1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved Blue Screen error closing down computer; possible virus?

Discussion in 'Virus & Other Malware Removal' started by phantomengineer56, Jan 26, 2019.

Advertisement
  1. phantomengineer56

    phantomengineer56 Thread Starter

    Joined:
    Jan 26, 2019
    Messages:
    13
    In the last few days my computer has developed an issue which causes it to close itself down and automatically reboot/restart. An error message appears on re-start, and google suggests it as a Blue Screen error.

    I've researched the problem via the Microsoft Windows Support pages, and attempted all of the diagnostic checks and fixes suggested: restoring the system to the last restore point, in my case just prior to the last windows update (I'm fairly certain the problem did not arise before this point); checked the Action Centre for solutions, but none identified; re-updated windows with the updates; checked all the drivers, which all show as being the most up to date versions, and at the same time noting that all the devices seem to be working properly; and, checking both the hard drive and RAM for errors, none of which again are identified.

    I should add that excepting Windows, AVG, anti spyware, Java updates, that is, all the usual stuff, I've added no new hardware, and downloaded no new programmes in an age. I've checked for viruses using my normal programmes and none are identified. Also, that there is no pattern to the close downs, excepting they never occur when I'm 'actively' using the computer.

    At a mate's suggestion, I checked task scheduler just in case, and couldn't see any in place which would cause the issue. However, I did note that in the Active Tasks field, a couple of entries were showing which weren't clear to me, firstly is "DistromaticSearchProtect-hourly", and secondly is "DistromaticUpdater-periodic". Again, I checked google, which suggests a virus, which additionally may cause blue screen errors.

    Am I on the right path, and if so, what's the best way to solve the issue. I should say that despite my attempts - as above - to identify and solve the issue, I'm not particularly computer savvy!

    Find attached, hopefully, three of the error messages which arise on re-start.

    Cheers
     

    Attached Files:

  2. phantomengineer56

    phantomengineer56 Thread Starter

    Joined:
    Jan 26, 2019
    Messages:
    13
    Sorry... ...should have added this...

    Tech Support Guy System Info Utility version 1.0.0.4
    OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM) i5-3330 CPU @ 3.00GHz, Intel64 Family 6 Model 58 Stepping 9
    Processor Count: 4
    RAM: 7886 Mb
    Graphics Card: Intel(R) HD Graphics, -1792 Mb
    Hard Drives: C: 98 GB (19 GB Free); D: 178 GB (35 GB Free); E: 654 GB (75 GB Free);
    Motherboard: ASRock, H61M-DG3/USB3
    Antivirus: AVG Antivirus, Enabled and Updated
     
  3. phantomengineer56

    phantomengineer56 Thread Starter

    Joined:
    Jan 26, 2019
    Messages:
    13
    Whether this was inherent originally, whatever the problem is may be also now affecting IE. I have, of course, started to use Firefox instead. Find attached an error message when using IE.
    Thanks
     

    Attached Files:

  4. phantomengineer56

    phantomengineer56 Thread Starter

    Joined:
    Jan 26, 2019
    Messages:
    13
    Still getting the same issues, and the same type of error messages. Now also problematical on occasions when I try to re-boot or re-start myself.

    Thank you in advance.
     
  5. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    118
    Welcome to the Tech Support Guy malware removal forum.
    I'm iMacg3 and will be helping you.

    Please keep the following information in mind before we begin:
    • Do not run any fixes or tools on your system unless I request that you do so.
    • Please read all instructions carefully, and complete them in the order listed.
    • If your computer seems to start working normally, please don't abandon the topic. Just because your computer doesn't seem to have a problem doesn't mean that it isn't infected.
    • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
    • If you have questions about anything, please ask.


    --------------------


    Download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Right-click FRST/FRST64 and select Run as administrator. (Windows XP users double-click on the file).
    • If you receive a SmartScreen pop-up, click More Info, then Run Anyway.
    • When the tool opens, click Yes to the disclaimer.
    • Press the Scan button.
    • When finished, two log files will open - FRST.txt and Addition.txt.
    • Copy and paste the contents of FRST.txt and Addition.txt into your next reply.

    Note - FRST.txt and Addition.txt are saved to the same location as FRST/FRST64.
     
  6. phantomengineer56

    phantomengineer56 Thread Starter

    Joined:
    Jan 26, 2019
    Messages:
    13
    Many thanks for assisting... ...it is much appreciated.

    I should add that since posting the problem originally that i've removed AVG
     
  7. phantomengineer56

    phantomengineer56 Thread Starter

    Joined:
    Jan 26, 2019
    Messages:
    13
    ...and replaced it with Avira, just in case the problem was caused by some sort of conflict with AVG. Do you need me to update the System Info?

    Find attached the two log files from running the FRST tool.
     

    Attached Files:

  8. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    118
    Hi,

    Going over your logs I noticed that you have qBittorrent installed.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
    • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
    • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
    • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
    It is pretty much certain that if you continue to use P2P programs, you will get infected again.
    I would recommend that you uninstall qBittorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
    If you wish to keep it, please do not use it until your computer is cleaned.

    -------------------------------------

    We'll run a FRST fix to see if we can get more information about the crashes, and remove some 'orphaned' registry entries.

    Highlight the contents of the below code box and press Ctrl + C:
    Code:
    Start::
    
    CreateRestorePoint:
    EmptyTemp:
    CloseProcesses:
    
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    BHO: No Name -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> No File
    BHO-x32: No Name -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> No File
    Toolbar: HKU\S-1-5-21-1003746759-1352747866-133838355-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    Toolbar: HKU\S-1-5-21-1003746759-1352747866-133838355-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    Toolbar: HKU\S-1-5-21-1003746759-1352747866-133838355-1000 -> No Name - {00000000-0000-0000-0000-000000000000} -  No File
    
    S2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe" [X]
    S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [X]
    
    AVG PC TuneUp 2015 (en-US) (HKLM-x32\...\{4AC74ED1-719B-46DA-8B8A-340FBF892291}) (Version: 15.0.1001.604 - AVG Technologies) Hidden
    
    HKU\S-1-5-21-1003746759-1352747866-133838355-1000\...\ChromeHTML: ->  <==== ATTENTION
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
    
    Task: {568E57BE-EA48-4007-9267-8B0D05F0D583} - System32\Tasks\DistromaticSearchProtect-logon => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-04-04] (Browser Distribution Services Inc. -> Distromatic) <==== ATTENTION
    Task: {77AA94B3-0828-43C4-8E54-7C046978F761} - System32\Tasks\DistromaticUpdater-periodic => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-04-04] (Browser Distribution Services Inc. -> Distromatic) <==== ATTENTION
    Task: {7D8C9EBF-31BF-436D-A2AE-55EEDD0C452B} - System32\Tasks\{E069ACAE-9DCB-471B-907F-21E71B98CFD3} => C:\Windows\system32\pcalua.exe -a "C:\Users\Andy Thorpe\AppData\Local\Temp\Temp1_SmartConnect_Win7-64_Win7(v2.0.1083.0)[1].zip\SmartConnect_Win7-64_Win7(2.0.1083.0)\Setup.exe" <==== ATTENTION
    Task: {855AF9D1-11C9-4F21-86AF-63917F9B4BD1} - System32\Tasks\DistromaticSearchProtect-hourly => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-04-04] (Browser Distribution Services Inc. -> Distromatic) <==== ATTENTION
    Task: {B596CFC4-1AC0-463F-9C17-7C88A42E0494} - System32\Tasks\DistromaticUpdater-logon => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-04-04] (Browser Distribution Services Inc. -> Distromatic) <==== ATTENTION
    Task: {BF055FE1-9BB0-44AF-8894-3AB2A3B7C3FC} - System32\Tasks\{7FF95809-3897-42CB-8AF0-BCA9A5AC3D59} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
    Task: {CB9E79CF-19CB-4285-B0BE-09F5DFA2181D} - System32\Tasks\{0F635CC8-9CC0-4158-8F80-1B450B3C4B15} => C:\Windows\system32\pcalua.exe -a C:\Users\ANDYTH~1\AppData\Local\Temp\jre-8u161-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
    
    Zip: C:\Windows\Minidump\020819-16738-01.dmp
    End::
    Right-click on FRST/FRST64 and select Run as Administrator.
    Click on Fix.
    Note - there is no need to paste the contents of the code box anywhere.
    If your computer restarts, allow it to do so.
    Once the fix is complete, a file called fixlog will be saved to the same directory as FRST. The log may open in Notepad as well.
    Please copy and paste the contents of the fixlog into your next reply.

    Additionally, a .zip file will be created on your desktop with the date and time the fix was run. Please attach it to your reply.

    Thanks.
     
  9. phantomengineer56

    phantomengineer56 Thread Starter

    Joined:
    Jan 26, 2019
    Messages:
    13
    Fixlog, as follows:

    Fix result of Farbar Recovery Scan Tool (x64) Version: 8.02.2019
    Ran by Andy Thorpe (09-02-2019 19:07:09) Run:1
    Running from C:\Users\Andy Thorpe\Desktop
    Loaded Profiles: Andy Thorpe (Available Profiles: Andy Thorpe)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CreateRestorePoint:
    EmptyTemp:
    CloseProcesses:
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    BHO: No Name -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> No File
    BHO-x32: No Name -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> No File
    Toolbar: HKU\S-1-5-21-1003746759-1352747866-133838355-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-1003746759-1352747866-133838355-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKU\S-1-5-21-1003746759-1352747866-133838355-1000 -> No Name - {00000000-0000-0000-0000-000000000000} - No File
    S2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe" [X]
    S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [X]
    AVG PC TuneUp 2015 (en-US) (HKLM-x32\...\{4AC74ED1-719B-46DA-8B8A-340FBF892291}) (Version: 15.0.1001.604 - AVG Technologies) Hidden
    HKU\S-1-5-21-1003746759-1352747866-133838355-1000\...\ChromeHTML: -> <==== ATTENTION
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    Task: {568E57BE-EA48-4007-9267-8B0D05F0D583} - System32\Tasks\DistromaticSearchProtect-logon => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-04-04] (Browser Distribution Services Inc. -> Distromatic) <==== ATTENTION
    Task: {77AA94B3-0828-43C4-8E54-7C046978F761} - System32\Tasks\DistromaticUpdater-periodic => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-04-04] (Browser Distribution Services Inc. -> Distromatic) <==== ATTENTION
    Task: {7D8C9EBF-31BF-436D-A2AE-55EEDD0C452B} - System32\Tasks\{E069ACAE-9DCB-471B-907F-21E71B98CFD3} => C:\Windows\system32\pcalua.exe -a "C:\Users\Andy Thorpe\AppData\Local\Temp\Temp1_SmartConnect_Win7-64_Win7(v2.0.1083.0)[1].zip\SmartConnect_Win7-64_Win7(2.0.1083.0)\Setup.exe" <==== ATTENTION
    Task: {855AF9D1-11C9-4F21-86AF-63917F9B4BD1} - System32\Tasks\DistromaticSearchProtect-hourly => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-04-04] (Browser Distribution Services Inc. -> Distromatic) <==== ATTENTION
    Task: {B596CFC4-1AC0-463F-9C17-7C88A42E0494} - System32\Tasks\DistromaticUpdater-logon => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-04-04] (Browser Distribution Services Inc. -> Distromatic) <==== ATTENTION
    Task: {BF055FE1-9BB0-44AF-8894-3AB2A3B7C3FC} - System32\Tasks\{7FF95809-3897-42CB-8AF0-BCA9A5AC3D59} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
    Task: {CB9E79CF-19CB-4285-B0BE-09F5DFA2181D} - System32\Tasks\{0F635CC8-9CC0-4158-8F80-1B450B3C4B15} => C:\Windows\system32\pcalua.exe -a C:\Users\ANDYTH~1\AppData\Local\Temp\jre-8u161-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
    Zip: C:\Windows\Minidump\020819-16738-01.dmp

    *****************

    Restore point was successfully created.
    Processes closed successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ddcea2a-7b00-4349-8acb-af7ba6da251f} => removed successfully
    HKLM\Software\Classes\CLSID\{0ddcea2a-7b00-4349-8acb-af7ba6da251f} => not found
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ddcea2a-7b00-4349-8acb-af7ba6da251f} => removed successfully
    HKLM\Software\Wow6432Node\Classes\CLSID\{0ddcea2a-7b00-4349-8acb-af7ba6da251f} => not found
    "HKU\S-1-5-21-1003746759-1352747866-133838355-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully
    HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => not found
    "HKU\S-1-5-21-1003746759-1352747866-133838355-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removed successfully
    HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => not found
    "HKU\S-1-5-21-1003746759-1352747866-133838355-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00000000-0000-0000-0000-000000000000}" => removed successfully
    HKLM\Software\Classes\CLSID\{00000000-0000-0000-0000-000000000000} => not found
    HKLM\System\CurrentControlSet\Services\TuneUp.UtilitiesSvc => removed successfully
    TuneUp.UtilitiesSvc => service removed successfully
    HKLM\System\CurrentControlSet\Services\TuneUpUtilitiesDrv => removed successfully
    TuneUpUtilitiesDrv => service removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4AC74ED1-719B-46DA-8B8A-340FBF892291}\\SystemComponent" => removed successfully
    HKU\S-1-5-21-1003746759-1352747866-133838355-1000_Classes\ChromeHTML => removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
    HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{568E57BE-EA48-4007-9267-8B0D05F0D583}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{568E57BE-EA48-4007-9267-8B0D05F0D583}" => removed successfully
    C:\Windows\System32\Tasks\DistromaticSearchProtect-logon => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticSearchProtect-logon" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77AA94B3-0828-43C4-8E54-7C046978F761}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77AA94B3-0828-43C4-8E54-7C046978F761}" => removed successfully
    C:\Windows\System32\Tasks\DistromaticUpdater-periodic => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticUpdater-periodic" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D8C9EBF-31BF-436D-A2AE-55EEDD0C452B}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D8C9EBF-31BF-436D-A2AE-55EEDD0C452B}" => removed successfully
    C:\Windows\System32\Tasks\{E069ACAE-9DCB-471B-907F-21E71B98CFD3} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E069ACAE-9DCB-471B-907F-21E71B98CFD3}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{855AF9D1-11C9-4F21-86AF-63917F9B4BD1}" => not found
    C:\Windows\System32\Tasks\DistromaticSearchProtect-hourly => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticSearchProtect-hourly" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B596CFC4-1AC0-463F-9C17-7C88A42E0494}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B596CFC4-1AC0-463F-9C17-7C88A42E0494}" => removed successfully
    C:\Windows\System32\Tasks\DistromaticUpdater-logon => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticUpdater-logon" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF055FE1-9BB0-44AF-8894-3AB2A3B7C3FC}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF055FE1-9BB0-44AF-8894-3AB2A3B7C3FC}" => removed successfully
    C:\Windows\System32\Tasks\{7FF95809-3897-42CB-8AF0-BCA9A5AC3D59} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7FF95809-3897-42CB-8AF0-BCA9A5AC3D59}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB9E79CF-19CB-4285-B0BE-09F5DFA2181D}" => removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB9E79CF-19CB-4285-B0BE-09F5DFA2181D}" => removed successfully
    C:\Windows\System32\Tasks\{0F635CC8-9CC0-4158-8F80-1B450B3C4B15} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0F635CC8-9CC0-4158-8F80-1B450B3C4B15}" => removed successfully
    ================== Zip: ===================
    C:\Windows\Minidump\020819-16738-01.dmp -> copied successfully to C:\Users\Andy Thorpe\Desktop\09.02.2019_19.07.34.zip
    =========== Zip: End ===========

    =========== EmptyTemp: ==========

    BITS transfer queue => 0 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 97319297 B
    Java, Flash, Steam htmlcache => 173212 B
    Windows/system/drivers => 647650857 B
    Edge => 0 B
    Chrome => 0 B
    Firefox => 918211613 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Users => 0 B
    Default => 0 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 221655037 B
    systemprofile32 => 66788 B
    LocalService => 132244 B
    NetworkService => 87056 B
    Andy Thorpe => 1212249356 B

    RecycleBin => 3637344 B
    EmptyTemp: => 2.9 GB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 19:09:19 ====
     

    Attached Files:

  10. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    118
    Hi,

    It's very likely that the issue is caused by a non-malware problem. We'll check for any malware, however.

    When you see the Blue Screen error, is there an error code? (also called a Stop Code) If so, what is the code?
    ------------------------------

    Download AdwCleaner and save it to your Desktop.
    • Right-click on AdwCleaner.exe and select Run as Administrator
    • Accept the EULA (I accept), then click on Scan.
    • Let the scan complete. If no objects are detected, close the AdwCleaner window.
    • If any objects are detected, make sure that all the boxes are checked and click on the Clean and Repair button.
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer. Allow it to do so.
    • After the restart, an AdwCleaner window will open. Click on View Log File, and the log will open in notepad. Copy and paste the contents of the log into your next reply.
    Note: the AdwCleaner log is also saved to C:\AdwCleaner\Logs\AdwCleaner[CXX].txt (where XX is two numbers).

    Thanks.
     
  11. phantomengineer56

    phantomengineer56 Thread Starter

    Joined:
    Jan 26, 2019
    Messages:
    13
    Completed, as per...

    Noted in my previous reply that despite removing AVG, and replacing it with Avira, that traces of AVG Tune Up remain. Is this an issue?

    Anyway, here's the AdwCleaner log file...

    # -------------------------------
    # Malwarebytes AdwCleaner 7.2.7.0
    # -------------------------------
    # Build: 01-30-2019
    # Database: 2019-02-07.2 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Clean
    # -------------------------------
    # Start: 02-11-2019
    # Duration: 00:00:04
    # OS: Windows 7 Professional
    # Cleaned: 113
    # Failed: 0


    ***** [ Services ] *****

    No malicious services cleaned.

    ***** [ Folders ] *****

    Deleted C:\ProgramData\AVG_UPDATE_1114AV
    Deleted C:\ProgramData\AVG_UPDATE_0814AV
    Deleted C:\ProgramData\AVG_UPDATE_0415AV
    Deleted C:\ProgramData\AVG_UPDATE_0215AV
    Deleted C:\Program Files (x86)\Amazon Browser Settings
    Deleted C:\Users\Andy Thorpe\AppData\Local\Amazon Browser Settings
    Deleted C:\Users\Andy Thorpe\AppData\Local\genienext

    ***** [ Files ] *****

    Deleted C:\Users\Andy Thorpe\daemonprocess.txt

    ***** [ DLL ] *****

    No malicious DLLs cleaned.

    ***** [ WMI ] *****

    No malicious WMI cleaned.

    ***** [ Shortcuts ] *****

    No malicious shortcuts cleaned.

    ***** [ Tasks ] *****

    Deleted C:\Windows\Tasks\0414bUpdateInfo.job
    Deleted C:\Windows\System32\Tasks\0414bUpdateInfo
    Deleted C:\Windows\Tasks\1114AVUPDATEINFO.JOB
    Deleted C:\Windows\Tasks\0814AVUPDATEINFO.JOB
    Deleted C:\Windows\Tasks\0415AVUPDATEINFO.JOB
    Deleted C:\Windows\Tasks\0215AVUPDATEINFO.JOB
    Deleted C:\Windows\Tasks\0116AVUPDATEINFO.JOB
    Deleted C:\Windows\System32\Tasks\1114AVUPDATEINFO
    Deleted C:\Windows\System32\Tasks\0814AVUPDATEINFO
    Deleted C:\Windows\System32\Tasks\0415AVUPDATEINFO
    Deleted C:\Windows\System32\Tasks\0215AVUPDATEINFO
    Deleted C:\Windows\System32\Tasks\0116AVUPDATEINFO

    ***** [ Registry ] *****

    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0414bUpdateInfo
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC645538-72EB-4459-B2DA-2F552B2CD7FD}
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC645538-72EB-4459-B2DA-2F552B2CD7FD}
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1114avUpdateInfo
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B5B2933-8230-41F5-98B3-C929EFD3D018}
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B5B2933-8230-41F5-98B3-C929EFD3D018}
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0814avUpdateInfo
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07450035-F35F-4ED9-8B32-5FE50AE23B08}
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07450035-F35F-4ED9-8B32-5FE50AE23B08}
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0415avUpdateInfo
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42BC1A24-5646-4EDD-90B1-D963A3A08C94}
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42BC1A24-5646-4EDD-90B1-D963A3A08C94}
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0215avUpdateInfo
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{83057DBA-168E-49F4-87AC-0FE7A984E89C}
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83057DBA-168E-49F4-87AC-0FE7A984E89C}
    Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0116avUpdateInfo
    Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6AA0790C-71CC-4C66-8E7B-BB6810DC818C}
    Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44AE2057-38E7-4662-B1F0-9FFDDED123D}
    Deleted HKCU\Software\Classes\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
    Deleted HKU\S-1-5-18\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
    Deleted HKCU\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
    Deleted HKU\S-1-5-20\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
    Deleted HKU\S-1-5-19\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
    Deleted HKU\.DEFAULT\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
    Deleted HKLM\Software\Wow6432Node\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
    Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Amazon1ButtonTaskbarApp.exe
    Deleted HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Amazon1ButtonTaskbarApp.exe
    Deleted HKLM\Software\Classes\Amazon1ButtonRuntime.Amazon1ButtonRuntime
    Deleted HKLM\Software\Classes\Amazon1ButtonRuntime.AmazonRuntimeServer
    Deleted HKLM\Software\Classes\Amazon1ButtonBrowserHelper.Amazon1ButtonBHO
    Deleted HKLM\Software\Wow6432Node\AppDataLow\Software\Amazon\AmazonAssistant
    Deleted HKLM\Software\Wow6432Node\Classes\AppID\AmazonAppIE.dll
    Deleted HKLM\SOFTWARE\Classes\AppID\AmazonAppIE.dll
    Deleted HKLM\Software\Wow6432Node\Classes\Interface\{571139B2-8D93-4B29-9AA9-496EF27D6AF8}
    Deleted HKLM\Software\Classes\Interface\{571139B2-8D93-4B29-9AA9-496EF27D6AF8}
    Deleted HKLM\Software\Wow6432Node\Classes\Interface\{BFF94CF8-2D3B-4B2F-BB83-3600280AFEBA}
    Deleted HKLM\Software\Wow6432Node\Classes\Interface\{6B7479D5-C493-40F0-99B6-BFC901980034}
    Deleted HKLM\Software\Wow6432Node\Classes\Interface\{3268A00F-D329-42E1-ABF0-E78D5656BA2A}
    Deleted HKLM\Software\Classes\Interface\{3268A00F-D329-42E1-ABF0-E78D5656BA2A}
    Deleted HKLM\Software\Wow6432Node\Classes\AppID\{F18AE3C4-D2AD-42AC-9282-509DCF035D06}
    Deleted HKLM\Software\Classes\AppID\{F18AE3C4-D2AD-42AC-9282-509DCF035D06}
    Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\Amazon Assistant Service
    Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.banggood.com
    Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\banggood.com
    Deleted HKCU\Software\Conduit
    Deleted HKLM\Software\Wow6432Node\Conduit
    Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pdfconverterhq.dl.myway.com
    Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
    Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
    Deleted HKCU\Software\distromatic
    Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
    Deleted HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{981b174d-7733-4e7f-b89d-6545a7c21838}
    Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
    Deleted HKLM\Software\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
    Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}
    Deleted HKLM\Software\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}
    Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{6557DB6C-EFE1-45AC-92A6-FBB1554B7502}
    Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
    Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
    Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
    Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
    Deleted HKLM\Software\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
    Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8}
    Deleted HKLM\Software\Classes\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8}
    Deleted HKLM\Software\Wow6432Node\Classes\AppID\{7F46C358-270D-4791-A579-AD1DDA1A3F7B}
    Deleted HKLM\Software\Classes\AppID\{7F46C358-270D-4791-A579-AD1DDA1A3F7B}
    Deleted HKLM\Software\Wow6432Node\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
    Deleted HKLM\Software\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
    Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
    Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
    Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{58124A0B-DC32-4180-9BFF-E0E21AE34026}
    Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{58124A0B-DC32-4180-9BFF-E0E21AE34026}
    Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{E79641D5-AA41-4C89-9AA3-337959B04522}
    Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{FA119C1B-4663-4385-A183-D7803569F1B0}
    Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
    Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
    Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com
    Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.metrolyrics.com
    Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\metrolyrics.com
    Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\match.amazonbrowserapp.co.uk
    Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\analytics.app.amazonbrowserapp.com
    Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amazonbrowserapp.com
    Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amazonbrowserapp.co.uk
    Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\titan.service.amazonbrowserapp.co.uk
    Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\amazonbrowserapp.co.uk
    Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\iminent.com
    Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.azlyrics.com
    Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
    Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com
    Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.com
    Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
    Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mkv-player.en.softonic.com

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries cleaned.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs cleaned.

    ***** [ Firefox (and derivatives) ] *****

    Deleted Amazon Assistant for Firefox

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs cleaned.


    *************************

    [+] Delete Tracing Keys
    [+] Reset Winsock

    *************************

    AdwCleaner[S00].txt - [13616 octets] - [11/02/2019 18:36:15]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
     
  12. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    118
    Hi,

    To remove AVG TuneUp, please do this.

    Press the Windows Key + R. This will open the Run box.
    Type Appwiz.cpl and click OK.

    A list of installed programs will appear. Uninstall the below programs by selecting them and clicking Uninstall:

    AVG TuneUp

    Follow the steps in the uninstaller to remove the program.
    Let me know if the problem persists.

    Thanks.
     
  13. phantomengineer56

    phantomengineer56 Thread Starter

    Joined:
    Jan 26, 2019
    Messages:
    13
    I should have said in my last reply that the error messages I get arrive on 'start up', and are exactly of the sort that I attached as files with my original, first posting.

    AVG Tune Up removed: let's see what happens next, or hopefully not as the case may be.

    Again, many thanks for your continued assistance.
     
  14. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    118
    OK, let me know how it goes. (y)
     
  15. phantomengineer56

    phantomengineer56 Thread Starter

    Joined:
    Jan 26, 2019
    Messages:
    13
    No change I'm afraid: it's closed and re-booted again.

    Find attached the latest problem signature message...


    Problem signature:

    Problem Event Name: BlueScreen

    OS Version: 6.1.7601.2.1.0.256.48

    Locale ID: 2057


    Additional information about the problem:

    BCCode: 1a

    BCP1: 0000000000005100

    BCP2: FFFFF6FD40065000

    BCP3: 0000000000000100

    BCP4: 7777777777772FE3

    OS Version: 6_1_7601

    Service Pack: 1_0

    Product: 256_1


    Files that help describe the problem:

    C:\Windows\Minidump\021219-21684-01.dmp

    C:\Users\Andy Thorpe\AppData\Local\Temp\WER-35036451-0.sysdata.xml


    Read our privacy statement online:

    http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409


    If the online privacy statement is not available, please read our privacy statement offline:

    C:\Windows\system32\en-US\erofflps.txt
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...

Short URL to this thread: https://techguy.org/1222333

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice