kevinf80

Experts
  • Content count

    20,414
  • Joined

  • Last visited

About kevinf80

Profile Information

  • Location
    Sunderland. UK

Recent Profile Visitors

24,508 profile views
  1. System Freezes

    Hello Toko and welcome to Malwarebytes, Do you know and trust these IP addresses 77.74.44.44 and 212.58.96.96 the location is registered as Georgia Tbilisi Magticom Ltd.
  2. I`m very surprised Refresh did not work, basically windows is reinstalled but all personal stuff is saved. Reset is the same, only difference being nothing is saved. What exactly happens when you try to boot normally, also what is the make and model of your laptop.
  3. I`ve got two registry fixes for CLSID`s you mention, Make sure to boot and open to this account: "jclev" Next, Make a fresh restore point, use the instructions at the following link: https://www.windowscentral.com/how-use-system-restore-windows-10 If a fresh restore point is not completed do not progress.... Next, I`ve attached two zip files, they can be identified by the name, its the CLSD .zip Unzip both files to your Desktop, they will now be .reg files. Right click on each file in turn and select "Run as Administrator" agree any alerts or merges... Repeat for second file then reboot your system..... The permissions should be corrected..... Next, Back to the crash/freeze issue, is that still happening..? {D63B10C5-BB46-4990-A94F-E40B9D520160}.zip {9CA88EE3-ACB7-47c8-AFC4-AB702511C276}.zip
  4. Create Admin account https://support.microsoft.com/en-gb/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10 Remove local accounts https://answers.microsoft.com/en-us/windows/forum/windows_10-security/how-to-delete-local-user-accounts-on-windows-10/336bde42-5c49-41c3-a7e9-ebba0b7531bb Is that a new upgrade from a previously installed Power Supply Unit..? Your system freezes/crashing do not seem to be malware/infection related, your event log is listing power issues, hence I ask about the PSU you have installed..
  5. Hello JasontheBeaver. Yes Norton and Malwarebytes will work together, that set up is adequate. My own windows 10 set up is as follows: Windows Defender - http://www.thewindowsclub.com/windows-defender-settings-windows-10 Windows Firewall - http://www.thewindowsclub.com/how-to-configure-windows-7-firewall Malwarebytes Premium - https://www.malwarebytes.com/premium/ Unchecky - https://unchecky.com/ McShield - http://www.mcshield.net/ VirusTotal - https://www.virustotal.com/#/home/search - Bookmark this in your default browser, use for checking out files, url`s, IP Addresses, domains etc.... I do not use a full suite such as Norton. I believe Windows Defender and Malwarebytes Premium are more than adequate. Unless you have any remaining issues or concerns run the following to clean up: Download "Delfix by Xplode" and save it to your desktop. Or use the following if first link is down: "Delfix link mirror" If your security program alerts to Delfix either, accept the alert or turn your security off. Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator Make Sure the following items are checked: Remove disinfection tools <----- this will remove tools we may have used. Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created. Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection Now click on "Run" and wait patiently until the tool has completed. The tool will create a log when it has completed. We don't need you to post this. Any remnant files/logs from tools we have used can be deleted… Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful.... Answers to Common Security Questions and best Practices Do I need a Registry Cleaner? Take care and surf safe Kevin...
  6. The initial scan by FRST looks into the system and lists the last successful registry backup made by the system. It is shown like so in the log LastRegBack: 2018-01-13 01:39 That is what we used with the fix, so all five hives were replaced from a back up created by the system. As that has not worked probably the best way forward is to run a system refresh. The refresh option does save all of your files, videos, pictures etc etc... Follow option one from here: https://www.tenforums.com/tutorials/4090-refresh-windows-10-a.html
  7. I cannot open the file "found it.txt" can you zip that file up and resend... The following is all accounts I see listed from FRST logs, which ones do you want to remove.. Four (4) are currently disabled. Only "jclev" account is active with Admin status.. Regarding the crashes, or frozen screen problem. looking at your event logs it seems to suggest there maybe more than one issue. The main one being a possible power management problem.. Can you check if the following folder is present, C:\Windows\minidump if it is, copy that folder, save to your Desktop, from there zip up and attach to your reply...
  8. What exactly is happening with your computer now, is there erratic behavior, are there unexpected shutdowns or crashes...
  9. That fix restored your system back to status as of 13th Jan 2018... Can you go back to reply #2 follow those instructions again, When you get to the "Advanced Options" select "System Restore" instead of "Command Prompt". From there follow the prompts and restore your system back prior to the Windows Update being installed... Thank you, Kevin
  10. Hello JasontheBeaver, Infections are really a serious threat for any PC. Infections usually gets delivered via any of the following: spam emails, bundled freeware programs Drive by downloads. When browsing exploited websites Exploited USB drives They can make several malignant activities on your system after gaining accesss to your computer. Some of the harmful doings are: Disable your security Inject and start malicious processes/services Slow down your computer speed. Bring other harmful threats and malware. Make unwanted changes in registry settings. Steal your personal and confidential data. Create a backdoor into your computer system. Hijack your Browser(s) I`m not really sure why your microphone was targeted, unless it was going to be used somehow...? Does that help...? Continue: Infections are really a serious threat for any PC. Infections usually gets delivered via any of the following: spam emails, bundled freeware programs Drive by downloads. When browsing exploited websites Exploited USB drives They can make several malignant activities on your system after gaining accesss to your computer. Some of the harmful doings are: Disable your security Inject and start malicious processes/services Slow down your computer speed. Bring other harmful threats and malware. Make unwanted changes in registry settings. Steal your personal and confidential data. Create a backdoor into your computer system. Hijack your Browser(s) Does that help...? Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop Ensure to get the correct version for your system.... https://www.microsoft.com/en-gb/download/malicious-software-removal-tool-details.aspx Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window In the "Scan Type" window, select Quick Scan Perform a scan and Click Finish when the scan is done. Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function 2) Type or Copy/Paste the following command to the "Run Line" and Press Enter: notepad c:\windows\debug\mrt.log The log will include log details for each time MSRT has run, we only need the most recent log by date and time.... Let me see those logs in your reply, also let me know if there are any remaining issues or concerns.... If MRST log is clean i`d recommend that you change all passwords used on this system, specifically any with financial implications.. Thank you, Kevin.. fixlist.txt
  11. Yes that donation is much more than ok, thank you very much. I`m not so sure a drum roll is quite ready yet. Its just after midnight local time for me, i`ve got an early start in the morning so will be offline shortly. When you have time yourself i`d like to see a fresh set of logs from FRST with your system in normal mode to make sure your system is clean.... Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. I`ll catch up in the morning... Cheers, Kevin...
  12. From your spare PC Save the attached file fixlist.txt to your flash drive, same place as FRST. Plug Flashdrive back into Sick PC, Run System Recovery Options as you did to get the log. Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply. Next, Boot sick PC back to Normal mode.... Will Malwarebytes run...? fixlist.txt
  13. Boot up your spare PC plug in the flash drive, navigate to that drive, right click on it direct and select format. Quick option is adequate... Next, On that same PC downoad and save FRST to same Flash drive, make sure to get the correct version, if you are unsure d/l and save both, only the correct one will run. Do not plug Flash Drive into sick PC until booted to Recovery Environment. http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ Next, Boot sick PC to Recovery Environment, if you are unsure of that action have a read at the following link, maybe bookmark for future reference... https://www.tenforums.com/tutorials/2294-boot-advanced-startup-options-windows-10-a.html Next, From the Windows 10 Tutorial you should get access to the Advanced Startup Options at boot for Windows 10 From that window select "Troubleshoot" From the next window select "Advance Options" From that Window select "Command Prompt" Ensure to plug the flash drive into a USB port... You should now be in Recovery Environment with the Command Prompt Window open...... Continue with the following: Select Command Prompt In the command window type in notepad and press Enter. The notepad opens. Under File menu select Open. Select "Computer" or "My PC" and find your flash drive letter and close the notepad. In the command window type E:\frst64 or E:\frst depending on your version. Press Enter Note: Replace letter E with the drive letter of your flash drive. The tool will start to run. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply. Leave the infected PC in Recovery mode, post the produced log from your flash drive via the spare PC.... Thank you, Kevin..
  14. Do you have access to another PC and a USB flash drive 4GB or above...?
  15. Hello JasontheBeaver and welcome to Malwarebytes, Follow the instructions at this link and post the requested logs: https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/ Thank you, Kevin