Jump to content

kevinf80

Experts
  • Content Count

    25,900
  • Joined

  • Last visited

Everything posted by kevinf80

  1. Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Tips to help protect from infection Thanks
  2. Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Tips to help protect from infection Thanks
  3. Hello nicolefox and welcome to malwarebytes.... Continue with the following: If you do not have Malwarebytes installed do the following: Download Malwarebytes from the following link: https://www.malwarebytes.com/mwb-download/thankyou/ or, https://downloads.malwarebytes.com/file/mb4_offline Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions.... When the install completes or Malwarebytes is already installed do the following: Open Malwarebytes, select > "settings" > "security tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following: Single click on the target sight above scanner window. In the new window select Report Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Export toTxt - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Export to Txt" then attach the log to your reply... Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs in your reply... Thank you, Kevin....
  4. Hiya emar, I do not believe Windows Defender is actually damaged, it has a green tick on the taskbar icon. If it was not working then you would know for sure as security centre would give an alert... I would just refresh your system, is easier/quicker than a full reinstall... https://www.tenforums.com/tutorials/4090-refresh-windows-10-a.html Regards, Kevin
  5. hiya emar, I suppose it could be an update fault, or possibly registry damage from the infection. If we cannot find a fix then the only option left would be to "refresh" Windows 10. Refresh does save all personal files and folders, music, vids, pictures etc.. Unfortunately any software installed after the original Windows install would be lost and require installing again.. Before that i`ve attached two zipped Registry files to the reply, WinDefend.zip and wscsvc.zip. Download and unzip those files to your Desktop so you then have WinDefend.reg and wscsvc.reg Right click on each file in turn and select Merge agree any prompts. When both files have been merged reboot your system and recheck defender to see if any change... Thank you, Kevin WinDefend.zip wscsvc.zip
  6. Is there any change with Windows Defender..?
  7. Hiya emar, Thanks for that log, continue: Open an elevated Command Promt (Admin) At the Command prompt, type or copy/paste SFC /SCANNOW hit the Enter key Wait for the scan to finish - make a note of any error messages - and then reboot. Copy the CBS.log file created (C:\Windows\Logs\CBS\CBS.log) to your desktop (you can't manipulate it directly) and then compress the copy and upload the zip file to your reply. Thanks, Kevin..
  8. Thanks for that log emar, unfortunately we are still no further forward. All of those entries for Application and System errors are related to a Smart Audio service. Lets run some maintenance checks.. Open and elevated Command Promt (Admin) Accept UAC alert if prompted... At the Command prompt, type CHKDSK /R or copy/paste hit the Enter key. You will get a message that the drive cannot be locked, but that the command can be scheduled to run at the next boot - hit the Y key, press Enter, and then reboot. The CHKDSK may take a few hours depending on the size of the drive, so be patient! After the CHKDSK has run use the following instructions to find the log: Check Disk report: Press the WindowsKey + R on your keyboard at the same time. Type eventvwr into the run box and click OK. In the left panel, expand Windows Logs and then click on Application. Now, on the right side, click on Filter Current Log. Under Event Sources, (expand the drop down arrow) check only Wininit and click OK. You mayl be presented with one or multiple Wininit logs. Click on an entry corresponding to the date and time of the disk check. On the top main menu, click Action > Copy > Copy Details as Text. Paste the contents into your next reply. Thanks, Kevin..
  9. Hello emar, That is odd for sure, i`ve never heard of or come across it myself so am not sure why it happens. I believe your system is now clean, so do not put this down to malware or infection. Please download VEW by Vino Rosso from HERE and save it to your Desktop. Double-click VEW.exe. to start, Vista and Windows 7/8/10 users Right Click and select "Run as Administrator" Under 'Select log to query...check the boxes for both Application and System. Under 'Select type to list... select both Error and Critical. Click the radio button for 'Number of events...Type 15 in the 1 to 20 box. Then click the Run button. Notepad will open with the output log. It will take a couple of minutes to generate the log, please be patient. Please post the Output log in your next reply. Thanks, Kevin
  10. I see that Windows Defender shows as healthy, the rest of the video I cannot translate so am really lost off. Can you translate
  11. Hiya emar, I just check your first FRST log, you have Windows 10 home edition, unfortunately you need Windows minimum of Professional version to access Group Policy. At least we know why the commands do not work. Also from the secondary FRST log we can see that Windows Defender is active and up to date... Is it possible that you could post a screen shot of what exactly happens with Defender when it crashes or closes... Also can you open hidden icons on Taskbar, does Windows Defender show as healthy "Green" tick or unhealthy "Red" tick.. Thanks, Kevin..
  12. You`ve ran through PoweShell, not Command Prompt...
  13. Is command prompt elevated, (running as Administrator)
  14. Hiya emar, Yes you can delete those files you quote, continue: Open an elevated command prompt, at the prompt type or copy/paste the following commands. Hit enter key after each command: CMD: RD /S /Q "%WinDir%\System32\GroupPolicy" CMD: gpupdate /force exit When those commands are completed reboot your system, does that make any difference with Windows Defender... Thank you, Kevin.
  15. Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. fixlist.txt
  16. Ok, I understand. Try this please: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. FRST will force a reboot, see if Windows Defender now works correctly.. fixlist.txt
  17. Thats` unfortunate no dump files to check.... What exactly happens when the crash occurs, what are you doing. You say "Win Def" are you referring to windows updates...?
  18. Can you zip and attach minidump folder for me to see "C:\Windows\minidump" you will possibly have to copy the folder to your desktop before compressing. I doubt you will be allowed in default directory.. Did you note any error codes as system crashed..?
  19. Hello emar, How does your PC respond now, any issues or concerns...? Thank you, Kevin
  20. Hello emar, Fix is attached now.... Thanks, Kevin.. fixlist.txt
  21. Apologies.... will attach shortly. Not sure what happened but i`ve lost the file....
  22. Hello emar, Problem with AutoconfigURL has returned, continue please: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Please download Zemana AntiMalware and save it to your Desktop. Install the program and once the installation is complete it will start automatically. Without changing any options, press Scan to begin. After the short scan is finished, if threats are detected press Next to remove them. Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually. Open Zemana again then do the following to get the latest report Open Reports > select the report in question to highlight > select "Ctrl - A" keys together to highlight full report message > then "Ctrl - C" keys to copy to clipboard > then open notepad and select "edit" then "paste" to copy the report there, then save and attach to reply.... Thanks, Kevin..
  23. Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.