Page 3 of 15 FirstFirst 1234513 ... LastLast

  1. Joined : Sep 2016
    Calgary
    Posts : 74
    Windows 10 Anniversary
       20 Sep 2016 #21

    simrick said: View Post
    Ugh - I hate that crap. Trojans, bringing more friends along for the ride....

    Disk Mgmt looks okay.
    Just so you know - once a system has had W10 installed on it (and activated), you can clean install W10 back on it as often as you like/need - so you don't have to do the W8>upgrade>W10 thing anymore. From the looks of your partitions, you did a clean install of W10, because I think a W8 install would have left a few more partitions on the drive, so I am a little confused(?) Unless you clean installed with a Win8.1Update - maybe that's why.

    Do me a favor and run ADWCleaner, selecting Tools>Options and check all the reset options; see if it comes up with anything.


    Attachment 102251

    Might even want to check the box for prefetch as well.

    Thanks Simrick. I just finished that step. No dice unfortunately. It did find a few minor things. but nothing to write home about. Re-tried again after that all completed and no dice. Still seeing that same error message. But just for your info, I have posted a copy of the ADW Cleaner log below;



    # AdwCleaner v6.020 - Logfile created 19/09/2016 at 22:10:49
    # Updated on 14/09/2016 by ToolsLib
    # Database : 2016-09-20.1 [Server]
    # Operating System : Windows 10 Home (X64)
    # Username : Luke - LUKE
    # Running from : Z:\FIREFOX DOWNLOADS\adwcleaner_6.020.exe
    # Mode: Clean
    # Support : ToolsLib - Forum: Ask for help or share your experience.



    ***** [ Services ] *****

    ***** [ Folders ] *****
    [-] Folder deleted: C:\Users\Luke Berger\AppData\Local\MalwareProtectionLive
    [-] Folder deleted: C:\Users\Luke Berger\AppData\Roaming\Systweak

    ***** [ Files ] *****
    [-] File deleted: C:\Users\Luke Berger\AppData\Roaming\Mozilla\Firefox\Profiles\5i3ghlif.default\searchplugins\trovi.xml

    ***** [ DLL ] *****
    ***** [ WMI ] *****
    ***** [ Shortcuts ] *****
    ***** [ Scheduled Tasks ] *****
    ***** [ Registry ] *****
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
    [-] Key deleted: HKU\S-1-5-21-4232256137-3942767270-2832098513-1001\Software\systweak
    [#] Key deleted on reboot: HKCU\Software\systweak
    [#] Key deleted on reboot: [x64] HKCU\Software\systweak
    [-] Key deleted: HKU\S-1-5-21-4232256137-3942767270-2832098513-1001\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    [-] Key deleted: HKU\S-1-5-21-4232256137-3942767270-2832098513-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95602BBF-1462-4DFA-A67A-CA6BC22DCDDA}
    [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95602BBF-1462-4DFA-A67A-CA6BC22DCDDA}
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95602BBF-1462-4DFA-A67A-CA6BC22DCDDA}

    ***** [ Web browsers ] *****
    [-] Chrome preferences cleaned: "browser.newtab.url" - "hxxp://www.trovi.com/?gd=&ctid=CT3333673&octid=EB_ORIGINAL_CTID&ISID=CC189085-F21C-491B-8002-F53EA1DBAEEB&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SPB315EC6B-EAF9-4555-8081-A552AB863FEE&D=081116"
    [-] Chrome preferences cleaned: "keyword.URL" - "hxxps://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=994519&p="
    [-] [C:\Users\Luke Berger\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
    [-] [C:\Users\Luke Berger\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
    *************************
    :: "Tracing" keys deleted
    :: Winsock settings cleared
    *************************
    C:\AdwCleaner\AdwCleaner[C0].txt - [2702 Bytes] - [19/09/2016 22:10:49]
    C:\AdwCleaner\AdwCleaner[S0].txt - [3946 Bytes] - [19/09/2016 18:11:45]
    C:\AdwCleaner\AdwCleaner[S1].txt - [2894 Bytes] - [19/09/2016 22:09:18]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2921 Bytes] ##########
      My System SpecsSystem Spec


  2. Joined : Apr 2015
    Posts : 9,115
    W10Prox64
       20 Sep 2016 #22

    Okay, so I am seeing remnants of trovi hijacker, MalwareProtectionLive rogue AV, Systweak, SearchScopes hijacker.

    Were you able to perform a clean boot and try the DISM tool yet?
    Next would be the repair install using an in-place upgrade as suggested earlier. That will allow you to keep all apps and files.
      My System SpecsSystem Spec


  3. Joined : Sep 2016
    Calgary
    Posts : 74
    Windows 10 Anniversary
       20 Sep 2016 #23

    simrick said: View Post
    Okay, so I am seeing remnants of trovi hijacker, MalwareProtectionLive rogue AV, Systweak, SearchScopes hijacker.

    Were you able to perform a clean boot and try the DISM tool yet?
    Next would be the repair install using an in-place upgrade as suggested earlier. That will allow you to keep all apps and files.
    Hi Simrick,
    I have had issues trying to perform a clean boot. Whenever I do, I lose use of my internet so it's kind of hard to update. I tried several times and leaving certain stuff active but no dice. I posted about that above, with screenshots of the System Config screen, and the programs I was shutting down.

    Also, I tried the DISM tutorial but I couldn't get it to work. It wasn't accepting any of the commands it suggested. What that DISM page was telling me, and the commands that actually work didnt mesh. Also I didn't know what image file I should be using.
      My System SpecsSystem Spec


  4. Joined : Sep 2016
    Calgary
    Posts : 74
    Windows 10 Anniversary
       20 Sep 2016 #24

    WOW, could it be this?


    I was in my device management looking to uninstall some drivers. And I found this;

    Click image for larger version. 

Name:	DeviceManagement.PNG 
Views:	48 
Size:	5.7 KB 
ID:	102395


    Click image for larger version. 

Name:	Qualcom-Error.PNG 
Views:	48 
Size:	16.6 KB 
ID:	102396Click image for larger version. 

Name:	Qualcom-Network Adapters.PNG 
Views:	4 
Size:	80.0 KB 
ID:	102397

    Then, I googled Athwbx.sys and found this. I'm gonna try the steps there and see if this helps;

    http://windowsreport.com/athwbx-sys-windows-10/
      My System SpecsSystem Spec


  5. Joined : Sep 2016
    Calgary
    Posts : 74
    Windows 10 Anniversary
       21 Sep 2016 #25

    LAPS said: View Post
    I was in my device management looking to uninstall some drivers. And I found this;

    Click image for larger version. 

Name:	DeviceManagement.PNG 
Views:	48 
Size:	5.7 KB 
ID:	102395


    Click image for larger version. 

Name:	Qualcom-Error.PNG 
Views:	48 
Size:	16.6 KB 
ID:	102396Click image for larger version. 

Name:	Qualcom-Network Adapters.PNG 
Views:	4 
Size:	80.0 KB 
ID:	102397

    Then, I googled Athwbx.sys and found this. I'm gonna try the steps there and see if this helps;

    http://windowsreport.com/athwbx-sys-windows-10/
    OK. I did that. It seems the driver is now working properly, but all of a sudden I get this error message at startup. It seems Windows Defender stopped working

    .Click image for larger version. 

Name:	new-error..PNG 
Views:	47 
Size:	6.8 KB 
ID:	102404

    Update still doesn't work. I don't get why I'm getting this error now. If it's not one thing it's another.
      My System SpecsSystem Spec


  6. Joined : Apr 2015
    Posts : 9,115
    W10Prox64
       21 Sep 2016 #26

    LAPS said: View Post
    Hi Simrick,
    I have had issues trying to perform a clean boot. Whenever I do, I lose use of my internet so it's kind of hard to update. I tried several times and leaving certain stuff active but no dice. I posted about that above, with screenshots of the System Config screen, and the programs I was shutting down.
    Yes, sorry, I see that. The Atheros would need to stay enabled in order to have internet in a clean boot.

    LAPS said: View Post
    Also, I tried the DISM tutorial but I couldn't get it to work. It wasn't accepting any of the commands it suggested. What that DISM page was telling me, and the commands that actually work didnt mesh. Also I didn't know what image file I should be using.
    The dism tool would need to be online, unless you have an install.WIM file to point it to on the the system. So, you'd want to use an ISO that is most recent. Right-click the ISO to mount, then note the location of the wim file (i.e. F:\sources\install.wim) and point the dism tool to it. If you have an ISO with install.ESD instead of install.WIM, it may not work.

    EDIT: I've just re-read the whole thread, and wanted to make some additional observations, and ask some more questions:

    You indicated that W8 installed fine, but W10 upgrade was a problem. In addition to what's already been mentioned, I do know that this will happen if hardware is failing/failed/problematic (could have been the wrls nic). Also, USB failures, memory failures - anything like that will prevent the install or upgrade.

    Internet wasn't working well (pages slow to load and resetting) - has that resolved now that the Atheros driver has been repaired?

    DISM can be done without internet (and that's probably how you want to do it now anyway):

    Reset Internet Explorer.
    Reset Chrome.
    Check your HOSTS file for leftover changes from the infection.
    Show hidden files; open with Notepad
    C:\Windows\System32\Drivers\etc\HOSTS
    Post it here in a code box (use # button) if you're not sure what you've got.

    Put the system in a clean boot state. If you have ASUS AI Suite on the system, uninstall it. Also uninstall any 3rd-party AV, and hardware monitoring software (like Speccy, HDD Sentinel, etc.).

    Have the ISO on the desktop - not the Z drive. Mount the ISO by right-clicking it and selecting MOUNT. Note the drive letter assigned to it, and the path to the install.wim file.

    Disconnect your Z drive. Disable your wrls nic, and any ethernet nic you may have, in Device Manager. Also disable your USB hub. Disconnect all peripherals except keyboard, mouse and monitor. Open an admin command prompt and type the command (this is assuming the ISO is a wim-type, mounted to drive F):

    Code:
    DISM /online /cleanup-image /restorehealth /source:wim:F:\sources\install.wim:1 /limitaccess
    Note the spaces preceding each forward slash. The limitaccess switch tells the tool to search locally for files needed in the wim you pointed it to, and not to look online. If your ISO has an install.esd instead of install.wim, use that and change the command accordingly.

    Code:
    DISM /online /cleanup-image /restorehealth /source:esd:F:\sources\install.esd:1 /limitaccess


    If it still fails to run, it could be that the ISO is corrupt. If there is an error number, please post it. In this case, it may be best to download a new one from a known clean, functioning system.

    If the tool doesn't run, I would be suspicious of the ISO being corrupt, and would get a good one before I proceeded with a repair install.

    I think, if you can, you should try the repair install using an in-place upgrade. Again, the latest ISO would be best to use, and makes no difference if you have an ESD or WIM file for that.
    Last edited by simrick; 22 Sep 2016 at 23:49. Reason: removed dash from restorehealth switch
      My System SpecsSystem Spec


  7. Joined : Sep 2016
    Calgary
    Posts : 74
    Windows 10 Anniversary
       22 Sep 2016 #27

    Hi Simrick,
    I'm really trying here. I did everything you said but the DISM tool is giving me heartache. This is what it shows this.

    Click image for larger version. 

Name:	DISM.PNG 
Views:	6 
Size:	22.5 KB 
ID:	102696

    What am I doing wrong?
      My System SpecsSystem Spec


  8. Joined : Apr 2015
    Posts : 9,115
    W10Prox64
       22 Sep 2016 #28

    LAPS said: View Post
    Hi Simrick,
    I'm really trying here. I did everything you said but the DISM tool is giving me heartache. This is what it shows this.

    Click image for larger version. 

Name:	DISM.PNG 
Views:	6 
Size:	22.5 KB 
ID:	102696

    What am I doing wrong?
    Hi LAPS. I must apologise profusely - the restorehealth does NOT have a dash in it. I will change my post above to correct that for others who may come here....so sorry about that. Try it without the dash, and it should work.
      My System SpecsSystem Spec


  9. Joined : Sep 2016
    Calgary
    Posts : 74
    Windows 10 Anniversary
       23 Sep 2016 #29

    simrick said: View Post
    Yes, sorry, I see that. The Atheros would need to stay enabled in order to have internet in a clean boot.

    The dism tool would need to be online, unless you have an install.WIM file to point it to on the the system. So, you'd want to use an ISO that is most recent. Right-click the ISO to mount, then note the location of the wim file (i.e. F:\sources\install.wim) and point the dism tool to it. If you have an ISO with install.ESD instead of install.WIM, it may not work.

    EDIT: I've just re-read the whole thread, and wanted to make some additional observations, and ask some more questions:

    You indicated that W8 installed fine, but W10 upgrade was a problem. In addition to what's already been mentioned, I do know that this will happen if hardware is failing/failed/problematic (could have been the wrls nic). Also, USB failures, memory failures - anything like that will prevent the install or upgrade.

    Internet wasn't working well (pages slow to load and resetting) - has that resolved now that the Atheros driver has been repaired?

    DISM can be done without internet (and that's probably how you want to do it now anyway):

    Reset Internet Explorer.
    Reset Chrome.
    Check your HOSTS file for leftover changes from the infection.
    Show hidden files; open with Notepad
    C:\Windows\System32\Drivers\etc\HOSTS
    Post it here in a code box (use # button) if you're not sure what you've got.

    Put the system in a clean boot state. If you have ASUS AI Suite on the system, uninstall it. Also uninstall any 3rd-party AV, and hardware monitoring software (like Speccy, HDD Sentinel, etc.).

    Have the ISO on the desktop - not the Z drive. Mount the ISO by right-clicking it and selecting MOUNT. Note the drive letter assigned to it, and the path to the install.wim file.

    Disconnect your Z drive. Disable your wrls nic, and any ethernet nic you may have, in Device Manager. Also disable your USB hub. Disconnect all peripherals except keyboard, mouse and monitor. Open an admin command prompt and type the command (this is assuming the ISO is a wim-type, mounted to drive F):

    Code:
    DISM /online /cleanup-image /restorehealth /source:wim:F:\sources\install.wim:1 /limitaccess
    Note the spaces preceding each forward slash. The limitaccess switch tells the tool to search locally for files needed in the wim you pointed it to, and not to look online. If your ISO has an install.esd instead of install.wim, use that and change the command accordingly.

    Code:
    DISM /online /cleanup-image /restorehealth /source:esd:F:\sources\install.esd:1 /limitaccess


    If it still fails to run, it could be that the ISO is corrupt. If there is an error number, please post it. In this case, it may be best to download a new one from a known clean, functioning system.

    If the tool doesn't run, I would be suspicious of the ISO being corrupt, and would get a good one before I proceeded with a repair install.

    I think, if you can, you should try the repair install using an in-place upgrade. Again, the latest ISO would be best to use, and makes no difference if you have an ESD or WIM file for that.
    OK. I did it all. Even the in place upgrade. The DISM tool worked, but didn't seem to fix anything, but the In-Place upgrade worked. By worked, I mean it installed, and created the Windows.Old file. Problem is now, my internet is back to slug mode. Also, I tried to run windows update again and it didn't work. Just the same error message again. When I opened up my case though I noticed it's full of dust (well, alot dustier than it ever has been). I'm going to clean it out tomorrow and hopefully at least might stop any of these phantom hardware issues, but IDK, that's alot of wishful thinking I bet.

    But like I said, my internet is really slow again. This is what it shows at the bottom of each page when loading, and this is what it was showing before when it was slow. When it was working well for a few days there this wasn't happening.

    Click image for larger version. 

Name:	WHY THIS ALL THE TIME..PNG 
Views:	36 
Size:	13.6 KB 
ID:	102887

    I ran ADWCleaner and it came up with one threat c:\END or something like that. Other than that nothing at all. I almost want to just reformat everything and start clean but IDK if that would even work. At the least I want my quick internet back. I'm willing to sacrifice the new windows updates if I can get that back, but maybe you can still help. Please HELP.
      My System SpecsSystem Spec


  10. Joined : Apr 2015
    Posts : 9,115
    W10Prox64
       24 Sep 2016 #30

    LAPS said: View Post
    OK. I did it all. Even the in place upgrade. The DISM tool worked, but didn't seem to fix anything, but the In-Place upgrade worked. By worked, I mean it installed, and created the Windows.Old file. Problem is now, my internet is back to slug mode. Also, I tried to run windows update again and it didn't work. Just the same error message again. When I opened up my case though I noticed it's full of dust (well, alot dustier than it ever has been). I'm going to clean it out tomorrow and hopefully at least might stop any of these phantom hardware issues, but IDK, that's alot of wishful thinking I bet.

    But like I said, my internet is really slow again. This is what it shows at the bottom of each page when loading, and this is what it was showing before when it was slow. When it was working well for a few days there this wasn't happening.

    Click image for larger version. 

Name:	WHY THIS ALL THE TIME..PNG 
Views:	36 
Size:	13.6 KB 
ID:	102887

    I ran ADWCleaner and it came up with one threat c:\END or something like that. Other than that nothing at all. I almost want to just reformat everything and start clean but IDK if that would even work. At the least I want my quick internet back. I'm willing to sacrifice the new windows updates if I can get that back, but maybe you can still help. Please HELP.
    Where did that come from? Do you have these cloudflare DNS servers on your NIC?
    Go into your NIC properties for IPv4 and IPv6 and change them to Google DNS servers - see if that doesn't speed up your internet. Put them in your router too, if you have that option.

    Google Public DNS operates recursive name servers for public use at the following IP addresses:
    8.8.8.8 and 8.8.4.4 for IPv4
    2001:4860:4860::8888 and 2001:4860:4860::8844, for IPv6
      My System SpecsSystem Spec


 
Page 3 of 15 FirstFirst 1234513 ... LastLast


Similar Threads
Thread Forum
How to get the Windows 10 Anniversary Update
760521668653518849 Source: How to get the Windows 10 Anniversary Update | Windows Experience Blog Download Windows 10 Anniversary ISO (32-bit 3.14 GB) (64-bit=4.07 GB):
Windows 10 News
Cannot Update to Windows 10 Anniversary Update (Freeze during Update)
Search Results I am trying to update from Windows 10 OS Build 10586.589 to the Anniversary Update but my computer freezes at 1% progress. I have tried everything I can think of including: Unplugging all extra SATA drives except my main SSD,...
Windows Updates and Activation
Windows Update does not download and install the anniversary update.
I am downloading the update manually. Have others had the same issue with windows update not showing the update? I'm not sure my WU is working because of this.
Windows Updates and Activation
First one with windows 10 anniversary update
Who will it be? With no glitches. What time? Where are you located? What do you really notice improved over old 10? If you are a paying customer, did you get your monies worth? Are loading times (software and boot speeds). Add your questions if you...
General Support
Windows 10 Anniversary Update SDK Now Available!
Source: Windows 10 Anniversary Update SDK Now Available! Windows Store Open for Submissions | Building Apps for Windows
Windows 10 News
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 03:42.
Find Us
Twitter Facebook Google+



Windows 10 Forums