Yep, okay. Hope the registry change will work, because I am not sure how to correct this otherwise, since the sfc /scannow showed no integrity violations. May have to call in some help for this issue.
In the meantime, I will be unavailable for a couple of hours. I have asked @lx07 to assist with the DLL error using the other program he mentioned. Okay? He is very knowledgeable.
And if he has any ideas on the Defender problem, please try his suggestions.
Hello @Writer, please have a look at the post #110 in this thread.
I have contracted a Virus that shows many Ads - Post 110
If you've any questions let me know but it should be quite straightforward.
- Download Autoruns from here Autoruns for Windows
- Unzip the downloaded file
- Run autoruns.exe
- Under the "Everything" tab search for the string AppData\Local\PluginBus\xBin\PluginBus.dll in the image path (shown in the picture earlier). You can use crtl + F to help with that.
- If found right click on that line and select delete.
- Reboot and message should be gone.
I'll think about Defender but nothing springs immediately to mind.
For @lx07: I downloaded "Autoruns for Windows" and under the "Everything" tab, I found the DLL string (appdata/local/plugins etc. I deleted it and then rebooted, but the DLL Error window still appeared.
I went back to Autoruns to see if it was still gone, and it is not there. Looks like a real mystery.
Under Task Manager, Open Services, I double-clicked on "Windows Defender Network Inspection Service" and under "Startup Type" is says "Manual."
I double-clicked on "Windows Defender Service Properties" and under "Startup Type" it also says "Manual."
In the example that you gave me, the second one should read "Automatic."
Finding: the two don't match your examples, and Defender is still not running.
I opened the Registry. I clicked on Windows Defender and several items appeared in the right pane. However, the two that you specified did not appear: Disable Antispyware and Disable Antivirus.
I exited the Registry.
Windows Defender is still disabled.
Yes indeed, that is not good. Normally autoruns finds all startup items. Perhaps it is submitted by something else.
Please go to Options tab and tick the 2 options as shown here
Then select "Scan options" and tick the 3 boxes shown here and then click on "Rescan"
It will pop-up a Virus-total terms and conditions website. You can close this, accept the terms and conditions and then wait for it to complete.
It will check the signatures of all startup items and submit them to be checked. Wait until it has finished (it took about 45 seconds for me but I've not much installed).
If anything appears under the "Virus Total" (indicated with the red arrow above) column please report back what the line says.
If it is all blank as in the picture above let us know - in this case we'll need another strategy.
For @lx07 : I opened "Autoruns" and under "Options," I checked the boxes you indicated. I ran the scan and rescan, and the list that came up has 15 items listed under "Virus Total." They are labeled with the red numbers 1/54, 1/55, 1/56, and 1/57. The "Time Stamp" for all except one is in July of 2015. The other is "Time Stamped" in October of 2015.
The publisher for all of the entries is (verified) Microsoft.
1/55 means it is false positive, as it is verified Microsoft. I'm sorry to say that this method of using Autoruns has not worked.
I'm not expert enough in sorting out virus infections to know what else could be trying to launch this process but I will try to find out if I can.
Quote
