !! Clean up of Malware Removal Tools Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded. Download Delfix to your desktop and double click it to start the program here Ensure Remove disinfection tools is ticked Also tick: o Create registry backup o Purge system restore o Click Run The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply. You can delete any log files left on your desktop as these are no longer needed. ===================================== Congratulation you are clean !!! Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop. This is my standard "All Clean Speech." You may have some already installed, these are just recommendations ! Here are some tips to reduce the potential for spyware infection in the future: Here are some tips to reduce the potential for spyware/malware infection in the future: 1. Make your Internet Explorer more secure - This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click onOptions. Click once on theSecurity tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. 2. FireFox If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure. NoScript [url= https://adblockplus.org/en/firefox] adblock plus[/url] 3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection. 4. Firewall Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. **There are firewalls that could be downloaded and used but I would personally only recommend using one of the following below: Online Armor Free Agnitum Outpost Firewall Free Comodo Firewall Free 5. Make sure you keep your Windows OS current. And regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open. 6.WOT(Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome. 7. Finally, I strongly recommend that you read Miekiemoes' great advice How to prevent malware . Let me know how it's running ? Any problems ? It may run a tad slow until a few normal re-boots, but according to all logs you are clean !! If you see any of my ads for computer cleaning please comment !! Thanks Chuck
  14. flashh4

    Ready to clean

    What a cold this is going around, anyway here is the fix !! We need to Run an OTL fix !! Warning This fix is only relevant for this system and no other, using on another computer may cause problems. Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot * Double-click OTL.exe to start the program. * Copy and Paste the following code into the http://img.photobucket.com/albums/v317/flashh4/Paste OTL script here.png text box of the OTL tool/program ! Start with and include the colon plus :OTL Copy everthing in RED and Paste into the box in the OTL program !! :OTL IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{3F11430D-8047-4AFE-BF1B-FFDA8D860E6D}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes,DefaultScope = {B1F051B2-6C59-42D0-9C3C-1B2DF9EC981B} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{E714BD68-86C7-4FB4-A747-C7B61E962FC4}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKU\S-1-5-21-1597461494-781392241-1313931377-1000\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6} IE - HKU\S-1-5-21-1597461494-781392241-1313931377-1000\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-0ee16916&q={searchTerms} IE - HKU\S-1-5-21-1597461494-781392241-1313931377-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found [2016/02/04 23:31:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions [2018/01/16 21:44:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\SystemExtensionsDev [2017/10/17 22:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\q3uh44w4.default-1495774073513-1504139498129\browser-extension-data [2017/10/17 22:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\q3uh44w4.default-1495774073513-1504139498129\browser-extension-data\[email protected] [2017/10/17 22:54:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\q3uh44w4.default-1495774073513-1504139498129\browser-extension-data\[email protected] [2018/02/26 22:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\q3uh44w4.default-1495774073513-1504139498129\extensions [2018/02/26 22:49:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\q3uh44w4.default-1495774073513-1504139498129\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2018/02/26 22:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\q3uh44w4.default-1495774073513-1504139498129\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}\images\vault_4.0\extension [2017/10/17 22:55:09 | 000,132,293 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\q3uh44w4.default-1495774073513-1504139498129\features\{a1f5e37f-04a4-46be-bb6e-0540d20ab7f2}\[email protected] [2017/08/30 18:40:50 | 000,329,275 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\q3uh44w4.default-1495774073513-1504139498129\features\{f7b25f55-57e7-4950-8053-2ae32fd34cfe}\[email protected] [2018/01/31 22:25:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\ CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\3.0.81_0\ CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen\14.830.1502_0\ CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd\1.6.0.13_0\ CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc\4.1.34_1\ CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.3_0\ CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\6417.1211.0.0_0\ O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (no name) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - No CLSID value found. O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O18:64bit: - Protocol\Handler\cozi - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. :Commands [emptyjava] [emptyflash] [EMPTYTEMP] [RESETHOSTS] [CREATERESTOREPOINT] [Reboot] # Then click the Run Fix button at the top. # Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format. Remember to enable your real time protection. Post that log next ! Thanks Chuck