Help! Black Screen @ Login

Eddie Paul Litz · Jan 26, 2017

Everytime I login to my PC, it starts out as a blank black screen for a little while before Windows Explorer comes up. How do I fix this. Please help!

Eddie Paul Litz · Jan 26, 2017

Eddie Paul Litz said:
Everytime I login to my PC, it starts out as a blank black screen for a little while before Windows Explorer comes up. How do I fix this. Please help!

Has anyone figured this out yet?

Lord Chance · Jan 26, 2017

If you are referring to the time between when the BIOS hands over control to Windows or when your PC wakes from sleep mode then it is a normal part of the process. In a new or fresh install of windows it is not as noticeable but as your PC gets more programs installed and use the longer the boot time becomes. I have two i7 computers with lots of memory and fast video cards but they still take a moment to transition. If your PC is not stalling on boot or crashing then I don't see much to be done. You can try delaying drivers from starting or reduce what starts up at boot to see if that help but be cautious when you do this. Stopping the wrong thing at boot can cause a crash for real.

Malnutrition · Jan 27, 2017

As Lord Chance has stated you might want to reduce your startup load....

Lets get some info from your machine, to get things rolling.

Step 1: Reset Host File

Click here to download RstHosts v2.0
Save the file to your desktop.
Right Click and Run as Administrator.
Click on Restaurer, then click OK at the prompt.
This will restore the default host file.
Next Click on Creer Un Rapport.
This will open a logfile, post that in your next reply.

Step 2: MiniToolBox Scan

Please download MINITOOLBOX and run it.

Checkmark following boxes:

Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)

Click Go post the result.

Step 3: Autoruns Scan.

Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe
After the scan is finished then click on File>>>>>>>>>>>Save
The default name will be autoruns.arn make sure to save it as Autoruns.txt under the file type option.
in other words make sure it is a .txt file instead of .arn Attach the text in your next reply.

Step 4: HijackThis.

1- Please click HERE to download HijackThis.
2- Run the program.
3- Click on the Main Menu button if not already there.
4- Select Do a system scan and save a logfile.
5- Copy paste the log here.

Step 5: JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.

Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log is saved to your desktop and will automatically open.
Please post the JRT log.

Step 6: Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Malnutrition · Jan 29, 2017

@Eddie Paul Litz Do you have an update for us on this issue?

Eddie Paul Litz · Jan 29, 2017

Malnutrition said:
@Eddie Paul Litz Do you have an update for us on this issue?

I haven't tried the above steps yet. I'll try them out.

Eddie Paul Litz · Jan 29, 2017

Malnutrition said:
@Eddie Paul Litz Do you have an update for us on this issue?

I'm still getting the Black Screen @ logon. I used COMODO Autoruns Analyzer instead of the Autoruns Analyzer yens provided. The one yens provided kept closing automatically. Here's all the logs:

Malnutrition · Jan 29, 2017

Please copy paste all logs, makes it easier for me

Eddie Paul Litz · Jan 29, 2017

Malnutrition said:
Please copy paste all logs, makes it easier for me

Those are all the logs you wanted me to post sir.

Rustys · Jan 29, 2017

He means to copy and paste the data from the logs into post, not attach them.

Eddie Paul Litz · Jan 29, 2017

# AdwCleaner v6.043 - Logfile created 28/01/2017 at 23:09:44
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-01-28.2 [Server]
# Operating System : Windows 10 Pro (X64)
# Username : eddie - WINDOWS-10XP-PR
# Running from : C:\Users\eddie\Desktop\adwcleaner_6.043.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\WINDOWS\Installer\{0088BAD5-E065-4A0F-B4A9-3DB6803D495B}

***** [ Files ] *****

[-] File deleted: C:\Users\eddie\AppData\Local\uninstallro.exe

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0088BAD5-E065-4A0F-B4A9-3DB6803D495B}
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0088BAD5-E065-4A0F-B4A9-3DB6803D495B}_is1
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService
[-] Key deleted: HKLM\SOFTWARE\Classes\OverlayIcon.MyOverlayIcon
[-] Key deleted: HKLM\SOFTWARE\Classes\OverlayIcon.MyOverlayIcon.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OverlayIcon.MyOverlayIcon
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OverlayIcon.MyOverlayIcon.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
[-] Key deleted: HKLM\SOFTWARE\WISECLEANER
[-] Key deleted: [x64] HKLM\SOFTWARE\WISECLEANER
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
[-] Key deleted: HKU\S-1-5-21-1945615899-2904019748-3028366660-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0AA24E16-07B3-4694-8357-3C21ACC5F516}
[#] Data restored on reboot: HKU\S-1-5-21-1945615899-2904019748-3028366660-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0AA24E16-07B3-4694-8357-3C21ACC5F516}
[#] Data restored on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0AA24E16-07B3-4694-8357-3C21ACC5F516}
[#] Data restored on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL

***** [ Web browsers ] *****

[-] [C:\Users\eddie\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\eddie\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\eddie\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: astromenda.com
[-] [C:\Users\eddie\AppData\Local\Comodo\Dragon\User Data\Profile 1\Web data] [Search Provider] Deleted: astromenda.com
[-] [C:\Users\eddie\AppData\Local\Comodo\Dragon\User Data\Profile 1\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\eddie\AppData\Local\Comodo\Dragon\User Data\Profile 1\Web data] [Search Provider] Deleted: yahoo.com
[-] [C:\Users\eddie\AppData\Local\Comodo\Dragon\User Data\Profile 1\Web data] [Search Provider] Deleted: ask.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3963 Bytes] - [28/01/2017 23:09:44]
C:\AdwCleaner\AdwCleaner[S0].txt - [3849 Bytes] - [28/01/2017 23:05:39]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [4109 Bytes] ##########
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:16:40 PM, on 1/28/2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Users\eddie\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://us.yahoo.com/?fr=fp-comodo&type=33090001005_10.0.0.6092_i_hp_sp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = getchrome.eu/home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IeUrlFilter Class - {2DD257A3-5028-41AE-A1E7-A12F76A08893} - C:\Program Files (x86)\COMODO\COMODO Secure Shopping Beta\cssbho32.dll
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\XP\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\XP\Classic Shell\ClassicIEDLL_32.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\XP\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [COMODO Ad Blocker] C:\Program Files (x86)\Comodo\Ad Blocker\AdBlocker.exe --silent
O4 - HKLM\..\Run: [vdcss] "C:\Program Files (x86)\COMODO\COMODO Secure Shopping Beta\vdcss.exe" -tray
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_E3F5740D1C7070D0CABB3741A4F94C0C] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
O4 - HKCU\..\Run: [pCloud] C:\Program Files (x86)\pCloud Drive\pCloud.exe
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O4 - Startup: Start GeekBuddy.lnk = C:\Program Files\COMODO\GeekBuddy\launcher.exe
O4 - Startup: Start PCloud.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\XP\Classic Shell\ClassicIE_32.exe
O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\XP\Classic Shell\ClassicIE_32.exe
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\windows\syswow64\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\syswow64\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.vizzed.com
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com.../en/x86/MuCatalogWebControl.cab?1473974404405
O17 - HKLM\System\CCS\Services\Tcpip\..\{0dc67b05-efea-4dda-b5bc-7a5c90c7ed1f}: NameServer = 192.85.126.30,192.85.127.30
O17 - HKLM\System\CCS\Services\Tcpip\..\{755ca006-310b-4da7-8a4f-68ed4a8644b8}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{0dc67b05-efea-4dda-b5bc-7a5c90c7ed1f}: NameServer = 192.85.126.30,192.85.127.30
O17 - HKLM\System\CS2\Services\Tcpip\..\{0DC67B05-EFEA-4DDA-B5BC-7A5C90C7ED1F}: NameServer = 192.85.126.30,192.85.127.30,
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O21 - SSODL: EldosMountNotificator-cbfs6 - {279E16DB-2E96-4624-B385-41F1A5AC91E6} - C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {279E16DB-2E96-4624-B385-41F1A5AC91E6} - C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Blue Coat K9 Web Protection (bckwfs) - Blue Coat Systems, Inc. - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
O23 - Service: Comodo AdBlockerService (CAdBlockerSvc) - Unknown owner - C:\Program Files (x86)\Comodo\Ad Blocker\AdBlockerService.exe
O23 - Service: Comodo AdBlocker Updater Service (CAdBlockerUpdaterSvc) - Unknown owner - C:\Program Files (x86)\Comodo\Ad Blocker\UpdaterService.exe
O23 - Service: COMODO LPS Launcher (CLPSLauncher) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
O23 - Service: COMODO Internet Security Helper Service (CmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: csssrv - COMODO - C:\Program Files (x86)\COMODO\COMODO Secure Shopping Beta\csssrv64.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Comodo - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @oem41.inf,%ServiceDisplayName%;ESIF Upper Framework Service (esifsvc) - Intel Corporation - C:\WINDOWS\SysWoW64\esif_uf.exe
O23 - Service: GeekBuddyRSP Server (GeekBuddyRSP) - Comodo Security Solutions, Inc. - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP CASL Framework Service (hpqcaslwmiex) - HP - C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
O23 - Service: Intel(R) Security Assist Helper (isaHelperSvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: OpenVpnService - - C:\Program Files\OpenVPN\bin\openvpnserv2.exe
O23 - Service: OpenVPN Interactive Service (OpenVPNServiceInteractive) - The OpenVPN Project - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: OpenVPN Legacy Service (OpenVPNServiceLegacy) - The OpenVPN Project - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Unsigned Themes (UnsignedThemes) - The Within Network, LLC - C:\WINDOWS\unsignedthemes.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: Wise Boot Assistant (WiseBootAssistant) - WiseCleaner.com - C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14052 bytes
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Pro x64
Ran by eddie (Limited) on Sat 01/28/2017 at 22:24:13.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 21

Failed to delete: C:\Program Files (x86)\google\chrome\application\chrome.bat (File)
Successfully deleted: C:\Program Files (x86)\internet explorer\iexplore.bat (File)
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\ProgramData\Start Menu\Programs\comodo\geekbuddy (Folder)
Successfully deleted: C:\Users\eddie\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\eddie\AppData\Roaming\microleaves (Folder)
Successfully deleted: C:\Users\eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start geekbuddy.lnk (Shortcut)
Successfully deleted: C:\Users\eddie\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\Users\eddie\Desktop\facebook.lnk (Shortcut)
Successfully deleted: C:\Users\eddie\Desktop\youtube.lnk (Shortcut)
Successfully deleted: C:\Users\Public\Desktop\geekbuddy.lnk (Shortcut)
Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder)
Successfully deleted: C:\users\Public\Documents\pc faster (Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\Wise Auto Shutdown Task.job (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Wise Care 365 PC Checkup Task (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Wise Care 365.job (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Wise Memory Optimizer Task.job (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Wise Turbo Checker.job (Task)
Successfully deleted: C:\WINDOWS\wininit.ini (File)
Successfully deleted: C:\Program Files (x86)\GUM3DA.tmp (File)
Successfully deleted: C:\Program Files\comodo\geekbuddy (Folder)

Registry: 4

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_E3F5740D1C7070D0CABB3741A4F94C0C (Registry Value)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\GeekBuddyRSP (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DD257A3-5028-41AE-A1E7-A12F76A08893} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DD257A3-5028-41AE-A1E7-A12F76A08893} (Registry Key)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/28/2017 at 22:33:49.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
MiniToolBox by Farbar Version: 17-06-2016
Ran by eddie (administrator) on 28-01-2017 at 21:36:29
Running from "C:\Users\eddie\Desktop"
Microsoft Windows 10 Pro (X64)
Model: HP Notebook Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================

Realtek RTL8188EE 802.11 bgn Wi-Fi Adapter = Wi-Fi (Connected)
Realtek PCIe FE Family Controller = Ethernet (Media disconnected)
TAP-Windows Adapter V9 = Ethernet 2 (Media disconnected)
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWoW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWoW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWoW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog5 07 %SystemRoot%\\SysWOW64\wlidNSP.dll [] ()
Catalog5 08 %SystemRoot%\\SysWOW64\wlidNSP.dll [] ()
Catalog9 01 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\WINDOWS\System32\wlidnsp.dll [66048] (Microsoft Corporation)
x64-Catalog5 08 C:\WINDOWS\System32\wlidnsp.dll [66048] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/28/2017 09:51:20 PM) (Source: Application Error) (User: )
Description: Windows cannot access the file C:\Windows\System32\autochk.exe for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Autostart program viewer because of this error.

Program: Autostart program viewer
File: C:\Windows\System32\autochk.exe

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C000009C
Disk type: 3

Error: (01/28/2017 09:51:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: Autoruns.exe, version: 13.62.0.0, time stamp: 0x578e4bc5
Faulting module name: Autoruns.exe, version: 13.62.0.0, time stamp: 0x578e4bc5
Exception code: 0xc0000006
Fault offset: 0x00017878
Faulting process id: 0xc68
Faulting application start time: 0xAutoruns.exe0
Faulting application path: Autoruns.exe1
Faulting module path: Autoruns.exe2
Report Id: Autoruns.exe3
Faulting package full name: Autoruns.exe4
Faulting package-relative application ID: Autoruns.exe5

Error: (01/28/2017 09:51:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: WINDOWS-10XP-PR)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/28/2017 09:45:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: WINDOWS-10XP-PR)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/28/2017 09:40:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: WINDOWS-10XP-PR)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/28/2017 09:39:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: WINDOWS-10XP-PR)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/28/2017 09:35:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: WINDOWS-10XP-PR)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/28/2017 09:30:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: WINDOWS-10XP-PR)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/28/2017 09:30:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: WINDOWS-10XP-PR)
Description: Activation of app Microsoft.WindowsAlarms_8wekyb3d8bbwe!App failed with error: -2147009284 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/28/2017 09:30:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: WINDOWS-10XP-PR)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2147024894 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:
=============
Error: (01/28/2017 09:51:55 PM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/28/2017 09:51:49 PM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/28/2017 09:51:47 PM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/28/2017 09:51:44 PM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/28/2017 09:51:41 PM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/28/2017 09:51:36 PM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/28/2017 09:51:33 PM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/28/2017 09:51:27 PM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/28/2017 09:51:13 PM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/28/2017 09:51:10 PM) (Source: DCOM) (User: WINDOWS-10XP-PR)
Description: "C:\WINDOWS\System32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider2Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProviderUnavailableUnavailable

Microsoft Office Sessions:
=========================
Error: (01/28/2017 09:51:20 PM) (Source: Application Error)(User: )
Description: C:\Windows\System32\autochk.exeAutostart program viewerC000009C3

Error: (01/28/2017 09:51:19 PM) (Source: Application Error)(User: )
Description: Autoruns.exe13.62.0.0578e4bc5Autoruns.exe13.62.0.0578e4bc5c000000600017878c6801d279d9da64fa0aC:\Users\eddie\Desktop\Autoruns\Autoruns.exeC:\Users\eddie\Desktop\Autoruns\Autoruns.exee6b2dee1-d45c-4a05-aaeb-7c08941ee1d0

Error: (01/28/2017 09:51:10 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: WINDOWS-10XP-PR)
Description: Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App-2147024894

Error: (01/28/2017 09:45:55 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: WINDOWS-10XP-PR)
Description: Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App-2147024894

Error: (01/28/2017 09:40:44 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: WINDOWS-10XP-PR)
Description: Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App-2147024894

Error: (01/28/2017 09:39:06 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: WINDOWS-10XP-PR)
Description: Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App-2147024894

Error: (01/28/2017 09:35:44 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: WINDOWS-10XP-PR)
Description: Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App-2147024894

Error: (01/28/2017 09:30:42 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: WINDOWS-10XP-PR)
Description: Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App-2147024894

Error: (01/28/2017 09:30:06 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: WINDOWS-10XP-PR)
Description: Microsoft.WindowsAlarms_8wekyb3d8bbwe!App-2147009284

Error: (01/28/2017 09:30:03 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: WINDOWS-10XP-PR)
Description: Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App-2147024894

CodeIntegrity Errors:
===================================
Date: 2017-01-28 21:06:16.294
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\cssguard64.dll that did not meet the Windows signing level requirements.

Date: 2017-01-28 21:06:16.254
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\iseguard64.dll that did not meet the Windows signing level requirements.

Date: 2017-01-28 17:16:47.732
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\cssguard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-28 17:16:47.647
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-28 17:16:23.120
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-28 17:16:23.064
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-28 16:38:28.059
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\cssguard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-28 16:38:28.029
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-28 16:38:28.000
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-01-28 16:37:53.900
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\cssguard64.dll that did not meet the Windows signing level requirements.

=========================== Installed Programs ============================

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20053 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Blue Coat K9 Web Protection (HKLM\...\Blue Coat K9 Web Protection) (Version: 4.5.1001 - Blue Coat Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
Comodo Ad Blocker (HKLM-x32\...\Comodo Ad Blocker) (Version: 1.0.0.22 - COMODO)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 52.15.25.664 - Comodo)
COMODO Internet Security Premium (HKLM\...\{67DA4459-33A8-4E69-9C7B-FB5CBADA60AB}) (Version: 10.0.0.6092 - COMODO Security Solutions Inc.) Hidden
COMODO Internet Security Premium (HKLM\...\COMODO Internet Security) (Version: 10.0.0.6092 - COMODO Security Solutions Inc.)
COMODO Secure Shopping Beta (HKLM-x32\...\{D15DF9B0-3A98-4BEF-B7D5-FC3AEA404690}) (Version: 1.1.69.0 - COMODO) Hidden
COMODO Secure Shopping Beta (HKLM-x32\...\Comodo Secure_Shopping_list_uninstall) (Version: 1.1.404690.69 - Comodo)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
DriverUpdate (HKLM-x32\...\{0088BAD5-E065-4A0F-B4A9-3DB6803D495B}) (Version: 2.7.0 - Slimware Utilities Holdings, Inc.) Hidden
GeekBuddy (HKLM\...\{96103D22-4888-481D-A02B-7D01DCDF5D9B}) (Version: 4.29.209 - Comodo Security Solutions Inc) Hidden
GeekBuddy (HKLM\...\Geekbuddy) (Version: 4.29.209 - Comodo Security Solutions Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.32.7 - Google Inc.) Hidden
HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.5.32.203 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4248 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 2.0.0.1094 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Java 8 Update 121 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Messenger for Desktop (HKCU\...\messengerfordesktop) (Version: 2.0.1 - Alexandru Rosianu)
Messenger For Desktop (HKLM-x32\...\MessengerForDesktop) (Version: - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4893.1002 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4893.1002 - Microsoft Corporation) Hidden
OpenVPN 2.4.0-I601 (HKLM\...\OpenVPN) (Version: 2.4.0-I601 - OpenVPN Technologies, Inc.)
pCloud Drive (HKLM-x32\...\{1a27b6d7-cb1a-4ca2-b026-8d7c17849410}) (Version: 3.5.5.0 - pCloud AG)
pCloud Drive (HKLM-x32\...\{FD4F906F-889A-4E13-9B0E-0B8E0329E67C}) (Version: 3.5.5 - pCloud AG) Hidden
Perfect Uninstaller v6.3.4.0 (HKLM\...\Perfect Uninstaller_is1) (Version: - www.PerfectUninstaller.com)
Product Improvement Study for HP ENVY 4500 series (HKLM\...\{58139103-BACF-4BDC-B71C-955F9164ADA6}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Project64 version 2.3.0.210 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.3.0.210 - )
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.107 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.12.1007.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7944 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.62 - REALTEK Semiconductor Corp.)
SkinPack XP (HKLM-x32\...\SkinPack) (Version: XP - SkinPack)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.4.10 - Synaptics Incorporated)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 5.3.6f1 - Unity Technologies ApS)
UxStyle (HKLM\...\{28A17CCB-77BB-49C9-847B-60E076DC43D1}) (Version: 0.2.4.2 - The Within Network, LLC) Hidden
UxStyle (HKLM-x32\...\{6bf90d91-c5db-454e-a7b4-81bc6cbbe13f}) (Version: 0.2.4.2 - The Within Network, LLC)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wise Care 365 4.53 (HKLM-x32\...\Wise Care 365_is1) (Version: 4.53 - WiseCleaner.com, Inc.)
Wise Memory Optimizer 3.49 (HKLM-x32\...\Wise Memory Optimizer_is1) (Version: 3.49 - WiseCleaner.com, Inc.)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 52%
Total physical RAM: 4017.3 MB
Available physical RAM: 1904.97 MB
Total Virtual: 8113.3 MB
Available Virtual: 4177.51 MB

========================= Partitions: =====================================

1 Drive c: (Windows 10 Pro) (Fixed) (Total:447.82 GB) (Free:332.55 GB) NTFS
2 Drive d: (Recovery Warranty) (Fixed) (Total:16.6 GB) (Free:8.35 GB) NTFS
3 Drive e: (UNTITLED) (Removable) (Total:119.08 GB) (Free:112.27 GB) exFAT
4 Drive p: (pCloud Drive) (Removable) (Total:500 GB) (Free:469.38 GB) exFAT

========================= Users: ========================================

User accounts for \\

Administrator DefaultAccount eddie
Guest

**** End of log ****
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-|x| RstHosts v2.0 - Rapport créé le 28/01/2017 à 21:33:30
-|x| Système d'exploitation : Windows 10 Pro (64 bits)
-|x| Nom d'utilisateur : eddie - WINDOWS-10XP-PR (Administrateur)

-|x|- Informations -|x|-

Emplacement : C:\WINDOWS\System32\drivers\etc\hosts
Attribut(s) : RASH
Propriétaire : Administrators - BUILTIN
Taille : 89 bytes
Date de création : 28/01/2017 - 21:33:17
Date de modification : 28/01/2017 - 21:33:17
Date de dernier accès : 28/01/2017 - 21:33:17

-|x|- Contenu du fichier -|x|-

# Fichier Hosts créé par RstHosts

127.0.0.1 localhost
::1 localhost

-|x|- E.O.F - C:\RstHosts.txt - 609 bytes -|x|-
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Here's what you wanted. Sorry for my misunderstanding. The Autoruns had to be uploaded instead. It was to large of text & to copy & paste.

Malnutrition · Jan 29, 2017

Reset Internet Settings.

Download and unzip internet Flush.zip to your desktop right click it run as Administrator. Reboot the machine to apply the settings.

Fix with HijackThis!

Close all other programs!

Right Click Hijack this, run as administrator.
Click do a system scan only.
Place a tick next to the items below.

O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_E3F5740D1C7070D0CABB3741A4F94C0C] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
O4 - HKCU\..\Run: [pCloud] C:\Program Files (x86)\pCloud Drive\pCloud.exe
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O4 - Startup: Start GeekBuddy.lnk = C:\Program Files\COMODO\GeekBuddy\launcher.exe
O4 - Startup: Start PCloud.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

Click fix checked.
Accept the prompt.
Reboot the machine after.

Uninstall These programs with Geek Uninstaller.

DriverUpdate (HKLM-x32\...\{0088BAD5-E065-4A0F-B4A9-3DB6803D495B}) (Version: 2.7.0 - Slimware Utilities Holdings, Inc.) Hidden
GeekBuddy (HKLM\...\{96103D22-4888-481D-A02B-7D01DCDF5D9B}) (Version: 4.29.209 - Comodo Security Solutions Inc) Hidden
GeekBuddy (HKLM\...\Geekbuddy) (Version: 4.29.209 - Comodo Security Solutions Inc)
HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.5.32.203 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 5.3.6f1 - Unity Technologies ApS)
Wise Memory Optimizer 3.49 (HKLM-x32\...\Wise Memory Optimizer_is1) (Version: 3.49 - WiseCleaner.com, Inc.)

Disable useless items.

Download easy service optmizer, save it to your desktop and unzip it there. Right click it and run as admin, then select tweaked at the bottom. Then click on the rocket, this will turn off a lot of useless items.

You will however need to change one setting. Right Click on Wlansvc — WLAN AutoConfig, then select start service, the edit service. Make sure it is automatic across the board, as per the picture.

I can not read your Comodo log, after the above steps run a check disk then see if you are able to run Autoruns again for me.

Run a check Disk On the machine.

Run chkdsk /f /r from elevated command prompt.

Eddie Paul Litz · Jan 29, 2017

What you had me do didn't fix the problem. I tried scheduling a Disk Check & the disk check didn't happen.

Malnutrition · Jan 29, 2017

I'm afraid your HDD may be failing.

We will want to check the condition of your hard drive next.

Download HD Tune and save the file. Install HD Tune and restart it after installation. Then go to the tab Error Scan , select the hard drive you want to check and press Start . The check can be quite time consuming take depends on the size of the hard drive check. Take a screen shot of the result and save it. Upload it to IMGUR for us. Post the link here.

Do Not tick the quick scan!!

Speccy Scan.

Please go here and download Speccy.
Install and run the program.
Upon Completion:
Hit File
Publish Snap Shot
A link will appear, post that link.

Malnutrition · Jan 29, 2017

Eddie Paul Litz said:
. I tried scheduling a Disk Check & the disk check didn't happen.

I'm assuming you rebooted the machine correct? Evidence below points strongly to a failing HDD.

Code:

Error: (01/28/2017 09:51:55 PM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/28/2017 09:51:49 PM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/28/2017 09:51:47 PM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/28/2017 09:51:44 PM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/28/2017 09:51:41 PM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/28/2017 09:51:36 PM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/28/2017 09:51:33 PM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/28/2017 09:51:27 PM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/28/2017 09:51:13 PM) (Source: disk) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Eddie Paul Litz · Jan 29, 2017

Malnutrition said:
I'm afraid your HDD may be failing.

We will want to check the condition of your hard drive next.

Download HD Tune and save the file. Install HD Tune and restart it after installation. Then go to the tab Error Scan , select the hard drive you want to check and press Start . The check can be quite time consuming take depends on the size of the hard drive check. Take a screen shot of the result and save it. Upload it to IMGUR for us. Post the link here.

Do Not tick the quick scan!!

Speccy Scan.

Please go here and download Speccy.

Install and run the program.

Upon Completion:

Hit File

Publish Snap Shot

A link will appear, post that link.

Speccy> http://speccy.piriform.com/results/lGG48uTnwOvJuZjcxSju41M

Eddie Paul Litz · Jan 29, 2017

The HD Tune isn't showing my Main Hard Drive. It's only showing my PCloud Drive (Online Storage) & my SD Card.

Malnutrition · Jan 29, 2017

Unable to change here??

Might need to unplug your external HDD

Malnutrition · Jan 29, 2017

I am going to summon a couple of people to get some steps to check your HDD. I feel that it may be failing, and we should not continue anything here until that is confirmed.

@Evan Omo @phillpower2 @gus

One of the guys above should know something about testing your HDD for errors..

Evan Omo · Jan 29, 2017

Hi Eddie Paul Litz.

To hopefully rule out a hard drive failure, run SeaTools for Windows and see if the hard drive passes the Long Generic Test. Let me know what the results are. Also if you haven't backed up your data yet, I would suggest that you do so as soon as possible.

Eddie Paul Litz

Eddie Paul Litz

Lord Chance

Malnutrition

Malnurished Mod

Malnutrition

Malnurished Mod

Eddie Paul Litz

Eddie Paul Litz

Attachments

Malnutrition

Malnurished Mod

Eddie Paul Litz

Rustys

Eddie Paul Litz

Attachments

Malnutrition

Malnurished Mod

Eddie Paul Litz

Malnutrition

Malnurished Mod

Malnutrition

Malnurished Mod

Eddie Paul Litz

Eddie Paul Litz

Malnutrition

Malnurished Mod

Malnutrition

Malnurished Mod

Evan Omo

Computer Support Technician

Search

Search

Help! Black Screen @ Login