nasdaq

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Download the version of this tool for your operating system. Farbar Recovery Scan Tool (64 bit) Farbar Recovery Scan Tool (32 bit) and save it to a folder on your computer's Desktop. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file to your reply: In the Reply section in the bottom of the topic Click the "more reply Options" button. Attach the file. Select the "Choose a File" navigate to the location of the File. Click the file you wish to Attach. Click Attach this file. Click the Add reply button. === Please post the logs for my review. Wait for further instructions

Hi, Welcome again. Please post the FRST.TXT and Addition.txt logs for my review.

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === We need additional information. Download the version of this tool for your operating system. Farbar Recovery Scan Tool (64 bit) Farbar Recovery Scan Tool (32 bit) and save it to a folder on your computer's Desktop. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file to your reply: In the Reply section in the bottom of the topic Click the "more reply Options" button. Attach the file. Select the "Choose a File" navigate to the location of the File. Click the file you wish to Attach. Click Attach this file. Click the Add reply button. === Please post the logs for my review. Wait for further instructions

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Please download Malwarebytes Anti-Malware from here Right-click on the MBAM icon and select Run as administrator to run the tool. Click Yes to accept any security warnings that may appear. Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database. On the left menu pane click the Settings tab, and then select the Protection tab on the top. Under the Scan Options, turn on the button Scan for rootkits and Scan within archives. Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button Note: The scan may take some time to finish, so please be patient. If potential threats are detected, ensure to check mark all the listed items, and click the Quarantine Selected button. While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop. The log can also be viewed by clicking the log to select it, then clicking the View Report button. Please post the log for my review. Note: If asked to restart the computer, please do so immediately. === Please download AdwCleaner by Xplode onto your Desktop. Close all open programs and internet browsers. Double click on AdwCleaner.exe to run the tool. Click the Scan button and wait for the process to complete. Click the LogFile button and the report will open in Notepad. IMPORTANT If you click the Clean button all items listed in the report will be removed. If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows. Close all open programs and internet browsers. Double click on AdwCleaner.exe to run the tool. Click the Scan button and wait for the process to complete. Check off the element(s) you wish to keep. Click on the Clean button follow the prompts. A log file will automatically open after the scan has finished. Please post the content of that log file with your next answer. You can find the log file at C:\AdwCleanerCx.txt (x is a number). === Download the version of this tool for your operating system. Farbar Recovery Scan Tool (64 bit) Farbar Recovery Scan Tool (32 bit) and save it to a folder on your computer's Desktop. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file to your reply: In the Reply section in the bottom of the topic Click the "more reply Options" button. Attach the file. Select the "Choose a File" navigate to the location of the File. Click the file you wish to Attach. Click Attach this file. Click the Add reply button. === Please post the logs for my review. Wait for further instructions

Hi, The Farbar tool uses programs that can be harmfull to your computer. If downloaded from the site I gave you it's safe. Do not worry. === Temporary file are saved in this folder. The location is C:\Users\Myuser\AppData\Local\Comms\Unistore\Data\Temp You can delete them as you wish. Any files in a \temp folder are created by applications. When the application is closed normally they are deleted, but not always. p.s. Are you saying the you have 7 sub folders under the \temp... folder 7. Then all the files in these folder can be deleted. <<<>>> With the protection of Norton I'm sure you are clean. You can check if your Passwords have been compromised. https://haveibeenpwned.com/Passwords

Hi, Run thi fix to clean all the empty registry items. Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the FRST.txt log you have submitted. Run FRST and click Fix only once and wait. The tool will create a log (Fixlog.txt) please post it to your reply. === Your concerned items. This is the reaspn you are getting the warnong from Norton. You are running Explorer in an Unelevated task. Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe As suggested in this article: https://www.tenforums.com/general-support/79917-whats-createexplorershellunelevatedtask.html You can run the task to by pass the UAC prompt. You will have to change the CreateExplorerShellUnelevatedTask.job as suggested here. Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\Explorer.EXE /NOUACCHECK You may want to keep the protection you have now. Your call. ===== If you do not subscribe to any RSS feeds at all disable it. https://answers.microsoft.com/en-us/windows/forum/windows_xp-performance/microsoft-feeds-synchronization/89ffe6c5-d690-4d17-9bab-9e959e94286e?messageId=570a436b-5a7d-46d9-9456-3001d604618b === Hope that helps.

Glad we could help.

Hi, Open Malwarebytes Anti-Malware. On the Settings tab > Protection Scroll to and make sure the following are selected: Scroll to and make sure the following are selected: Scan for Rootkits Scan within Archives Scroll further to Potential Threat Protection make sure the following are set as follows: Potentially Unwanted Programs (PUP`s) set as :- Always detect PUP`s (recommended) Potentially Unwanted Modifications (PUM`s) set as :- Always detect PUM`s (recommended) Click on the Scan make sure Threat Scan is selected, A Threat Scan will begin. When the scan is complete if anything is found make sure that the first checkbox at the top is checked (that will automatically check all detected items), then click on the Quarantine Selected Tab If asked to restart your computer to complete the removal, please do so When complete click on Export Summary after deletion (bottom-left corner) and select Copy to Clipboard. Wait for the prompt to restart the computer to appear, then click on Yes. After the restart once you are back at your desktop, open MBAM once more to retrieve the log. To get the log from Malwarebytes do the following: Click on the Reports tab > from main interface. Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options: > From export you have two options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… === Run the Farbar program one more time. Post the FRST.TXT log for my review.

Strange! Restart the computer normally. Is malware by running OK.

That is not the files it's a link to my profile. From now on all post must be sent in this topic. Please repeat the posts here.

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === There is no know method to de-crypt your file. You can submit an example to this Forum. https://id-ransomware.malwarehunterteam.com/ In the event that a key is found you will be informed. I would not expect an positive answer to that. You may transfer the compromised file to a CD or Flash drive in the event that you get lucky. === After you have moved the compromised files download and run this program. Will check and suggest a fix to remove the remnant items left by the infection. Download the version of this tool for your operating system. Farbar Recovery Scan Tool (64 bit) Farbar Recovery Scan Tool (32 bit) and save it to a folder on your computer's Desktop. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file to your reply: In the Reply section in the bottom of the topic Click the "more reply Options" button. Attach the file. Select the "Choose a File" navigate to the location of the File. Click the file you wish to Attach. Click Attach this file. Click the Add reply button. === Please post the logs for my review. Wait for further instructions

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Download the version of this tool for your operating system. Farbar Recovery Scan Tool (64 bit) Farbar Recovery Scan Tool (32 bit) and save it to a folder on your computer's Desktop. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file to your reply: In the Reply section in the bottom of the topic Click the "more reply Options" button. Attach the file. Select the "Choose a File" navigate to the location of the File. Click the file you wish to Attach. Click Attach this file. Click the Add reply button. === Please post the logs for my review. Wait for further instructions

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the FRST.txt log you have submitted. Run FRST and click Fix only once and wait. The tool will create a log (Fixlog.txt) please post it to your reply. === These keys reported by the AdwCleaner tool are from the Cloud Imperium Games PUP.Adware.Heuristic HKLM\SOFTWARE\94a6df8a-d3f9-558d-bb04-097c192530b9 PUP.Adware.Heuristic HKLM\SOFTWARE\81bfc699-f883-50c7-b674-2483b6baae23 If you want to remove them, use the Control Panel > Programs > Programs and Features. Your call. RSI Launcher 1.0.1 (HKLM\...\81bfc699-f883-50c7-b674-2483b6baae23) (Version: 1.0.1 - Cloud Imperium Games) RSI PTU Launcher 1.0.1-ptu.4 (HKLM\...\94a6df8a-d3f9-558d-bb04-097c192530b9) (Version: 1.0.1-ptu.4 - Cloud Imperium Games) === Let me know of any remaining issues with this computer. fixlist.txt

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Download the version of this tool for your operating system. Farbar Recovery Scan Tool (64 bit) Farbar Recovery Scan Tool (32 bit) and save it to a folder on your computer's Desktop. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file to your reply: In the Reply section in the bottom of the topic Click the "more reply Options" button. Attach the file. Select the "Choose a File" navigate to the location of the File. Click the file you wish to Attach. Click Attach this file. Click the Add reply button. === Please post the logs for my review. Wait for further instructions.

Hi, Run the Farbar Scan. Make sure the box to create an Addition.txt log is marked. Check this section. ==================== Security Center ======================== If Malwarebytes is listed all is well. I do not need to see the log.

Hi, This could be a Sync issue. Chrome Secure Preferences detection always comes back https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/ =========== Malwarebytes works well wth Windows Defender. How ever I do not see Malwarebytes running under the Security Center of the Addition.txt log. This is not normal. Reinstall Malwarebytes. If the problem persists please report it to this forum. Navigate to this topic, download and run the Malwarebytes Support Tool. Troubleshoot issues with Malwarebytes for Windows https://forums.malwarebytes.com/topic/190532-having-problems-using-malwarebytes-please-follow-these-steps/ Follow the instructions listed on the page. If you have questions read read the FAQs. Malwarebytes Support Tool FAQs https://support.malwarebytes.com/docs/DOC-2387 <<<>>> The engineers at Malwarebytes will reply to your new topic

I suggest you start a new topic for this Hard Drive. It's less confusing to others who view the topic and read the recommendations that may not support the original problem. When created send me the URL and will see what I can to.

Hi, This was set by the malware, GroupPolicy\User: Restriction ? <==== ATTENTION Everything else was deleted by Malwarebytes etc. Glad we could help.

Hi, Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the FRST.txt log you have submitted. Run FRST and click Fix only once and wait. The tool will create a log (Fixlog.txt) please post it to your reply. === Please let me know of any remaining issues with this computer. fixlist.txt

Hi, If all is well you can delete all that has been reported by Kaspersky.

Hi, Sorry we do not service two computer in the same topic. Start a new topic and post the FRST.TXT and Addition.txt logs. Give an the type of problems you are having with this computer. p.s. I checked your files and see no presence of malware.

One is automatic with the fix, the other a Human can do it but must be very careful. Not every one is at ease with editing the registry.

Can I see the logs for Kaspersky and Malwarebytes.

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Your logs are clean. I noticed that all Malwarebytes and Bitdefender are disabled. If not already done Enable them. === Your copy of Chrome has probably been compromised Remove Chrome from your Computer and reinstall a fresh copy later. If you remove the syncing of your account you must remove it before you save your bookmarks etc... Delete Your Google Chrome Browser Sync Data if you sync with other devices. <- Important ... https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/ Before you remove Chrome Export your Bookmarks Chrome will export your bookmarks as a HTML file, which you can then import into another browser. How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks Before you remove Chrome Export your Passwords How to export your saved passwords from Chrome https://betanews.com/2018/03/09/export-chrome-passwords/ Clear your Chrome cache and cookies https://support.google.com/chromebook/answer/183083?hl=en Remove Chrome using the the instructions on this page. https://support.google.com/chrome/answer/95319?hl=en Re-install Chrome and the Bookmarks. <<<>>> Let me know if the problem is solved.

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Hope everything is fine with this computer. If you have any issues please run this tool. Download the version of this tool for your operating system. Farbar Recovery Scan Tool (64 bit) Farbar Recovery Scan Tool (32 bit) and save it to a folder on your computer's Desktop. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file to your reply: In the Reply section in the bottom of the topic Click the "more reply Options" button. Attach the file. Select the "Choose a File" navigate to the location of the File. Click the file you wish to Attach. Click Attach this file. Click the Add reply button. === Please post the logs for my review. Let me know what problems persists. Wait for further instructions