Solved Why does my computer shut down by itself?

May 10, 2018 at 07:12:06
Specs: Windows 7 Home, Intel(R) Core(TM) i7-860 quad-core processor, 6GB DDR3-1333MHz SDRAM

I have a HP Pavilion Elite HPE-150t PC with Windows 7 that I bought in 2010 and I use pretty regularly.

The computer occasionally shuts down by itself and I get a message saying that “the computer shut down to prevent physical damage to the computer…”. The computer is very slow and has got worse recently.

I was wondering if my problems are due to the fact that hard drive is 8 years old. It is a Hitachi 640GB 7200 rpm SATA 3Gb/s. If that is the case, could I replace it with a Hitachi 3TB 7200RPM 3.5" Desktop SATA III 6Gb/s Hard Drive? Should I update also the BIOS or anything else?

I need a Windows 7 computer, so I am going to keep this computer even if buy a new computer.

Many thanks


See More: Why does my computer shut down by itself?

Reply ↓  Report •

✔ Best Answer
May 28, 2018 at 01:21:53
"Of all the security software that we have installed so far, which programs should be included in the 'Start Up', once we have finished fixing my computer? And which programs I will need to run periodically, like once a month, to keep my computer clean and fast?"

Are you having any issues now?

"SUPERAntiSpyware"
Once a month. Quick scan is all that is needed.
"SpywareBlaster"
Refer post #44
"Malwarebytes"
Once a month or when you are suspicious. Quick scan is all that is needed.
"Baidu"
It will let you know.
"MSE"
Once a month or when you are suspicious. Quick scan is all that is needed.



#1
May 10, 2018 at 10:17:35
Overheating is usually the prime cause of shutdowns.

Invariably dust hath accumulated in all vents; and as this is an elderly system it's highly likely this will be a cause.

Get a can or two of compressed air and blow out all cooling vents; especially those around the power supply and on the cpu cooling fan.

Carefully check to see that the cpu cooling fan and heat sink assembly is properly adhered to the cpu; that it hasn't started to detach itself (due to the paste drying out).


Reply ↓  Report •

#2
May 10, 2018 at 11:21:01
Thanks. I will follow your instructions.

Reply ↓  Report •

#3
May 10, 2018 at 12:13:36
Here's your system info: https://support.hp.com/us-en/docume...

To add to what trvlr suggested - be sure to unplug the power cord before opening the case. Do NOT use a vacuum due to the possibility of a static discharge from the hose. Just give the insides a good blast with compressed air. You may want to use a soft bristle brush to help loosen any stubborn dust, but there's generally no need to disassemble anything.


Reply ↓  Report •

Related Solutions

#4
May 10, 2018 at 15:04:05
Excellent reminder by riider re' removing the power cord completely from a (desktop) computer...
to the computer - and active/live at the wall outlet end - and you will still have lots running around inside - even though you have switched the computer off at the front.

With a laptop you also remove the battery...

Reply ↓  Report •

#5
May 10, 2018 at 15:08:45
Another method here.

Curing Laptop/Notebook Overheating
https://www.youtube.com/watch?v=74a...


Reply ↓  Report •

#6
May 10, 2018 at 17:17:13
That model is a desktop computer.

Reply ↓  Report •

#7
May 13, 2018 at 17:41:57
Thanks to All. I thoroughly cleaned the computer following the recommendations received in this thread. However, today I got another error message during boot-up, a few seconds after typing the windows password. The computer was cold, I had not used it for at least a couple of hours.

I have a snapshot of the message, but I don't know how to attach it to this Follow Up.

In any case, it is a pretty common message that I have seen in other occasions. I summarize the message below:

Quote

A problem has been detected and Windows has been shut down to prevent damage to your computer.

If this is the first time, restart your computer. if this screen appears again, follows these steps:

- Check that you have enough disk space. (I do)

- If a driver is identified in the stop message... (I don't see any driver mentioned on the screen)

- Check with your hardware vendor for any BIOS update.......(not done this yet)

Unquote

It is to be noted that only Windows was shut down, but the computer stayed on; it rebooted either by itself or because I hit 'enter'. I don't remember now. After re-booting it works apparently ok, even if it is very slow as usual, in particular on the internet, despite the fact that I run software that is supposed to clean it up.

Any help will be appreciated. Thanks


Reply ↓  Report •

#8
May 13, 2018 at 17:54:19
"I have a snapshot of the message, but I don't know how to attach it to this Follow Up"
Upload it to a site of your choosing & give us the link.

message edited by Johnw


Reply ↓  Report •

#9
May 13, 2018 at 17:57:49
"despite the fact that I run software that is supposed to clean it up"

Step 1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
https://toolslib.net/downloads/view...
Tutorial
http://general-changelog-team.fr/en...
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click Scan
In the results tabs, uncheck anything you don't want to remove.
Click on Cleaning.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You also can find the logfile at C:\AdwCleaner [C1 or later].txt as well.
http://i.imgur.com/r3PoAEG.gif

Step2: Run Malwarebytes Anti-Malware ( MBAM ) Use Threat Scan.
http://www.softpedia.com/get/Antivi...
http://www.freewarefiles.com/Malwar...
http://www.freewarefiles.com/screen...
http://www.malwarebytes.org/downloads/
Forum
http://www.malwarebytes.org/forums/
After the Free trial, I choose this.
http://fs5.directupload.net/images/...
You then get this screen.
http://fs5.directupload.net/images/...
Or,
Deactivate Malwarebytes for Windows Premium Trial
https://support.malwarebytes.com/do...
At the end of a scan, you will get something like this.
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
After clicking on > View Report & then > Export. Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

message edited by Johnw


Reply ↓  Report •

#10
May 13, 2018 at 18:30:14
Is this laptop still using the original Harddisk?
Also other hardware can cause this kind of events.

Try to generate a health report:
https://www.techsupportalert.com/co...

If the report does not list any serious issues then perhaps a software anti-malware/virus check should be run.


Reply ↓  Report •

#11
May 13, 2018 at 21:06:48

Reply ↓  Report •

#12
May 14, 2018 at 15:55:33
Thanks to All. I will try to answer all the comments and suggestions:

The computer is a tower computer. The model name is HP Pavilion Elite HPE-150t CTO Desktop PC. It looks almost identical to the computer shown in the photo posted by Riider.

I ran Adxcleaner and following are the contents of the text file that was generated:

Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build: 04-27-2018
# Database: 2018-05-14.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-14-2018
# Duration: 00:00:13
# OS: Windows 7 Home Premium
# Cleaned: 51
# Failed: 0


***** [ Services ] *****

Deleted WinZip Smart Monitor Service

***** [ Folders ] *****

Deleted C:\Program Files\WinZip Smart Monitor
Deleted C:\ProgramData\WinZip\WinZip Smart Monitor
Deleted C:\Users\Filippo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Premium

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\myway.com
Deleted HKCU\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\freelocalweather.dl.myway.com
Deleted HKCU\Software\Classes\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
Deleted HKU\S-1-5-18\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
Deleted HKCU\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
Deleted HKU\S-1-5-20\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
Deleted HKU\S-1-5-19\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
Deleted HKU\.DEFAULT\Software\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
Deleted HKLM\Software\Wow6432Node\APPDATALOW\SOFTWARE\AMAZON\Amazon1ButtonApp
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Amazon1ButtonTaskbarApp.exe
Deleted HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Amazon1ButtonTaskbarApp.exe
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\Amazon Assistant Service
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.banggood.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\banggood.com
Deleted HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{981b174d-7733-4e7f-b89d-6545a7c21838}
Deleted HKLM\Software\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}
Deleted HKLM\Software\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Deleted HKLM\Software\Classes\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8}
Deleted HKLM\Software\Classes\Interface\{8FD65019-BF09-45DA-AD81-E95AE911F1FD}
Deleted HKLM\Software\Classes\Interface\{7F124846-5453-4BB8-A41D-E11481FFC9DF}
Deleted HKLM\Software\Classes\Interface\{371AD4A5-1520-4AA2-A8A4-F9AD3BAC6957}
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ttdetect.staticimgfarm.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ttdetect.staticimgfarm.com
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\staticimgfarm.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\yoursearchmat.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ww1.b7d6b.yoursearchmat.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\productmanualsfinder.dl.tb.ask.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\pdfconverterhq.dl.tb.ask.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nortonsafe.search.ask.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myimageconverter.dl.tb.ask.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\gostudyhq.dl.tb.ask.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\fromdoctopdf.dl.tb.ask.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\atozmanuals.dl.tb.ask.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\freelocalweather.dl.tb.ask.com
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.solvusoft.com
Deleted HKCU\Software\Microsoft\Internet Explorer\DOMStorage\solvusoft.com
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\hathitrust.org
Deleted HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\catalog.hathitrust.org
Deleted HKCU\Software\Sunisoft
Deleted HKLM\Software\Wow6432Node\Sunisoft

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted Ask
Deleted Ask Search
Deleted AOL

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

I was not able to generate the computer health report. The instructions call for going to Control Panel, selecting System and Security, under “System” selecting “Check the Windows Experience Index”. But in my Windows 7 Home I have System and not System and Security, and under System there is no Check the Windows Experience Index.

I noticed that if I put my hand over the 2 fans at the back of my computer, there is very little air coming out. Is this normal? When I opened the case, I did not run the computer. So I can't tell how fast the fans are spinning.

The uncommanded shut-offs are now occurring more frequently.

Thanks


Reply ↓  Report •

#13
May 14, 2018 at 16:20:38
"I ran Adxcleaner and following are the contents of the text file that was generated:"
You certainly have a lot of problems in that area, I will wait for the Malwarebytes log as per Step2:

message edited by Johnw


Reply ↓  Report •

#14
May 14, 2018 at 16:29:13
"The uncommanded shut-offs are now occurring more frequently"
Fans should be spinning at a rate, that they are a blur. Use a torch to check the power supply & have the cover off for the others.

Information about cleaning computer components
https://www.technibble.com/computer...
http://www.computerhope.com/cleanin...
http://www.bleepingcomputer.com/tut...
http://www.brighthub.com/computing/...
http://pcgyaan.wordpress.com/2009/0...


Reply ↓  Report •

#15
May 14, 2018 at 16:37:43
"torch" = Flashlight for those west of the Atlantic Ocean (do not use a propane torch, kind of overkill).

You have to be a little bit crazy to keep you from going insane.


Reply ↓  Report •

#16
May 15, 2018 at 09:17:00
Thanks.

I was able to determine that 2 fans are working. I plan on opening the case and checking the third fan (I believe it is on the CPU) later today or tomorrow.

WINDOXS EXPERIENCE INDEX

Windows Experience Index (1 .0 to 7.9)
Processor Calculations per second 7.5
Memory (RAM) memory operations per second 7.5
Graphics Desktop performance for Windows Aero 6.5
Gaming Graphics 3D business and gaming performance 6.1
Primary hard disk Data Transfer 5.9

Base score determined by lowest subscore: 5.9


Performance Information and Tools Page 1 of 2
Print this page
More details about my computer

Component Details Subscore Base score
Processor Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz Memory (RAM) 6.00 GB Graphics NVIDIA GeForce GT 220 Gaming graphics 3819 MB Total available graphics memory Primary hard disk 90GB Free (584GB Total) 7.5 7.5 6.5 6.5 5.9 5.9 Determined by lowest subscore
Windows 7 Home Premium

System
Manufacturer HP-Pavilion
Model BN474AV-ABA HPE-150t
Total amount of system memory 6.00 GB RAM
System type 64-bit operating system
Number of processor cores 4
Storage
Total size of hard disk(s) 2459 GB
Disk partition (C:) 90 GB Free (584 GB Total)
Disk partition (D:) 2 GB Free (12 GB Total)
Media drive (E:) CD/DVD
Disk partition (G:) 964 GB Free (1863 GB Total)
Graphics
Display adapter type NVIDIA GeForce GT 220
Total available graphics memory 3819 MB
Dedicated graphics memory 1024 MB
Dedicated system memory 0 MB
Shared system memory 2795 MB
Display adapter driver version 9.18.13.4174
Primary monitor resolution 1440x900
Secondary monitor resolution 1366x768
DirectX version DirectX 10
Network
Network Adapter Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Notes

The gaming graphics score is based on the primary graphics adapter. If this system has linked or multiple
file:///C:/Users/Filippo/AppData/Local/Temp/PrintPreview.hta
5/15/2018
Performance Information and Tools Page 2 of 2
graphics adapters, some software applications may see additional performance benefits.
file:///C:/Users/Filippo/AppData/Local/Temp/PrintPreview.hta

END OF WINDOWS EXPERIENCE INDEX

STEP 2 MALWAREBYTES

Log file is shown below. Could somebody kindly let me know what I should do with the 44 quarantined threats? Thanks


Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/15/18
Scan Time: 9:38 AM
Log File: 92488a92-584d-11e8-b5e2-406186e9bbc7.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.365
Update Package Version: 1.0.5112
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Filippo-PC\Filippo

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 333746
Threats Detected: 44
Threats Quarantined: 44
Time Elapsed: 12 min, 3 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 7
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\Amazon1ButtonBrowserHelper.dll, Quarantined, [3096], [468987],1.0.5112
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\Amazon1ButtonRuntime.dll, Quarantined, [3096], [468987],1.0.5112
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\Amazon1ButtonBrowserHelper.dll, Quarantined, [3096], [468987],1.0.5112
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\Amazon1ButtonRuntime.dll, Quarantined, [3096], [468987],1.0.5112
PUP.Optional.MindSpark.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PackageTracking_dhbar Uninstall Internet Explorer, Quarantined, [1681], [477826],1.0.5112
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\APPID\Amazon1ButtonBrowserHelper.dll, Quarantined, [3096], [468987],1.0.5112
PUP.Optional.Amazon1Button, HKLM\SOFTWARE\CLASSES\APPID\Amazon1ButtonRuntime.dll, Quarantined, [3096], [468987],1.0.5112

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 12
PUP.Optional.Spigot.Generic, C:\USERS\FILIPPO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\pfcgadibmbkbbhkakhopjfkacbbjjiia, Quarantined, [226], [454579],1.0.5112
PUP.Optional.Spigot.Generic, C:\Users\Filippo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfcgadibmbkbbhkakhopjfkacbbjjiia\1.8_0\_locales\en, Quarantined, [226], [454579],1.0.5112
PUP.Optional.Spigot.Generic, C:\Users\Filippo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfcgadibmbkbbhkakhopjfkacbbjjiia\1.8_0\html\popup, Quarantined, [226], [454579],1.0.5112
PUP.Optional.Spigot.Generic, C:\Users\Filippo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfcgadibmbkbbhkakhopjfkacbbjjiia\1.8_0\_metadata, Quarantined, [226], [454579],1.0.5112
PUP.Optional.Spigot.Generic, C:\Users\Filippo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfcgadibmbkbbhkakhopjfkacbbjjiia\1.8_0\js\popup, Quarantined, [226], [454579],1.0.5112
PUP.Optional.Spigot.Generic, C:\Users\Filippo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfcgadibmbkbbhkakhopjfkacbbjjiia\1.8_0\_locales, Quarantined, [226], [454579],1.0.5112
PUP.Optional.Spigot.Generic, C:\Users\Filippo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfcgadibmbkbbhkakhopjfkacbbjjiia\1.8_0\newtab, Quarantined, [226], [454579],1.0.5112
PUP.Optional.Spigot.Generic, C:\Users\Filippo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfcgadibmbkbbhkakhopjfkacbbjjiia\1.8_0\html, Quarantined, [226], [454579],1.0.5112
PUP.Optional.Spigot.Generic, C:\Users\Filippo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfcgadibmbkbbhkakhopjfkacbbjjiia\1.8_0\css, Quarantined, [226], [454579],1.0.5112
PUP.Optional.Spigot.Generic, C:\Users\Filippo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfcgadibmbkbbhkakhopjfkacbbjjiia\1.8_0\js, Quarantined, [226], [454579],1.0.5112
PUP.Optional.Spigot.Generic, C:\Users\Filippo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfcgadibmbkbbhkakhopjfkacbbjjiia\1.8_0, Quarantined, [226], [454579],1.0.5112
PUP.Optional.Spigot.Generic, C:\USERS\FILIPPO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PFCGADIBMBKBBHKAKHOPJFKACBBJJIIA, Quarantined, [226], [454579],1.0.5112

File: 25
PUP.Optional.Spigot.Generic, C:\Users\Filippo\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pfcgadibmbkbbhkakhopjfkacbbjjiia\000003.log, Quarantined, [226], [454579],1.0.5112
PUP.Optional.Spigot.Generic, C:\Users\Filippo\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pfcgadibmbkbbhkakhopjfkacbbjjiia\CURRENT, Quarantined, [226], [454579],1.0.5112
PUP.Optional.Spigot.Generic, C:\Users\Filippo\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pfcgadibmbkbbhkakhopjfkacbbjjiia\LOCK, Quarantined, [226], [454579],1.0.5112
PUP.Optional.Spigot.Generic, C:\Users\Filippo\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pfcgadibmbkbbhkakhopjfkacbbjjiia\LOG, Quarantined, [226], [454579],1.0.5112
PUP.Optional.Spigot.Generic, C:\Users\Filippo\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pfcgadibmbkbbhkakhopjfkacbbjjiia\LOG.old, Quarantined, [226], [454579],1.0.5112
PUP.Optional.Spigot.Generic, C:\Users\Filippo\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pfcgadibmbkbbhkakhopjfkacbbjjiia\MANIFEST-000001, Quarantined, [226], [454579],1.0.5112
PUP.Optional.Spigot.Generic, C:\USERS\FILIPPO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [226], [454579],1.0.5112
PUP.Optional.Spigot.Generic, C:\USERS\FILIPPO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [226], [454579],1.0.5112
PUP.Optional.Spigot.Generic, C:\USERS\FILIPPO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Replaced, [226], [454579],1.0.5112
PUP.Optional.Spigot.Generic, C:\USERS\FILIPPO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PFCGADIBMBKBBHKAKHOPJFKACBBJJIIA\1.8_0\CHROMERESTORE.JS, Quarantined, [226], [454579],1.0.5112
PUP.Optional.Spigot.Generic, C:\Users\Filippo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfcgadibmbkbbhkakhopjfkacbbjjiia\1.8_0\css\description.css, Quarantined, [226], [454579],1.0.5112
PUP.Optional.Spigot.Generic, C:\Users\Filippo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfcgadibmbkbbhkakhopjfkacbbjjiia\1.8_0\css\popup.css, Quarantined, [226], [454579],1.0.5112
PUP.Optional.Spigot.Generic, C:\Users\Filippo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfcgadibmbkbbhkakhopjfkacbbjjiia\1.8_0\html\popup\description.html, Quarantined, [226], [454579],1.0.5112
PUP.Optional.Spigot.Generic, C:\Users\Filippo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfcgadibmbkbbhkakhopjfkacbbjjiia\1.8_0\html\popup\popup.html, Quarantined, [226], [454579],1.0.5112
PUP.Optional.Spigot.Generic, C:\Users\Filippo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfcgadibmbkbbhkakhopjfkacbbjjiia\1.8_0\js\popup\popup.js, Quarantined, [226], [454579],1.0.5112
PUP.Optional.Spigot.Generic, C:\Users\Filippo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfcgadibmbkbbhkakhopjfkacbbjjiia\1.8_0\js\userNewTab.js, Quarantined, [226], [454579],1.0.5112
PUP.Optional.Spigot.Generic, C:\Users\Filippo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfcgadibmbkbbhkakhopjfkacbbjjiia\1.8_0\newtab\quicktab.html, Quarantined, [226], [454579],1.0.5112
PUP.Optional.Spigot.Generic, C:\Users\Filippo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfcgadibmbkbbhkakhopjfkacbbjjiia\1.8_0\_locales\en\messages.json, Quarantined, [226], [454579],1.0.5112
PUP.Optional.Spigot.Generic, C:\Users\Filippo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfcgadibmbkbbhkakhopjfkacbbjjiia\1.8_0\_metadata\computed_hashes.json, Quarantined, [226], [454579],1.0.5112
PUP.Optional.Spigot.Generic, C:\Users\Filippo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfcgadibmbkbbhkakhopjfkacbbjjiia\1.8_0\_metadata\verified_contents.json, Quarantined, [226], [454579],1.0.5112
PUP.Optional.Spigot.Generic, C:\Users\Filippo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfcgadibmbkbbhkakhopjfkacbbjjiia\1.8_0\after.js, Quarantined, [226], [454579],1.0.5112
PUP.Optional.Spigot.Generic, C:\Users\Filippo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfcgadibmbkbbhkakhopjfkacbbjjiia\1.8_0\background.js, Quarantined, [226], [454579],1.0.5112
PUP.Optional.Spigot.Generic, C:\Users\Filippo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfcgadibmbkbbhkakhopjfkacbbjjiia\1.8_0\contentscript.js, Quarantined, [226], [454579],1.0.5112
PUP.Optional.Spigot.Generic, C:\Users\Filippo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfcgadibmbkbbhkakhopjfkacbbjjiia\1.8_0\icon.png, Quarantined, [226], [454579],1.0.5112
PUP.Optional.Spigot.Generic, C:\Users\Filippo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfcgadibmbkbbhkakhopjfkacbbjjiia\1.8_0\manifest.json, Quarantined, [226], [454579],1.0.5112

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

END OF MALWAREBYTES


I use FLIPDRIVE to upload files to the clouds, but it requires an email address to give access to the files to somebody else. Does the forum have an e-mail address that could be used for this purpose? Or is there another free service that does not require an e-mail address that I should use to give access to files to other Forum members? Thanks


Reply ↓  Report •

#17
May 15, 2018 at 15:55:09
"free service that does not require an e-mail address that I should use to give access to files to other Forum members?"
Yes, as per below.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt) on the Desktop.
The logs are large, upload them using one of these. No time delays/Captcha-I'm not a Robot/account/registration needed. Give us the links please.
http://www.fileconvoy.com/index.php


Reply ↓  Report •

#18
May 15, 2018 at 15:58:18
" I plan on opening the case and checking the third fan (I believe it is on the CPU) later today or tomorrow"
The CPU & the PSU are the 2 main culprits for being blocked with dust.

message edited by Johnw


Reply ↓  Report •

#19
May 15, 2018 at 16:02:48
"Log file is shown below. Could somebody kindly let me know what I should do with the 44 quarantined threats?"
They can be deleted.

Reply ↓  Report •

#20
May 15, 2018 at 18:49:21
Following is the link for retrieving the files after the scan

http://www.fileconvoy.com/dfl.php?i...

The following line is from the aforementioned files:

(Free-Software-Forever.com) C:\fsf\magnibar\magnibar.exe

This 'magnibar' has produced occasionally strange pop-ups on my computer that I have not been able to stop

All three fans are working properly

Thanks


Reply ↓  Report •

#21
May 15, 2018 at 20:40:39
Copy & Paste the text in Blue below & save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

CreateRestorePoint:
emptytemp:
closeprocesses:
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\S-1-5-21-3430972549-1548692498-3268638820-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=retail&geo=US&ver=22.14.0.54&locale=en_US&guid=E5F67E2D-9C5A-4B1F-A811-9B79FA1CB29C&doi=2016-09-01&gct=kwd&qsrc=2869
FF Homepage: Mozilla\Firefox\Profiles\frgoxgav.default -> hxxp://www.msn.com/?pc=SK2H&ocid=SK2HDHP&osmkt=en-us
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.14.0.54\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.14.0.54\Exts\Chrome.crx <not found>
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - \Microsoft\Windows\Time Synchronization\SynchronizeTime -> No File <==== ATTENTION
Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - \Microsoft\Windows\Tcpip\IpAddressConflict1 -> No File <==== ATTENTION
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - \Microsoft\Windows\Tcpip\IpAddressConflict2 -> No File <==== ATTENTION
Task: {0C95E593-4ED3-406A-8E10-D5513E47180E} - \Microsoft\Windows\SideShow\SystemDataProviders -> No File <==== ATTENTION
Task: {11A7CD8E-9399-40E8-9BC3-9ACD54567449} - \Microsoft\Windows\Media Center\PeriodicScanRetry -> No File <==== ATTENTION
Task: {1432BD6B-699E-4AF4-AD47-7466A1E5FBAA} - \Microsoft\Windows\Media Center\ConfigureInternetTimeService -> No File <==== ATTENTION
Task: {16E936C9-FC50-4EAA-8248-12E43EFE0D4B} - \Microsoft\Windows\Media Center\OCURActivate -> No File <==== ATTENTION
Task: {1F7B7221-AE8F-44F3-BA82-F7D260F51964} - \Microsoft\Windows\Task Manager\Interactive -> No File <==== ATTENTION
Task: {2470470F-2634-478E-B181-571E98A789BB} - \Microsoft\Windows\Multimedia\SystemSoundsService -> No File <==== ATTENTION
Task: {27527A57-37C2-4AB3-ABC6-A3638517869B} - \Microsoft\Windows\Media Center\InstallPlayReady -> No File <==== ATTENTION
Task: {28011108-68DF-4C73-B91B-57427D501BBA} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual) -> No File <==== ATTENTION
Task: {28C0BD4C-7640-440F-B1CF-B82D2BCAC35A} - \Microsoft\Windows\Media Center\SqlLiteRecoveryTask -> No File <==== ATTENTION
Task: {2A54BC7B-88CF-44C5-93DF-9DA62A8AB641} - \Microsoft\Windows\Media Center\mcupdate_scheduled -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {32A7C8DA-36AB-4B33-BC04-DEDC746C9324} - \Apple\AppleSoftwareUpdate -> No File <==== ATTENTION
Task: {35102896-C864-47D2-A12A-E1CC7A2409E7} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4} - \Microsoft\Windows\Customer Experience Improvement Program\UsbCeip -> No File <==== ATTENTION
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - \Microsoft\Windows\Shell\WindowsParentalControlsMigration -> No File <==== ATTENTION
Task: {4C8B01A2-11FF-4C41-848F-508EF4F00CF7} - \Microsoft\Windows\TextServicesFramework\MsCtfMonitor -> No File <==== ATTENTION
Task: {52EE3181-DDB2-4D2D-82CE-9A8308895FA9} - \Microsoft\Windows\Media Center\DispatchRecoveryTasks -> No File <==== ATTENTION
Task: {558E11D5-AE55-408E-BBE1-319C8CD00088} - \Microsoft\Windows\Media Center\PBDADiscoveryW1 -> No File <==== ATTENTION
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - \Microsoft\Windows\UPnP\UPnPHostConfig -> No File <==== ATTENTION
Task: {5B05935D-B16A-4E57-8FBC-BA456F6FC5F9} - \Microsoft\Windows\Media Center\RegisterSearch -> No File <==== ATTENTION
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - \Microsoft\Windows\Shell\WindowsParentalControls -> No File <==== ATTENTION
Task: {5C0AEEEA-C154-45BE-8499-BEA5F11BAFF6} - \Microsoft\Windows\Defrag\ScheduledDefrag -> No File <==== ATTENTION
Task: {5D4A8D79-8514-4ADB-AE45-C2D638BC9D6D} - \Microsoft\Windows\Media Center\OCURDiscovery -> No File <==== ATTENTION
Task: {5F5A18EB-DC73-4E45-A11C-B59043598412} - \Microsoft\Windows\CertificateServicesClient\SystemTask -> No File <==== ATTENTION
Task: {613612BA-897D-44CE-8DC1-8FC283F9FD51} - \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) -> No File <==== ATTENTION
Task: {61F7AF1E-4795-4D86-A341-726215DE0D2B} - \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task -> No File <==== ATTENTION
Task: {65633773-94A2-42E8-9EC4-471F7C352D30} - \AdobeAAMUpdater-1.0-Charles-PC-Charles -> No File <==== ATTENTION
Task: {6738BA6E-EA75-4B6B-B8B8-71F0336DD8EF} - \Microsoft\Windows\User Profile Service\HiveUploadTask -> No File <==== ATTENTION
Task: {693B6B2B-7C09-4DF6-93E7-95720A0EEDAD} - \{C8BDE039-C7EA-43B9-BAAB-89A6BAFD7412} -> No File <==== ATTENTION
Task: {6A747BD2-8964-4E82-8B63-509D0650B69E} - \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser -> No File <==== ATTENTION
Task: {6B141B32-D7D2-4778-ADC2-A660A0A98C1A} - \Microsoft\Office\Office 15 Subscription Heartbeat -> No File <==== ATTENTION
Task: {6F3A4F2E-712C-49C6-8292-02FFE20EA0FC} - \Microsoft\Office\OfficeTelemetryAgentLogOn -> No File <==== ATTENTION
Task: {6F4F8AAB-18BA-4BD8-9B6C-9CE087D03926} - \Microsoft\Windows\Wininet\CacheTask -> No File <==== ATTENTION
Task: {70F5AB8A-7537-4E3F-8208-3D4CC2672CCF} - \Microsoft\Windows\Media Center\StartRecording -> No File <==== ATTENTION
Task: {72DB7465-BC54-491B-A92A-4637A28C9BBF} - \Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck -> No File <==== ATTENTION
Task: {72F7BF68-A9D7-43EF-90F7-5DC1FD7BF2DB} - \Microsoft\Windows\Media Center\ActivateWindowsSearch -> No File <==== ATTENTION
Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - \Microsoft\Windows\Windows Media Sharing\UpdateLibrary -> No File <==== ATTENTION
Task: {7AFCC0CA-7121-422A-AB45-B0E8D599FF08} - \Microsoft\Windows\CertificateServicesClient\UserTask -> No File <==== ATTENTION
Task: {81540B9F-B5BF-47EB-9C95-BE195BF2C664} - \Microsoft\Windows\NetTrace\GatherNetworkInfo -> No File <==== ATTENTION
Task: {82B81947-22EA-449A-A52E-811FBE2D7C2A} - \{2E70D368-CC95-4985-B038-D60BE18B247D} -> No File <==== ATTENTION
Task: {83F65BF7-DFB8-4B54-B270-14FA2AACCB24} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {846C000E-03F0-49C5-97B9-9A93DA5E1FC9} - \Microsoft\Windows\Media Center\ehDRMInit -> No File <==== ATTENTION
Task: {8829A9AF-F898-41B3-8F35-ED8F45EC9AF0} - \Microsoft\Windows\Media Center\RecordingRestart -> No File <==== ATTENTION
Task: {898F93F8-29DF-4BA4-843F-75B40175FD41} - \Microsoft\Windows\Media Center\PBDADiscovery -> No File <==== ATTENTION
Task: {9435F817-FED2-454E-88CD-7F78FDA62C48} - \Microsoft\Windows\WDI\ResolutionHost -> No File <==== ATTENTION
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - \Microsoft\Windows\SystemRestore\SR -> No File <==== ATTENTION
Task: {9979CB83-103A-4105-9E5D-C74B0AF6D198} - \Microsoft\Windows\CertificateServicesClient\UserTask-Roam -> No File <==== ATTENTION
Task: {A0473057-C741-4DDA-B306-6F624806639C} - \Microsoft\Windows\Media Center\PvrRecoveryTask -> No File <==== ATTENTION
Task: {A35BB7A6-5F0C-4C9F-8450-2B3BED532D51} - \Microsoft\Windows\WindowsColorSystem\Calibration Loader -> No File <==== ATTENTION
Task: {A48CABBF-24C8-4B87-B00F-9261807C3B43} - \Microsoft\Windows\AppID\PolicyConverter -> No File <==== ATTENTION
Task: {A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D} - \Microsoft\Windows\Location\Notifications -> No File <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {AC668097-4D6B-4093-AC14-014C09DBF820} - \Microsoft\Windows\Ras\MobilityManager -> No File <==== ATTENTION
Task: {AD54A7E7-E01A-4DFC-A124-D1ABC2CBA9FA} - \Microsoft\Windows\SideShow\AutoWake -> No File <==== ATTENTION
Task: {B071083C-4566-4D4D-8FE7-2F9C23F1734D} - \User_Feed_Synchronization-{5D4D0743-6DF4-4398-9EA3-E855E214507F} -> No File <==== ATTENTION
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor -> No File <==== ATTENTION
Task: {B4D8E12F-95E3-40AD-B545-D85891A3BD5E} - \Microsoft\Windows\SideShow\GadgetManager -> No File <==== ATTENTION
Task: {B804653D-AF59-42B4-97FA-D196AF0F4EBA} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector -> No File <==== ATTENTION
Task: {BE669C13-8165-4536-96D0-6D6C39292AAE} - \Microsoft\Windows\Diagnosis\Scheduled -> No File <==== ATTENTION
Task: {C016366B-7126-46CA-B36B-592A3D95A60B} - \Microsoft\Windows\Customer Experience Improvement Program\Consolidator -> No File <==== ATTENTION
Task: {C11F87C9-E9DD-4005-9EED-292C1B2CE619} - \Microsoft\Windows\SideShow\SessionAgent -> No File <==== ATTENTION
Task: {C47B2DF0-BC59-4953-8969-87D1E7604A70} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask -> No File <==== ATTENTION
Task: {C5762AE4-2662-408B-87D2-C57CF3EDE2F0} - \Microsoft\Windows\Media Center\ReindexSearchRoot -> No File <==== ATTENTION
Task: {CA4B8FF2-A4D2-4D88-A52E-3A5BDAF7F56E} - \Microsoft\Windows\Registry\RegIdleBackup -> No File <==== ATTENTION
Task: {CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186} - \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask -> No File <==== ATTENTION
Task: {CCC2B3F1-C8EE-4B2A-B4B1-F639063E9D0D} - \Microsoft\Windows\Media Center\PBDADiscoveryW2 -> No File <==== ATTENTION
Task: {CDEA96E2-B59A-47B5-88D7-28000333BADA} - \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {D0250F3F-6480-484F-B719-42F659AC64D5} - \Microsoft\Windows\Windows Error Reporting\QueueReporting -> No File <==== ATTENTION
Task: {D2086A0E-1BD6-4289-926D-B14F27E57410} - \Microsoft\Office\OfficeTelemetryAgentFallBack -> No File <==== ATTENTION
Task: {D54E024E-030D-455E-9F1C-4CAB3F5C7F82} - \Microsoft\Windows\Media Center\PvrScheduleTask -> No File <==== ATTENTION
Task: {D7B6E81D-3CF4-432C-84D2-24213F4316E6} - \Microsoft\Windows\Autochk\Proxy -> No File <==== ATTENTION
Task: {D81841A1-5605-4E58-99ED-D61C73BFD6C2} - \Microsoft\Windows\MobilePC\HotStart -> No File <==== ATTENTION
Task: {DA41DE71-8431-42FB-9DB0-EB64A961DEAD} - \Microsoft\Windows\Maintenance\WinSAT -> No File <==== ATTENTION
Task: {DD3AD79B-E8DA-41B7-A039-9702AD5413A7} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask -> No File <==== ATTENTION
Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - \Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange -> No File <==== ATTENTION
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - \Microsoft\Windows\Bluetooth\UninstallDeviceTask -> No File <==== ATTENTION
Task: {E684CFB9-30E7-4485-BD41-659035D4B076} - \{DC909821-D336-4CE0-8824-2CEF44625ED5} -> No File <==== ATTENTION
Task: {EACA24FF-236C-401D-A1E7-B3D5267B8A50} - \Microsoft\Windows\RAC\RacTask -> No File <==== ATTENTION
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove -> No File <==== ATTENTION
Task: {EFA95B80-B3EA-41B6-855E-4804D441EAB8} - \Microsoft\Windows\Application Experience\ProgramDataUpdater -> No File <==== ATTENTION
Task: {F5F62E74-0BBA-4A3A-87B5-4E303A32F16D} - \G2MUpdateTask-S-1-5-21-3430972549-1548692498-3268638820-1001 -> No File <==== ATTENTION
Task: {F886658C-9125-4EC5-A40D-8BCA607D337E} - \{4641136A-9CAF-4325-A544-0F4A075041D6} -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {FA7285C2-AE79-4D8F-B8F2-480F26758E0E} - \Microsoft\Windows\Media Center\UpdateRecordPath -> No File <==== ATTENTION
Task: {FA79DC51-3628-4D12-A41C-103DD9B95370} - \G2MUploadTask-S-1-5-21-3430972549-1548692498-3268638820-1001 -> No File <==== ATTENTION
Task: {FB3C354D-297A-4EB2-9B58-090F6361906B} - \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem -> No File <==== ATTENTION
Task: {FBA5056F-81A6-4160-88E5-760EE5467D46} - \Microsoft\Windows\Media Center\mcupdate -> No File <==== ATTENTION
Task: {FDD56C73-F0D5-41B6-B767-6EFFD7966428} - \Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask -> No File <==== ATTENTION
AlternateDataStreams: C:\Windows:AstInfo [0]
AlternateDataStreams: C:\Windows:nlsPreferences [386]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
(Free-Software-Forever.com) C:\fsf\magnibar\magnibar.exe

Open FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.
Refer these SS if needed.
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...


Reply ↓  Report •

#22
May 15, 2018 at 21:14:48
A couple of questions:

I had made minor modifications to the 2 files after the scan for privacy reasons. Will the fix still be safe to use and will it still work?

The first 2 SS at the end of your post seem identical to me.

Thanks


Reply ↓  Report •

#23
May 15, 2018 at 21:23:06
"I had made minor modifications to the 2 files after the scan for privacy reasons. Will the fix still be safe to use and will it still work?"
Yep.

"The first 2 SS at the end of your post seem identical to me"
You're right, thanks.

message edited by Johnw


Reply ↓  Report •

#24
May 16, 2018 at 06:33:39
Fixlog file uploaded.
Computer seems to be working normally after rebooting

Reply ↓  Report •

#25
Reply ↓  Report •

#26
May 16, 2018 at 07:21:38
http://www.fileconvoy.com/dfl.php?i...

This is the link for fixlog file. Sorry for the incomplete link in the previous post.


Reply ↓  Report •

#27
May 16, 2018 at 15:13:41
"Sorry for the incomplete link in the previous post"
No problem.

Got to go out in 1 & 1/2 hrs. I'm here.
https://www.timeanddate.com/worldcl...

Here is your next step.

Download ComboFix onto your Desktop & then run. If your default download location is not the Desktop, drag it out of it's location onto the Desktop. ComboFix's log should be located at C:\COMBOFIX.TXT
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
Upload the log.

message edited by Johnw


Reply ↓  Report •

#28
May 16, 2018 at 22:07:40
Thanks
Combofix.txt is at:
http://www.fileconvoy.com/dfl.php?i...

Reply ↓  Report •

#29
May 16, 2018 at 22:40:33
Extract from the Fixlog
"C:\fsf\magnibar\magnibar.exe => Could not close process"
I think I got the registry side fixed, check it for me please, info in the link below.
Also, click on Uninstall in the link, to see if it is still on C drive.
http://www.system-tray-cleaner.com/...

Reply ↓  Report •

#30
May 17, 2018 at 05:07:50
The computer seems to run faster, but not all the times.

Magnibar still appears in the list of all programs when I click on the Windows icon in the left bottom corner of the screen.

I followed your instructions and following is a link to the System Tray Cleaner output snapshot files:

http://www.fileconvoy.com/dfl.php?i...

I got one more unexpected Windows shutdown. Following is a link to the snapshots of the message that Windows provided after recovery.

http://www.fileconvoy.com/dfl.php?i...

Thanks


Reply ↓  Report •

#31
May 17, 2018 at 06:04:27
Best we deal with Magnibar first.

My post #29
"check it for me please, info in the link below"
1: Did you?
Put Magnibar into regedit search, is another way. Delete all references.
2: Also, click on Uninstall in the link, to see if it is still on C drive
Did you? I'm not sure if your SS are after doing so.
https://i.imgur.com/gwpYMr8.gif


Reply ↓  Report •

#32
May 17, 2018 at 10:19:42
Yes, I clicked on 'Uninstall' and at that point I was prompted to download and install the System Tray Cleaner, which I did. Then I took the SS. I am not sure about what is Step #1 in your message #31. What did I have to do before clicking on Uninstall? If you send new instructions, please note that the System Tray Cleaner is now already installed.

Using regedit will require backing up the registry, I suppose.


Reply ↓  Report •

#33
May 17, 2018 at 15:11:55
"What did I have to do before clicking on Uninstall?"
Go into the registry & remove any references to > Magnibar

"Using regedit will require backing up the registry"
It cannot do any harm, it's called Export in regedit.

Then put Magnibar into regedit search, is another way. Delete all references.
After deleting the first one, click Next..

Learn How to Use the Windows Registry Editor (Regedit) in One Easy Lesson
http://www.techsupportalert.com/con...


Reply ↓  Report •

#34
May 17, 2018 at 15:58:11
I will come back after removing the references to Magnibar. Thanks

Reply ↓  Report •

#35
May 17, 2018 at 16:47:54
Ok, going out in an hour.

Reply ↓  Report •

#36
May 17, 2018 at 17:42:40
Next step.
Run SlimDrivers, don't install anything, upload SS of everything it finds.
http://www.softpedia.com/get/System...
http://i.imgur.com/iXZx7kX.gif
https://i.imgur.com/HOZCdpJ.gif
https://i.imgur.com/MgxvPFH.gif
https://i.imgur.com/pN6WgJH.gif

Reply ↓  Report •

#37
May 18, 2018 at 09:52:50
I have not yet done the SlimDrivers. I did the Registry. I found only one 'Magnibar'; it was under HKEYCURRENT USER, Software, Addictive Software. I deleted Magnibar, but I left Addictive Software.
I then rebooted. Magnibar was still in the list of programs.

I will come back soon with the
Slimdrivers


Reply ↓  Report •

#38
May 18, 2018 at 10:15:04
Following is the link with the output of SlimDrivers. At the beginning of Post#36 you asked for not installing anything, but in the SS you were saying to download the drivers that I wanted. I was not too sure about what to do, so for the moment I did not download any drivers. Also I wouldn't know which drivers to update and which ones to ignore. Could you please give me directions? Thanks

Reply ↓  Report •

#39
May 18, 2018 at 11:14:46
"I was not too sure about what to do, so for the moment I did not download any drivers"
Correct, for now, just the SS.

Reply ↓  Report •

#40
May 18, 2018 at 14:32:38
http://www.fileconvoy.com/dfl.php?i...

Sorry. I forgot to include the link in my previous post.


Reply ↓  Report •

#41
May 18, 2018 at 15:53:56
Ok, you can proceed, start at the top, do one at a time & reboot after each install, if requested by the program.

Reply ↓  Report •

#42
May 18, 2018 at 16:53:05
2 down, 20 to go. It looks this will take a while.. I'll let you know as soon as I am finished.

Reply ↓  Report •

#43
May 18, 2018 at 18:38:24
All drivers installed. I am ready for the next step

Reply ↓  Report •

#44
May 18, 2018 at 18:43:08
Here we go.

Here are temp file settings for a normal user, adjust to suit your requirements.
All browsers, limit the cache to 50mb ( that's MB, not GB )
IE & Edge share the same setting.
Control Panel > Internet Options > General > Browsing history > Settings. Refer SS below.
http://fs5.directupload.net/images/...
Example for Firefox.
https://www.sitepoint.com/3-tweaks-...
Chrome is not so straight forward.
How to set Google Chrome cache to 50mb max temporary files.
With comps, there is always more than one way to do things, try this way.
Right click on the Google Chrome shortcut > Properties.
Copy & Paste this below after .exe" as per SS ( Screenshot )
NOTE: There is a space after .exe"
http://i.imgur.com/vgkU3X1.gif
--disk-cache-size=50000"
Click > Apply & then OK.

I suspect you will have a lot of tracking cookies & other installed. Use this to remove.
SUPERAntiSpyware
http://www.softpedia.com/get/Intern...
http://www.superantispyware.com/ind...

Once removed, I use this to keep them at a minimum. I use the Free version & manually update it about once a month.
SpywareBlaster
http://www.softpedia.com/get/Intern...
http://www.bleepingcomputer.com/tut...
http://www.javacoolsoftware.com/spy...
FAQ
http://www.javacoolsoftware.com/spy...
Forum
http://www.wilderssecurity.com/foru...

Akamai NetSession Interface (HKU\S-1-5-21-3430972549-1548692498-3268638820-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Akamai may be draining your comp with it's uploading.
What is Akamai NetSession Client (users\**\appdata\local\akamai\netsession_win.exe and is it OK to grant network access?
https://answers.microsoft.com/en-us...
"Akamai does not come right out and say it, but the reason NetSession is installed on your computer is to allow them to use your computer to "upstream" content to other users. By installing NetSession, you are allowing Akamai to use your idle bandwidth to upload files to other Akamai users"
What Is Akamai Netsession Everything You Need To Know
https://www.gadgetarmy.com/what-is-...
I see it is blocked by your Firewall, If you want to uninstall it, I use this 2 step program. It may or may not list it. You will soon know once you run Geek.
Geek Uninstaller
http://www.softpedia.com/get/Tweak/...
http://www.freewarefiles.com/GeekUn...
http://www.freewarefiles.com/screen...
http://www.geekuninstaller.com/
Just Double click on the program you want to uninstall. If it opens a web page, close it & then wait for it to present the 2nd step.


Reply ↓  Report •

#45
May 18, 2018 at 19:30:45
Thanks for the additional information provided in #44. I will go through it and make the necessary adjustments to my computer.

The computer seems to be working better with the new drivers, but there is a problem with the audio that does not work. I opened the Nvidia control panel, but I could not figure out what is wrong. Any idea?


Reply ↓  Report •

#46
May 18, 2018 at 19:41:15
"but I could not figure out what is wrong. Any idea?"
Shall have to stay focused on what I'm doing for now, I have to visualize & memorize everything.

Reply ↓  Report •

#47
May 18, 2018 at 20:03:14
Audio came up very loud after changing a setting. I had to turn the speakers off real quick! Now I have adjusted the volume. Problem solved.

Reply ↓  Report •

#48
May 18, 2018 at 20:15:53
Very good, let me know when you are ready for the next steps.

Reply ↓  Report •

#49
May 19, 2018 at 07:57:08
Supera stopped and exit by itself before finishing after finding more than 300 cookies,etc. Since the programs stopped by itself, unfortunately I could not delete anything. I am going to rerun it after rebooting, but this may be a problem if it happens again, because the scanning takes long time

As far as Chrome, I could not get to the property page by right clicking on the Chrome shortcut. I managed to find the property page in another way, but it was different from your property page and there was no option for setting the cache. It was like we are using different versions of Chrome. I will send you SS later.

I will let you know how I am doing with Supera, so that we can go to the next steps


Reply ↓  Report •

#50
May 19, 2018 at 08:53:34
There is a change in relation my follow-up #49. I ran only the quickscan of Supera that takes only a few minutes. After the quickscan, I deleted a lot of cookies, etc. I will run the full version of Supera when I don't need the computer.

I am therefore ready for the next steps.


Reply ↓  Report •

#51
May 19, 2018 at 16:11:11
"It was like we are using different versions of Chrome. I will send you SS later"
Probably not a proper shortcut, they have an arrow on them.
How to create shortcuts for apps, files, folders and web pages in Windows
http://www.digitalcitizen.life/how-...
How to Create a Shortcut for Any "Modern" Windows App
http://lifehacker.com/how-to-create...
https://www.thurrott.com/windows/wi...

Next steps.

Run both of these, in this order.
1: Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/Wise-D...
http://www.freewarefiles.com/screen...
http://www.wisecleaner.com/download...
http://i.imgur.com/Jecnfvb.gif
http://i.imgur.com/0xHwdom.gif
http://fs5.directupload.net/images/...
https://i.imgur.com/q8GRvVw.gif
https://i.imgur.com/2teVsjI.gif
https://i.imgur.com/ad7SEKM.gif

2: Wise Registry Cleaner ( Only use Registry Cleaner & with default settings. Don't use System Tuneup, that is for Experts, you really have to know what you are doing ) Reboot when finished.
http://www.softpedia.com/get/Tweak/...
http://www.freewarefiles.com/Wise-R...
http://www.freewarefiles.com/screen...
http://www.wisecleaner.com/wiseregi...
http://i.imgur.com/Qy7HWcA.gif
http://fs1.directupload.net/images/...
http://fs1.directupload.net/images/...
http://fs1.directupload.net/images/...
Solution for Wise Registry Cleaner being reported as a PUP and blocked by Antivirus
http://forum.wisecleaner.com/index....

message edited by Johnw


Reply ↓  Report •

#52
May 19, 2018 at 17:29:41
Wise Disk Cleaner asked if I wanted to clean D: Factory Image. I believe that this is a partition of my hard drive, but I am not sure about its purpose. I did not clean D: Factory Image (I cleaned only the main partition of the C; drive), but I wonder if I was suppose to clean it and also if we had to do something about it with all the software that we have used so far. Could you please let me know your thoughts?

Reply ↓  Report •

#53
May 19, 2018 at 17:32:49
"but I wonder if I was suppose to clean it and also if we had to do something about it with all the software that we have used so far"
No.
When you open the program, click on the button where it lists the drives & set it to scan only C.
As per the SS.
https://imgur.com/2teVsjI

message edited by Johnw


Reply ↓  Report •

#54
May 19, 2018 at 18:40:00
I ran Wise Disk Cleaner and then Wise Registry Cleaner; following is the link for the output of the latter:

http://www.fileconvoy.com/dfl.php?i...


Reply ↓  Report •

#55
May 19, 2018 at 18:47:43
"following is the link for the output of the latter"
Did you do it twice as per the SS?

Reply ↓  Report •

#56
May 19, 2018 at 19:58:38
No, But I will do it again.

Reply ↓  Report •

#57
May 20, 2018 at 04:59:46
Following is a link to 3 files just uploaded:

http://www.fileconvoy.com/dfl.php?i...

I ran the registry cleaner a second time. The output is shown in one of the 3 files. I did not run the disk cleaner a second time. I hope that this is I what I was supposed to do. I could not figure it out from the SS.

The option that I used (out of 3) for the registry cleaner is shown in another file.


The computer is still very slow in booting up (some times slower than others). This morning it was 'running a long script' (see message in the 3rd file). I have been getting this message for years now (most of times actually not during boot up). Is there any way to figure out what these scripts are?


Reply ↓  Report •

#58
May 20, 2018 at 05:14:27
"I could not figure it out from the SS"
Open the Cleaner & give me a SS of what you are seeing please.

"Is there any way to figure out what these scripts are?"
Looking those now.

message edited by Johnw


Reply ↓  Report •

#59
May 20, 2018 at 05:33:27
"I have been getting this message for years now (most of times actually not during boot up)"
What browser are you using for posting at Computing.net?

Reply ↓  Report •

#60
May 20, 2018 at 05:43:53
http://www.fileconvoy.com/dfl.php?i...

The file in the link above shows what I see when I start the registry cleaner before I actually start the cleaning by selecting one of the 3 options.

I normally use Internet Explorer and I occasionally use Chrome. I am not sure on weather I have ever seen the message on the long scripts in Chrome.


Reply ↓  Report •

#61
May 20, 2018 at 05:46:39
Ok that's normal, now do the second step & click on Deep Scan.

message edited by Johnw


Reply ↓  Report •

#62
May 20, 2018 at 05:57:14
To answer more accurately your question, I have always used Internet Explorer for posting on Computing.net

Reply ↓  Report •

#63
May 20, 2018 at 06:21:18
http://www.fileconvoy.com/dfl.php?i...


I have done the deep scan. Please refer to files at the above link


Reply ↓  Report •

#64
May 20, 2018 at 06:22:41
Next step, reset IE.

Control Panel > Internet Options > Advanced > Reset button.

Report back when done, I am waiting to go to bed.


Reply ↓  Report •

#65
May 20, 2018 at 06:26:30
"I have done the deep scan. Please refer to files at the above link"
The failure to Remove message is quite normal.

Reply ↓  Report •

#66
May 20, 2018 at 14:37:04
I am a little concerned about doing the IE reset. Some of the software that I run on my computer requires settings that are different from the 'default' settings. I recorded the settings that are on the advance tab of Internet Options, but I understand that clicking on the reset button will affect other things, as, for instance, the toolbars, that will be removed, and the privacy and security settings. I there a way to copy down the actual configuration, before doing the reset?

Reply ↓  Report •

#67
May 20, 2018 at 16:00:13
Manually do your IE setting changes again, no point in saving corrupt files.
Test IE to see if you get any script errors, after the reset.
Then make your changes one at a time & test.

Reply ↓  Report •

#68
May 20, 2018 at 16:23:18
I will do the reset and advise when I am done with the tests.

Reply ↓  Report •

#69
May 20, 2018 at 17:11:30
If you still get the script error, go through these possible fixes.

How to troubleshoot script errors in Internet Explorer
https://support.microsoft.com/en-us...
Applies to: Internet Explorer 11 Internet Explorer 10Windows Internet Explorer 9

message edited by Johnw


Reply ↓  Report •

#70
May 20, 2018 at 18:03:03
Thanks for the link to the article on troubleshooting script errors.

I did the reset of the Internet Options in Control Panel. Everything I checked seems to be fine. I am ready for the next steps



Reply ↓  Report •

#71
May 20, 2018 at 21:37:37
You will get faster Firefox/Chrome/Edge/IE page opening using a Ad blocker.

uBlock Origin for Firefox
http://www.softpedia.com/get/Intern...
https://addons.mozilla.org/en-US/fi...

uBlock Origin for Chrome
http://www.softpedia.com/get/Intern...
https://chrome.google.com/webstore/...

For Edge/IE
https://www.microsoft.com/en-au/sto...
Or,
Adblock Plus for IE (formerly Simple Adblock)
http://www.softpedia.com/get/Intern...
https://adblockplus.org/en/internet...

message edited by Johnw


Reply ↓  Report •

#72
May 21, 2018 at 07:15:32
I will install an Ad blocker. Thanks.

I suppose that we are getting close to complete the work on my computer. It works far better than before and there have not been uncommanded shutdowns after the drivers were updated. A couple of items that have not been discussed so far: is it necessary to do anything about the BIOS? Do the external hard drives that I occasionally connect to my computer need also to be scanned and cleaned?


Reply ↓  Report •

#73
May 21, 2018 at 15:28:15
There is a change in relation to my previous post (Follow Up #72).

Today I got 2 uncommanded shutdowns, one after the other. Now the computer seems to be working normally again. I wonder if I should run diagnostics on the computer hardware. Would you recommend this and what diagnostics would you run?

Thanks


Reply ↓  Report •

#74
May 21, 2018 at 16:16:59
"is it necessary to do anything about the BIOS?"
Last resort.

"Do the external hard drives that I occasionally connect to my computer need also to be scanned and cleaned?"
Only for Malware.

"Today I got 2 uncommanded shutdowns"
Were any other drives connected?

Extract from your Addition log.
"Norton Security (HKLM-x32\...\NGC) (Version: 22.14.0.54 - Symantec Corporation)"

Norton would be very high on my suspect list.

Uninstall it, Windows Defender ( which is what I use ) will then kick in.

How can I fully remove Norton Antivirus from my system?
https://support.norton.com/sp/en/us...
http://www.askdavetaylor.com/how_to...
http://www.askdavetaylor.com/how_ca...
http://www.pchell.com/virus/uninsta...
Norton Remove and Reinstall
http://www.softpedia.com/get/Tweak/...

After uninstalling, run Wise Disk Cleaner & Wise Registry Cleaner in this order, then wait to see if you get any more shutdowns.


Reply ↓  Report •

#75
May 21, 2018 at 19:45:51
This is a huge thread, and so I have questions.

Specifically, what are "uncommanded shutdowns?" Are we talking about reboots/BSODs, or actual hard-off, no fan spin, must hit power button?

First you say you got a message that said, "the computer shut down to prevent physical damage to the computer…" Later, you said you got an error reporting, "A problem has been detected and Windows has been shut down to prevent damage to your computer," which is standard BSOD verbiage. Which is it? Both? If you get the former, it's typically white text on a black screen. If the message is expressed through white text on a blue screen, you're looking at the latter.

How To Ask Questions The Smart Way


Reply ↓  Report •

#76
May 21, 2018 at 19:54:50
Is there any hint in the Event Viewer (Custom Views > Administrative Events) what caused the shutdown?


Reply ↓  Report •

#77
May 21, 2018 at 21:45:05
The message is white text on a blue screen. After rebooting the computer I get a message with an explanation of what caused the computer to shut down. Further online research shows that the problem could be caused by a program called Common Desktop Agent. Please refer to the files at the link below.

http://www.fileconvoy.com/dfl.php?i...


With reference to Follow Up #74, is the Windows Defender to be used together with Malwarebytes? If so, should I use the professional version of Malwarebytes or just the free version? Thanks


Reply ↓  Report •

#78
May 21, 2018 at 22:51:52
Not sure where you're getting the link between Common Desktop Agent and the BSOD? In the .PDF, you also mention locale 1033. That just means Windows is set for US English.

Do you have any other recent .DMP files? It's looking like failing memory to me, but a sample size of 1 is too low to make that claim.

How To Ask Questions The Smart Way


Reply ↓  Report •

#79
May 22, 2018 at 00:11:46
"Follow Up #74, is the Windows Defender to be used together with Malwarebytes? If so, should I use the professional version of Malwarebytes or just the free version?"
I use the Free version of Malwarebytes, both versions can be used with Windows Defender, I use the Free version.

Reply ↓  Report •

#80
May 22, 2018 at 00:37:23
Lets see how the comp is behaving after removing Norton.

Reply ↓  Report •

#81
May 22, 2018 at 00:46:08
"Common Desktop Agent"
That part of your Samsung printer.

No need for another dump file, The one posted was made > Debug session time: Mon May 21 20:56:47.384 2018 (UTC - 4:00)

I have debugged that .dmp file, but will not take it any further until you finish post #74 & test.


Reply ↓  Report •

#82
May 22, 2018 at 06:19:40
The memory stack refers to drivers that don't exist, and that's generally not a good sign. It might not be a bad sign, but I'd need to see more .dmp files to draw any conclusions. Minidumps aren't good for much more than finding trends, after all.

How To Ask Questions The Smart Way


Reply ↓  Report •

#83
May 22, 2018 at 08:18:26
I willy reply here to various recent Follow-Ups in this thread:

#75
The uncommanded shutdowns are re-boots not commanded by me; I am running a program like Word or Excel or I have just left the computer unattended for a few minutes and the computer reboots by itself after showing the message in white text on blue background for a few seconds

#76
Question: Is there any hint in the Event Viewer (Custom Views > Administrative Events) what caused the shutdown?
Answer: Could you please let me know where I can find the Event Viewer and, if the computer shuts down again by itself, I will let you know

#78
I am not sure that there is a link between the CDA and the shutdowns. But, according to the file CDA.pdf for which I provided a link yesterday there is a connection between CDA and executable files that contain viruses.

Question: Do you have any other recent .DMP files? It's looking like failing memory to me, but a sample size of 1 is too low to make that claim.

Answer: I have the message that I got on my screen after another uncommanded shutdown/re-booting (refer to the following link:
http://www.fileconvoy.com/dfl.php?i...
I don't have the.DMP files, unfortunately.
I have run a test on my memory using a routine provided by Microsoft. No issues were detected

#79
Noted. Thanks

#80 and #81
I would go one step at the time, otherwise, even if we are successful in stopping the shutdowns, we will never know what caused them. I have not been without shutdowns for longer than 1-2 days in recent times. So if we don't get a shutdown in a few days, the problem could be considered solved (hopefully!), If I get a shutdown, I will remove Norton per your recommendation.

#82
I will provide all the information that I get, if there are more shutdowns.


Reply ↓  Report •

#84
May 23, 2018 at 00:11:54
Event Viewer: Control Panel > Administrative Tools > Event Viewer

Reply ↓  Report •

#85
May 23, 2018 at 05:10:03
Thanks. I will provide the information in Event Viewer in case of uncommanded shutdowns

Reply ↓  Report •

#86
May 25, 2018 at 11:39:19
Reference is made to Follow Ups #74 and #81

I have not had any more uncommanded shutdowns. However, I removed Norton from my computer, hoping that it will run faster and because I believed that this is what you recommend.

I am ready for any additional steps that you consider necessary for fixing my computer.

Could you please also answer the following questions:

Right now I am running the trial version of Malwarebytes Pro. You stated that after removing Norton, the Defender will kick in. How could I check that the Defender has actually kicked in?

Of all the security software that we have installed so far, which programs should be included in the 'Start Up', once we have finished fixing my computer? And which programs I will need to run periodically, like once a month, to keep my computer clean and fast?

I am running the trial version of Malwarebytes Pro also on my laptop. I am trying to install SlimDrivers also on my laptop but Malwarebyets does not let me do it. I found this strange, because I did not have any problem with my desktop (actually 'tower') computer. What could be the reason for that?

If it is not too much trouble, could you let me the results of your .dmp file debugging? I am just curious about what was going with those uncommanded shutdowns.

Thanks


Reply ↓  Report •

#87
May 25, 2018 at 16:20:59
"I have not had any more uncommanded shutdowns"
That's good news.

"How could I check that the Defender has actually kicked in?"
Now we have the comp back to normal, install MSE, you will see the logo down by the clock.
https://support.microsoft.com/en-au...

"Of all the security software that we have installed so far, which programs should be included in the 'Start Up', once we have finished fixing my computer? And which programs I will need to run periodically, like once a month, to keep my computer clean and fast?"
Shall get back to that later.

"I am trying to install SlimDrivers also on my laptop but Malwarebyets does not let me do it"
That is called a false positive, shut Malwarebytes down.

Your dump file points to a file in Acronis, being the problem. That also, may have been caused by Norton.
If you get the blue screen again, use Geek to uninstall Acronis & test.

message edited by Johnw


Reply ↓  Report •

#88
May 25, 2018 at 16:27:35
Once you have installed MSE, download the latest version of Farbar & upload the 2 logs.
Don't forget to make sure Addition is checked.

Reply ↓  Report •

#89
May 25, 2018 at 21:24:13
Here are the outputs of Farbar:
http://www.fileconvoy.com/dfl.php?i...

Reply ↓  Report •

#90
May 25, 2018 at 22:03:36
Whilst I'm going through the Farbar logs, install these.

Baidu PC Faster ( it will keep things in shape automatically )
http://www.softpedia.com/get/Securi...
http://www.freewarefiles.com/Baidu-...
http://www.freewarefiles.com/screen...
http://www.pcfaster.com/en/

Here is how a USER got the problems shown in your AdwCleaner/MalwareBytes & other logs. No AV would have prevented USER error. Go to any Malware forum & no matter what AV they have installed, they got infected.

As you can see from your logs, you had a lot of stuff installed, that you do not know, how it got installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.

Or, Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies, so be vigilant.
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/Unchec...
http://unchecky.com/
A reliable application that aims to protect your computer against third-party components often offered during software installations.


Reply ↓  Report •

#91
May 26, 2018 at 08:49:56
I installed Baidu. I have not yet done the Baidu scan, because I am concerned that it may remove something that I need on my computer. Any suggestions on how to proceed? Thanks

Reply ↓  Report •

#92
May 26, 2018 at 15:33:27
"because I am concerned that it may remove something that I need on my computer"
It won't, that's why I recommended it.
You don't have to scan it yet, that is optional, you will get a pop up when the program sees you need to do something.

Have you installed Unchecky?
You need to.

Upload 2 new Farbar logs, this time run from the Desktop, you forgot last time.


Reply ↓  Report •

#93
May 26, 2018 at 16:52:46
http://www.fileconvoy.com/dfl.php?i...

Above is the link for the outputs of Farbar. Sorry, I had forgot about running from the Desktop.

I will reply to your other comments shortly


Reply ↓  Report •

#94
May 26, 2018 at 16:57:59
Ok, stay online for a little while please.

Reply ↓  Report •

#95
May 26, 2018 at 17:09:33
Copy & Paste the text in Blue below & save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

CreateRestorePoint:
emptytemp:
closeprocesses:
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => -> No File
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => -> No File
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => -> No File
AlternateDataStreams: C:\Windows:AstInfo [0]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
SearchScopes: HKU\S-1-5-21-3430972549-1548692498-3268638820-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=retail&geo=US&ver=22.14.0.54&locale=en_US&guid=E5F67E2D-9C5A-4B1F-A811-9B79FA1CB29C&doi=2016-09-01&gct=kwd&qsrc=2869
Toolbar: HKU\S-1-5-21-3430972549-1548692498-3268638820-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
Task: {6D22D9EB-829E-429F-BF43-307445858BB8} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2018-04-03] (Symantec Corporation)
2018-05-25 11:24 - 2017-09-09 18:21 - 000000000 ____D C:\Program Files\Norton Security
2018-05-25 11:21 - 2016-08-07 15:05 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared
2018-05-25 11:21 - 2014-08-04 21:10 - 000000000 ____D C:\ProgramData\Norton

Open FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.
Refer these SS if needed.
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...

message edited by Johnw


Reply ↓  Report •

#96
May 26, 2018 at 17:55:00
I installed Unchecky. I had also installed the adblocker for IE earlier.

Baidu did a scan of my computer without me requesting it. Four Gigabytes of 'stuff' could be removed according to Baidu. The problem is that I would like to keep some of the software that Baidu wants to remove, if I haven't used it for long time. I guess I will have to review the results of the scan very carefully...


Reply ↓  Report •

#97
May 26, 2018 at 18:04:57
"I guess I will have to review the results of the scan very carefully"
I do 8-10 computers a week, been doing so for years, I never review.


Reply ↓  Report •

#98
May 26, 2018 at 18:57:23
I don't see my reply. I post fixlog again:

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by Charles28 (26-05-2018 20:12:50) Run:2
Running from C:\Users\Charles28\Desktop
Loaded Profiles: Charles28 (Available Profiles: Charles28)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
emptytemp:
closeprocesses:
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => -> No File
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => -> No File
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => -> No File
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => -> No File
AlternateDataStreams: C:\Windows:AstInfo [0]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
SearchScopes: HKU\S-1-5-21-3430972549-1548692498-3268638820-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=retail&geo=US&ver=22.14.0.54&locale=en_US&guid=E5F67E2D-9C5A-4B1F-A811-9B79FA1CB29C&doi=2016-09-01&gct=kwd&qsrc=2869
Toolbar: HKU\S-1-5-21-3430972549-1548692498-3268638820-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
Task: {6D22D9EB-829E-429F-BF43-307445858BB8} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2018-04-03] (Symantec Corporation)
2018-05-25 11:24 - 2017-09-09 18:21 - 000000000 ____D C:\Program Files\Norton Security
2018-05-25 11:21 - 2016-08-07 15:05 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared
2018-05-25 11:21 - 2014-08-04 21:10 - 000000000 ____D C:\ProgramData\Norton
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayExcluded => not found
"HKLM\Software\Classes\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}" => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayPending => not found
"HKLM\Software\Classes\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}" => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayProtected => not found
"HKLM\Software\Classes\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}" => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayExcluded => not found
"HKLM\Software\Wow6432Node\Classes\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}" => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayPending => not found
"HKLM\Software\Wow6432Node\Classes\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}" => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OverlayProtected => not found
"HKLM\Software\Wow6432Node\Classes\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}" => removed successfully
C:\Windows => ":AstInfo" ADS removed successfully
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully
"HKU\S-1-5-21-3430972549-1548692498-3268638820-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => removed successfully
HKLM\Software\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => not found
"HKU\S-1-5-21-3430972549-1548692498-3268638820-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removed successfully
"HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removed successfully
"HKLM\System\CurrentControlSet\Services\AppMgmt" => removed successfully
AppMgmt => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6D22D9EB-829E-429F-BF43-307445858BB8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D22D9EB-829E-429F-BF43-307445858BB8}" => removed successfully
C:\Windows\System32\Tasks\Remediation\AntimalwareMigrationTask => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Remediation\AntimalwareMigrationTask" => removed successfully
C:\Program Files\Norton Security => moved successfully
C:\Program Files\Common Files\Symantec Shared => moved successfully
C:\ProgramData\Norton => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 52040358 B
Java, Flash, Steam htmlcache => 721581 B
Windows/system/drivers => 359481 B
Edge => 0 B
Chrome => 2281261 B
Firefox => 5391588 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 3390 B
Charles28 => 579803757 B
UpdatusUser => 0 B

RecycleBin => 885091503 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:15:58 ====


Reply ↓  Report •

#99
May 26, 2018 at 19:10:23
"The problem is that I would like to keep some of the software that Baidu wants to remove, if I haven't used it for long time"
Once you have run Baidu, upload new Farbar logs.

Reply ↓  Report •

#100
May 26, 2018 at 20:08:31
Farbar after Baidu:

http://www.fileconvoy.com/dfl.php?i...


Reply ↓  Report •

#101
May 26, 2018 at 20:47:32
Run DelFix. Copy & Paste the contents of the log please.
https://toolslib.net/downloads/view...
DelFix is designed to delete all removal tools used during a disinfection.
Indeed, these tools are often updated. It's recommended not to have and use outdated versions on computer.
Run the tool by right click on the DelFix icon and Run as administrator option.
Make sure that these are checked:
Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge system restore
Reset system settings
Click Run and wait until the tool completes it's work.
Tool will create an report for you (C:\DelFix.txt)

Reply ↓  Report •

#102
May 26, 2018 at 21:06:07
I am not completely sure that I ran DelFix as the Administrator. Here is the output. If I need to run it again, please let me know.

# DelFix v1.013 - Logfile created 26/05/2018 at 22:55:41
# Updated 17/04/2016 by Xplode
# Username : Charles28 - Charles28-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\ComboFix.txt
Deleted : C:\Users\Charles28\Desktop\Addition.txt
Deleted : C:\Users\Charles28\Desktop\ComboFix.exe
Deleted : C:\Users\Charles28\Desktop\FRST.txt
Deleted : C:\Users\Charles28\Desktop\FRST64.exe
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #284 [Created by Wise Disk Cleaner | 05/20/2018 00:08:40]
Deleted : RP #285 [After Wise Disk Cleaner before wise registry cleaner | 05/20/2018 00:35:50]
Deleted : RP #286 [Installed Adblock Plus for IE (32-bit and 64-bit) | 05/25/2018 03:57:58]
Deleted : RP #287 [Restore FLFLFL | 05/25/2018 17:38:26]
Deleted : RP #288 [Installed Elasy. | 05/25/2018 19:41:37]
Deleted : RP #289 [Windows Update | 05/26/2018 02:14:50]
Deleted : RP #291 [Restore Point Created by FRST | 05/27/2018 01:12:56]

New restore point created !


Reply ↓  Report •

#103
May 26, 2018 at 21:24:42
"I am not completely sure that I ran DelFix as the Administrator"
Looks Ok.

Delete files using Disk Cleanup Windows 7 ( It is a 2 step process )
http://windows.microsoft.com/en-au/...
http://i.imgur.com/XdpZdcD.gif
http://i.imgur.com/LhGpKui.gif
http://i.imgur.com/HAzagi2.gif
http://i.imgur.com/re0Im4O.gif


Reply ↓  Report •

#104
May 27, 2018 at 05:56:28
I have run Disk Cleanup on my computer. I am ready for the next steps.

Reply ↓  Report •

#105
May 27, 2018 at 15:05:05
Download Security Check by screen317 from one of the following links and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
Please restart the computer before running this security check..
* Right click SecurityCheck.exe. and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Reply ↓  Report •

#106
May 27, 2018 at 18:50:51
Following is checkup.txt:

Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
SpywareBlaster 5.5
System Tray Cleaner 4
Wise Disk Cleaner 9.7.4
Wise Registry Cleaner 9.6.2
Adobe Flash Player 29.0.0.171
Mozilla Firefox (43.0.1)
Google Chrome (66.0.3359.181)
Google Chrome (Plugins...)
Google Chrome (SetupMetrics...)
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C: 3%
[b][u]````````````````````End of Log``````````````````````[/b][/u]


Reply ↓  Report •

#107
May 28, 2018 at 01:19:56
"Following is checkup.txt:"
All Ok.

Reply ↓  Report •

#108
May 28, 2018 at 01:21:53
✔ Best Answer
"Of all the security software that we have installed so far, which programs should be included in the 'Start Up', once we have finished fixing my computer? And which programs I will need to run periodically, like once a month, to keep my computer clean and fast?"

Are you having any issues now?

"SUPERAntiSpyware"
Once a month. Quick scan is all that is needed.
"SpywareBlaster"
Refer post #44
"Malwarebytes"
Once a month or when you are suspicious. Quick scan is all that is needed.
"Baidu"
It will let you know.
"MSE"
Once a month or when you are suspicious. Quick scan is all that is needed.


Reply ↓  Report •

#109
May 28, 2018 at 05:56:13
No, no more issues. I have not experienced additional uncommanded shutdowns and the computer performs normally.

Many, many thanks for all your help! I had lost all my hope of getting this computer sorted out!

I am impressed with your level of knowledge and expertise.

I will follow the maintenance program that you recommended in #108.


Reply ↓  Report •

#110
May 28, 2018 at 06:33:26
Good news Charles. Thanks for the feedback.

Reply ↓  Report •

Ask Question