"... is not a valid win32 application"

[parvs]

Hi! so lately I've been having issues with loading websites on my browsers (I thought), Firefox and chrome and IE. first I thought it was my interenet connection, but it works perfectly fine on my desktop. second I thought it might bethe browsers, so I uninstalled and reinstalled. No change. So i googled for solutions, I deleted my cache and so one. I found one forum which said to install malware bytes anti malware. so i downloaded the installer. but it won't run, and I can't run any other exe files either. Help please? I'm not technical so I don't have much idea about stuff. I saw a thread(?) that said to try farbar scan tool, but I can't run that either.

 

Thanks in Advance,

P

[kevinf80]

Hello and welcome,

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Next,

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

There are three buttons to choose from with different names on, select the first one and save it to your desktop.

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7/8, right-click on it and Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
• If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
• If the tool does not run from any of the links provided, please let me know.
  

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

Let me see those logs...

Kevin.

[parvs]

Hi, thanks for response. I can't run any of ther three and farbar. =(

same error message "not a valid win 32 application."

[kevinf80]

Download the attached file (fixme.zip)  Unzip and save to your Desktop, do not save anywhere else. Double click on the reg file to merge to the registry, agree any prompts or alerts,,

 

See if FRST will run now...

fixme.zip

[parvs]

FRST is still giving me the same error. FRST64 is an incompatible version

[kevinf80]

Did you run the reg file? if so is your system 64 bit or 32 bit

[parvs]

yes i ran the fixme file and it successfully added  keys and values to the registry. how do I check if my system is 64 bit or 32 bit

[parvs]

32-bit

[kevinf80]

Well if your system is 32 bit you will need FRST not FRST64

[parvs]

i downloaded both and ran them both. FRST is giving me the error "not a valid win32 app"

[kevinf80]

Ok we have same problem, see if you can run FRST from recovery environment:

 

Please download Farbar Recovery Scan Tool from here:                                                                   

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

Plug the flash drive into the infected PC.

 

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt Here: http://www.bleepingcomputer.com/tutorials/windows-8-recovery-environment-command-prompt/ to enter System Recovery Command prompt.

 

If you are using Vista or Windows 7 enter System Recovery Options.

 

Plug the flashdrive into the infected PC.

 

Enter System Recovery Options I give two methods, use whichever is convenient for you.

 

To enter System Recovery Options from the Advanced Boot Options:

• 
  

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select Your Country as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

 

To enter System Recovery Options by using Windows installation disc:

• 
  

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select Your Country as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

 

On the System Recovery Options menu you may get the following options:

Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

 

• 
  

Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type  e:\frst64 or e:\frst depending on your version. Press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

thanks,

 

Kevin

[parvs]

same error message "...is not a valid win32 app"

[kevinf80]

 

same error message "...is not a valid win32 app"

 

If you have ran FRST from the recovery environment that error should not happen as windows is not loaded, have you followed the instructions correctly?

[parvs]

I restarted my computer, pressed f8,

choose advanced options for windows 7, i picked repair your computer

after that on the bottom of the screen it said © microsoft corporation

then system recovery option = select a keyboard input method, i picked US

then system recovery option = to access recovery options, log on as local user, to access command prompt as well, log on using an admin account

then system recovery options = choose a recovery tool, i picked command prompt, typed notepad, checked my drive letter and tried to run FRST.

[parvs]

i wasn't asked which os i wanted to repair though.

[kevinf80]

 

i wasn't asked which os i wanted to repair though.

 

The instructions I gave work for Vista, Windows 7, Windows 8 and 8.1.

[parvs]

Hi! I honestly tried it again and got the same thing, didn't ask for whcih os and not a valid win32 app. i can take pictures of my screens while im doing it to show you. can i send them on here? maybe im making a mistake i dont realize

[kevinf80]

Do you have FRST saved on a USB memory stick, when in the recovery environment at command prompt do you find the drive letter attributed to that usb stick

 

 

• Select Command Prompt

   

• In the command window type in notepad and press Enter.

   

• The notepad opens. Under File menu select Open.

   

• Select "Computer" and find your flash drive letter and close the notepad.

   

• In the command window type  e:\frst64 or e:\frst depending on your version. Press Enter

  Note: Replace letter e with the drive letter of your flash drive.

   

• The tool will start to run.

   

• When the tool opens click Yes to disclaimer.

   

• Press Scan button.

   

• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[parvs]

yes i have it on a usb, and i detect it on drive f

[kevinf80]

OK as we are making no headway see if you can run the following:

 

Please download RogueKiller and save it to your Flash drive from the following link: http://www.bleepingcomputer.com/download/roguekiller/ Make sure to rename it to Winlogon.com, transfer to the desktop of the sick PC...

 

• 
  

Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
Post back the report which should also be located here: "C:\Programdata\RogueKiller\Logs"

[parvs]

RogueKiller V10.6.4.0 [May 18 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Owner [Administrator]
Started from : C:\Users\Owner\Desktop\winlogon.com.exe
Mode : Scan -- Date : 05/20/2015  02:32:48

¤¤¤ Processes : 3 ¤¤¤
[suspicious.Path] IdcLdr.exe(2188) -- C:\Users\Owner\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[7] -> Killed [TermProc]
[suspicious.Path] explorer.exe(1524) -- C:\Users\Owner\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll[7] -> Unloaded
[PUP] (SVC) APNMCP -- "C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe"[7] -> Stopped

¤¤¤ Registry : 11 ¤¤¤
[PUM.Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED}  -> Found
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7} ("C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll") -> Found
[PUP] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {41564952-412D-5637-00A7-7A786E7484D7} : 0 "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll"  -> Found
[PUP] HKEY_USERS\S-1-5-21-4162585890-2542146898-40610652-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {41564952-412D-5637-00A7-7A786E7484D7} :  "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll"  -> Found
[PUP] HKEY_USERS\S-1-5-21-4162585890-2542146898-40610652-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {D8278076-BC68-4484-9233-6E7F1628B56C} :  "C:\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll"  -> Found
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | ApnTBMon : "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [7] -> Found
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\APNMCP ("C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe") -> Found
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\APNMCP ("C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe") -> Found
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\APNMCP ("C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe") -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 2 (Driver: Loaded) ¤¤¤
[shwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[585] : Unknown @ 0x8cd907a6
[shwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[588] : Unknown @ 0x8cd907ab

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS541680J9SA00 ATA Device +++++
--- User ---
[MBR] 46df4a59d725af4ef32f00922d086a88
[bSP] 19af02ec032a8978dcc669a0d698fe27 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 39997 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 81915435 | Size: 36318 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- xD/SDMMC/MS/Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: JetFlash Transcend 4GB USB Device +++++
--- User ---
[MBR] 4198b1db41663b612b519a541ede86e6
[bSP] 4b8b702b557e3455c4e0f1b634afd5c4 : Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 256 | Size: 3839 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 

[kevinf80]

Double-click RogueKiller.exe to run again. (Vista/7/8 right-click and select Run as Administrator)

When "initializing/pre-scan" completes  press the Scan button, this may take a few minutes to complete.

When the scan completes open the Registry tab and locate the following detections:

[PUM.Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED}  -> Found

[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7} ("C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll") -> Found

[PUP] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {41564952-412D-5637-00A7-7A786E7484D7} : 0 "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll"  -> Found

[PUP] HKEY_USERS\S-1-5-21-4162585890-2542146898-40610652-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {41564952-412D-5637-00A7-7A786E7484D7} :  "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll"  -> Found

[PUP] HKEY_USERS\S-1-5-21-4162585890-2542146898-40610652-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {D8278076-BC68-4484-9233-6E7F1628B56C} :  "C:\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll"  -> Found

[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | ApnTBMon : "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [7] -> Found

[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\APNMCP ("C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe") -> Found

[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\APNMCP ("C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe") -> Found

[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\APNMCP ("C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe") -> Found

Make sure those entries are Checkmarked (ticked) also ensure that all other entries are not Checkmarked.

Hit the Delete button, when complete select "Report" post that log...

 

Next,

 

See if you can now run FRST, if so post the two produced logs....

 

Thanks,

 

Kevin

[parvs]

Still cant run FRST

 

-------------------------------------------------------------------------------------------

 

RogueKiller V10.6.4.0 [May 18 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Owner [Administrator]
Started from : C:\Users\Owner\Desktop\winlogon.com.exe
Mode : Delete -- Date : 05/20/2015  11:22:45

¤¤¤ Processes : 3 ¤¤¤
[suspicious.Path] IdcLdr.exe(2160) -- C:\Users\Owner\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe[7] -> Killed [TermProc]
[suspicious.Path] explorer.exe(1740) -- C:\Users\Owner\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll[7] -> Unloaded
[PUP] (SVC) APNMCP -- "C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe"[7] -> Stopped

¤¤¤ Registry : 11 ¤¤¤
[PUM.Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED}  -> Deleted
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7} ("C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll") -> Deleted
[PUP] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar | {41564952-412D-5637-00A7-7A786E7484D7} : 0 "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll"  -> Deleted
[PUP] HKEY_USERS\S-1-5-21-4162585890-2542146898-40610652-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser | {41564952-412D-5637-00A7-7A786E7484D7} :  "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll"  -> Deleted
[PUP] HKEY_USERS\S-1-5-21-4162585890-2542146898-40610652-1000\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks | {D8278076-BC68-4484-9233-6E7F1628B56C} :  "C:\Program Files\AskPartnerNetwork\Toolbar\searchhook.dll"  -> Deleted
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | ApnTBMon : "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [7] -> Deleted
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\APNMCP ("C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe") -> Deleted
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\APNMCP ("C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe") -> Deleted
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\APNMCP ("C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe") -> Deleted
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 2 (Driver: Loaded) ¤¤¤
[shwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[585] : Unknown @ 0x8dd281f6
[shwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[588] : Unknown @ 0x8dd281fb

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS541680J9SA00 ATA Device +++++
--- User ---
[MBR] 46df4a59d725af4ef32f00922d086a88
[bSP] 19af02ec032a8978dcc669a0d698fe27 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 39997 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 81915435 | Size: 36318 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- xD/SDMMC/MS/Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_SCN_05202015_023248.log - RKreport_SCN_05202015_111634.log

[kevinf80]

Thanks for the update, see if you can do the following:

 

Open Notepad, select "Format" from the menu bar, make sure "Word Wrap" is not checked. Copy the text from the code box below to Notepad.

@echo offdel /f /s /q "C:\Users\Owner\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe"del /f /s /q "C:\Users\Owner\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll"del /f /s /q "C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe"del %0

Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"

It should look like this: <--XP <--vista or windows 7/8

Double click on delfile.bat to execute it. Even if that fails continue:
 

Next,

 

If you have Malwarebytes installed lets see if we can get it to run through its protected folder, do the following

 

Select > Start > All Programs > Malwarebytes` Anti-Malware > Tools folder > Malwarebytes Anti-Malware Chameleon:

 

 

 

 

A new window will open with Chameleon Tabs 1 through to 13...

 

Select tabs in turn until you get a successful run by double click on the tab,

 

Vista and Windows 7/8 user will have to accept UAC prompt. If successful you will see the following:

 

 

 

 

As instructed press any key to continue, you will now see the following as Malwarebytes attempts to run:

 

 

 

 

Do nothing, let MB continue, it will try to update:

 

 

 

 

You may see the following:

 

 

 

 

Then.....

 

 

 

 

MB will prompt if successful, do nothing; let it continue.

 

 

 

 

MB will try to kill known malicious processes, do nothing; let it continue.

 

 

 

 

MB will try to start a quick scan, if successful the following will open; do nothing the scan will run automatically.

 

 

 

 

When complete MB will produce a log, save that and copy to next reply.

 

MB will continue and remove the protective driver, you will then be given the option to "Press any key to continue" do that.

 

 

 

 

Let me see the log from Malwarebytes in your reply,

[parvs]

I ran delfile.bat, command prompt (i think) appeared and then command prompt was gone and so was the file on my desktop.

 

i don't have malware bytes, I couldn't install it.