1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

In Progress Worst Virus Ever

Discussion in 'Virus & Other Malware Removal' started by jmiah57, Aug 18, 2016.

Thread Status:
Not open for further replies.
Advertisement
  1. jmiah57

    jmiah57 Thread Starter

    Joined:
    Aug 18, 2016
    Messages:
    16
    I got a virus from a .exe file. I use windows 1o and only have Windows Defender. The virus has made the Defender buttons grey, cant turn on and cant use offline version. I have used cmd to try to find and fix problem, but it said it couldn't fix it. I try to get anti virus, but and url that has a download or relates to viruses it detects and doesn't let me to the sight. It also plays ads in the background. I've tried to use Local Group Policy Editor, but since I dont have pro I am unable to see Windows defender as a tab. Please HELP ME!
     
  2. jmiah57

    jmiah57 Thread Starter

    Joined:
    Aug 18, 2016
    Messages:
    16
    But any url*
     
  3. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Hi jmiah57,

    Please run the following:

    TSG - SysInfo utility
    • Right mouse click on this link:SysInfo utility
    • Select from the pop up box:
      "Save link as..."
    • From the left panel of the pop up box, scroll up and select desktop.
    • Click the "Save" button.
    From your desktop:
    • Right Mouse click SysInfo.exe, select "Run As Administrator" to run it... if UAC prompts, please allow it.
    • Right click, select copy and then paste in your next post.
     
  4. jmiah57

    jmiah57 Thread Starter

    Joined:
    Aug 18, 2016
    Messages:
    16
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 10 Home, 64 bit
    Processor: Intel(R) Pentium(R) CPU B950 @ 2.10GHz, Intel64 Family 6 Model 42 Stepping 7
    Processor Count: 2
    RAM: 3795 Mb
    Graphics Card: Intel(R) HD Graphics, 1705 Mb
    Hard Drives: C: Total - 450830 MB, Free - 407977 MB;
    Motherboard: SAMSUNG ELECTRONICS CO., LTD., NP300E5C-A0CUS
    Antivirus: Windows Defender, Disabled
     
  5. jmiah57

    jmiah57 Thread Starter

    Joined:
    Aug 18, 2016
    Messages:
    16
    Also where it says it is disabled, the buttons are all grey, virus stops me from picking it.
     
  6. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Hi jmiah57,

    It is not necessary to quote me on your reply. All you have to do is paste your reply in the box at the bottom of the page.
    If you need more options, all you have to do is click on the more option button at the bottom of the page.

    Please run the following:

    FRST - Farbar Recovery Scanner Tool [​IMG]

    Please download FRST64.exe ... by Farbar. Save or move it to your desktop.
    1. Right click on FRST64.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it. When the tool opens click Yes to disclaimer
    2. Press Scan button. ... A log will be created FRST.txt in the same directory the tool is run.
    3. Please copy/paste FRST.txt it to your reply.
      The first time the tool is run, it makes also another log... Addition.txt.
    4. Please copy/paste Addition.txt in your reply.
     
  7. jmiah57

    jmiah57 Thread Starter

    Joined:
    Aug 18, 2016
    Messages:
    16
    Loaded Profiles: jmiah57 (Available Profiles: jmiah57)
    Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Edge)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (communicators) C:\Windows\rotten.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Farbar) C:\Users\jmiah57\Desktop\FRST64 (1).exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-07-16] (Microsoft Corporation)
    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3251408 2015-09-23] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-08-28] (Realtek Semiconductor)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9103976 2016-08-18] (AVAST Software)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-18] (AVAST Software)
    Startup: C:\Users\jmiah57\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ok8965942equation.lnk [2016-08-17]
    ShortcutTarget: ok8965942equation.lnk -> C:\Program Files (x86)\idee\goldberg.exe (No File)
    GroupPolicyScripts: Restriction <======= ATTENTION
    GroupPolicyScripts\User: Restriction <======= ATTENTION
    GroupPolicyScripts-x32: Restriction <======= ATTENTION
    GroupPolicyScripts-x32\User: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 1 <======= ATTENTION (Restriction - ProxySettings)
    ProxyEnable: [HKLM-x32] => Proxy is enabled.
    ProxyServer: [HKLM-x32] => http=127.0.0.1:8877;https=127.0.0.1:8877
    AutoConfigURL: [HKLM] => http=127.0.0.1:8877;https=127.0.0.1:8877
    Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
    Tcpip\..\Interfaces\{41149545-5e7d-4e26-af6c-534a1df91174}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-915191271-1565821320-4066514102-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-915191271-1565821320-4066514102-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung13.msn.com
    HKU\S-1-5-21-915191271-1565821320-4066514102-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
    SearchScopes: HKU\S-1-5-21-915191271-1565821320-4066514102-1001 -> DefaultScope {5A6E591D-B745-4044-AD8B-4A2D8E9EA8FA} URL =

    FireFox:
    ========
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-13] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-13] (Google Inc.)
    FF Plugin HKU\S-1-5-21-915191271-1565821320-4066514102-1001: @nsroblox.roblox.com/launcher -> C:\Users\jmiah57\AppData\Local\Roblox\Versions\version-2cc7e2256bc843db\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
    FF Plugin HKU\S-1-5-21-915191271-1565821320-4066514102-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\jmiah57\AppData\Local\Roblox\Versions\version-2cc7e2256bc843db\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-18]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-18]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF

    Chrome:
    =======
    CHR Profile: C:\Users\jmiah57\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\jmiah57\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-13]
    CHR Extension: (Google Docs) - C:\Users\jmiah57\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-13]
    CHR Extension: (Google Drive) - C:\Users\jmiah57\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-13]
    CHR Extension: (YouTube) - C:\Users\jmiah57\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-13]
    CHR Extension: (Avast SafePrice) - C:\Users\jmiah57\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-08-19]
    CHR Extension: (Google Sheets) - C:\Users\jmiah57\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-13]
    CHR Extension: (Google Docs Offline) - C:\Users\jmiah57\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-13]
    CHR Extension: (Avast Online Security) - C:\Users\jmiah57\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-08-18]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\jmiah57\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-13]
    CHR Extension: (Gmail) - C:\Users\jmiah57\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-13]
    CHR Extension: (Chrome Media Router) - C:\Users\jmiah57\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-18]
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
     
  8. jmiah57

    jmiah57 Thread Starter

    Joined:
    Aug 18, 2016
    Messages:
    16
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-08-2016
    Ran by jmiah57 (19-08-2016 23:56:37)
    Running from C:\Users\jmiah57\Desktop
    Windows 10 Home Version 1607 (X64) (2016-08-14 19:48:49)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-915191271-1565821320-4066514102-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-915191271-1565821320-4066514102-503 - Limited - Disabled)
    Guest (S-1-5-21-915191271-1565821320-4066514102-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-915191271-1565821320-4066514102-1005 - Limited - Enabled)
    jmiah57 (S-1-5-21-915191271-1565821320-4066514102-1001 - Administrator - Enabled) => C:\Users\jmiah57

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    AirDroid 3.3.3.0 (HKLM-x32\...\AirDroid) (Version: 3.3.3.0 - Sand Studio)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2279 - AVAST Software)
    Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - )
    ETDWare X64 15.7.0.1_WHQL (HKLM\...\Elantech) (Version: 15.7.0.1 - ELAN Microelectronic Corp.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
    gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version: - Richard)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.)
    ROBLOX Player for jmiah57 (HKU\S-1-5-21-915191271-1565821320-4066514102-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
    S Agent (Version: 1.0.7 - Samsung Electronics CO., LTD.) Hidden
    SafeZone Stable 1.51.2220.53 (x32 Version: 1.51.2220.53 - Avast Software) Hidden
    StreamOptimizer (HKU\S-1-5-21-915191271-1565821320-4066514102-1001\...\StreamOptimizer) (Version: - ) <==== ATTENTION
    SW Update (HKLM-x32\...\{ADC15B86-A3F8-4DE3-9E0A-047FF12D6941}) (Version: 2.0.18 - Samsung Electronics CO., LTD.)
    Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17350 - Microsoft Corporation)
    WinRAR 5.31 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-915191271-1565821320-4066514102-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\jmiah57\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-915191271-1565821320-4066514102-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\jmiah57\AppData\Local\Roblox\Versions\version-2cc7e2256bc843db\RobloxProxy64.dll (ROBLOX Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {03896D04-23AB-4F74-A27D-B1B71EE41E2C} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask => C:\Windows\system32\MDMAgent.exe [2016-07-16] (Microsoft Corporation)
    Task: {0B0ACB85-6452-41FA-9354-DAF5C41BEA02} - System32\Tasks\b78470765 => C:\Program Files (x86)\signage\hovels.exe [2016-08-16] (chand)
    Task: {16DEA092-FB0C-40D0-AE20-0536BECC21D9} - System32\Tasks\Microsoft\Windows\EDP\EDP App Launch Task
    Task: {18156235-CDAC-48E7-84D6-D33AC9493CAA} - System32\Tasks\{E0632A05-60C9-4FB3-9581-599B19CD8E35} => pcalua.exe -a C:\Users\jmiah57\AppData\Local\uninstallssl.exe
    Task: {184784E2-6ACB-4154-BD0F-A955BE13F177} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePolicyChange
    Task: {1B65DD58-D16B-45E8-BEB4-94D7E4D64DF7} - System32\Tasks\Microsoft\Windows\EDP\EDP Auth Task
    Task: {211A2AAC-CBAD-4AAC-B7A1-5682BB8184A0} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
    Task: {24D566AE-38E3-4FA7-8D26-D04E798EC448} - \WPD\SqmUpload_S-1-5-21-915191271-1565821320-4066514102-1001 -> No File <==== ATTENTION
    Task: {3605B6C1-FB04-40B4-9C60-B118BADC0D73} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-18] (AVAST Software)
    Task: {4136B92C-7580-42BB-9543-EB032EFE4D80} - System32\Tasks\a6255767462557674 => C:\Program Files (x86)\idee\goldberg.exe
    Task: {5BE91AA6-4313-4E4B-9C09-33DBE53D8152} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTask => C:\Windows\System32\XblGameSaveTask.exe [2016-07-16] (Microsoft Corporation)
    Task: {6232090F-3BD0-4E1F-960B-78CBA797F685} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleWnsCommand
    Task: {678E403B-651E-4180-A4D1-473F45C09C00} - System32\Tasks\24993846 => C:\Program Files (x86)\signage\hovels.exe [2016-08-16] (chand) <==== ATTENTION
    Task: {6B1AE720-1359-4B9E-9C0F-60167361EF01} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefreshTask
    Task: {6E8AE752-C5D2-4B34-B351-338B4370A342} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleCommand
    Task: {7AC5E1E2-2FD3-40CD-8842-88CE53A3609C} - System32\Tasks\Microsoft\Windows\DiskFootprint\StorageSense
    Task: {8D1AB202-C311-42DA-8996-1841FB56DFBA} - \SWUpdateAgent -> No File <==== ATTENTION
    Task: {9851188E-AC07-4F36-BA28-6D00BB2C9C46} - System32\Tasks\Microsoft\Windows\Device Information\Device => C:\Windows\system32\devicecensus.exe [2016-07-16] (Microsoft Corporation)
    Task: {A48655A9-F972-4BD0-B127-CF674F8F8A0F} - \SAgent -> No File <==== ATTENTION
    Task: {AB6B6863-B925-4F60-9D22-6E89157FDB8A} - System32\Tasks\dP6255767462557674 => C:\Program Files (x86)\idee\goldberg.exe
    Task: {B6EE76B2-4F82-4E15-9345-C867A29CBAD0} - System32\Tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask => C:\Windows\system32\speech_onecore\common\SpeechModelDownload.exe [2016-07-16] (Microsoft Corporation)
    Task: {BEDED21E-F689-4ED9-A22B-5791DC6BCE9E} - System32\Tasks\14993846 => C:\Program Files (x86)\signage\hovels.exe [2016-08-16] (chand) <==== ATTENTION
    Task: {C879A803-EE75-4695-88CB-D6BC3A4BBF79} - System32\Tasks\SafeZone scheduled Autoupdate 1471564499 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-09] (Avast Software)
    Task: {CC636E49-0109-402B-A40B-A37C29069A95} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\LocateCommandUserSession
    Task: {CD19BC8A-E9FE-49ED-92A5-0E1194F69F00} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon => C:\Windows\System32\XblGameSaveTask.exe [2016-07-16] (Microsoft Corporation)
    Task: {D394BE25-2E16-45D4-AAB2-3E8861A09351} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitorToastTask
    Task: {D3C4106A-D511-42C6-9716-465644534C87} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierinstall => C:\Windows\system32\AppHostRegistrationVerifier.exe [2016-07-16] (Microsoft Corporation)
    Task: {D4E21E10-5D43-49C1-A8B5-5358BAB548FE} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
    Task: {D941F53F-7907-4FBE-B1E7-69EBD5B3A5D8} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceLocationRightsChange
    Task: {EA9BAA00-6604-4A27-8A73-AFA65F0EE1B3} - System32\Tasks\Microsoft\Windows\SharedPC\Account Cleanup => Rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
    Task: {ECEDC57D-8965-4EB1-BD6F-84791D928E23} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierdaily => C:\Windows\system32\AppHostRegistrationVerifier.exe [2016-07-16] (Microsoft Corporation)
    Task: {F0056551-69D3-4CC7-8362-65F69E90E385} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-08-28] (Realtek Semiconductor)
    Task: {FE89E755-93D4-4BAF-BA1E-1073AD64F9F5} - \Optimize Start Menu Cache Files-S-1-5-21-915191271-1565821320-4066514102-1001 -> No File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2016-07-16 04:42 - 2016-07-16 04:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-07-16 04:42 - 2016-07-16 04:42 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2016-07-16 04:42 - 2016-07-16 04:42 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2016-07-16 04:42 - 2016-07-16 04:42 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
    2016-08-14 12:54 - 2016-08-14 12:54 - 00959168 _____ () C:\Users\jmiah57\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
    2016-07-16 04:42 - 2016-07-16 04:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll
    2016-07-16 04:42 - 2016-07-16 04:42 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
    2016-08-14 15:13 - 2016-08-02 01:15 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
    2016-08-14 15:13 - 2016-08-02 01:15 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
    2016-08-14 15:12 - 2016-08-02 01:01 - 09761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-08-14 15:12 - 2016-08-02 00:53 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-08-14 15:12 - 2016-08-02 00:53 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
    2016-08-14 15:12 - 2016-08-02 00:54 - 01033728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2016-08-14 15:12 - 2016-08-02 00:54 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-08-14 15:12 - 2016-08-02 00:56 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2016-08-13 04:43 - 2016-08-02 16:41 - 02366280 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
    2016-08-13 04:43 - 2016-08-02 16:40 - 00107848 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
    2016-08-14 13:43 - 2016-08-14 13:45 - 00071168 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    2016-08-14 13:43 - 2016-08-14 13:45 - 00178176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
    2016-08-14 13:43 - 2016-08-14 13:45 - 35290624 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.102.0_x64__kzf8qxf38zg5c\SkyWrap.dll
    2016-08-13 04:43 - 2016-08-02 16:04 - 31541952 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll
    2016-08-18 07:43 - 2016-08-18 07:43 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-08-18 17:12 - 2016-08-18 17:12 - 03015680 _____ () C:\Program Files\AVAST Software\Avast\defs\16081802\algo.dll
    2016-08-18 07:43 - 2016-08-18 07:43 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2016-08-19 23:48 - 2016-08-19 23:48 - 03015680 _____ () C:\Program Files\AVAST Software\Avast\defs\16081901\algo.dll
    2016-08-18 07:43 - 2016-08-18 07:43 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-915191271-1565821320-4066514102-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg
    DNS Servers: 68.105.28.11 - 68.105.29.11
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [WirelessDisplay-Infra-In-TCP] => (Allow) %systemroot%\system32\CastSrv.exe
    FirewallRules: [{E78CF1C7-8E48-4E9B-BD28-C70C35E35758}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{D10B88C2-0E98-4071-9E2C-6FBFFFF682AF}] => (Allow) C:\WINDOWS\system32\rundll32.exe
    FirewallRules: [{916520BB-5C5C-4B9A-BD99-F533F9D27F44}] => (Allow) C:\Users\jmiah57\AppData\Local\ddnowyes.exe
    FirewallRules: [{0AD5BB45-6FD0-4054-BB3F-FB46E6B94226}] => (Allow) C:\Users\jmiah57\AppData\Local\Temp\setup.exe
    FirewallRules: [{282EE74B-7EAF-488C-ABB6-006F15C621E4}] => (Allow) C:\Users\jmiah57\AppData\Local\4763261.exe
    FirewallRules: [{4B94964E-ED1A-4146-B295-D5CCF48A3441}] => (Allow) C:\Users\jmiah57\AppData\Local\tinstall.exe
    FirewallRules: [{CFF7949B-C193-4E29-8D87-F2AFE1077B6E}] => (Allow) C:\Users\jmiah57\AppData\Local\cap.exe
    FirewallRules: [{7C2FC166-8B6E-43D4-AFFA-82434E6BEBC9}] => (Allow) C:\Users\jmiah57\AppData\Local\ddnow.exe
    FirewallRules: [{AF7C0DDD-F80E-41FA-BD1B-4E9E3F75515C}] => (Allow) C:\Users\jmiah57\AppData\Local\Temp\KPKASYH297\chromedriver.exe
    FirewallRules: [{9A92FC7D-9FFC-4C06-A11A-F4B4974E9E41}] => (Allow) C:\Program Files (x86)\luxuriously\montana.exe
    FirewallRules: [{0B424301-626D-4DC9-8809-0D806D9EDCF4}] => (Allow) C:\Program Files (x86)\luxuriously\bayerische.exe
    FirewallRules: [{9075DF36-F55C-4541-B38E-6E7C28E447DE}] => (Allow) C:\Program Files (x86)\signage\hovels.exe
    FirewallRules: [{83928519-F105-4830-AED6-81BFCEABAC93}] => (Allow) C:\Program Files (x86)\idee\goldberg.exe
    FirewallRules: [{1225464E-FD0C-4E34-A543-EA124BBE5D52}] => (Allow) C:\WINDOWS\jordan.exe
    FirewallRules: [TCP Query User{A3A143B4-8BE4-4F94-A93F-B80B62AA0332}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
    FirewallRules: [UDP Query User{56D1721B-613D-45B2-8F43-38D555CD7837}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe

    ==================== Restore Points =========================

    14-08-2016 15:14:17 Windows Update
    18-08-2016 07:31:02 Removed Realtek Ethernet Controller Driver

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (08/18/2016 08:53:13 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: WORDPAD.EXE, version: 10.0.14393.0, time stamp: 0x57899854
    Faulting module name: gdi32full.dll, version: 10.0.14393.0, time stamp: 0x57899b21
    Exception code: 0xc0000005
    Fault offset: 0x00000000000572d2
    Faulting process id: 0x15fc
    Faulting application start time: 0xWORDPAD.EXE0
    Faulting application path: WORDPAD.EXE1
    Faulting module path: WORDPAD.EXE2
    Report Id: WORDPAD.EXE3
    Faulting package full name: WORDPAD.EXE4
    Faulting package-relative application ID: WORDPAD.EXE5

    Error: (08/18/2016 07:47:40 PM) (Source: marcial) (EventID: 0) (User: )
    Description: Service cannot be started. System.IO.FileNotFoundException: Could not load file or assembly 'dll, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. The system cannot find the file specified.
    File name: 'dll, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'
    at s11.WindowsService.check()
    at s11.WindowsService.OnStart(String[] args)
    at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

    WRN: Assembly binding logging is turned OFF.
    To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.
    Note: There is some performance penalty associated with assembly bind failure logging.
    To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableLog].

    Error: (08/18/2016 07:39:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Jmiah57-pc)
    Description: Activation of app Microsoft.Getstarted_4.0.9.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (08/18/2016 06:58:38 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll4

    Error: (08/18/2016 06:56:31 PM) (Source: Perflib) (EventID: 1023) (User: )
    Description: rdyboost4

    Error: (08/18/2016 06:53:59 PM) (Source: marcial) (EventID: 0) (User: )
    Description: Service cannot be started. System.IO.FileNotFoundException: Could not load file or assembly 'dll, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. The system cannot find the file specified.
    File name: 'dll, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'
    at s11.WindowsService.check()
    at s11.WindowsService.OnStart(String[] args)
    at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

    WRN: Assembly binding logging is turned OFF.
    To enable assembly bind failure logging, set the registry value [HKLM\Software\Microsoft\Fusion!EnableLog] (DWORD) to 1.
    Note: There is some performance penalty associated with assembly bind failure logging.
    To turn this feature off, remove the registry value [HKLM\Software\Microsoft\Fusion!EnableLog].

    Error: (08/18/2016 05:05:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Jmiah57-pc)
    Description: Activation of app Microsoft.Getstarted_4.0.9.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (08/18/2016 05:01:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Jmiah57-pc)
    Description: Activation of app Microsoft.Getstarted_4.0.9.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (08/18/2016 04:57:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program AvastUI.exe version 12.3.3149.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: d44

    Start Time: 01d1f9abccc82bbf

    Termination Time: 60000

    Application Path: C:\Program Files\AVAST Software\Avast\AvastUI.exe

    Report Id: 5f3241ce-659f-11e6-be7e-20689dbb07ad

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (08/18/2016 07:44:53 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Jmiah57-pc)
    Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.


    System errors:
    =============
    Error: (08/19/2016 11:51:36 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB2267602 (Definition 1.227.254.0).

    Error: (08/19/2016 11:42:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (08/19/2016 11:42:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

    Error: (08/19/2016 11:42:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

    Error: (08/18/2016 07:49:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Google Update Service (gupdate) service failed to start due to the following error:
    %%2 = The system cannot find the file specified.

    Error: (08/18/2016 07:48:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

    Error: (08/18/2016 07:48:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

    Error: (08/18/2016 07:47:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (08/18/2016 07:46:52 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
    Description: 1084dpsUnavailable{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

    Error: (08/18/2016 07:46:50 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
    Description: 1084dpsUnavailable{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}


    CodeIntegrity:
    ===================================
    Date: 2016-08-17 20:36:07.737
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-08-17 19:58:00.081
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-08-17 17:51:29.779
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\WINDOWS\System32\Drivers\appid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-08-17 17:51:29.777
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\WINDOWS\System32\Drivers\appid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-08-17 17:51:29.774
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\WINDOWS\System32\Drivers\appid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-08-17 17:51:29.770
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\WINDOWS\System32\Drivers\appid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-08-17 17:51:18.532
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\WINDOWS\WinSxS\amd64_microsoft-windows-appid_31bf3856ad364e35_6.2.9200.16384_none_b015b7b03beb81fd\appid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-08-17 17:51:18.530
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\WINDOWS\WinSxS\amd64_microsoft-windows-appid_31bf3856ad364e35_6.2.9200.16384_none_b015b7b03beb81fd\appid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-08-17 17:51:18.528
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\WINDOWS\WinSxS\amd64_microsoft-windows-appid_31bf3856ad364e35_6.2.9200.16384_none_b015b7b03beb81fd\appid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-08-17 17:51:18.525
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\WINDOWS\WinSxS\amd64_microsoft-windows-appid_31bf3856ad364e35_6.2.9200.16384_none_b015b7b03beb81fd\appid.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Pentium(R) CPU B950 @ 2.10GHz
    Percentage of memory in use: 55%
    Total physical RAM: 3795.54 MB
    Available physical RAM: 1674.32 MB
    Total Virtual: 5203.54 MB
    Available Virtual: 2928.04 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:440.26 GB) (Free:397.15 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 467FC636)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  9. jmiah57

    jmiah57 Thread Starter

    Joined:
    Aug 18, 2016
    Messages:
    16
    Also It says avast because i was able to get it about a day after his post through my phone then got the file to my pc, it ran and found viruses and I am now able to go to malware sites unlike before, but still unable to access Windows Defender, may be just because I have avast, but Im not sure
     
  10. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    The FRST.txt post is incomplete. Please attach both the FRST.txt and the Addition.txt file as attachments.
    Post the results from the AVAST scan.
    Please do not run any other scans or cleaning programs unless I ask you to run them.
     
  11. jmiah57

    jmiah57 Thread Starter

    Joined:
    Aug 18, 2016
    Messages:
    16
    Txt
     

    Attached Files:

  12. jmiah57

    jmiah57 Thread Starter

    Joined:
    Aug 18, 2016
    Messages:
    16
    Scan says there are no viruses yet every 2 seconds avast pops up saying threat blocked and I go to the file it shows and scan it and it says its clean
     
  13. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Hi jmiah57,

    Please run the following:

    Step 1.
    Registry Backup (TCRB)
    TCRB should still be on your desktop - if not;
    Please download tweaking.com_registry_backup_setup.exe
    Choose a download site for the installer... download and save it to your desktop.
    Double click on the "...setup.exe" program and install the program. Let the install use the default installation. How to tutorial here.

    Once the program is installed...
    1. Double click the Tweaking.com Registry Backup icon ... on your Desktop to open the program.
    2. Right mouse click the Tweaking.com Registry Backup icon, select "Run As Administrator" to run it... if UAC prompts, please allow it.
    3. It should open with the Backup Registry tab selected and all file options checked. Check any that are not already checked.
    4. Click on Backup Now to create a backup of your Registry.
      You'll see "Waiting for Volume Shadow Copy snapshot..." this may take a few moments, just be patient.
    5. When completed you should see a message saying something like ... Successful ??/?? Registry Files Backed Up ... ?? is total number of files, both numbers should match.
    6. Close and exit the program.

    < STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


    Step 2.
    AdwCleaner Download and Run


    Click on this link to download : ADWCleaner
    Click on the Download Now button and save it to your desktop.

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and double click on this icon on your desktop:

    [​IMG]

    You will then see the screen below. Click on the Scan button (as indicated), accept any prompts that appear and allow it to run.
    It may take several minutes to complete. When it is done click on the Clean button, accept any prompts that appear and allow the system to reboot.
    You will then be presented with the report. Copy & Paste it into your next post.

    [​IMG]

    Please post the content of the C:\AdwCleaner[C?].txt logfile in your next reply.


    Step 3.
    Junkware Removal Tool

    [​IMG] Please download Junkware Removal Tool and save it to your desktop.
    • Shut down your protection software as shown in This topic now to avoid potential conflicts.
    • Right-click JRT.exe and select " Run as administrator " to run it. If prompted by UAC, please allow it.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Please post the contents of JRT.txt into your next reply.



    What I need back from you:
    Post each separately.
    1. Verify Completetion of TCRB
    2. Contents of C:\AdwCleaner[C?].txt
    3. Contents of JRT.txt
    4. Any problem executing the instructions?
    Thanks,
    wbg
     
  14. wannabeageek

    wannabeageek Malware Specialist

    Joined:
    Nov 11, 2009
    Messages:
    581
    Hi jmiah57.

    It has been three days since my last post.

    • Do you still need help?
    • Do you need more time?
    • Are you having problems following my instructions?
    • These topics will self- close after 45 days without a response.
    • If you do not reply within the next 48 hours, I will remove this topic from my notification list.
    • If you post back after 5 days but before 45 days, PM me and wait for a response.
    • If you still need help after 45 days post a new log on a new thread.
     
  15. jmiah57

    jmiah57 Thread Starter

    Joined:
    Aug 18, 2016
    Messages:
    16
    Sorry, just have been busy with school, completing task right now
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1176449

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice