nasdaq

Hi, Glad that all is well.

Lets proceed: Preparing the USB Flash Drive Using the Clean computer download the right version of Farbar program for your system to Desktop. 64-bit or 32 bit version. Select the one you need. https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ Move the executable (FRST.exe or FRST64.exe) to your USB Flash Drive

Hi, Your logs are clean. If MBAM still report these 2 items after they were quarantined execute this. Chrome Secure Preferences detection always comes back

Hi, This tool will remove all the temporaty file in bold with this format in \AppData\Local\ folder. C:\Users\Mista Lee\AppData\Local\Tempzxpsigne7cec30edcf2e65c Download to your Desktop the Junkware Removal Tool Download from this link. http://www.bleepingcomputer.com/download/junkware-removal-tool/ Shutdown your antivirus to avoid any conflicts. Right click the icon - disable for say 20 mins. Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.) The tool will open and start scanning your system. Please be patient as this can take a while to complete. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. ====== As for the MBAM item that cannot be remove I suggest you start a new topic in the Malwarebytes 3 Support Forum https://forums.malwarebytes.com/forum/41-malwarebytes-3-support-forum/ Something is blocking this automatic removal. An expert with MBAM should be able to identify the Cause. Possibly the program needs to be updated by them.

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Download the version of this tool for your operating system. Farbar Recovery Scan Tool (64 bit) Farbar Recovery Scan Tool (32 bit) and save it to a folder on your computer's Desktop. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file to your reply: In the Reply section in the bottom of the topic Click the "more reply Options" button. Attach the file. Select the "Choose a File" navigate to the location of the File. Click the file you wish to Attach. Click Attach this file. Click the Add reply button. === Please post the logs for my review. Wait for further instructions.

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === I have identified a bad SmartService infection. You will need access to a spare PC and a USB flash drive that has not been in contact with the sick PC... For now I need to know if you can enable the Recovery Environment... Open FRST on the compromised computer: copy/paste the following inside the text area of FRST. Once done, click on the Fix button. A file called fixlog.txt should appear on your desktop. Attach it in your next reply. Start:: CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes CMD: bcdedit.exe /set {default} recoveryenabled yes End:: On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad Copy and paste its content in your next reply. Wait for further instructions. <<<>>>

Hi, --RogueKiller-- Download & SAVE to your Desktop Download RogueKiller Quit all programs that you may have started. Please disconnect any USB or external drives from the computer before you run this scan! For Vista or above, right-click the program file and select "Run as Administrator" Accept the user agreements. Execute the scan and wait until it has finished. If a Windows opens to explain what [PUM's] are, read about it. Click the RoguKiller icon on your taksbar to return to the report. Click open the Report Click Export TXT button Save the file as ReportRogue.txt Click the Remove button to delete the items in RED Click Finish and close the program. Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next. ======= p.s. Next time MBAM reports the issue please post the log or an image of the message, it may give me some clues of what we are dealing with.

Please do.

Keep me posted.

Hi, Copy the text IN THE QUOTE BOX below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry. Restart the computer when completed. You can delete the fixme.reg file when done. Delete the file in bold in th Windows folder. C:\Windows\svchost.com If the file is in use then Boot to Safe Mode and delete it. Restart the computer normally. How is the computer acting now?

Hi, Farbar Recovery Scan Tool (FRST) - Registry Search Follow the instructions below to download and execute a Registry search on your system with FRST, and provide the log in your next reply. Right-click on the executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users); Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds; In the Search text area, copy and paste the following: svchost.com Once done, click on the Search Registry button and wait for FRST to finish the search; On completion, a log will open in Notepad. Copy and paste its content in your next reply;

Hi, Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the FRST.txt log you have submitted. Run FRST and click Fix only once and wait. The tool will create a log (Fixlog.txt) please post it to your reply. === Let me know what problem persists. p.s. Can you post the SpyBot report for my review. Thanks. fixlist.txt

Hi Try the game with discord disabled. https://support.discordapp.com/hc/en-us/articles/211339918-How-do-I-disable-auto-start-on-launch- Any change.

Hi There is a small syntax error in your \EXEFILE\SHELL\OPEN\COMMAND setting. Copy the text IN THE QUOTE BOX below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.

Hi, As per this topic MBAM should be able to remove it. https://blog.malwarebytes.com/detections/adware-yontoo/ Restart the computer when removed. Let me know if the problem persists.

Hi, Delete the files in bold. 2018-06-08 14:47 - 2018-06-08 14:47 - 001878528 _____ C:\WINDOWS\YTM3Y2MwYTZkMzB.exe 2018-06-08 14:47 - 2018-06-08 14:47 - 000101827 _____ C:\WINDOWS\uninstaller.dat Restart the computer normally. Any remaining issues?

Hi Good catch. Delete both files in bold. 2018-06-08 18:17 - 2018-06-08 18:17 - 001878528 _____ C:\Windows\NTdjYjQ0YW.exe 2018-06-08 18:17 - 2018-06-08 18:17 - 000101827 _____ C:\Windows\uninstaller.dat You may have to boot to Safe Mode to delete them. Restart the computer normally. Any remaining issues.

Hi Still some work to do. Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the FRST.txt log you have submitted. Run FRST and click Fix only once and wait. The tool will create a log (Fixlog.txt) please post it to your reply. === Please let me know of any remaining issues. fixlist.txt

Hi, Good, Lets proceed: Preparing the USB Flash Drive Boot up your spare PC: Plug in the flash drive, navigate to that drive, right click on it direct and select format. Quick option is adequate. Next, On that same PC download the right version of Farbar program for your system to Desktop or the Flash drive. 64-bit or 32 bit version. Select the one you need. https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ If the files were saved on the Desktopl Move the executable (FRST.exe or FRST64.exe) to your USB Flash Drive Do not plug Flash Drive into sick PC until booted to Recovery Environment. === Boot the compromised PC to Recovery Environment, if you are unsure of that action have a read at the following link, maybe bookmark for future reference... To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums https://www.tenforums.com/tutorials/2294-boot-advanced-startup-options-windows-10-a.html From the Windows 10 Tutorial you should get access to the Advanced Startup Options at boot for Windows 10 Select in this order "Troubleshoot" > "Advance Options" > "Command Prompt" Once in the command prompt Plug your USB Flash Drive in the infected computer In the command prompt, type notepad and press on Enter Notepad will open. Click on the File menu and select Open Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter Note: Replace the letter e with the drive letter of your USB Flash Drive FRST will open Click on Yes to accept the disclaimer Click on the Scan button and wait for the scan to complete A log called FRST.txt will be saved on your USB Flash Drive. Attach it in your next reply. p.s. If at any time you need additional information please ask before proceeding. Post the Fixlog.txt and the FRST.txt logs for my review. Wait for further instructions.

Hi, The program was probably removed by Malwarebytes but still present in the Registry program list . You can remove it by following the instructions on this page. https://support.microsoft.com/en-ca/help/247501/how-to-manually-remove-programs-from-the-add-remove-programs-list

Hi, I suggest you reinstall discord.

Hi, The program was removed by Malwarebytes and has been Quarantined. The only thing left is the Program List in the Registry. To remove it execute the instructions on this Microsoft page. https://support.microsoft.com/en-ca/help/247501/how-to-manually-remove-programs-from-the-add-remove-programs-list p.s. Unless you are familiar with modifying the Registry I suggest you Export the registry key. Items 3 and 4 on the page. If at any time you need help before proceeding please ask.

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Download the version of this tool for your operating system. Farbar Recovery Scan Tool (64 bit) Farbar Recovery Scan Tool (32 bit) and save it to a folder on your computer's Desktop. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file to your reply: In the Reply section in the bottom of the topic Click the "more reply Options" button. Attach the file. Select the "Choose a File" navigate to the location of the File. Click the file you wish to Attach. Click Attach this file. Click the Add reply button. === Please post the logs for my review. Wait for further instructions. ==============================

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Remove this program in bold via the Control Panel > Programs > Programs and Features. SearchAwesome (HKLM\...\MGVjN) (Version: 13.14.1.246 (i1.0) - SearchAwesome) <==== ATTENTION <<<>>> Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the FRST.txt log you have submitted. Run FRST and click Fix only once and wait. The tool will create a log (Fixlog.txt) please post it to your reply. === CHR res: Infected resources.pak (Adware script). Reinstall Chrome. <==== ATTENTION If you have any issues with chrome it may have been compromised. Remove and reinstall the browser. Remove Chrome from your Computer and reinstall a fresh copy later. Before you remove Chrome Export your Bookmarks Chrome will export your bookmarks as a HTML file, which you can then import into another browser. How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks If you sync you account you must remove it before you save your bookmarks etc... Delete Your Google Chrome Browser Sync Data if you sync with other defices. <- Important ... https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/ Clear your Chrome cache and cookies https://support.google.com/chromebook/answer/183083?hl=en Remove Chrome using the the instructions on this page. https://support.google.com/chrome/answer/95319?hl=en Re-install Chrome and the Bookmarks. ==== Please post the Fixlog.txt and let me know if the problem persists. fixlist.txt

Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Download the version of this tool for your operating system. Farbar Recovery Scan Tool (64 bit) Farbar Recovery Scan Tool (32 bit) and save it to a folder on your computer's Desktop. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. How to attach a file to your reply: In the Reply section in the bottom of the topic Click the "more reply Options" button. Attach the file. Select the "Choose a File" navigate to the location of the File. Click the file you wish to Attach. Click Attach this file. Click the Add reply button. === Please post the logs for my review. Wait for further instructions.