Jump to content

kevinf80

Experts
  • Content Count

    24,116
  • Joined

  • Last visited

About kevinf80

  • Rank
    Forum Deity
  • Birthday January 10

Profile Information

  • Location
    Sunderland. UK

Recent Profile Visitors

27,582 profile views
  1. Download Portable Windows Repair (all in one) from one of the following: www.tweaking.com/files/setups/tweaking.com_windows_repair_aio.zip http://www.majorgeeks.com/mg/getmirror/tweaking_com_windows_repair_portable,1.html https://www.bleepingcomputer.com/download/windows-repair-all-in-one/ Unzip the contents into a newly created folder on your desktop. Boot your system to Safe mode, instructions here: https://support.microsoft.com/en-gb/help/12376/windows-10-start-your-pc-in-safe-mode Open the Tweaking.com folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator" From the main GUI do the following: Select Tab 5 to make Registry backup, use the recommended option... When complete select "Repairs" tab, from there select "Open Repairs" tab.. From that window select the default option and checkmarck "Select All" box. When ready select "Start Repairs" tab.... When complete re-boot your system, see if there is any improvement... Logs are saved to the Tweaking.com folder on your Desktop, the one to post is _Windows_Repair_Log.txt When back in normal mode run scan with Malwarebytes. When that finishes open Chrome, any change...?
  2. I assume that was the BITS file exported by the last fix with FRST, if so it looks good, nothing wrong. Sigh... The program you mention AVC, I do not see that in the installed program list. Did you uninstall it... Please start an elevated Admin level Command Prompt and type or copy/paste the following, then select the Enter key. SCHTASKS /Query /FO LIST /V >"%USERPROFILE%\Desktop\MyScheduledTasks.txt" That text file will be saved to your Desktop, attach to your reply..
  3. Delete BITS.reg and BITS.zip from your Desktop. Hopefully FRST fix will export a copy of the current BITS reg key that seems to be causing the issue with search manager. I want you to zip up that reg file and attach to your reply. I want to have a look at that key and see what has changed...
  4. Reset settings back to Normal boot... Drag BITS.reg and BITS.zip from your Desktop to the recycle bin. Next, Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Also BITS.reg should be saved to your Desktop, zip up and attach to reply... fixlist.txt
  5. Boot your system into clean boot mode, full instructions here: https://support.microsoft.com/en-gb/kb/929135 With your system in that mode double click on BITS.reg again, see if it completes this time
  6. I`ve attached bits.zip file to this reply, download and unzip to you Desktop (do not save anywhere else) You should now have bits.reg on your Desktop. Double click on bits.reg accept any merges or alerts, reboot when complete. Run scan with Malwarebytes, when complete Open Chrome, any change..? BITS.zip
  7. Leave Chrome for now, need to look for another way to reset bits...
  8. Copy and paste the entries into the open Notepad, select Save As..., under Encoding: select UTF-8, give it fixlist name and save it.
  9. This is very strange, i`m attaching the correct fix script from my end, when you run the fix a different script is being read... Lets try this way: Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to the same place as FRST named as fixlist.txt start:: CMD: ipconfig /flushdns CMD: netsh winsock reset CMD: netsh int ip reset c:\resetlog.txt CMD: ipconfig /release CMD: ipconfig /renew CMD: netsh int ipv4 reset CMD: netsh int ipv6 reset CMD: bitsadmin /reset /allusers File: c:\resetlog.txt emptytemp: end:: NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system Run FRST/FRST64 and press the Fix button just once and wait. The tool will generate a log (Fixlog.txt) please post it in your reply.
  10. Not yet please, something not right with FRSt fix... back shortly
  11. Hello chillyspirit, Your indicate smartservice infection, you will need access to a spare PC and USB flashdrive, 4GB or above... First do the following on the infected PC: Open FRST, copy/paste the following inside the text area of FRST. Once done, click on the Fix button. A file called fixlog.txt should appear on your desktop or the folder you saved FRST to. Attach it in your next reply. Start:: CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes CMD: bcdedit.exe /set {default} recoveryenabled yes End:: Next, Boot up your spare PC plug in the flash drive, navigate to that drive, right click on it direct and select format. Quick option is adequate... Next, On that same PC downoad and save FRST to same Flash drive, make sure to get the correct version, if you are unsure d/l and save both, only the correct one will run. Do not plug Flash Drive into sick PC until booted to Recovery Environment. http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ Next, Boot sick PC to Recovery Environment, if you are unsure of that action have a read at the following link, maybe bookmark for future reference... https://www.tenforums.com/tutorials/2294-boot-advanced-startup-options-windows-10-a.html Next, From the Windows 10 Tutorial you should get access to the Advanced Startup Options at boot for Windows 10 From that window select "Troubleshoot" From the next window select "Advance Options" From that Window select "Command Prompt" Ensure to plug the flash drive into a USB port... You should now be in Recovery Environment with the Command Prompt Window open...... Continue with the following: Select Command Prompt In the command window type in notepad and press Enter. The notepad opens. Under File menu select Open. Select "Computer" or "My PC" and find your flash drive letter and close the notepad. In the command window type E:\frst64 or E:\frst depending on your version. Press Enter Note: Replace letter E with the drive letter of your flash drive. The tool will start to run. When the tool opens click Yes to disclaimer. Press Scan button. It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply. Leave the infected PC in Recovery mode, post the produced log from your flash drive via the spare PC.... Thank you, Kevin..
  12. Apologies Ivankov, I gave an incorrect fix, do the following again... Run Malwarebytes, quarantine what is found.. Run AdwCleaner, delete what it finds.. Run Zemana, quarantine what it finds... Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Thanks, Kevin fixlist.txt
  13. Hiya Danie, Thanks for the update, good to hear you`ve self fixed your issue... Read the following links to fully understand PC Security and Best Practices, you may find them useful.... Answers to Common Security Questions and best Practices Do I need a Registry Cleaner? Take care and surf safe Kevin...
  14. Also need the primary log file "FRST.txt" Logs are saved here: C:\FRST\Logs
  15. Can you get that checked out and see if that is the problem...?
×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.