Solved Computer Pings followed by instant reboot

Lenovo Essential g560 0679alu 15.6" led...
April 29, 2017 at 11:56:08
Specs: Windows 10, 32
My computer will occasionally ping and instantly reboot, skipping shutdown. Since it had been restarting automatically without issues and I had no idea where to start diagnosing it, I'd been ignoring this -- of course I lost anything that hadn't been saved. I spend a lot of time on my computer and I'd estimate this happens about every one to two weeks.

Yesterday it did it but for the first time it didn't restart. The computer power light was on, but it did nothing. I turned the power off & on a couple of times. The power light would come on, the drive would light for about 1/2 second then nothing. With the power light on I left the computer for about an hour. Still nothing when I came back. But, I turned the power off and back on and it rebooted and has been working since.

I'm now afraid I will lose my system. Any ideas what could cause this and how to diagnose?


Windows 10
Msi (motherboard) B85M-G43
32Gigs RAM
Primary drive Samsung SSD
Auxiliary drive Western Digital 1TB

message edited by i_am_jim


See More: Computer Pings followed by instant reboot

Report •

✔ Best Answer
May 1, 2017 at 15:58:46
"Sorry to be so long"
No problem.

Keep me informed if you are still getting your problem. We are working step by step, through all the possibles.

Are these blocked intentionally?

FirewallRules: [UDP Query User{54F3E4D4-BD3D-426C-991D-58D09480D4CE}C:\users\xxxxxxxxx\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\xxxxxxxxx\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{8DF2521D-3D45-4D96-A456-C04B77A2BE4F}C:\users\xxxxxxxxx\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\xxxxxxxxx\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{E9BD4AC9-2C07-43A6-9FF1-1F3FA73A7651}C:\windows\system32\wfs.exe] => (Block) C:\windows\system32\wfs.exe
FirewallRules: [TCP Query User{BC666B4A-21D6-48EE-9DB7-191C8CE1181D}C:\windows\system32\wfs.exe] => (Block) C:\windows\system32\wfs.exe
FirewallRules: [UDP Query User{ED4524AE-1861-445B-9B6C-4419AB305F77}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{10D31EF4-79B9-4169-8171-3886D4C25A1E}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{745FEB4B-EE8A-4BD4-8A83-873FABBE8089}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [TCP Query User{E611BE03-4B3F-4B65-AD95-628755A6B5E7}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe

"I happened to notice my SSD was 98% full"
How to Open and Use Disk Cleanup in Windows 10
http://www.tenforums.com/tutorials/...

Your fixlog shows these can be adjusted.

Here are temp file settings for a normal user, adjust to suit your requirements.
Set Java to 100mb
https://steveshank.com/cgi-bin/arti...
All browsers, limit the cache to 50mb ( that's MB, not GB )
IE & Edge share the same setting.
Control Panel > Internet Options > General > Browsing history > Settings. Refer SS below.
http://fs5.directupload.net/images/...
Example for Firefox.
https://www.sitepoint.com/3-tweaks-...
Chrome is not so straight forward.
How to set Google Chrome cache to 50mb max temporary files.
With comps, there is always more than one way to do things, try this way.
Right click on the Google Chrome shortcut > Properties.
Copy & Paste this below after .exe" as per SS ( Screenshot )
NOTE: There is a space after .exe"
http://i.imgur.com/vgkU3X1.gif
--disk-cache-size=50000"
Click > Apply & then OK.



#1
April 29, 2017 at 13:40:42
First back up your own stuff if you haven't already.

Many possible causes including PSU and overheating.

Let us have the CPU temperature. HWInfo32 will help:
https://www.hwinfo.com/download.php

Also run a quick malware check. These three often find what other programs miss. Run them in the order given:

AdwCleaner:
https://toolslib.net/downloads/view...
(blue "Download Now" button on right).
Download and "Save" the file somewhere. Go to the saved file then double click it to run the program. Use the "Scan" button, followed by the "Clean" button.

Junkware Removal Tool (JRT)
https://www.malwarebytes.org/junkwa...
(blue Download button).
Download and "Save" the file somewhere. Go to the saved file then double click it to run JRT. It might appear to have stopped at times or flash the screen but sit tight until it has finished.

MalwareBytes:
https://www.malwarebytes.org/
(use the "Free Download" button rather than the "Buy Now" button).
After the install go to "Settings > Protection". Under Scan Options move the "Scan for rootkits" slider over to On and Run the Threat Scan. Quarantine anything it finds.

If any of them find anything please copy/paste the appropriate logs on here. If you lose the ADW log you can find it as a text file in the ADWCleaner folder directly off the system drive root (usually C).

Always pop back and let us know the outcome - thanks


Report •

#2
April 29, 2017 at 16:37:15
AdwareCleaner log gave this:

# AdwCleaner v6.046 - Logfile created 29/04/2017 at 18:39:04
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-04-29.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username :
# Running from : F:\Photos & Other Data\My Download Files\adwcleaner_6.046.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found: C:\Users\vvvvvvvv\AppFiles
Folder Found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppFiles

***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

No infected shortcut found.

***** [ Scheduled Tasks ] *****

No malicious task found.

***** [ Registry ] *****

Key Found: HKU\S-1-5-21-2283007967-2721863927-1740039021-1001\Software\APN PIP
Key Found: HKU\S-1-5-21-2283007967-2721863927-1740039021-1001\Software\Condut
Key Found: HKCU\Software\APN PIP
Key Found: HKCU\Software\Condut
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
Key Found: [x64] HKCU\Software\APN PIP
Key Found: [x64] HKCU\Software\Condut
Key Found: HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found: HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89EA4F1B8FBCDEF47AE328E455E28AA0
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97ECFF59EE08D4F47BB1464DEC37DA87
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A8CB937199A57E748B6AC433DA453EE2
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B4E78E12704AFCE408C7FBE501F1AA0A
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6A54B56C58C82a4688AFB93F42EA17B
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F0390A76D28822743A68D7F1AB22E6D0
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A5AC497E6BBC8D45BE8AD6619DA8217
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found: [x64] HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found: [x64] HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Key Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Data Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Value Found: HKU\S-1-5-21-2283007967-2721863927-1740039021-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Browser Infrastructure Helper]
Key Found: HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
Key Found: HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
Key Found: HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
Key Found: HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found: [C:\Users\vvvvvvvv\AppData\Local\Google\Chrome\User Data\Default\Web data] - www.yahoo.com
Chrome pref Found: [C:\Users\vvvvvvvv\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found: [C:\Users\vvvvvvvv\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com

*************************

C:\AdwCleaner\AdwCleaner[R0].txt - [7845 Bytes] - [17/03/2014 10:51:18]
C:\AdwCleaner\AdwCleaner[R1].txt - [1460 Bytes] - [17/03/2014 11:00:55]
C:\AdwCleaner\AdwCleaner[R2].txt - [1398 Bytes] - [17/03/2014 11:23:31]
C:\AdwCleaner\AdwCleaner[R3].txt - [3427 Bytes] - [28/11/2014 12:03:29]
C:\AdwCleaner\AdwCleaner[S0].txt - [7260 Bytes] - [17/03/2014 10:56:18]
C:\AdwCleaner\AdwCleaner[S1].txt - [1400 Bytes] - [17/03/2014 11:14:10]
C:\AdwCleaner\AdwCleaner[S2].txt - [1326 Bytes] - [17/03/2014 11:24:45]
C:\AdwCleaner\AdwCleaner[S3].txt - [3325 Bytes] - [28/11/2014 12:12:35]
C:\AdwCleaner\AdwCleaner[S4].txt - [7539 Bytes] - [29/04/2017 18:39:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [7612 Bytes] ##########


The Junkware Removal Tool gave this:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64
Ran by (Administrator) on Sat 04/29/2017 at 17:22:43.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 3

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\James\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\WINDOWS\wininit.ini (File)

Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ED656465-A217-4E52-A9F6-B086A27607CE} (Registry Key)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 04/29/2017 at 17:24:58.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Ran Malwarebytes (which I use regularly) and it found two PUP files which I deleted.

Windows 10
Msi (motherboard) B85M-G43
32Gigs RAM
Primary drive Samsung SSD
Auxiliary drive Western Digital 1TB

message edited by i_am_jim


Report •

#3
April 29, 2017 at 16:50:36
I didn't download the CPU temp file because it required committing to install other stuff.

Windows 10
Msi (motherboard) B85M-G43
32Gigs RAM
Primary drive Samsung SSD
Auxiliary drive Western Digital 1TB


Report •

Related Solutions

#4
April 29, 2017 at 17:52:54
"I didn't download the CPU temp file because it required committing to install other stuff"

I always download from this site. Sounds like the authors site confused you.
http://www.softpedia.com/get/System...


Report •

#5
April 29, 2017 at 17:54:54
Hadn't run into HWInfo foisting stuff before. Just tried it using green Download Installer button (Local U.S) and it just offered to download hw32_550.exe file, nothing else. Was it during install it did something bad? If you can get it safely it would be useful.

ADW found quite a bit. With an intermittent fault it's hard to know if it helped or not.

Always pop back and let us know the outcome - thanks


Report •

#6
April 29, 2017 at 18:16:45
After we ascertain the comp does not have an overheating issue, I can go through these logs.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt)
The logs are large, upload them using one of these. No account/registration needed. Give us the links please.
http://www.fileconvoy.com/index.php


Report •

#7
April 30, 2017 at 06:24:07
I may have stumbled on the cause. I happened to notice my SSD was 98% full. It normally runs about 70-80%

With some effort I chased it down to a couple of Photoshop temporary files. Scratch disk files I suspect. Why Photoshop doesn't clean up after itself I don't understand, but after I deleted them and move some other stuff to my secondary drive I'm back to about 60%. It seemed to me possible that when something tried to save to a full disk it belched and shut down. Why it wouldn't restart immediately is still a mystery to me.

Windows 10
Msi (motherboard) B85M-G43
32Gigs RAM
Primary drive Samsung SSD
Auxiliary drive Western Digital 1TB


Report •

#8
April 30, 2017 at 08:46:29
You might well be right. You need some free space for Windows to work in. I know of no set rule but most folk suggest you leave a few GB free or perhaps 5 to 10% of the drive. I've seen it said that this is more important when you have a SSD.

Always pop back and let us know the outcome - thanks


Report •

#9
April 30, 2017 at 08:56:30
Barring a misbehaving third party driver, I can think of exactly 1 instance where Windows will shut down on a full drive. If configured, Windows will shut down if it can't write to its security audit log. I doubt you've even set up security auditing, though.

I'm still not sure what you mean by "ping," but make sure all of the drivers are up to date.

Derek, the 5%-10% free for SSD drives is for wear leveling. Since the rule applies to the drive and not the volume, it's easiest to just leave 10% of the SSD unpartitioned. Most computer manufacturers don't bother, though.

How To Ask Questions The Smart Way


Report •

#10
April 30, 2017 at 10:27:32
Thanks for the amplification Razor.

Always pop back and let us know the outcome - thanks


Report •

#11
April 30, 2017 at 14:40:59
Now I'm not sure that was it. I had the computer turned off for about 20 minutes while I changed the Optical drive. When done it wouldn't start. It acted the same as when the sudden quit happens.

I should have mentioned that I changed computers recently so the motherboard, power supply and CPU are different. This problem was happening before I changed hardware. I moved the SSD and Western Digital hard drive from the old case to the new. The monitor and keyboard are also new. The mouse, USB hub, a Seagate USB drive, Canon printer, card reader and speakers are the same as before.

Temperatures: http://oi65.tinypic.com/1zxoy85.jpg


Windows 10
Motherboard MSI B85M-G43
CPU Intel i-7 4790
32Gigs RAM
Primary drive Samsung SSD
Auxiliary drive Western Digital 1TB

message edited by i_am_jim


Report •

#12
April 30, 2017 at 14:53:28
All gets a tad confusing. Maybe its time for suggestion #6.

Always pop back and let us know the outcome - thanks


Report •

#13
April 30, 2017 at 14:59:57
Another addition, the sudden quit only occurs when I'm doing something on the computer. I leave my computer on 24-7 and as far as I know it has never happened when the computer was idle.

I downloaded and ran Farbar, but I'm not comfortable making that much information publicly available.

Windows 10
Motherboard MSI B85M-G43
CPU Intel i-7 4790
32Gigs RAM
Primary drive Samsung SSD
Auxiliary drive Western Digital 1TB


Report •

#14
April 30, 2017 at 15:13:08
"I downloaded and ran Farbar, but I'm not comfortable making that much information publicly available"
I'm online now.
I'm here.
https://www.timeanddate.com/worldcl...

Click on my name & PM the links.


Report •

#15
April 30, 2017 at 19:52:38
Whilst I'm going through the Farbar logs, can you Copy & Paste the contents of the AdwCleaner Clean log here in the forum please.
What you posted is the Scan log.
http://fs5.directupload.net/images/...
Need to see the "Clean" log.
You can find the logfile at C:\AdwCleaner
http://i.imgur.com/r3PoAEG.gif

Report •

#16
April 30, 2017 at 20:05:10
There is no file with the extension .log in that directory

Windows 10
Motherboard MSI B85M-G43
CPU Intel i-7 4790
32Gigs RAM
Primary drive Samsung SSD
Auxiliary drive Western Digital 1TB


Report •

#17
April 30, 2017 at 20:12:40
Okay, I found it. It's named AdwCleaner[C0].txt

# AdwCleaner v6.046 - Logfile created 30/04/2017 at 09:50:15
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-04-29.1 [Local]
# Operating System : Windows 10 Home (X64)
# Username : xxxxxxx - xxxxxxx
# Running from : F:\Photos & Other Data\My Download Files\adwcleaner_6.046.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

[!] Folder not deleted: C:\Users\xxxxxxx\AppFiles
[!] Folder not deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppFiles


***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKU\S-1-5-21-2283007967-2721863927-1740039021-1001\Software\APN PIP
[-] Key deleted: HKU\S-1-5-21-2283007967-2721863927-1740039021-1001\Software\Condut
[#] Key deleted on reboot: HKCU\Software\APN PIP
[#] Key deleted on reboot: HKCU\Software\Condut
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
[#] Key deleted on reboot: [x64] HKCU\Software\APN PIP
[#] Key deleted on reboot: [x64] HKCU\Software\Condut
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89EA4F1B8FBCDEF47AE328E455E28AA0
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97ECFF59EE08D4F47BB1464DEC37DA87
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A8CB937199A57E748B6AC433DA453EE2
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B08932C78B697C244BE7BA3E6FF09B62
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B4E78E12704AFCE408C7FBE501F1AA0A
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6A54B56C58C82a4688AFB93F42EA17B
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA51B44D54927c4E9B7BC1D3FD1E49F
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F0390A76D28822743A68D7F1AB22E6D0
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A5AC497E6BBC8D45BE8AD6619DA8217
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71E54748EDD3dc1468548785DC856EDA
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Value deleted: HKU\S-1-5-21-2283007967-2721863927-1740039021-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Browser Infrastructure Helper]
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[-] Key deleted: HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}


***** [ Web browsers ] *****

[-] [C:\Users\xxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: www.yahoo.com
[-] [C:\Users\xxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\xxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [7243 Bytes] - [30/04/2017 09:50:15]
C:\AdwCleaner\AdwCleaner[R0].txt - [7845 Bytes] - [17/03/2014 10:51:18]
C:\AdwCleaner\AdwCleaner[R1].txt - [1460 Bytes] - [17/03/2014 11:00:55]
C:\AdwCleaner\AdwCleaner[R2].txt - [1398 Bytes] - [17/03/2014 11:23:31]
C:\AdwCleaner\AdwCleaner[R3].txt - [3427 Bytes] - [28/11/2014 12:03:29]
C:\AdwCleaner\AdwCleaner[S0].txt - [7260 Bytes] - [17/03/2014 10:56:18]
C:\AdwCleaner\AdwCleaner[S1].txt - [1400 Bytes] - [17/03/2014 11:14:10]
C:\AdwCleaner\AdwCleaner[S2].txt - [1326 Bytes] - [17/03/2014 11:24:45]
C:\AdwCleaner\AdwCleaner[S3].txt - [3325 Bytes] - [28/11/2014 12:12:35]
C:\AdwCleaner\AdwCleaner[S4].txt - [7831 Bytes] - [29/04/2017 18:39:04]
C:\AdwCleaner\AdwCleaner[S5].txt - [7903 Bytes] - [30/04/2017 09:47:30]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [8046 Bytes] ##########

Windows 10
Motherboard MSI B85M-G43
CPU Intel i-7 4790
32Gigs RAM
Primary drive Samsung SSD
Auxiliary drive Western Digital 1TB


Report •

#18
April 30, 2017 at 20:27:24
Next step.

Copy & Paste the text in Blue below & save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

CreateRestorePoint:
emptytemp:
closeprocesses:
Task: {1FC2C2EE-58ED-4053-8B80-793B3E9D1692} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {79D96D79-47CF-4649-92A1-F28D579FF8D3} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {9380C67D-0919-45B3-8F8C-DD163937BBC0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {A2FA9BF6-814B-4119-A84E-A52178187475} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A50832D1-735F-4184-B310-B732D6DD9AF9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C32780CC-C39C-405B-8FDC-E17C77DF5B0B} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {D8564499-B98B-44C4-8432-B409F9CE3E7C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {DB84C068-97E7-4026-ABB7-46D8F89A96BF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {EDFADA36-05C0-4B7D-980F-164C4B63D0DF} - \WPD\SqmUpload_S-1-5-21-2283007967-2721863927-1740039021-1001 -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:0CFF5F08 [246]
AlternateDataStreams: C:\ProgramData\Temp:B0D4D817 [422]
SearchScopes: HKU\S-1-5-21-2283007967-2721863927-1740039021-1001 -> DefaultScope {ED656465-A217-4E52-A9F6-B086A27607CE} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => No File
BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin HKU\S-1-5-21-2283007967-2721863927-1740039021-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [No File]
S2 Avira.ServiceHost; "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe" [X]

Open FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.
Refer these SS if needed.
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...


Report •

#19
May 1, 2017 at 13:26:07
Sorry to be so long but I had a doctor appt this morning and didn't get home 'til 30 minutes ago.

I made the fixlist.txt and ran FRST64. It did a bunch of stuff and I rebooted. FRST64 is gone. Here's the log.

Fix result of Farbar Recovery Scan Tool (x64) Version: 01-05-2017
Ran by xxxxxxxxx (01-05-2017 15:06:35) Run:1
Running from F:\Photos & Other Data\My Download Files
Loaded Profiles: xxxxxxxxx (Available Profiles: xxxxxxxxx)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
emptytemp:
closeprocesses:
Task: {1FC2C2EE-58ED-4053-8B80-793B3E9D1692} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {79D96D79-47CF-4649-92A1-F28D579FF8D3} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {9380C67D-0919-45B3-8F8C-DD163937BBC0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {A2FA9BF6-814B-4119-A84E-A52178187475} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A50832D1-735F-4184-B310-B732D6DD9AF9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C32780CC-C39C-405B-8FDC-E17C77DF5B0B} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {D8564499-B98B-44C4-8432-B409F9CE3E7C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {DB84C068-97E7-4026-ABB7-46D8F89A96BF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {EDFADA36-05C0-4B7D-980F-164C4B63D0DF} - \WPD\SqmUpload_S-1-5-21-2283007967-2721863927-1740039021-1001 -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:0CFF5F08 [246]
AlternateDataStreams: C:\ProgramData\Temp:B0D4D817 [422]
SearchScopes: HKU\S-1-5-21-2283007967-2721863927-1740039021-1001 -> DefaultScope {ED656465-A217-4E52-A9F6-B086A27607CE} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => No File
BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin HKU\S-1-5-21-2283007967-2721863927-1740039021-1001: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [No File]
S2 Avira.ServiceHost; "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe" [X]
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1FC2C2EE-58ED-4053-8B80-793B3E9D1692} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FC2C2EE-58ED-4053-8B80-793B3E9D1692} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79D96D79-47CF-4649-92A1-F28D579FF8D3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79D96D79-47CF-4649-92A1-F28D579FF8D3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9380C67D-0919-45B3-8F8C-DD163937BBC0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9380C67D-0919-45B3-8F8C-DD163937BBC0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2FA9BF6-814B-4119-A84E-A52178187475} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2FA9BF6-814B-4119-A84E-A52178187475} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A50832D1-735F-4184-B310-B732D6DD9AF9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A50832D1-735F-4184-B310-B732D6DD9AF9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C32780CC-C39C-405B-8FDC-E17C77DF5B0B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C32780CC-C39C-405B-8FDC-E17C77DF5B0B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D8564499-B98B-44C4-8432-B409F9CE3E7C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8564499-B98B-44C4-8432-B409F9CE3E7C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB84C068-97E7-4026-ABB7-46D8F89A96BF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB84C068-97E7-4026-ABB7-46D8F89A96BF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EDFADA36-05C0-4B7D-980F-164C4B63D0DF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDFADA36-05C0-4B7D-980F-164C4B63D0DF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2283007967-2721863927-1740039021-1001 => key removed successfully
C:\ProgramData\Temp => ":0CFF5F08" ADS removed successfully.
C:\ProgramData\Temp => ":B0D4D817" ADS removed successfully.
HKU\S-1-5-21-2283007967-2721863927-1740039021-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} => key removed successfully
HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B69F34DD-F0F9-42DC-9EDD-957187DA688D} => key removed successfully
HKCR\Wow6432Node\CLSID\{B69F34DD-F0F9-42DC-9EDD-957187DA688D} => key not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => value removed successfully
HKU\S-1-5-21-2283007967-2721863927-1740039021-1001\Software\MozillaPlugins\intel.com/AppUp => key removed successfully
C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll => not found.
HKLM\System\CurrentControlSet\Services\Avira.ServiceHost => key removed successfully
Avira.ServiceHost => service removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 150549103 B
Java, Flash, Steam htmlcache => 115180 B
Windows/system/drivers => 287266016 B
Edge => 521509 B
Chrome => 611020108 B
Firefox => 393860548 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 6226253 B
NetworkService => 29676 B
xxxxxxxxx => 4108352090 B

RecycleBin => 34313678866 B
EmptyTemp: => 37.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:08:53 ====

Windows 10
Motherboard MSI B85M-G43
CPU Intel i-7 4790
32Gigs RAM
Primary drive Samsung SSD
Auxiliary drive Western Digital 1TB

message edited by i_am_jim


Report •

#20
May 1, 2017 at 15:58:46
✔ Best Answer
"Sorry to be so long"
No problem.

Keep me informed if you are still getting your problem. We are working step by step, through all the possibles.

Are these blocked intentionally?

FirewallRules: [UDP Query User{54F3E4D4-BD3D-426C-991D-58D09480D4CE}C:\users\xxxxxxxxx\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\xxxxxxxxx\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{8DF2521D-3D45-4D96-A456-C04B77A2BE4F}C:\users\xxxxxxxxx\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\xxxxxxxxx\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{E9BD4AC9-2C07-43A6-9FF1-1F3FA73A7651}C:\windows\system32\wfs.exe] => (Block) C:\windows\system32\wfs.exe
FirewallRules: [TCP Query User{BC666B4A-21D6-48EE-9DB7-191C8CE1181D}C:\windows\system32\wfs.exe] => (Block) C:\windows\system32\wfs.exe
FirewallRules: [UDP Query User{ED4524AE-1861-445B-9B6C-4419AB305F77}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{10D31EF4-79B9-4169-8171-3886D4C25A1E}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{745FEB4B-EE8A-4BD4-8A83-873FABBE8089}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe
FirewallRules: [TCP Query User{E611BE03-4B3F-4B65-AD95-628755A6B5E7}C:\program files (x86)\intel\intelappstore\bin\ismagent.exe] => (Block) C:\program files (x86)\intel\intelappstore\bin\ismagent.exe

"I happened to notice my SSD was 98% full"
How to Open and Use Disk Cleanup in Windows 10
http://www.tenforums.com/tutorials/...

Your fixlog shows these can be adjusted.

Here are temp file settings for a normal user, adjust to suit your requirements.
Set Java to 100mb
https://steveshank.com/cgi-bin/arti...
All browsers, limit the cache to 50mb ( that's MB, not GB )
IE & Edge share the same setting.
Control Panel > Internet Options > General > Browsing history > Settings. Refer SS below.
http://fs5.directupload.net/images/...
Example for Firefox.
https://www.sitepoint.com/3-tweaks-...
Chrome is not so straight forward.
How to set Google Chrome cache to 50mb max temporary files.
With comps, there is always more than one way to do things, try this way.
Right click on the Google Chrome shortcut > Properties.
Copy & Paste this below after .exe" as per SS ( Screenshot )
NOTE: There is a space after .exe"
http://i.imgur.com/vgkU3X1.gif
--disk-cache-size=50000"
Click > Apply & then OK.


Report •

#21
May 1, 2017 at 18:07:23
I don't block the Firewall Rules intentionally, but I don't use the Windows firewall.

Once I figured out what had instantly filled up my disk and deleted them I was back to about 65% full. So, I'm happy with disk use for now.

Windows 10
Motherboard MSI B85M-G43
CPU Intel i-7 4790
32Gigs RAM
Primary drive Samsung SSD
Auxiliary drive Western Digital 1TB

message edited by i_am_jim


Report •

#22
May 1, 2017 at 18:29:08
Maybe it is Avast blocking them.

Download Security Check by screen317 from one of the following links and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
Please restart the computer before running this security check..
* Right click SecurityCheck.exe. and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

message edited by Johnw


Report •

#23
May 1, 2017 at 19:11:02
I guess I was wrong. There has been so much turmoil on my computer recently it must have gotten changed. I was once running a third party firewall which turned Windows firewall off, but I see from the report is has returned.

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
Windows Firewall Enabled!
Avast Antivirus
Windows Defender
Antivirus up to date!
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
Microsoft VM for Java
Java 8 Update 131
[color=red][b]Java version 32-bit out of Date![/b][/color]
Adobe Flash Player 25.0.0.148
Adobe Reader 10.1.3 [color=red][b]Adobe Reader out of Date![/b][/color]
Mozilla Firefox (53.0)
Mozilla Thunderbird (45.8.0)
Google Chrome (57.0.2987.133)
Google Chrome (SetupMetrics...)
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
WinPatrol winpatrol.exe
Oracle Java javapath AvastSvc.exe -?-
AVAST Software Avast AvastUI.exe
WinPatrol WinPatrol.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C: %
[b][u]````````````````````End of Log``````````````````````[/b][/u]

Windows 10
Motherboard MSI B85M-G43
CPU Intel i-7 4790
32Gigs RAM
Primary drive Samsung SSD
Auxiliary drive Western Digital 1TB

message edited by i_am_jim


Report •

#24
May 1, 2017 at 19:18:30
You have Avast & Avira listed in your farbar logs, you should only have one AV.

If needed, use these.

Download Avira AntiVir Removal Tool
http://www.avira.com/en/support-dow...
http://www.avira.com/en/support-for...

Avast Clear (formerly AVAST Software Uninstall Utility)
http://avast-removal-tool.com/
http://www.avast.com/uninstall-utility
http://www.bleepingcomputer.com/dow...
http://www.softpedia.com/get/Tweak/...

Good read here. I have been using MS AV's for as long as I can remember. Nice & simple, no need for so many bells & whistles.
Former Mozilla Engineer: Your Antivirus Is Poison, Remove It Now
http://news.softpedia.com/news/form...
"Specifically, O'Callahan points out that all antivirus solutions except for Microsoft’s actually do more harm on a system, as they create additional security flaws that can be exploited by attackers. He says Windows Defender is a “competent” piece of software, emphasizing that third-party security vendors do not follow their standard security practices and in the end expose users and their data."


Report •

#25
May 1, 2017 at 20:05:21
I don't know why Avira is listed. I uninstalled it some time ago because it was incompatible with some of my programs. That's when I began using Avast. I haven't heard a peep out Avira since and it doesn't appear in the Task Manager. I really hate antivirus programs because they dig there tentacles into the deepest parts of the computer and when they start doing the wrong things they're a bitch to root out.

Windows 10
Motherboard MSI B85M-G43
CPU Intel i-7 4790
32Gigs RAM
Primary drive Samsung SSD
Auxiliary drive Western Digital 1TB


Report •

#26
May 1, 2017 at 20:22:15
"I don't know why Avira is listed"
Maybe because you didn't use their uninstaller & it is only partially uninstalled.

Report •

#27
May 2, 2017 at 13:33:56
Thank you for all the effort you put into this. We won't know for a few weeks if the problem is solved but hoping for the best I'm crediting you with the solution

Windows 10
Motherboard MSI B85M-G43
CPU Intel i-7 4790
32Gigs RAM
Primary drive Samsung SSD
Auxiliary drive Western Digital 1TB


Report •

#28
May 2, 2017 at 14:06:29
Just a warning, but a triple fault, which is when your PC crashes and reboots without BSOD'ing, is rarely caused by the kind of malware Johnw hunts. Sometimes it's caused by a bad driver, but most of the times it's caused by failing hardware. Make sure you have anything you need to keep backed up.

How To Ask Questions The Smart Way


Report •

#29
May 2, 2017 at 17:06:07
"We won't know for a few weeks if the problem is solved but hoping for the best I'm crediting you with the solution"
Correct, now that I have you reasonably clean ( no point in trying to fix the other possibles, until we had done so ) here are the next steps.

Test your hardware with this.

OCCT
http://www.softpedia.com/get/Tweak/...
http://www.freewarefiles.com/OCCT_p...
http://www.freewarefiles.com/screen...
http://www.ocbase.com/

"How Do I Test the Power Supply in My Computer?"
http://pcsupport.about.com/od/tools...
http://pccasegear.com/index.php?mai...
http://www.pcper.com/article.php?ai...
http://en.kioskea.net/faq/323-how-t...
Power-supply troubleshooting with a multimeter
http://articles.techrepublic.com.co...
http://www.devhardware.com/forums/p...
http://www.ochardware.com/articles/...
http://www.ochardware.com/articles/...

Learn How To Diagnose Power Supply Problems
http://www.lockergnome.com/it/2005/...
http://www.techrepublic.com/article...



Report •

#30
May 2, 2017 at 18:53:45
As I mentioned earlier:

"I changed computers recently so the motherboard, power supply and CPU are different. This problem was happening before I changed hardware. I moved the SSD and Western Digital hard drive from the old case to the new. The monitor and keyboard are also new. The mouse, USB hub, a Seagate USB drive, Canon printer, card reader and speakers are the same as before."

So it cannot be the mainboard, power supply or CPU

Windows 10
Motherboard MSI B85M-G43
CPU Intel i-7 4790
32Gigs RAM
Primary drive Samsung SSD
Auxiliary drive Western Digital 1TB


Report •

#31
May 2, 2017 at 19:05:55
"So it cannot be the mainboard, power supply or CPU"
Okay, can I have a SS of Device Manager please.


Report •

#32
May 2, 2017 at 21:38:38
Look, I don't care how much money you've thrown into this so far. If you're rebooting without BSOD'ing, and you're certain that's the case because you've disabled automatic reboot on crash, then you are looking at a horribly malfunctioning driver or malfunctioning hardware. If the operating temperatures and voltages are okay, then it's either something you haven't replaced, or you purchased faulty hardware and your bench testing missed it.

How To Ask Questions The Smart Way


Report •

#33
May 3, 2017 at 07:43:03
>Look, I don't care how much money you've thrown into this so far.

Everything has been so cordial here up to now.

Windows 10
Motherboard MSI B85M-G43
CPU Intel i-7 4790
32Gigs RAM
Primary drive Samsung SSD
Auxiliary drive Western Digital 1TB


Report •

#34
May 4, 2017 at 05:00:06
And so am I? I'm spelling out the situation as I see it, and the fact is the amount of money you've spent does not enter into the problem of "random reboot without BSOD."

How To Ask Questions The Smart Way


Report •

Ask Question