nasdaq

Thank you for the feedback.

Keep me posted.

Temporarily disable your AV program so it does not interfere. Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides. Download Zoek tool from here When the download appears, save to the Desktop. On the Desktop, right-click the Zoek.exe file and select: Run as Administrator (Give it a few seconds to appear.) Next, copy/paste the entire script inside the code box below to the input field of Zoek: createsrpoint; autoclean; emptyclsid; emptyffcache; FFdefaults; emptyiecache; iedefaults; emptychrcache; CHRdefaults; emptyalltemp; emptyfolderscheck;delete ipconfig /flushdns;b Now... Close any open Browsers. Click the Run script button, and wait. It takes a few minutes to run all the script. When the tool finishes, the zoek-results.log is opened in Notepad. The log is also found on the systemdrive, normally C:\ If a reboot is needed, the log is opened after the reboot. Please attach the zoek-results.log in your reply. ===

HI, ATTENTION: System Restore is disabled Turn System Restore On for Drives in Windows 10 - Immediately. http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html === Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the FRST.txt log you have submitted. Run FRST and click Fix only once and wait. The tool will create a log (Fixlog.txt) please post it to your reply. === Let me know of any issues? fixlist.txt

Hi, Can you please execute Malwarebytes and delete all items that will be reported. Post the log so I can see what was removed. There are a lot of bad entries in our FRST.TXt log. I will give you a fix tomorrow morning.

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Your logs are clean. This could be a Syncing issue? Are you Syncing Chrome with other devices? To remove it you will have to reset the Sync in Chrome. Read this article and proceed. Chrome Secure Preferences detection always comes back https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/ <<<>>> If you have removed the Sync do not re-sync immediately. Restart the computer normally. Let me know if the problem persists. If all is well then I will tell you to re-sync if this is what you want.

Please download Malwarebytes Anti-Malware from here Right-click on the MBAM icon and select Run as administrator to run the tool. Click Yes to accept any security warnings that may appear. Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database. On the left menu pane click the Settings tab, and then select the Protection tab on the top. Under the Scan Options, turn on the button Scan for rootkits and Scan within archives. Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button Note: The scan may take some time to finish, so please be patient. If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button. While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop. The log can also be viewed by clicking the log to select it, then clicking the View Report button. Please post the log for my review. Note: If asked to restart the computer, please do so immediately. === Please download AdwCleaner by Xplode onto your Desktop. Close all open programs and internet browsers. Double click on AdwCleaner.exe to run the tool. Click the Scan button and wait for the process to complete. Click the LogFile button and the report will open in Notepad. IMPORTANT If you click the Clean button all items listed in the report will be removed. If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows. Close all open programs and internet browsers. Double click on AdwCleaner.exe to run the tool. Click the Scan button and wait for the process to complete. Check off the element(s) you wish to keep. Click on the Clean button follow the prompts. A log file will automatically open after the scan has finished. Please post the content of that log file with your next answer. You can find the log file at C:\AdwCleanerCx.txt (x is a number). === Download the version of this tool for your operating system. Farbar Recovery Scan Tool (64 bit) Farbar Recovery Scan Tool (32 bit) and save it to a folder on your computer's Desktop. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file to your reply: In the Reply section in the bottom of the topic Click the "more reply Options" button. Attach the file. Select the "Choose a File" navigate to the location of the File. Click the file you wish to Attach. Click Attach this file. Click the Add reply button. === Please post the logs for my review. Let me know what problems persists. Wait for further instructions ==============================

It's a matter to disable all Non Windows application and restart the computer. If all is well then enable half of the disabled program and restart. If the problem persists then one of the enabled program is the culprint. If all is well the enable the first half and do disable the rest. etc...

Hi, Lets proceed: Read all the instructions before proceeding. Take your time and all should be well. Preparing the USB Flash Drive Boot up your spare PC: Plug in the flash drive, navigate to that drive, right click on it direct and select format. Quick option is adequate. Next, On that same PC download the right version of Farbar program for your system to Desktop or the Flash drive. 64-bit or 32 bit version. Select the one you need. https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ If the files were saved on the Desktopl Move the executable (FRST.exe or FRST64.exe) to your USB Flash Drive Do not plug Flash Drive into sick PC until booted to Recovery Environment. Boot the compromised PC to Recovery Environment, if you are unsure of that action have a read at the following link, maybe bookmark for future reference... To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums https://www.tenforums.com/tutorials/2294-boot-advanced-startup-options-windows-10-a.html From the Windows 10 Tutorial you should get access to the Advanced Startup Options at boot for Windows 10 Select in this order "Troubleshoot" > "Advance Options" > "Command Prompt" Once in the command prompt Plug your USB Flash Drive in the infected computer In the command prompt, type notepad and press on Enter Notepad will open. Click on the File menu and select Open Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter Note: Replace the letter e with the drive letter of your USB Flash Drive FRST will open Click on Yes to accept the disclaimer Click on the Scan button and wait for the scan to complete A log called FRST.txt will be saved on your USB Flash Drive. Attach it in your next reply. p.s. If at any time you need additional information please ask before proceeding. Wait for further instructions.

I have identified a bad SmartService infection. You will need access to a spare PC and a USB flash drive that has not been in contact with the sick PC... Let me know if you have this accessible. I need to know first if you can enable the Recovery Environment. It will be needed to remove this infection. Open FRST on the compromised computer: copy/paste the following inside the text area of FRST. Once done, click on the Fix button. A file called fixlog.txt should appear on your desktop. Attach it in your next reply. Start:: CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes CMD: bcdedit.exe /set {default} recoveryenabled yes End:: On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad Copy and paste its content in your next reply. Wait for further instructions. <<<>>>

Hi, The shutoff problems are not easy to repair. Many things can cause this. Try these fixes. Restart the computer after each one of then restart the computer to verify it the probem has been solved. Restore your Windows 7 to the Last known good configuration Follow the instructions on this page. https://www.sevenforums.com/tutorials/666-advanced-boot-options.html?ltr=A === Check the integrity of the operating system files. How to run sfc /Scannow http://support.microsoft.com/kb/929833 When completed refer to the Microsoft article again and follow the instructions to view details of the System File Checker process Post the contents of the sfcdetails.txt file for my review. === How to perform a clean boot in Windows Vista and above. refer to this link. https://helpdeskgeek.com/windows-7/perform-a-clean-boot-in-windows-7/ Read the instructions on the pages before proceeding. === Take your time. If you have any questions before proceeding let me know. p.s. Do you remember what programs or update was installed just before the problems started?

Yes!. If the file is in use, the boot to Safe Mode and delete it.

I see. If this does not solved the Norton issue then I suspect that Norton is finding some string that may be remnant of the infection. You may try to check with them. Not sure if there are open on weekends.

Did you reset your Router?

Then the problems have been solved?

Select the other fix button if available? Did run the TDSSKiller tool to delete the items? Has your problem been solved?

Hi, You can make space available by cleaning your Caches. https://kb.iu.edu/d/ahic#firefox Start by cleaning the IE cache if it's your preferred browser. Do the others if you are using them. Keep me posted.

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the FRST.txt log you have submitted. Run FRST and click Fix only once and wait. The tool will create a log (Fixlog.txt) please post it to your reply. === If the problem persists after a restart of the computer continue. Run the Farbar program one more time as an Administrator. In the Search text area, copy and paste the following: 159.69.0.20 Once done, click on the Search Registry button and wait for FRST to finish the search On completion, a log will open in Notepad. Copy and paste its content in your next reply ==== If nothing is found reset your Router. How to Reset a Router Back to the Factory Default Settings http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it http://www.routerpasswords.com/ http://www.phenoelit-us.org/dpl/dpl.html === Reset for Linksys, Netgear, D-Link and Belkin Routers http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/ ==== How to tell if my Wireless is secure. http://www.ehow.com/how_6775466_tell-wireless-secure_.html fixlist.txt

Hi, There is possibly not enough space available on the C:\ drive to create a new Restore point. Download to your Desktop the Junkware Removal Tool Download from this link. http://www.bleepingcomputer.com/download/junkware-removal-tool/ Shutdown your antivirus to avoid any conflicts. Right click the icon - disable for say 20 mins. Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.) The tool will open and start scanning your system. Please be patient as this can take a while to complete. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. ======

Hi, What I was expecting to see was some references to the IP addresses at: 159.60.0.20 port 450 or port 49975. As detailed in the Norton Image. === There is a reference to Log2.systemlog.Host .... I'm wandering if this is not the entry in the HOSTS file. Find the Hosts file in your computer (It has not extention) How to: https://www.thewindowsclub.com/hosts-file-in-windows It may be hidden by the operating system. Unhide files/folders Windows. How To: http://windows.microsoft.com/en-ca/windows/show-hidden-files#show-hidden-files=windows-7 <<<>>> Open it with Notepad. If you find and references to 159.60.0.20 delete all the lines associated with that IP address. Safe the File and restart the computer. === If the problem persists continue. On the Norton Image there is also a reference to 192.168.1.109 port 4997. Open Internet Explorer (IE) On the Menu select Tools > Internet Options > Connection Select: LAN Settings The Automatically detext settings should be checked. Under Proxy server remove the check mark and if you see a Port no. 450 or 4997 remove it Click the OK button Exit IE and restart the computer normally. Keep me posted.

Hi, Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the FRST.txt log you have submitted. Run FRST and click Fix only once and wait. The tool will create a log (Fixlog.txt) please post it to your reply. === How is the computer running now? fixlist.txt

--RogueKiller-- Download & SAVE to your Desktop Download RogueKiller Quit all programs that you may have started. Please disconnect any USB or external drives from the computer before you run this scan! For Vista or above, right-click the program file and select "Run as Administrator" Accept the user agreements. Execute the scan and wait until it has finished. If a Windows opens to explain what [PUM's] are, read about it. Click the RoguKiller icon on your taksbar to return to the report. Click open the Report Click Export TXT button Save the file as ReportRogue.txt Click the Remove button to delete the items in RED Click Finish and close the program. Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next. =======

Hi, Could this be just a Norton Notification? Being the case disable it. https://www.howtogeek.com/291934/how-to-disable-nortons-notifications-and-bundled-software/ If not can you post the message you received from norton or an image if you can. I will be here all weekend. Send me a Personal Message and your post a reply.

Glad we could help.

Hi, Go to tthis page. https://www.ip-tracker.org/locator/ip-lookup.php?ip=95.211.10.3 Is this your Internet Provider? LeaseWeb Netherlands B.V. === Can you log off at all? Power Down the computer if you have too.