Solved Blue Screen error closing down computer; possible virus?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

phantomengineer56

Thread Starter
Joined
Jan 26, 2019
Messages
27
In the last few days my computer has developed an issue which causes it to close itself down and automatically reboot/restart. An error message appears on re-start, and google suggests it as a Blue Screen error.

I've researched the problem via the Microsoft Windows Support pages, and attempted all of the diagnostic checks and fixes suggested: restoring the system to the last restore point, in my case just prior to the last windows update (I'm fairly certain the problem did not arise before this point); checked the Action Centre for solutions, but none identified; re-updated windows with the updates; checked all the drivers, which all show as being the most up to date versions, and at the same time noting that all the devices seem to be working properly; and, checking both the hard drive and RAM for errors, none of which again are identified.

I should add that excepting Windows, AVG, anti spyware, Java updates, that is, all the usual stuff, I've added no new hardware, and downloaded no new programmes in an age. I've checked for viruses using my normal programmes and none are identified. Also, that there is no pattern to the close downs, excepting they never occur when I'm 'actively' using the computer.

At a mate's suggestion, I checked task scheduler just in case, and couldn't see any in place which would cause the issue. However, I did note that in the Active Tasks field, a couple of entries were showing which weren't clear to me, firstly is "DistromaticSearchProtect-hourly", and secondly is "DistromaticUpdater-periodic". Again, I checked google, which suggests a virus, which additionally may cause blue screen errors.

Am I on the right path, and if so, what's the best way to solve the issue. I should say that despite my attempts - as above - to identify and solve the issue, I'm not particularly computer savvy!

Find attached, hopefully, three of the error messages which arise on re-start.

Cheers
 

Attachments

phantomengineer56

Thread Starter
Joined
Jan 26, 2019
Messages
27
Sorry... ...should have added this...

Tech Support Guy System Info Utility version 1.0.0.4
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5-3330 CPU @ 3.00GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 4
RAM: 7886 Mb
Graphics Card: Intel(R) HD Graphics, -1792 Mb
Hard Drives: C: 98 GB (19 GB Free); D: 178 GB (35 GB Free); E: 654 GB (75 GB Free);
Motherboard: ASRock, H61M-DG3/USB3
Antivirus: AVG Antivirus, Enabled and Updated
 

phantomengineer56

Thread Starter
Joined
Jan 26, 2019
Messages
27
Still getting the same issues, and the same type of error messages. Now also problematical on occasions when I try to re-boot or re-start myself.

Thank you in advance.
 

iMacg3

Malware Specialist
Joined
Nov 3, 2018
Messages
838
Welcome to the Tech Support Guy malware removal forum.
I'm iMacg3 and will be helping you.

Please keep the following information in mind before we begin:
  • Do not run any fixes or tools on your system unless I request that you do so.
  • Please read all instructions carefully, and complete them in the order listed.
  • If your computer seems to start working normally, please don't abandon the topic. Just because your computer doesn't seem to have a problem doesn't mean that it isn't infected.
  • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
  • If you have questions about anything, please ask.


--------------------


Download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST/FRST64 and select Run as administrator. (Windows XP users double-click on the file).
  • If you receive a SmartScreen pop-up, click More Info, then Run Anyway.
  • When the tool opens, click Yes to the disclaimer.
  • Press the Scan button.
  • When finished, two log files will open - FRST.txt and Addition.txt.
  • Copy and paste the contents of FRST.txt and Addition.txt into your next reply.

Note - FRST.txt and Addition.txt are saved to the same location as FRST/FRST64.
 

phantomengineer56

Thread Starter
Joined
Jan 26, 2019
Messages
27
Many thanks for assisting... ...it is much appreciated.

I should add that since posting the problem originally that i've removed AVG
 

phantomengineer56

Thread Starter
Joined
Jan 26, 2019
Messages
27
...and replaced it with Avira, just in case the problem was caused by some sort of conflict with AVG. Do you need me to update the System Info?

Find attached the two log files from running the FRST tool.
 

Attachments

iMacg3

Malware Specialist
Joined
Nov 3, 2018
Messages
838
Hi,

Going over your logs I noticed that you have qBittorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall qBittorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

-------------------------------------

We'll run a FRST fix to see if we can get more information about the crashes, and remove some 'orphaned' registry entries.

Highlight the contents of the below code box and press Ctrl + C:
Code:
Start::

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: No Name -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> No File
BHO-x32: No Name -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> No File
Toolbar: HKU\S-1-5-21-1003746759-1352747866-133838355-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1003746759-1352747866-133838355-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1003746759-1352747866-133838355-1000 -> No Name - {00000000-0000-0000-0000-000000000000} -  No File

S2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe" [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [X]

AVG PC TuneUp 2015 (en-US) (HKLM-x32\...\{4AC74ED1-719B-46DA-8B8A-340FBF892291}) (Version: 15.0.1001.604 - AVG Technologies) Hidden

HKU\S-1-5-21-1003746759-1352747866-133838355-1000\...\ChromeHTML: ->  <==== ATTENTION
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File

Task: {568E57BE-EA48-4007-9267-8B0D05F0D583} - System32\Tasks\DistromaticSearchProtect-logon => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-04-04] (Browser Distribution Services Inc. -> Distromatic) <==== ATTENTION
Task: {77AA94B3-0828-43C4-8E54-7C046978F761} - System32\Tasks\DistromaticUpdater-periodic => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-04-04] (Browser Distribution Services Inc. -> Distromatic) <==== ATTENTION
Task: {7D8C9EBF-31BF-436D-A2AE-55EEDD0C452B} - System32\Tasks\{E069ACAE-9DCB-471B-907F-21E71B98CFD3} => C:\Windows\system32\pcalua.exe -a "C:\Users\Andy Thorpe\AppData\Local\Temp\Temp1_SmartConnect_Win7-64_Win7(v2.0.1083.0)[1].zip\SmartConnect_Win7-64_Win7(2.0.1083.0)\Setup.exe" <==== ATTENTION
Task: {855AF9D1-11C9-4F21-86AF-63917F9B4BD1} - System32\Tasks\DistromaticSearchProtect-hourly => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-04-04] (Browser Distribution Services Inc. -> Distromatic) <==== ATTENTION
Task: {B596CFC4-1AC0-463F-9C17-7C88A42E0494} - System32\Tasks\DistromaticUpdater-logon => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-04-04] (Browser Distribution Services Inc. -> Distromatic) <==== ATTENTION
Task: {BF055FE1-9BB0-44AF-8894-3AB2A3B7C3FC} - System32\Tasks\{7FF95809-3897-42CB-8AF0-BCA9A5AC3D59} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
Task: {CB9E79CF-19CB-4285-B0BE-09F5DFA2181D} - System32\Tasks\{0F635CC8-9CC0-4158-8F80-1B450B3C4B15} => C:\Windows\system32\pcalua.exe -a C:\Users\ANDYTH~1\AppData\Local\Temp\jre-8u161-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION

Zip: C:\Windows\Minidump\020819-16738-01.dmp
End::
Right-click on FRST/FRST64 and select Run as Administrator.
Click on Fix.
Note - there is no need to paste the contents of the code box anywhere.
If your computer restarts, allow it to do so.
Once the fix is complete, a file called fixlog will be saved to the same directory as FRST. The log may open in Notepad as well.
Please copy and paste the contents of the fixlog into your next reply.

Additionally, a .zip file will be created on your desktop with the date and time the fix was run. Please attach it to your reply.

Thanks.
 

phantomengineer56

Thread Starter
Joined
Jan 26, 2019
Messages
27
Fixlog, as follows:

Fix result of Farbar Recovery Scan Tool (x64) Version: 8.02.2019
Ran by Andy Thorpe (09-02-2019 19:07:09) Run:1
Running from C:\Users\Andy Thorpe\Desktop
Loaded Profiles: Andy Thorpe (Available Profiles: Andy Thorpe)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
SearchScopes: HKLM-x32 -> DefaultScope value is missing
BHO: No Name -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> No File
BHO-x32: No Name -> {0ddcea2a-7b00-4349-8acb-af7ba6da251f} -> No File
Toolbar: HKU\S-1-5-21-1003746759-1352747866-133838355-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1003746759-1352747866-133838355-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-1003746759-1352747866-133838355-1000 -> No Name - {00000000-0000-0000-0000-000000000000} - No File
S2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe" [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [X]
AVG PC TuneUp 2015 (en-US) (HKLM-x32\...\{4AC74ED1-719B-46DA-8B8A-340FBF892291}) (Version: 15.0.1001.604 - AVG Technologies) Hidden
HKU\S-1-5-21-1003746759-1352747866-133838355-1000\...\ChromeHTML: -> <==== ATTENTION
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
Task: {568E57BE-EA48-4007-9267-8B0D05F0D583} - System32\Tasks\DistromaticSearchProtect-logon => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-04-04] (Browser Distribution Services Inc. -> Distromatic) <==== ATTENTION
Task: {77AA94B3-0828-43C4-8E54-7C046978F761} - System32\Tasks\DistromaticUpdater-periodic => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-04-04] (Browser Distribution Services Inc. -> Distromatic) <==== ATTENTION
Task: {7D8C9EBF-31BF-436D-A2AE-55EEDD0C452B} - System32\Tasks\{E069ACAE-9DCB-471B-907F-21E71B98CFD3} => C:\Windows\system32\pcalua.exe -a "C:\Users\Andy Thorpe\AppData\Local\Temp\Temp1_SmartConnect_Win7-64_Win7(v2.0.1083.0)[1].zip\SmartConnect_Win7-64_Win7(2.0.1083.0)\Setup.exe" <==== ATTENTION
Task: {855AF9D1-11C9-4F21-86AF-63917F9B4BD1} - System32\Tasks\DistromaticSearchProtect-hourly => C:\Program Files (x86)\Amazon Browser Settings\AmznSearchProtect.exe [2016-04-04] (Browser Distribution Services Inc. -> Distromatic) <==== ATTENTION
Task: {B596CFC4-1AC0-463F-9C17-7C88A42E0494} - System32\Tasks\DistromaticUpdater-logon => C:\Program Files (x86)\Amazon Browser Settings\updater.exe [2016-04-04] (Browser Distribution Services Inc. -> Distromatic) <==== ATTENTION
Task: {BF055FE1-9BB0-44AF-8894-3AB2A3B7C3FC} - System32\Tasks\{7FF95809-3897-42CB-8AF0-BCA9A5AC3D59} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
Task: {CB9E79CF-19CB-4285-B0BE-09F5DFA2181D} - System32\Tasks\{0F635CC8-9CC0-4158-8F80-1B450B3C4B15} => C:\Windows\system32\pcalua.exe -a C:\Users\ANDYTH~1\AppData\Local\Temp\jre-8u161-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ATTENTION
Zip: C:\Windows\Minidump\020819-16738-01.dmp

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ddcea2a-7b00-4349-8acb-af7ba6da251f} => removed successfully
HKLM\Software\Classes\CLSID\{0ddcea2a-7b00-4349-8acb-af7ba6da251f} => not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ddcea2a-7b00-4349-8acb-af7ba6da251f} => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0ddcea2a-7b00-4349-8acb-af7ba6da251f} => not found
"HKU\S-1-5-21-1003746759-1352747866-133838355-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => not found
"HKU\S-1-5-21-1003746759-1352747866-133838355-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removed successfully
HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => not found
"HKU\S-1-5-21-1003746759-1352747866-133838355-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00000000-0000-0000-0000-000000000000}" => removed successfully
HKLM\Software\Classes\CLSID\{00000000-0000-0000-0000-000000000000} => not found
HKLM\System\CurrentControlSet\Services\TuneUp.UtilitiesSvc => removed successfully
TuneUp.UtilitiesSvc => service removed successfully
HKLM\System\CurrentControlSet\Services\TuneUpUtilitiesDrv => removed successfully
TuneUpUtilitiesDrv => service removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4AC74ED1-719B-46DA-8B8A-340FBF892291}\\SystemComponent" => removed successfully
HKU\S-1-5-21-1003746759-1352747866-133838355-1000_Classes\ChromeHTML => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{568E57BE-EA48-4007-9267-8B0D05F0D583}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{568E57BE-EA48-4007-9267-8B0D05F0D583}" => removed successfully
C:\Windows\System32\Tasks\DistromaticSearchProtect-logon => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticSearchProtect-logon" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77AA94B3-0828-43C4-8E54-7C046978F761}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77AA94B3-0828-43C4-8E54-7C046978F761}" => removed successfully
C:\Windows\System32\Tasks\DistromaticUpdater-periodic => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticUpdater-periodic" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D8C9EBF-31BF-436D-A2AE-55EEDD0C452B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D8C9EBF-31BF-436D-A2AE-55EEDD0C452B}" => removed successfully
C:\Windows\System32\Tasks\{E069ACAE-9DCB-471B-907F-21E71B98CFD3} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E069ACAE-9DCB-471B-907F-21E71B98CFD3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{855AF9D1-11C9-4F21-86AF-63917F9B4BD1}" => not found
C:\Windows\System32\Tasks\DistromaticSearchProtect-hourly => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticSearchProtect-hourly" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B596CFC4-1AC0-463F-9C17-7C88A42E0494}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B596CFC4-1AC0-463F-9C17-7C88A42E0494}" => removed successfully
C:\Windows\System32\Tasks\DistromaticUpdater-logon => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DistromaticUpdater-logon" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF055FE1-9BB0-44AF-8894-3AB2A3B7C3FC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF055FE1-9BB0-44AF-8894-3AB2A3B7C3FC}" => removed successfully
C:\Windows\System32\Tasks\{7FF95809-3897-42CB-8AF0-BCA9A5AC3D59} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7FF95809-3897-42CB-8AF0-BCA9A5AC3D59}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB9E79CF-19CB-4285-B0BE-09F5DFA2181D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB9E79CF-19CB-4285-B0BE-09F5DFA2181D}" => removed successfully
C:\Windows\System32\Tasks\{0F635CC8-9CC0-4158-8F80-1B450B3C4B15} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0F635CC8-9CC0-4158-8F80-1B450B3C4B15}" => removed successfully
================== Zip: ===================
C:\Windows\Minidump\020819-16738-01.dmp -> copied successfully to C:\Users\Andy Thorpe\Desktop\09.02.2019_19.07.34.zip
=========== Zip: End ===========

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 97319297 B
Java, Flash, Steam htmlcache => 173212 B
Windows/system/drivers => 647650857 B
Edge => 0 B
Chrome => 0 B
Firefox => 918211613 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 221655037 B
systemprofile32 => 66788 B
LocalService => 132244 B
NetworkService => 87056 B
Andy Thorpe => 1212249356 B

RecycleBin => 3637344 B
EmptyTemp: => 2.9 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:09:19 ====
 

Attachments

iMacg3

Malware Specialist
Joined
Nov 3, 2018
Messages
838
Hi,

It's very likely that the issue is caused by a non-malware problem. We'll check for any malware, however.

When you see the Blue Screen error, is there an error code? (also called a Stop Code) If so, what is the code?
------------------------------

Download AdwCleaner and save it to your Desktop.
  • Right-click on AdwCleaner.exe and select Run as Administrator
  • Accept the EULA (I accept), then click on Scan.
  • Let the scan complete. If no objects are detected, close the AdwCleaner window.
  • If any objects are detected, make sure that all the boxes are checked and click on the Clean and Repair button.
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer. Allow it to do so.
  • After the restart, an AdwCleaner window will open. Click on View Log File, and the log will open in notepad. Copy and paste the contents of the log into your next reply.
Note: the AdwCleaner log is also saved to C:\AdwCleaner\Logs\AdwCleaner[CXX].txt (where XX is two numbers).

Thanks.
 

phantomengineer56

Thread Starter
Joined
Jan 26, 2019
Messages
27
Completed, as per...

Noted in my previous reply that despite removing AVG, and replacing it with Avira, that traces of AVG Tune Up remain. Is this an issue?

Anyway, here's the AdwCleaner log file...

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-02-07.2 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-11-2019
# Duration: 00:00:04
# OS: Windows 7 Professional
# Cleaned: 113
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\ProgramData\AVG_UPDATE_1114AV
Deleted C:\ProgramData\AVG_UPDATE_0814AV
Deleted C:\ProgramData\AVG_UPDATE_0415AV
Deleted C:\ProgramData\AVG_UPDATE_0215AV
Deleted C:\Program Files (x86)\Amazon Browser Settings
Deleted C:\Users\Andy Thorpe\AppData\Local\Amazon Browser Settings
Deleted C:\Users\Andy Thorpe\AppData\Local\genienext

***** [ Files ] *****

Deleted C:\Users\Andy Thorpe\daemonprocess.txt

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\Tasks\0414bUpdateInfo.job
Deleted C:\Windows\System32\Tasks\0414bUpdateInfo
Deleted C:\Windows\Tasks\1114AVUPDATEINFO.JOB
Deleted C:\Windows\Tasks\0814AVUPDATEINFO.JOB
Deleted C:\Windows\Tasks\0415AVUPDATEINFO.JOB
Deleted C:\Windows\Tasks\0215AVUPDATEINFO.JOB
Deleted C:\Windows\Tasks\0116AVUPDATEINFO.JOB
Deleted C:\Windows\System32\Tasks\1114AVUPDATEINFO
Deleted C:\Windows\System32\Tasks\0814AVUPDATEINFO
Deleted C:\Windows\System32\Tasks\0415AVUPDATEINFO
Deleted C:\Windows\System32\Tasks\0215AVUPDATEINFO
Deleted C:\Windows\System32\Tasks\0116AVUPDATEINFO

***** [ Registry ] *****

Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0414bUpdateInfo
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC645538-72EB-4459-B2DA-2F552B2CD7FD}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC645538-72EB-4459-B2DA-2F552B2CD7FD}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1114avUpdateInfo
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B5B2933-8230-41F5-98B3-C929EFD3D018}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B5B2933-8230-41F5-98B3-C929EFD3D018}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0814avUpdateInfo
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07450035-F35F-4ED9-8B32-5FE50AE23B08}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07450035-F35F-4ED9-8B32-5FE50AE23B08}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0415avUpdateInfo
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42BC1A24-5646-4EDD-90B1-D963A3A08C94}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42BC1A24-5646-4EDD-90B1-D963A3A08C94}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0215avUpdateInfo
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{83057DBA-168E-49F4-87AC-0FE7A984E89C}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83057DBA-168E-49F4-87AC-0FE7A984E89C}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0116avUpdateInfo
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6AA0790C-71CC-4C66-8E7B-BB6810DC818C}
Deleted HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44AE2057-38E7-4662-B1F0-9FFDDED123D}
Deleted HKCU\Software\Classes\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
Deleted HKU\S-1-5-18\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
Deleted HKCU\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
Deleted HKU\S-1-5-20\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
Deleted HKU\S-1-5-19\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
Deleted HKU\.DEFAULT\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
Deleted HKLM\Software\Wow6432Node\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Amazon1ButtonTaskbarApp.exe
Deleted HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Amazon1ButtonTaskbarApp.exe
Deleted HKLM\Software\Classes\Amazon1ButtonRuntime.Amazon1ButtonRuntime
Deleted HKLM\Software\Classes\Amazon1ButtonRuntime.AmazonRuntimeServer
Deleted HKLM\Software\Classes\Amazon1ButtonBrowserHelper.Amazon1ButtonBHO
Deleted HKLM\Software\Wow6432Node\AppDataLow\Software\Amazon\AmazonAssistant
Deleted HKLM\Software\Wow6432Node\Classes\AppID\AmazonAppIE.dll
Deleted HKLM\SOFTWARE\Classes\AppID\AmazonAppIE.dll
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{571139B2-8D93-4B29-9AA9-496EF27D6AF8}
Deleted HKLM\Software\Classes\Interface\{571139B2-8D93-4B29-9AA9-496EF27D6AF8}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{BFF94CF8-2D3B-4B2F-BB83-3600280AFEBA}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{6B7479D5-C493-40F0-99B6-BFC901980034}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{3268A00F-D329-42E1-ABF0-E78D5656BA2A}
Deleted HKLM\Software\Classes\Interface\{3268A00F-D329-42E1-ABF0-E78D5656BA2A}
Deleted HKLM\Software\Wow6432Node\Classes\AppID\{F18AE3C4-D2AD-42AC-9282-509DCF035D06}
Deleted HKLM\Software\Classes\AppID\{F18AE3C4-D2AD-42AC-9282-509DCF035D06}
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\Amazon Assistant Service
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.banggood.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\banggood.com
Deleted HKCU\Software\Conduit
Deleted HKLM\Software\Wow6432Node\Conduit
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pdfconverterhq.dl.myway.com
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Deleted HKCU\Software\distromatic
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
Deleted HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{981b174d-7733-4e7f-b89d-6545a7c21838}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
Deleted HKLM\Software\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}
Deleted HKLM\Software\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{6557DB6C-EFE1-45AC-92A6-FBB1554B7502}
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Deleted HKLM\Software\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8}
Deleted HKLM\Software\Classes\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8}
Deleted HKLM\Software\Wow6432Node\Classes\AppID\{7F46C358-270D-4791-A579-AD1DDA1A3F7B}
Deleted HKLM\Software\Classes\AppID\{7F46C358-270D-4791-A579-AD1DDA1A3F7B}
Deleted HKLM\Software\Wow6432Node\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Deleted HKLM\Software\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{E79641D5-AA41-4C89-9AA3-337959B04522}
Deleted HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{FA119C1B-4663-4385-A183-D7803569F1B0}
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.metrolyrics.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\metrolyrics.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\match.amazonbrowserapp.co.uk
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\analytics.app.amazonbrowserapp.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amazonbrowserapp.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amazonbrowserapp.co.uk
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\titan.service.amazonbrowserapp.co.uk
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\amazonbrowserapp.co.uk
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\iminent.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.azlyrics.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mkv-player.en.softonic.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

Deleted Amazon Assistant for Firefox

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [13616 octets] - [11/02/2019 18:36:15]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

iMacg3

Malware Specialist
Joined
Nov 3, 2018
Messages
838
Hi,

To remove AVG TuneUp, please do this.

Press the Windows Key + R. This will open the Run box.
Type Appwiz.cpl and click OK.

A list of installed programs will appear. Uninstall the below programs by selecting them and clicking Uninstall:

AVG TuneUp

Follow the steps in the uninstaller to remove the program.
Let me know if the problem persists.

Thanks.
 

phantomengineer56

Thread Starter
Joined
Jan 26, 2019
Messages
27
I should have said in my last reply that the error messages I get arrive on 'start up', and are exactly of the sort that I attached as files with my original, first posting.

AVG Tune Up removed: let's see what happens next, or hopefully not as the case may be.

Again, many thanks for your continued assistance.
 

phantomengineer56

Thread Starter
Joined
Jan 26, 2019
Messages
27
No change I'm afraid: it's closed and re-booted again.

Find attached the latest problem signature message...


Problem signature:

Problem Event Name: BlueScreen

OS Version: 6.1.7601.2.1.0.256.48

Locale ID: 2057


Additional information about the problem:

BCCode: 1a

BCP1: 0000000000005100

BCP2: FFFFF6FD40065000

BCP3: 0000000000000100

BCP4: 7777777777772FE3

OS Version: 6_1_7601

Service Pack: 1_0

Product: 256_1


Files that help describe the problem:

C:\Windows\Minidump\021219-21684-01.dmp

C:\Users\Andy Thorpe\AppData\Local\Temp\WER-35036451-0.sysdata.xml


Read our privacy statement online:

http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409


If the online privacy statement is not available, please read our privacy statement offline:

C:\Windows\system32\en-US\erofflps.txt
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top