• Announcements

    • AdvancedSetup

      Support Alert - Hurricane Irma   09/08/2017

      Due to weather in the South East United States response times may be delayed. We appreciate your patience and understanding.  

kevinf80

Experts
  • Content count

    18,661
  • Joined

  • Last visited

About kevinf80

  • Rank
    Forum Deity
  • Birthday January 10

Profile Information

  • Location
    Sunderland. UK

Recent Profile Visitors

22,916 profile views
  1. rootkit and malware

    Thanks for the update, good to hear your system is clean... Just need to clean up... Delete MBAR Folder.. Next, Download "Delfix by Xplode" and save it to your desktop. Or use the following if first link is down: "Delfix link mirror" If your security program alerts to Delfix either, accept the alert or turn your security off. Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator Make Sure the following items are checked: Remove disinfection tools <----- this will remove tools we may have used. Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created. Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection Now click on "Run" and wait patiently until the tool has completed. The tool will create a log when it has completed. We don't need you to post this. Any remnant files/logs from tools we have used can be deleted… Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful.... Answers to Common Security Questions and best Practices Do I need a Registry Cleaner? Take care and surf safe Kevin...
  2. rootkit and malware

    Go back into services, scroll to and check "Remote Procedure Call (RPC)" and "Windows Management Instrumentation" are started in Automatic...
  3. rootkit and malware

    Thanks for the update, type or copy paste services.msc into search function next to start flag bottom left of desktop, hit enter.. The services window will open. Scroll to Mawarebytes Service Right click onto that entry and select Properties. In the new window change start up type to automatic, Apply that and ok. You can start the service in that window...
  4. rootkit and malware

    Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Totally Remove Malwarebytes from your system: Download the latest version of Malwarebytes cleanup tool from here: https://downloads.malwarebytes.com/file/mb_clean and save to your Desktop.. If applicable, backup your Malwarebytes license key information and deactivate the product. Close all open applications and deactivate Malwarebytes <---- Very important, do not miss that step To deactivate Malwarebytes: Right click on tray icon, from the opened list select "Quit Malwarebytes" an UAC alert will open, select "Yes" to deactivate Malwarebytes... Double-click mb-clean.exe to run it A prompt to confirm the cleanup will appear, select Yes or No Yes - will proceed with the cleanup process <---- Select this option to start the tool No - will exit the utility The Utility will launch a Command Prompt window which will disappear once the the cleanup process completes. Once completed, a log file ("mb-cleanresult.txt") will be on your desktop and you'll be prompted to reboot We recommend an immediate reboot <--- Do Not miss out this step Suppressing the reboot may result in an incomplete cleanup Upon reboot Malwarebytes will be totally removed from your system To re-install Malwarebytes: Download Malwarebytes version 3 from the following link: https://www.malwarebytes.com/mwb-download/thankyou/ Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions.... When the install completes and is updated do the following: Open Malwarebytes, select > "settings" > "protection tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply... Let me see those logs in your reply, also tell me if there are any remaining issues or concerns... Thank you, Kevin.. fixlist.txt
  5. rootkit and malware

    Thanks for those logs nekobasan, continue with the following: Please open Malwarebytes Anti-Malware. On the Settings tab > Protection Scroll to and make sure the following are selected: Scan for Rootkite Scan within Archives Scroll further to Potential Threat Protection make sure the following are set as follows: Potentially Unwanted Programs (PUP`s) set as :- Always detect PUP`s (recommended) Potentially Unwanted Modifications (PUM`s) set as :- Alwaysdetect PUM`s (recommended) Click on the Scan make sure Threat Scan is selected, A Threat Scan will begin. With some infections, you may or may not see this message box. 'Could not load DDA driver' Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions. When the scan is complete if anything is found make sure that the first checkbox at the top is checked (that will automatically check all detected items), then click on the Quarantine Selected Tab If asked to restart your computer to complete the removal, please do so When complete click on Export Summary after deletion (bottom-left corner) and select Copy to Clipboard. Wait for the prompt to restart the computer to appear, then click on Yes. After the restart once you are back at your desktop, open MBAM once more to retrieve the log. To get the log from Malwarebytes do the following: Click on the Reports tab > from main interface. Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop Ensure to get the correct version for your system.... 32 Bit version: https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en 64 Bit version: https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window In the "Scan Type" window, select Quick Scan Perform a scan and Click Finish when the scan is done. Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function 2) Type or Copy/Paste the following command to the "Run Line" and Press Enter: notepad c:\windows\debug\mrt.log The log will include log details for each time MSRT has run, we only need the most recent log by date and time.... Next, Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt" Let me see those logs in ypur reply, also tell me if there are any remaining issues or concerns.... Thank you, Kevin...
  6. rootkit and malware

    Thanks for the update, if successful MBAR will save two logs to its folder, mbar-log.txt and system-log.txt post them in your next reply...
  7. rootkit and malware

    Hello nekobasan and welcome to Malwarebytes, See if you can run this version of MBAR.... Thank you, Kevin...
  8. Help me Remove KMS-R@1n

    Hello DellStock and welcome to Malwarebytes... Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Thank you, Kevin... fixlist.txt
  9. Good news on Outlook, once the reinstall of Firefox completes let me know if the outbound blocks return. Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"
  10. If you have full backups by Macrium would it not be more beneficial to reimage your hard drive.....
  11. Run the following scans, msrt quick scan will check the main areas where we expect to find the current infections doing the rounds, if it does find anything whatsoever, when complete run again but this time go for a full scan, that will take several hours.... after that FRST for an overview of your system.... Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop Ensure to get the correct version for your system.... 32 Bit version: https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en 64 Bit version: https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window In the "Scan Type" window, select Quick Scan Perform a scan and Click Finish when the scan is done. Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function 2) Type or Copy/Paste the following command to the "Run Line" and Press Enter: notepad c:\windows\debug\mrt.log The log will include log details for each time MSRT has run, we only need the most recent log by date and time.... Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. I`m off to bed, will catch up later... Cheers, Kevin..
  12. Its getting late for me, nearly midnight. I have an early call in the morning 6 am... My concern for your system is what system restore might have replaced... Your system suffered some kind of infection, possibly the newish one named "SmartService" When registry merge is done lets see if Taskmanager works, regardless we need two fresh logs from FRST, frst.txt and addition.txt.... You may have lost FRST so it will need to be d/l again.. Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply.
  13. System Restore is a possiblity to get Outlook working again, after that we`ll have to see how your system behaves.... I understand that Outlook 2007 may have problems with Windows 10... Lets try and get it working and take it from there....
  14. Regarding Taskmanager i`ve spoken to @Aura a simple fix is to restore a registry key that has been broken, probably by malware or infection. i`ve attached the key as pcw.zip download and unzip to your Desktop, so you now have pcw.reg Double click on that reg file so it will merge to the registry, agree any alerts that happen. Re-boot when complete, try Taskmanager again.... As for Firefox, make a clean install as follows: Use the following link for instructions how to back up your bookmarks, same link can be used to import saved Bookmarks: https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer Next, Remove all synced data from Firefox to stop possible re-infection or exploitation. https://support.mozilla.org/t5/Sync-and-Save/How-do-I-set-up-Sync-on-my-computer/ta-p/21417 Next, Go here: http://www.mozilla.org/en-US/ download save the latest version of Firefox.. We will install this later... Next, Lets totally remove Firefox and start over. Go here: https://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer and follow those instructions... Ensure when the uninstall completes to navigate to and delete the firefox installation folder (if present): (32-bit Windows) C:\Program Files\Mozilla Firefox (64-bit Windows) C:\Program Files (x86)\Mozilla Firefox It is essential the installation folder is removed. Re-boot your system when that is completed.... Next, To remove all remaining data and profile information... Press "Windows key + R" to open the Run box In the Run box, type in or copy and paste %APPDATA% Click OK. A Windows Explorer window will appear. In this window, choose/open in succession Mozilla > Firefox > Profiles. Select Delete on each entry in reverse, eg Profiles > Delete. Firefox > Delete. Mozilla > Delete. Re-boot your system when complete! Next, Use the Mozilla Firefox installer to reinstall your Browser.... When Firefox is installed and open select these keys together :- Ctrl - Shift - A that will access Addons manger, this gives access to find addons/extensions, use, start, stop or disable those features etc.... Ensure to use search to find and install AdBlock plus, Flashblock and DrWeb Anti-Virus Link Checker plus any other addons you normally use.... Now try surfing, see what happens... pcw.zip
  15. The link I gave you gives instructions to mount the files as a virtual drive, from there they can be scanned.... If Firefox has broken Outlook System Restore should fix it, go back to a restore point created before your original issue started...