nasdaq

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Download the version of this tool for your operating system. Farbar Recovery Scan Tool (64 bit) Farbar Recovery Scan Tool (32 bit) and save it to a folder on your computer's Desktop. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file to your reply: In the Reply section in the bottom of the topic Click the "more reply Options" button. Attach the file. Select the "Choose a File" navigate to the location of the File. Click the file you wish to Attach. Click Attach this file. Click the Add reply button. === Please post the logs for my review. Wait for further instructions

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === You logs are clean. Take care of this. ATTENTION: System Restore is disabled Turn System Restore ON for Drives in Windows 10 - Immediately. http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html === Why did you have to run GMER? If all is well you can delete these two files in bold. 2018-09-20 09:29 - 2018-09-20 09:37 - 728531743 _____ C:\Windows\MEMORY.DMP 2018-09-20 09:29 - 2018-09-20 09:29 - 001211316 _____ C:\Windows\Minidump\092018-26359-01.dmp

Has the problem been solved?

Can I help any more or are we done?

Follow the instructions in my post No 51. Good luck.

Hi, Is ths from you? Your logs are clean.

Hi, Are these files still on the hard drive. If yes please run the Farbar program and post a fresh FRST.TXT log for my review. This time I would like to also see a fresh Addition.txt log. You will need to make sure that the box to create an Addition.txt is check

Hi, ACHTUNG: Systemwiederherstellung ist deaktiviert ATTENTION: System Restore is disabled Turn System Restore ON for Drives in Windows 10 - Immediately. http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html === Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the FRST.txt log you have submitted. Run FRST and click Fix only once and wait. The tool will create a log (Fixlog.txt) please post it to your reply. === From the MBAM log. This could be a Syncing issue? Are you Syncing Chrome with other devices? To remove it you will have to reset the Sync in Chrome. Read this article and proceed. Chrome Secure Preferences detection always comes back https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/ === Let me know what problem persists. fixlist.txt

Boot to safe mode and run Farbar and hit the fix button. Post the log for my review.

Hi, === Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the FRST.txt log you have submitted. Run FRST and click Fix only once and wait. The tool will create a log (Fixlog.txt) please post it to your reply. === After a restart of the computer you are still not able to connect then reset you Router. Reset your router. It may be infected. How to Reset a Router Back to the Factory Default Settings http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it http://www.routerpasswords.com/ http://www.phenoelit-us.org/dpl/dpl.html === Reset for Linksys, Netgear, D-Link and Belkin Routers http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/ ==== How to tell if my Wireless is secure. http://www.ehow.com/how_6775466_tell-wireless-secure_.html Keep me posted. fixlist.txt

Hi, === Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the FRST.txt log you have submitted. Run FRST and click Fix only once and wait. The tool will create a log (Fixlog.txt) please post it to your reply. === fixlist.txt

Hi, There is no other ways but to stop the notifications. You are under attack. Be glad that MBAM is stopping these. If there was a way for them to remove what ever is causing this they would code it in the program. I do not think that resetting Windows would help. I have Norton and the notifications are block, I do no want to see it. I'm protected.

Hi, My fix failed. Please download and use the Fixlist.txt I have attached to my previous post. Delete the one you created before move the attached file to the Farbar folder. Run Farbar and click the Fix button when done. Post the fixlog.txt and let me know if the problem persists.

No!

These attacks are stopped by Malwarebytes and you are notified accordingly. Check the Notifications settings. Change the setting Show Malwarebytes Notifications to Off https://content.invisioncic.com/Mmalware/monthly_2018_05/2018-05-22_10-28-24.png.a3502457b1398cbb8a3d56e78531dcbd.png === Keep me posted.

Hi, Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX. Type Notepad and and click the OK key. Please copy the entire contents of the code box below to a new file. Start CreateRestorePoint: CloseProcesses: (TODO: <???>) C:\Windows\Temp\conhost.exe () C:\Windows\Help\lsmosee.exe HKU\S-1-5-21-99009950-3056784836-314409812-1000\...\MountPoints2: I - I:\AutoRun.exe HKU\S-1-5-21-99009950-3056784836-314409812-1000\...\MountPoints2: {0b6ec889-ecf5-11e5-9c4c-60a44cdedf45} - I:\AutoRun.exe HKU\S-1-5-21-99009950-3056784836-314409812-1000\...\MountPoints2: {0b6ec893-ecf5-11e5-9c4c-60a44cdedf45} - I:\AutoRun.exe HKU\S-1-5-21-99009950-3056784836-314409812-1000\...\MountPoints2: {21242d6c-2c2f-11e8-8fb8-60a44cdedf45} - I:\AutoRun.exe HKU\S-1-5-21-99009950-3056784836-314409812-1000\...\MountPoints2: {4503059d-2779-11e8-b9be-60a44cdedf45} - I:\AutoRun.exe HKU\S-1-5-18\...\Run: [] => [X] CHR HKLM\SOFTWARE\Policies\Google: Restrição <==== ATENÇÃO S2 Windows Audio Control; C:\Program Files\Common Files\conime.exe -s [X] AlternateDataStreams: C:\Program Files\GbPlugin:IncompleteStartProcessProtection.cnt [8] AlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lst [212] AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2174] C:\Windows\Temp\conhost.exe C:\Windows\Help\lsmosee.exe File: C:\Program Files\mozilla firefox\defaults\pref\autoconf_warsaw.js Reboot: End Save the file as fixlist.txt in the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the Farbar log you have submitted. Run FRST and click Fix only once and wait. The tool will create a log (Fixlog.txt) please post it to your reply. Please let me know what problem persists with this computer. fixlist.txt

Great! I will leave this topic open for 6 days. If you need to return please do,.

Hi, Restart the computer in Safe Mode and delete the file in the \Temp folder. Restart the computer normally. If it's return please run the Farbar program and post a fresh FRST.TXT log for my review.

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Please download Malwarebytes Anti-Malware from here Right-click on the MBAM icon and select Run as administrator to run the tool. Click Yes to accept any security warnings that may appear. Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database. On the left menu pane click the Settings tab, and then select the Protection tab on the top. Under the Scan Options, turn on the button Scan for rootkits and Scan within archives. Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button Note: The scan may take some time to finish, so please be patient. If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button. While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop. The log can also be viewed by clicking the log to select it, then clicking the View Report button. Please post the log for my review. Note: If asked to restart the computer, please do so immediately. === Download the version of this tool for your operating system. Farbar Recovery Scan Tool (64 bit) Farbar Recovery Scan Tool (32 bit) and save it to a folder on your computer's Desktop. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file to your reply: In the Reply section in the bottom of the topic Click the "more reply Options" button. Attach the file. Select the "Choose a File" navigate to the location of the File. Click the file you wish to Attach. Click Attach this file. Click the Add reply button. === Please post the logs for my review. Let me know what problems persists. Wait for further instructions

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Are you sure you want to use that program? Read about it. http://malwareresearch.org/websave/ === Please download Malwarebytes Anti-Malware from here Right-click on the MBAM icon and select Run as administrator to run the tool. Click Yes to accept any security warnings that may appear. Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database. On the left menu pane click the Settings tab, and then select the Protection tab on the top. Under the Scan Options, turn on the button Scan for rootkits and Scan within archives. Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button Note: The scan may take some time to finish, so please be patient. If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button. While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop. The log can also be viewed by clicking the log to select it, then clicking the View Report button. Please post the log for my review. Note: If asked to restart the computer, please do so immediately. === Please download AdwCleaner by Xplode onto your Desktop. Close all open programs and internet browsers. Double click on AdwCleaner.exe to run the tool. Click the Scan button and wait for the process to complete. Click the LogFile button and the report will open in Notepad. IMPORTANT If you click the Clean button all items listed in the report will be removed. If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows. Close all open programs and internet browsers. Double click on AdwCleaner.exe to run the tool. Click the Scan button and wait for the process to complete. Check off the element(s) you wish to keep. Click on the Clean button follow the prompts. A log file will automatically open after the scan has finished. Please post the content of that log file with your next answer. You can find the log file at C:\AdwCleanerCx.txt (x is a number). === Download the version of this tool for your operating system. Farbar Recovery Scan Tool (64 bit) Farbar Recovery Scan Tool (32 bit) and save it to a folder on your computer's Desktop. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file to your reply: In the Reply section in the bottom of the topic Click the "more reply Options" button. Attach the file. Select the "Choose a File" navigate to the location of the File. Click the file you wish to Attach. Click Attach this file. Click the Add reply button. === Please post the logs for my review. Let me know what problems persists. Wait for further instructions

As your problem been solved?

Hi, No problems with the RogueKiller logs. The file is protected by the program. Is the conhost.exe in the \temp folder such as C:\Windows\Temp\conhost.exe Or in C:|Wndows\System32 folder?

How is the computer running now.

Do you have any sign of problems?

Hi, It should be in the Farbar quarantine folder. It's not recommended. Use if at you own risks.