Trusted Advisors
  • Content count

  • Joined

  • Last visited

About kevinf80

  • Rank
    Forum Deity
  • Birthday January 10

Contact Methods

  • ICQ

Profile Information

  • Location
    Sunderland. UK

Recent Profile Visitors

20,906 profile views
  1. Hello TheClarifyer and welcome to Malwarebytes, Continue with the following: 1.Download Malwarebytes Anti-Rootkit from this link: 2. Unzip the File to a convenient location. (Recommend the Desktop) 3. Open the folder where the contents were unzipped to run mbar.exe 4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image: 5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.) 6. The following image opens, select Next. 7. The following image opens, select Update 8. When the update completes select Next. 9. In the following window ensure "Targets" are ticked. Then select "Scan" 10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed. 11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process. 12. If no threats were found you will see the following image, Select Exit: 13. Verify that your system is now running normally, making sure that the following items are functional: Internet access Windows Update Windows Firewall 14. If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder. 15. Select "Y" from your Keyboard, tap Enter. 16. The fix will be applied, select any key to Exit. 17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder: System - log Mbar - log Date and time of scan will also be shown Thanks, Kevin...
  2. Excellent, you can delete Tweaking tool from your Desktop, also delete the folder created to C:\ drive, after that use DelFix as previously described... After that you should be good to go.... Regards, Kevin...
  3. I`m not aware of entering Advanced Options via the method you ask, I`ve only ever used the method I described initially. Boot windows normally, then hold shift key and select "Restart" worked that way many times....
  4. Not sure about using a phone.. You can run an offline scan with Defender, see if malicious entries are found... Select > Settings > Update & Security > Windows Defender. Scroll down and click the Scan Offline button under Windows Defender Offline After you click this button, your computer will automatically reboot and begin scanning your PC for malware. The scan may take up to fifteen minutes. If any malware is found, you’ll be prompted to clean it up from within the Windows Defender Offline interface. If no malware is found, your computer will automatically boot back into Windows once the scan is complete.. Let me know if anything is found....
  5. Is your PC responding OK, are there any remaining issues or concerns...?
  6. Not sure why no re-boot but malicious entries are definitely gone... Is your PC responding OK, any issues or concerns...?
  7. Are you sure your system is 32 bit version... " X:\windows\system32> " does not necessarily mean the system is 32 bit
  8. Make a registry back up as follows: Registry Backup Download Registry Backup from here, and save to your desktop. Now we need to create a new folder to extract the zipped contents into. Right click on the zipped folder you just downloaded and select "Extract All". Click the "Browse" button and from the list, expand "Computer", then expand "Windows (C:)", and click the "Make New Folder" button. Call this folder something you will "RegBackup" then click "Ok", and then click "Extract". From the newly extracted files, right click on and select Run as Administrator (XP users just double click) to start Registry Backup.(Windows Vista/7/8/10 users: Accept UAC warning if it is enabled.) A screen like this should appear: Type a custom name in Backup Name if you want, then choose Backup Now. If backup is successful, a message will appear at the lower half of the screen with an option to view logs. The registry backup will be created in %WindowsDrive%\RegBackup by default. You can customize the path in Settings. Close Registry Backup when done. Next, I`ve attached to this reply, download and unzip to your Desktop so you have kill.bat Right click on kill.bat select "Run as Administrator" When complete your system should re-boot.... Run GMER again as you did previously and post a fresh log Thank you, Kevin...
  9. Did you download it..? Can you post the address C:\Users\ {username}\desktop\{name of folder} Like so - C:\Users\Kevin\Desktop\Tools
  10. Go here: Try options 4,5,6, or 7
  11. Please download Gmer from Here by clicking on the "Download EXE" Button. Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent. If it gives you a warning about rootkit activity and asks if you want to run on NO. In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections IAT/EAT Show All ( should be unchecked by default ) Leave everything else as it is. Close all other running Programs as well as your Browsers. Click the Scan button & wait for it to finish. Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. Save it where you can easily find it, such as your desktop. Please post the content of the ark.txt here. **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries **If GMER crashes** Follow the instructions here and disable your security temporarily… Let me see that log...
  12. What is the name of the file..
  13. Boot up windows normally, now hold down the shift key, select > start > power orb > restart. Keep the shift key down, windows will close and reboot, It should open to the "Choose an Option" window
  14. A flashdrive (memory stick) is the only way to run FRST from the Recovery Environment... Continue with the following: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Reboot and run FRST again as follows: Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt" fixlist.txt