How Do I Fix several random Windows 8.1 X64 BSOD Errors

July 29, 2015 at 07:26:14
Specs: Windows 8
Hello,
Windows 8.1 64 bit is my OS.

I have received the following blue screen errors the past few days

Bad_pool_header
driver_corrupted_pool
page_fault_in_nonpaged_area(WiseTDIFw64.sys)

driver_IRQL_not_less_or_equal(afd.sys)

I had been using Panda free antivirus but it blocked my internet connection so I switched to avast free. Is it possible that is the reason I have been getting the blue screens? If so how do I know if this caused the blue screens? I did a scan with avast and it did not find any viruses or malware. Malwarebytes scan found no detected objects.
If that is not the reason what else is the cause of the issue? If it is a driver issue how do I check? Is it safe to replace a driver if needed?

If any of the above is not the issue what is the issue and how do I resolve the issue?
Thanks for your help.


See More: How Do I Fix several random Windows 8.1 X64 BSOD Errors

Report •

#1
Report •

#2
July 29, 2015 at 16:51:42
Another possible way forward is to uninstall Avast, re-install Panda, then do Windows System Restore back to a date before Panda blocked your internet (which it obviously should not have done). That will most likely cure your blue screen issues. If so it is then a matter of deciding the next move.

Always pop back and let us know the outcome - thanks


Report •

#3
July 29, 2015 at 20:04:47
If I decide to do a system restore how do I do so? Which option in the control panel do I use?
If a blue screen happens after a system restore
how do I know if one of the antivirus software caused the blue screen errors and not something else?

Report •

Related Solutions

#4
July 30, 2015 at 07:18:43
It's Control Panel > System > System Protection > System Protection tab > System Restore button. It will keep your own data.

"how do I know if one of the antivirus software caused the blue screen"
System Restore is not a diagnostic so it won't tell you this directly. Blue screen errors can often prove tricky to find and fix. It seems likely that they will stop if you go back to before the problems happened. If they do stop it is then a matter of taking one step at a time over a period to see if any particular activity starts them off again.

If they start again soon after System Restore (without any software changes) then we would have to include the possibility of a hardware fault.

EDIT:
By all means look through the links given at #1 first.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#5
August 1, 2015 at 08:50:13
Here are results of a WhoCrashed scan. I don't have any WiseCare installed that I can see in program files.
Appears that avast is causing some of the crashes. Does that mean I should uninstall and reinstall avast? Or should I use a different antivirus? If I should use a different antivirus which FREE one do you suggest using?


Crash Dump Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\windows\Minidump

Crash dumps are enabled on your computer.

On Sat 8/1/2015 3:23:49 PM GMT your computer crashed
crash dump file: C:\windows\Minidump\080115-29609-01.dmp
This was probably caused by the following module: wisetdifw64.sys (0xFFFFF80187E05FB7)
Bugcheck code: 0x50 (0xFFFFE001938146F0, 0x1, 0xFFFFF80187E05FB7, 0x0)
Error: PAGE_FAULT_IN_NONPAGED_AREA
file path: C:\windows\WiseTDIFw64.sys
product: TDI driver
company: WiseCleaner.com
description: wise TDI driver
Bug check description: This indicates that invalid system memory has been referenced.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: wisetdifw64.sys (wise TDI driver, WiseCleaner.com).
Google query: WiseCleaner.com PAGE_FAULT_IN_NONPAGED_AREA

On Sat 8/1/2015 3:23:49 PM GMT your computer crashed
crash dump file: C:\windows\memory.dmp
This was probably caused by the following module: wisetdifw64.sys (WiseTDIFw64+0x5FB7)
Bugcheck code: 0x50 (0xFFFFE001938146F0, 0x1, 0xFFFFF80187E05FB7, 0x0)
Error: PAGE_FAULT_IN_NONPAGED_AREA
file path: C:\windows\WiseTDIFw64.sys
product: TDI driver
company: WiseCleaner.com
description: wise TDI driver
Bug check description: This indicates that invalid system memory has been referenced.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: wisetdifw64.sys (wise TDI driver, WiseCleaner.com).
Google query: WiseCleaner.com PAGE_FAULT_IN_NONPAGED_AREA

On Fri 7/31/2015 9:01:38 PM GMT your computer crashed
crash dump file: C:\windows\Minidump\073115-24875-01.dmp
This was probably caused by the following module: aswsnx.sys (aswSnx+0x24871)
Bugcheck code: 0xC4 (0xE3, 0xFFFFF801A5897871, 0x7FFD8D2420E0, 0x0)
Error: DRIVER_VERIFIER_DETECTED_VIOLATION
file path: C:\windows\system32\drivers\aswsnx.sys
product: Avast Antivirus
company: AVAST Software
description: avast! Virtualization Driver
Bug check description: This is the general bug check code for fatal errors found by Driver Verifier.
A driver has made a call to a kernel-mode ZwXxx routine with a user-mode address as a parameter. This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: aswsnx.sys (avast! Virtualization Driver, AVAST Software).
Google query: AVAST Software DRIVER_VERIFIER_DETECTED_VIOLATION


message edited by ryrhino


Report •

#6
August 1, 2015 at 09:09:42
I think you should first run these two (in the order given) in case browser malware is deliberately messing with Avast. They look at different areas to MalwareBytes:

AdwCleaner:
http://www.bleepingcomputer.com/dow...
(blue Download button near top - not anything else on the page).
Download and "Save" the file somewhere. Go to the saved file then double click it to run the program. Use the "Scan" button, followed by the "Cleaning" button.

Junkware Removal Tool (JRT)
http://www.bleepingcomputer.com/dow...
(blue Download button near top - not anything else on the page).
Download and "Save" the file somewhere. Go to the saved file then double click it to run JRT. It might appear to have stopped at times or flash the screen but sit tight until it has finished.

If either of them find anything please copy/paste the log on here then run MalwareBytes again.

Always pop back and let us know the outcome - thanks


Report •

#7
August 1, 2015 at 11:00:23
Here are the AdwCleaner results after scan and cleaning
# AdwCleaner v4.208 - Logfile created 01/08/2015 at 11:55:30
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Ryan - LENOVO-PC
# Running from : C:\Users\Ryan\Downloads\adwcleaner_4.208.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Fighters
Folder Deleted : C:\Users\Diane\AppData\Local\pokki
Folder Deleted : C:\Users\Ryan\AppData\Local\pokki
[!] Folder Deleted : C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\qqg84n3h.default\Extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi
Folder Deleted : C:\Users\Diane\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojikagldgd
Folder Deleted : C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojikagldgd
File Deleted : C:\Users\Diane\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lajondecmobodlejlcjllhojikagldgd_0.localstorage
File Deleted : C:\Users\Diane\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lajondecmobodlejlcjllhojikagldgd
File Deleted : C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lajondecmobodlejlcjllhojikagldgd_0.localstorage
File Deleted : C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lajondecmobodlejlcjllhojikagldgd
File Deleted : C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\qqg84n3h.default\searchplugins\search.xml
File Deleted : C:\Users\Diane\AppData\Roaming\Mozilla\Firefox\Profiles\3hq98vwm.default\user.js
File Deleted : C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\qqg84n3h.default\user.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
File Deleted : C:\Users\Ryan\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\wnyd8rp6.default\searchplugins\search.xml

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Key Deleted : HKCU\Software\Classes\Directory\shell\pokki
Key Deleted : HKCU\Software\Classes\Drive\shell\pokki
Key Deleted : HKCU\Software\Classes\lnkfile\shell\pokki
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_04bb6df446330549a2cb8d67fbd1a745025b7bd1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\Fighters
Key Deleted : HKLM\SOFTWARE\LenovoBrowserGuard
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v39.0 (x86 en-US)

[3hq98vwm.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Web Search");
[3hq98vwm.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Web Search");
[qqg84n3h.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Web Search");
[qqg84n3h.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Web Search");
[qqg84n3h.default\prefs.js] - Line Deleted : user_pref("extensions.dashlane.safesearchcapable", false);
[qqg84n3h.default\prefs.js] - Line Deleted : user_pref("extensions.linkextend.searchYahoo", false);
[qqg84n3h.default\prefs.js] - Line Deleted : user_pref("interclue.preferences", "{\"User.buildId\":\"987bcab01b929eb2c07877b224215c92\",\"Update.lastBuild\":6141,\"Update.lastUpdateTime\":1429396533,\"Button.turboNote.showInTitlebar\":false,\"cl[...]
[qqg84n3h.default\prefs.js] - Line Deleted : user_pref("interclue.preferences.backup", "{\"User.buildId\":\"987bcab01b929eb2c07877b224215c92\",\"Update.lastBuild\":6141,\"Update.lastUpdateTime\":1429396533,\"Button.turboNote.showInTitlebar\":fal[...]

-\\ Pale Moon v

[wnyd8rp6.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "PrivateLee hxxpS");
[wnyd8rp6.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "PrivateLee hxxpS");

-\\ Cyberfox v

[7xu9h1h5.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Privatelee (SSL)");
[7xu9h1h5.default\prefs.js] - Line Deleted : user_pref("interclue.preferences", "{\"User.buildId\":\"987bcab01b929eb2c07877b224215c92\",\"Update.lastBuild\":6141,\"Update.lastUpdateTime\":1437438881,\"cluestats\":{\"2015/07/20\":{\"totalViewsPag[...]
[7xu9h1h5.default\prefs.js] - Line Deleted : user_pref("interclue.preferences.backup", "{\"User.buildId\":\"987bcab01b929eb2c07877b224215c92\",\"Update.lastBuild\":6141,\"Update.lastUpdateTime\":1437438881,\"cluestats\":{\"2015/07/20\":{\"totalV[...]

-\\ Google Chrome v44.0.2403.125

[C:\Users\Diane\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Diane\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Diane\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms}
[C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.homepage-web.com/?src=omnibox&partner=lenovo&q={searchTerms}
[C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.priceblink.com/websearch.php?q={searchTerms}
[C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxps://blekko.com/ws/{searchTerms}
[C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxps://privatelee.com/search/?q={searchTerms}&s=sbv2

*************************

AdwCleaner[R2].txt - [5922 bytes] - [09/05/2015 17:06:35]
AdwCleaner[R3].txt - [7305 bytes] - [01/08/2015 11:36:12]
AdwCleaner[R4].txt - [7364 bytes] - [01/08/2015 11:55:15]
AdwCleaner[S1].txt - [7340 bytes] - [01/08/2015 11:55:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [7399 bytes] ##########


Report •

#8
August 1, 2015 at 14:16:57
OK thanks, I'll wait for the other two.

Always pop back and let us know the outcome - thanks


Report •

#9
August 1, 2015 at 15:52:42
Here are the JRT results
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.4 (07.27.2015:1)
OS: Windows 8.1 x64
Ran by Ryan on Sat 08/01/2015 at 16:44:39.79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Tasks

Successfully deleted: [Task] C:\windows\system32\tasks\Driver Booster SkipUAC (Ryan)
Successfully deleted: [Task] C:\windows\system32\tasks\Uninstaller_SkipUac_Ryan
Successfully deleted: [Task] C:\windows\Tasks\Uninstaller_SkipUac_Diane.job
Successfully deleted: [Task] C:\windows\Tasks\Uninstaller_SkipUac_Ryan.job

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{009C0A92-F6A1-11E4-8321-C03FD59885C7}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer

~~~ Files

Successfully deleted: [File] C:\Users\Ryan\Appdata\Local\google\chrome\user data\default\local storage\chrome-extension_bmnlcjabgnpnenekpadlanbbkooimhnj_0.localstorage

~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\IObit\Driver Booster
Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\Users\Ryan\AppData\Roaming\IObit\Driver Booster
Successfully deleted: [Folder] C:\Users\Ryan\AppData\Roaming\productdata
Successfully deleted: [Folder] C:\windows\SysWOW64\ai_recyclebin

~~~ FireFox

Successfully deleted the following from C:\Users\Ryan\AppData\Roaming\mozilla\firefox\profiles\qqg84n3h.default\prefs.js

user_pref(extensions.Imagus.sieve, {\dereferers\:{\link\:\^[^/]{3,70}/\\\\??(hxxps?:[^?#]+\\\\.(?:jpe?g|a?png|gif|bmp|svgz?|web[pm]|og[gv])).*\,\ci\:1,\dc\:1,\lo
user_pref(extensions.Imagus.tls, {\advanced\:false,\sieveAutoupdate\:false,\sieveCacheRes\:true,\opzoom\:true,\sendToHosts\:[[\+TinEye\,\hxxps://www.tineye.com
user_pref(extensions.disconnect.blacklist, {\menshealth.com\:{\Social\:{\AddThis\:false,\ShareThis\:false},\Analytics\:{},\Advertising\:{}},\mensfitness.com\:
user_pref(extensions.disconnect.whitelist, {\latimes.com\:{\Disconnect\:{\whitelisted\:false,\services\:{\Google\:true}}},\mediafire.com\:{\Disconnect\:{\whi
user_pref(extensions.lastpass.fd5535840f17af33481a9d17ad5d74d5fafed1382c04024d37f4a5a7dbc1b2cb.searchforsiteswithinaddressbar, true);
user_pref(extensions.lastpass.searchforsiteswithinaddressbar, true);

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Ryan\Appdata\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj
Successfully deleted: [Folder] C:\Users\Ryan\Appdata\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic
Successfully deleted: [Folder] C:\Users\Ryan\Appdata\Local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojikagldgd
Successfully deleted: [Folder] C:\Users\Ryan\Appdata\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm

[C:\Users\Ryan\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Ryan\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
bmnlcjabgnpnenekpadlanbbkooimhnj
cjpalhdlnbpafiamejdnhcphjbkeiagm
gpdjojdkbbmdfjfahjcgigfpmkopogic
lajondecmobodlejlcjllhojikagldgd

[C:\Users\Ryan\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Ryan\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
bmnlcjabgnpnenekpadlanbbkooimhnj,
cjpalhdlnbpafiamejdnhcphjbkeiagm,
gpdjojdkbbmdfjfahjcgigfpmkopogic,
lajondecmobodlejlcjllhojikagldgd
]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/01/2015 at 16:50:45.06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

MalwareBytes didn't find anything

message edited by ryrhino


Report •

#10
August 1, 2015 at 15:59:32
If MalwareBytes now finds anything let us have the log of that too.

Also let us know if you get any more blue screen errors.

In view of what was found I will invite Johnw to join us if available. He specialises in malware removal and will probably want to run further checks.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#11
August 1, 2015 at 16:10:56
MalwareBytes didn't find anything.

Report •

#12
August 1, 2015 at 21:40:19
After running the scans when I plug in headphones into the tower I am still able to hear the sound from the monitor speakers instead of through the headphones. How do I get the sound to go through the headphones? I didn't have that issue before running the scans.

Report •

#13
August 1, 2015 at 22:37:41
"I didn't have that issue before running the scans"
Hi Ryan, once you have malware & we start the removal process, anything can happen, those issues we deal with, once you are clean.
You are not yet clean.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using Zippy ( No account/registration needed ) or upload to a site of your choosing. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif


Report •

#14
August 2, 2015 at 08:48:49

Report •

#15
August 2, 2015 at 14:26:47
"Here are links to Farbar results"
Thanks, next step.

Run ESET Online Scanner, Copy and Paste the contents of the log in your reply please. This scan may take a very long while, so please be patient. Maybe start it before going to work or bed.
http://www.eset.com/us/online-scann...
http://www.eset.com/home/products/o...
If your comp is unbootable, or won't let you download, you will have to download ESET from a good computer, put it on a flash/thumb/pen/usb drive & run it from there.
Create a ESET SysRescue CD or USB drive
http://kb.eset.com/esetkb/index?pag...
How do I use my ESET SysRescue CD or USB flash drive to scan and clean my system?
http://kb.eset.com/esetkb/index?pag...
Configure ESET this way & disable your AV.
http://i.imgur.com/3U7YC.gif
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Which web browsers are compatible with ESET Online Scanner?
http://www.nod32.fi/eset-online-sca...
http://kb.eset.com/esetkb/index?pag...
Online Scanner not working
http://kb.eset.com/esetkb/index?pag...
My ESET product detected a threat—what should I do?
http://kb.eset.com/esetkb/index?pag...
Why Would I Ever Need an Online Virus Scanner? I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
5: Why does the ESET Online Scanner run slowly on my computer?
If you have other antivirus, antispyware or anti-malware programs running on your computer, they may intercept the scan being performed by the ESET Online Scanner and hinder performance. You may wish to disable the real-time protection components of your other security software before running the ESET Online Scanner. Remember to turn them back on after you are finished.
17: How can I view the log file from ESET Online Scanner?
http://kb.eset.com/esetkb/index?pag...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\ESET\EsetOnlineScanner\log.txt" (on 64-bit systems this directory will be "C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt"). You can view this file by navigating to the directory and double-clicking it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start > Run dialog box from the Start Menu on theDesktop.
If no threats are found, you will simply see an information window that no threats were found.
http://www.trishtech.com/security/s...


Report •

#16
August 3, 2015 at 08:00:26
I will run the eset scanner. Before doing so some questions.
If the scan finds anything do I delete them?
If I delete anything the scan finds will that show in the log file?
How long do you think the scan could take? If it takes hours what is your guess for how many hours?
I am only going to run the scan once. I am not going to sign up for a free trial. That is why I asked those questions.

Report •

#17
August 4, 2015 at 08:51:56
I have not had a blue screen error for at least a week. Today (8/4/2015) I got a blue screen error after opening chrome. Could chrome or a browser extension such as dashlane have caused a blue screen error? I have not had avast installed for at least a week either.
Whocrashed gave this report

Crash dump directory: C:\windows\Minidump

Crash dumps are enabled on your computer.

On Tue 8/4/2015 3:05:52 PM GMT your computer crashed
crash dump file: C:\windows\Minidump\080415-24921-01.dmp
This was probably caused by the following module: wisetdifw64.sys (0xFFFFF800C6B0DFB7)
Bugcheck code: 0x50 (0xFFFFE0018D05BF10, 0x1, 0xFFFFF800C6B0DFB7, 0x0)
Error: PAGE_FAULT_IN_NONPAGED_AREA
file path: C:\windows\WiseTDIFw64.sys
product: TDI driver
company: WiseCleaner.com
description: wise TDI driver
Bug check description: This indicates that invalid system memory has been referenced.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: wisetdifw64.sys (wise TDI driver, WiseCleaner.com).
Google query: WiseCleaner.com PAGE_FAULT_IN_NONPAGED_AREA

On Tue 8/4/2015 3:05:52 PM GMT your computer crashed
crash dump file: C:\windows\memory.dmp
This was probably caused by the following module: wisetdifw64.sys (WiseTDIFw64+0x5FB7)
Bugcheck code: 0x50 (0xFFFFE0018D05BF10, 0x1, 0xFFFFF800C6B0DFB7, 0x0)
Error: PAGE_FAULT_IN_NONPAGED_AREA
file path: C:\windows\WiseTDIFw64.sys
product: TDI driver
company: WiseCleaner.com
description: wise TDI driver
Bug check description: This indicates that invalid system memory has been referenced.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: wisetdifw64.sys (wise TDI driver, WiseCleaner.com).
Google query: WiseCleaner.com PAGE_FAULT_IN_NONPAGED_AREA

I had WiseCare365 installed. I have had it uninstalled for months.
In C:windows I did find a file wisetdifw64.sys Is that the same file as what might be causing the blue screen errors? If so should I delete it with right mouse click or how should I delete it?
That is the only file/folder I can find on my pc with the name wise in it.



Report •

#18
August 4, 2015 at 10:43:05
Well WiseTDIFw64.sys (case doesn't matter) is most certainly part of WiseCare365, so if you are sure you uninstalled it properly then it must have been left behind.

I would have thought you could delete the file to the bin without any hassle. If there are no repercussions after you restart the computer then in due course you should be able to delete it from the bin too.

Always pop back and let us know the outcome - thanks


Report •

#19
August 4, 2015 at 17:23:00
Here are the log from ESET scan
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=9e858621c111cc41ad9a15ca03c9138a
# end=init
# utc_time=2015-08-04 10:44:13
# local_time=2015-08-04 04:44:13 (-0700, Mountain Daylight Time)
# country="United States"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 25124
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=9e858621c111cc41ad9a15ca03c9138a
# end=updated
# utc_time=2015-08-04 10:47:26
# local_time=2015-08-04 04:47:26 (-0700, Mountain Daylight Time)
# country="United States"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=9e858621c111cc41ad9a15ca03c9138a
# engine=25124
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-08-04 11:44:32
# local_time=2015-08-04 05:44:32 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1='Bitdefender Antivirus Free Edition'
# compatibility_mode=2059 16777213 100 100 0 149060558 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 176867 15727864 0 0
# scanned=166139
# found=35
# cleaned=0
# scan_time=3425
sh=E5CF287FA0F8000DA3EA57623B2D6564B4465934 ft=1 fh=c258c4d0eb15c823 vn="a variant of Win32/Multibar.AC potentially unwanted application" ac=I fn="C:\Users\Ryan\Copy\Ryan\AppData\Roaming\TicnoTemp\multibar_setup.exe"
sh=AB36077874F26DA1B3FECA0BCE80EEC886FF333E ft=1 fh=4600290f988467df vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Users\Ryan\Copy\Ryan\Downloads\advanced-systemcare-setup.exe"
sh=377FA63509D7470E88B80E189B77BD8665883F13 ft=1 fh=2f62ea64e1c9d7f3 vn="Win32/SearchPlugin.A potentially unwanted application" ac=I fn="C:\Users\Ryan\Copy\Ryan\Downloads\AntiToolbarSetup.exe"
sh=D4FFCEC5B8727A334002B26FFD32499A9BB1EA58 ft=1 fh=c873ef5af5a88547 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\Users\Ryan\Copy\Ryan\Downloads\ARO2013_tbt.exe"
sh=8535ED1AB74D7B9547C7D47E75B9159076527253 ft=1 fh=25a511c14236d929 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Users\Ryan\Copy\Ryan\Downloads\asc-setup 6.4.0.292(1).exe"
sh=8535ED1AB74D7B9547C7D47E75B9159076527253 ft=1 fh=25a511c14236d929 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Users\Ryan\Copy\Ryan\Downloads\asc-setup 6.4.0.292.exe"
sh=CAF55B6C980E85D00ADE81F90C89E0C91EA0E3E5 ft=1 fh=840a1a188c146f57 vn="MSIL/MyPCBackup.B potentially unwanted application" ac=I fn="C:\Users\Ryan\Copy\Ryan\Downloads\browser-care-setup.exe"
sh=69ED55634A2A663A7EB6387A8BE7C2E228BBA0A3 ft=1 fh=d6c4398625351359 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Users\Ryan\Copy\Ryan\Downloads\driver_booster_setup.exe"
sh=CEB2F196711619B1A308764117537F71F9297F31 ft=1 fh=0f403f0e8b670a6c vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Users\Ryan\Copy\Ryan\Downloads\Driver_Booster_v1.3.0.172.exe"
sh=F7D72342B9E68AE5F2F0B6625B45111BB4E36537 ft=1 fh=e8e7e3851abcb3b1 vn="MSIL/MyPCBackup.B potentially unwanted application" ac=I fn="C:\Users\Ryan\Copy\Ryan\Downloads\duplicate-file-finder-setup.exe"
sh=1C03582CAFB534D1AAA3AFAFDA6BD6699E58C968 ft=1 fh=25121b9d0cfc8189 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Users\Ryan\Copy\Ryan\Downloads\imfv2-setup.exe"
sh=625E8236EAD1466805257803E69CEA7EDDF41F8E ft=1 fh=2195a60fef15afdf vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Users\Ryan\Copy\Ryan\Downloads\jetclean-setup.exe"
sh=DDA7A4231C56CDFC44B5273AF921188842818DF8 ft=1 fh=870e9cfa7219e619 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Users\Ryan\Copy\Ryan\Downloads\Smart_Defrag_v3.1.0.319.exe"
sh=8181EE9366E89541DCF88873CE4EFF12823C4C2E ft=1 fh=0f810a2bba11d70b vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Users\Ryan\Copy\Ryan\Downloads\unlocker-setup.exe"
sh=3D3A289224AEA4313B520F0FAC4F4E9F7A91B013 ft=1 fh=d27a79b65cdf1c68 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Users\Ryan\Copy\Ryan\Downloads\zaSetupWeb_120_104_000.exe"
sh=63DDECD599C1AE1500488BA1554EE668BD1D0C53 ft=1 fh=2c377c02f729c7ea vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Users\Ryan\Copy\Ryan\Downloads\zaSetup_120_104_000.exe"
sh=AB36077874F26DA1B3FECA0BCE80EEC886FF333E ft=1 fh=4600290f988467df vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Users\Ryan\Copy\Test Account\Downloads\advanced-systemcare-setup.exe"
sh=377FA63509D7470E88B80E189B77BD8665883F13 ft=1 fh=2f62ea64e1c9d7f3 vn="Win32/SearchPlugin.A potentially unwanted application" ac=I fn="C:\Users\Ryan\Copy\Test Account\Downloads\AntiToolbarSetup.exe"
sh=D4FFCEC5B8727A334002B26FFD32499A9BB1EA58 ft=1 fh=c873ef5af5a88547 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\Users\Ryan\Copy\Test Account\Downloads\ARO2013_tbt.exe"
sh=8535ED1AB74D7B9547C7D47E75B9159076527253 ft=1 fh=25a511c14236d929 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Users\Ryan\Copy\Test Account\Downloads\asc-setup 6.4.0.292(1).exe"
sh=8535ED1AB74D7B9547C7D47E75B9159076527253 ft=1 fh=25a511c14236d929 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Users\Ryan\Copy\Test Account\Downloads\asc-setup 6.4.0.292.exe"
sh=CAF55B6C980E85D00ADE81F90C89E0C91EA0E3E5 ft=1 fh=840a1a188c146f57 vn="MSIL/MyPCBackup.B potentially unwanted application" ac=I fn="C:\Users\Ryan\Copy\Test Account\Downloads\browser-care-setup.exe"
sh=98227CFDB837B86962E98849462D836357192FD9 ft=1 fh=2c1858feb033cd96 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Users\Ryan\Copy\Test Account\Downloads\clean(1).exe"
sh=98227CFDB837B86962E98849462D836357192FD9 ft=1 fh=2c1858feb033cd96 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Users\Ryan\Copy\Test Account\Downloads\clean.exe"
sh=69ED55634A2A663A7EB6387A8BE7C2E228BBA0A3 ft=1 fh=d6c4398625351359 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Users\Ryan\Copy\Test Account\Downloads\driver_booster_setup.exe"
sh=CEB2F196711619B1A308764117537F71F9297F31 ft=1 fh=0f403f0e8b670a6c vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Users\Ryan\Copy\Test Account\Downloads\Driver_Booster_v1.3.0.172.exe"
sh=F7D72342B9E68AE5F2F0B6625B45111BB4E36537 ft=1 fh=e8e7e3851abcb3b1 vn="MSIL/MyPCBackup.B potentially unwanted application" ac=I fn="C:\Users\Ryan\Copy\Test Account\Downloads\duplicate-file-finder-setup.exe"
sh=1C03582CAFB534D1AAA3AFAFDA6BD6699E58C968 ft=1 fh=25121b9d0cfc8189 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Users\Ryan\Copy\Test Account\Downloads\imfv2-setup.exe"
sh=625E8236EAD1466805257803E69CEA7EDDF41F8E ft=1 fh=2195a60fef15afdf vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Users\Ryan\Copy\Test Account\Downloads\jetclean-setup.exe"
sh=DDA7A4231C56CDFC44B5273AF921188842818DF8 ft=1 fh=870e9cfa7219e619 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Users\Ryan\Copy\Test Account\Downloads\Smart_Defrag_v3.1.0.319.exe"
sh=8181EE9366E89541DCF88873CE4EFF12823C4C2E ft=1 fh=0f810a2bba11d70b vn="a variant of Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Users\Ryan\Copy\Test Account\Downloads\unlocker-setup.exe"
sh=3D3A289224AEA4313B520F0FAC4F4E9F7A91B013 ft=1 fh=d27a79b65cdf1c68 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Users\Ryan\Copy\Test Account\Downloads\zaSetupWeb_120_104_000.exe"
sh=63DDECD599C1AE1500488BA1554EE668BD1D0C53 ft=1 fh=2c377c02f729c7ea vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Users\Ryan\Copy\Test Account\Downloads\zaSetup_120_104_000.exe"
sh=2DD59270A1757A61F9FE5C7AC03FDD185B3AD37C ft=1 fh=1942f0a52fef4903 vn="a variant of Win32/Toolbar.Visicom.A potentially unwanted application" ac=I fn="C:\Users\Ryan\Downloads\FREEAV.exe"
sh=625E8236EAD1466805257803E69CEA7EDDF41F8E ft=1 fh=2195a60fef15afdf vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Users\Ryan\Downloads\jetclean-setup.exe"


Report •

#20
August 4, 2015 at 17:55:03
"Here are the log from ESET scan"
Thanks.

"# found=35
# cleaned=0"

"If the scan finds anything do I delete them?"
If you want to get your comp clean, Yes.


Report •

#21
August 4, 2015 at 17:58:47
Next step.

Copy & Paste the text in Blue below & save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

closeprocesses:
emptytemp:
Task: {0272F48F-D378-40F0-B65C-043BB5ED0D9B} - \Maxthon Update No Task File <==== ATTENTION
Task: {3F5527AA-2713-4EE0-957C-4A8B09D5CCAC} - \JetBoost_AutoUpdate No Task File <==== ATTENTION
Task: {7F9CEDCF-6935-4A8F-8B2D-4807625280D8} - \User_Feed_Synchronization-{8B267DA2-BF27-4D69-BEBD-F61332224743} No Task File <==== ATTENTION
Task: {BFAC7D10-4297-4E80-ABDA-247D6EC43B62} - \{109222ED-876E-413f-9CD5-F279C143FF6A} No Task File <==== ATTENTION
Task: {E45C64B0-C62A-4D92-890F-AAA07D3346D5} - \UMonitor Task No Task File <==== ATTENTION
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\Diane\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Ryan\Desktop\med records request.jpeg: 3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Ryan\Desktop\med records request.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 LSCWinService; No ImagePath
S2 PandaAgent; No ImagePath

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


Report •

#22
August 4, 2015 at 18:54:11
Fix result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
Ran by Ryan (2015-08-04 19:49:12) Run:1
Running from C:\Users\Ryan\Desktop
Loaded Profiles: Ryan (Available Profiles: Ryan & Diane)
Boot Mode: Normal
==============================================

fixlist content:
*****************
closeprocesses:
emptytemp:
Task: {0272F48F-D378-40F0-B65C-043BB5ED0D9B} - \Maxthon Update No Task File <==== ATTENTION
Task: {3F5527AA-2713-4EE0-957C-4A8B09D5CCAC} - \JetBoost_AutoUpdate No Task File <==== ATTENTION
Task: {7F9CEDCF-6935-4A8F-8B2D-4807625280D8} - \User_Feed_Synchronization-{8B267DA2-BF27-4D69-BEBD-F61332224743} No Task File <==== ATTENTION
Task: {BFAC7D10-4297-4E80-ABDA-247D6EC43B62} - \{109222ED-876E-413f-9CD5-F279C143FF6A} No Task File <==== ATTENTION
Task: {E45C64B0-C62A-4D92-890F-AAA07D3346D5} - \UMonitor Task No Task File <==== ATTENTION
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\Diane\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Ryan\Desktop\med records request.jpeg: 3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Ryan\Desktop\med records request.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S3 LSCWinService; No ImagePath
S2 PandaAgent; No ImagePath

*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0272F48F-D378-40F0-B65C-043BB5ED0D9B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0272F48F-D378-40F0-B65C-043BB5ED0D9B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Maxthon Update" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3F5527AA-2713-4EE0-957C-4A8B09D5CCAC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F5527AA-2713-4EE0-957C-4A8B09D5CCAC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\JetBoost_AutoUpdate" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7F9CEDCF-6935-4A8F-8B2D-4807625280D8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F9CEDCF-6935-4A8F-8B2D-4807625280D8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\User_Feed_Synchronization-{8B267DA2-BF27-4D69-BEBD-F61332224743}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BFAC7D10-4297-4E80-ABDA-247D6EC43B62}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFAC7D10-4297-4E80-ABDA-247D6EC43B62}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{109222ED-876E-413f-9CD5-F279C143FF6A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E45C64B0-C62A-4D92-890F-AAA07D3346D5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E45C64B0-C62A-4D92-890F-AAA07D3346D5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UMonitor Task" => key removed successfully
C:\Windows => ":nlsPreferences" ADS removed successfully.
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
C:\Users\Diane\OneDrive => ":ms-properties" ADS removed successfully.
"C:\Users\Ryan\Desktop\med records request.jpeg" => ": 3or4kl4x13tuuug3Byamue2s4b" ADS not found.
"C:\Users\Ryan\Desktop\med records request.jpeg" => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
LSCWinService => service removed successfully
PandaAgent => service removed successfully
EmptyTemp: => 340.2 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 19:49:49 ====

I did reboot the system


Report •

#23
August 4, 2015 at 18:55:55
Run Malwarebytes again, Copy & Paste the contents of the log please.

Report •

#24
August 4, 2015 at 19:12:30
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/4/2015
Scan Time: 7:59 PM
Logfile: malwarereport.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.04.07
Rootkit Database: v2015.08.04.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Ryan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 398479
Time Elapsed: 11 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Report •

#25
August 4, 2015 at 19:14:47
I see you have these 2 programs installed, both I use myself.

SpywareBlaster, if the free version, do you realize, you have to manually update it about once a month?
Unchecky, very good, but nothing is perfect, the badies are always ahead of the goodies, so be vigilant.

Next step.
Download Security Check by screen317 from one of the following links and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
Please restart the computer before running this security check..
* Double click SecurityCheck.exe. If you run Windows Vista or 7/8, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.


Report •

#26
August 4, 2015 at 19:38:44
Yes I did know I need to manually update spyware blaster.

Results of screen317's Security Check version 1.006
x64 (UAC is enabled)
Internet Explorer 11
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
Windows Firewall Enabled!
Windows Defender
Bitdefender Antivirus Free Edition
Antivirus up to date! (On Access scanning [b]disabled[/b]!)
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
SpywareBlaster 5.0
Duplicate Cleaner Free 3.2.6
Adobe Flash Player 18.0.0.209
Adobe Reader XI
Mozilla Firefox (39.0)
Google Chrome (44.0.2403.107)
Google Chrome (44.0.2403.125)
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
Bitdefender Antivirus Free Edition gzserv.exe
Bitdefender Antivirus Free Edition gziface.exe
Malwarebytes Anti-Exploit mbae-svc.exe
Malwarebytes Anti-Exploit mbae64.exe
Malwarebytes Anti-Exploit mbae.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C: %
[b][u]````````````````````End of Log``````````````````````[/b][/u]


Report •

#27
August 4, 2015 at 19:40:25
Open CCleaner > Tools > Uninstall, down the bottom right hand corner, Click on > Save to text file. Save file to Desktop. Post that info please.

Report •

#28
August 4, 2015 at 19:45:23
7-Zip 9.34 (x64 edition) Igor Pavlov 4/28/2015 4.65 MB 9.34.00.0
Adobe AIR Adobe Systems Incorporated 5/12/2015 18.0.0.180
Adobe Flash Player 18 NPAPI Adobe Systems Incorporated 7/14/2015 17.6 MB 18.0.0.209
Adobe Reader XI (11.0.12) Adobe Systems Incorporated 7/19/2015 185 MB 11.0.12
Adobe Shockwave Player 12.1 7/10/2014
Advanced SystemCare 8 IObit 6/23/2015 121 MB 8.3.0
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 7/10/2014 26.0 MB 8.0.915.0
Andy OS Andy OS, Inc 7/25/2015 0.44.0.0
AOMEI Backupper Standard Edition 2.8 AOMEI Technology Co., Ltd. 5/14/2015 180 MB
AOMEI OneKey Recovery 1.1 AOMEI Technology Co., Ltd. 2/28/2015 99.8 MB
AppNHost 1.0.5.1 Mixesoft Project 12/31/2014 428 KB 1.0.5.1
AxCrypt 1.7.3156.0 Axantum Software AB 4/24/2015 2.83 MB 1.7.3156.0
BackUp Maker ASCOMP Software GmbH 5/31/2015 16.5 MB 7.1.0.0
Bitdefender Antivirus Free Edition Bitdefender 8/1/2015 1.0.21.1099
CCleaner Piriform 7/25/2015 5.08
Cisco EAP-FAST Module Cisco Systems, Inc. 7/10/2014 1.53 MB 2.2.14
Cisco LEAP Module Cisco Systems, Inc. 7/10/2014 632 KB 1.0.19
Cisco PEAP Module Cisco Systems, Inc. 7/10/2014 1.22 MB 1.1.6
Copy Barracuda Networks, Inc. 4/28/2015 101 MB 3.2.1.481
CyberGhost 5 CyberGhost S.R.L. 2/8/2015 28.1 MB
CyberLink MediaStory CyberLink Corp. 7/10/2014 470 MB 1.0.1314
CyberLink PhotoDirector 3 CyberLink Corp. 7/10/2014 226 MB 3.0.1.4107
CyberLink PowerDirector 10 CyberLink Corp. 7/11/2014 293 MB 10.0.0.2810
Dashlane Dashlane SAS 7/25/2015 3.5.0.89717
Driver & Application Installation Lenovo 7/10/2014 6.13.0621
Duplicate Cleaner Free 3.2.6 DigitalVolcano Software Ltd 4/1/2015 8.11 MB 3.2.6
ESET Online Scanner v3 8/4/2015
Genesys USB Mass Storage Device Genesys Logic 7/10/2014 4.1.2.2
Google Chrome Google, Inc. 12/3/2014 40.6 MB 66.30.49223
Greenshot 1.2.6.7 Greenshot 4/21/2015 2.75 MB 1.2.6.7
ICQ 8.3 (build 7317) ICQ 2/24/2015 8.3.7317.0
LastPass (uninstall only) LastPass 7/20/2015
Lenovo Assistant Lenovo 7/10/2014 2.0.0.29
Lenovo Blacksilk USB Keyboard Driver Lenovo 7/10/2014 V1.6.13.0724
Lenovo Photos CEWE COLOR AG u Co. OHG 7/11/2014 227 MB 4.8.5
Lenovo Power2Go CyberLink Corp. 7/10/2014 154 MB 6.0.7408
Lenovo PowerDVD10 CyberLink Corp. 7/10/2014 208 MB 10.0.5108.52
Lenovo Reach Stoneware, Inc. 7/10/2014 56.6 MB 1.1.0.197
Lenovo Rescue System CyberLink Corp. 7/11/2014 4.0.0.1901
Lenovo Solution Center 12/30/2014
LVT Lenovo 7/10/2014 5.00.0914
Malwarebytes Anti-Exploit version 1.07.1.1015 Malwarebytes 7/25/2015 9.95 MB 1.07.1.1015
Malwarebytes Anti-Malware version 2.1.8.1057 Malwarebytes Corporation 6/30/2015 64.6 MB 2.1.8.1057
Maxthon Cloud Browser Maxthon International Limited 7/11/2014 4.2.1.1000
Microsoft Office Microsoft Corporation 7/10/2014 297 MB 15.0.4454.1510
Microsoft Silverlight 7/10/2014
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 1/16/2015 4.84 MB 8.0.61001
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 7/10/2014 13.2 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 1/16/2015 13.2 MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 1/29/2015 4.53 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 7/10/2014 10.2 MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 7/10/2014 230 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 7/10/2014 10.1 MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 1/16/2015 10.1 MB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 1/16/2015 18.0 MB 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 1/16/2015 14.8 MB 10.0.30319
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 2/10/2015 20.5 MB 11.0.61030.0
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Corporation 7/11/2014 17.3 MB 11.0.61030.0
Mozilla Firefox 39.0 (x86 en-US) Mozilla 8/4/2015 84.6 MB 39.0
Mozilla Maintenance Service Mozilla 8/4/2015 228 KB 39.0
Nitro Pro 9 Nitro 7/10/2014 558 MB 9.0.5.9
OneKey Recovery CyberLink Corp. 7/11/2014 4.0.0.1901
Oracle VM VirtualBox 4.3.12 Oracle Corporation 7/25/2015 153 MB 4.3.12
Pale Moon 25.6.0 (x64 en-US) Moonchild Productions 7/27/2015 60.3 MB 25.6.0
Panda Devices Agent 7/10/2014
PowerDirector CyberLink Corp. 7/11/2014 293 MB 10.0.0.2810
Realtek Ethernet Controller Driver Realtek 7/10/2014 8.18.621.2013
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 7/10/2014 6.0.1.7005
REALTEK Wireless LAN Driver REALTEK Semiconductor Corp. 7/10/2014 1.00.0227
SHAREit Lenovo Group Limited 12/26/2014 18.2 MB 2.1.11.0
Simple Sticky Notes 3.0 Simnet Ltd. 4/17/2015 1.71 MB
Skype Click to Call Microsoft Corporation 5/27/2015 12.8 MB 7.4.0.9058
Skype™ 7.7 Skype Technologies S.A. 7/25/2015 73.7 MB 7.7.102
SpywareBlaster 5.0 BrightFort LLC 12/20/2014 8.83 MB 5.0.0
Startup Delayer v3.0 (build 363) r2 Studios 4/8/2015 3.0 (build 363)
SumatraPDF Krzysztof Kowalczyk 1/11/2015 10.5 MB 3.0
SUPERAntiSpyware SUPERAntiSpyware.com 5/14/2015 52.6 MB 6.0.1200
SyncFolders version 3.3.022 G.J. Weerheim 6/11/2015 2.92 MB 3.3.022
TAP-Windows 9.9.2 2/8/2015 9.9.2
Unchecky v0.3.9 RaMMicHaeL 5/5/2015 0.3.9
Virtual Router v1.0 Chris Pietschmann 4/18/2015 1.58 MB 1.0
VLC media player VideoLAN 4/16/2015 2.2.1
WhoCrashed 5.50 Resplendence Software Projects Sp. 7/31/2015 6.72 MB

Report •

#29
August 4, 2015 at 19:49:48
Ok, I'm out of time now, got to go out, lets see if you get any more blue screens & if so, we can deal with them, now you are clean.

message edited by Johnw


Report •

#30
August 5, 2015 at 08:02:20
I appreciate all of the help I am getting to try to solve this issue.
When I opened chrome today (8-5-2015) I got another blue screen.
WhoCrashed report follows
Crash dump directory: C:\windows\Minidump

Crash dumps are enabled on your computer.

On Wed 8/5/2015 2:17:35 PM GMT your computer crashed
crash dump file: C:\windows\Minidump\080515-24437-01.dmp
This was probably caused by the following module: wisetdifw64.sys (0xFFFFF80094732FB7)
Bugcheck code: 0x50 (0xFFFFE001328BC430, 0x1, 0xFFFFF80094732FB7, 0x0)
Error: PAGE_FAULT_IN_NONPAGED_AREA
file path: C:\windows\WiseTDIFw64.sys
product: TDI driver
company: WiseCleaner.com
description: wise TDI driver
Bug check description: This indicates that invalid system memory has been referenced.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: wisetdifw64.sys (wise TDI driver, WiseCleaner.com).
Google query: WiseCleaner.com PAGE_FAULT_IN_NONPAGED_AREA

On Wed 8/5/2015 2:17:35 PM GMT your computer crashed
crash dump file: C:\windows\memory.dmp
This was probably caused by the following module: wisetdifw64.sys (WiseTDIFw64+0x5FB7)
Bugcheck code: 0x50 (0xFFFFE001328BC430, 0x1, 0xFFFFF80094732FB7, 0x0)
Error: PAGE_FAULT_IN_NONPAGED_AREA
file path: C:\windows\WiseTDIFw64.sys
product: TDI driver
company: WiseCleaner.com
description: wise TDI driver
Bug check description: This indicates that invalid system memory has been referenced.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: wisetdifw64.sys (wise TDI driver, WiseCleaner.com).
Google query: WiseCleaner.com PAGE_FAULT_IN_NONPAGED_AREA


Report •

#31
August 5, 2015 at 08:12:26
Just about to go to bed.

Run CCleaner. Follow these SS (screenshot) steps.
http://i.imgur.com/UUecMp3.gif
http://i.imgur.com/715LOZY.gif
http://i.imgur.com/oWJFPUA.gif
http://i.imgur.com/CFRA6GW.gif
http://i.imgur.com/r0c6HFr.gif
http://i.imgur.com/Htjr1Mj.gif

Next step.
Please download SystemLook from one of the links below and save it to your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
SystemLook (64-bit)
http://downloads.malwareremoval.com...
SS ( Screenshot )
http://i.imgur.com/CaJ7H0p.gif
Double-click SystemLook.exe to run it.
Or, Right click on SystemLook.exe, click > Run As Administrator.
Copy & Paste the content of the following into the main textfield:
:filefind
*WiseTDIFw.sys*
:folderfind
*WiseTDIFw.sys*
:regfind
WiseTDIFw.sys
:filefind
*WiseTDIFw64.sys*
:folderfind
*WiseTDIFw64.sys*
:regfind
WiseTDIFw64.sys
:filefind
*aswsnx.sys.sys*
:folderfind
*aswsnx.sys*
:regfind
aswsnx.sys
:filefind
*avast*
:folderfind
*avast*
:regfind
avast


Report •

#32
August 5, 2015 at 09:14:13
I see WiseTDIFw64.sys is reported again. Did you see my #18?

Always pop back and let us know the outcome - thanks


Report •

#33
August 5, 2015 at 10:09:23
I ran the registry cleaner in CCleaner then I got these results from systemlook

SystemLook 04.09.10 by jpshortstuff
Log created at 11:07 on 05/08/2015 by Ryan
Administrator - Elevation successful

No Context: :filefind

No Context: *WiseTDIFw.sys*

No Context: :folderfind

No Context: *WiseTDIFw.sys*

No Context: :regfind

No Context: WiseTDIFw.sys

No Context: :filefind

No Context: *WiseTDIFw64.sys*

No Context: :folderfind

No Context: *WiseTDIFw64.sys*

No Context: :regfind

No Context: WiseTDIFw64.sys

No Context: :filefind

No Context: *aswsnx.sys.sys*

No Context: :folderfind

No Context: *aswsnx.sys*

No Context: :regfind

No Context: aswsnx.sys

No Context: :filefind

No Context: *avast*

No Context: :folderfind

No Context: *avast*

No Context: :regfind

No Context: avast

-= EOF =-

I do still see in C:windows a file with the name WiseTDIFw64.sys

message edited by ryrhino


Report •

#34
August 5, 2015 at 16:53:04
"I do still see in C:windows a file with the name WiseTDIFw64.sys"

Use Unlocker to remove.
http://www.softpedia.com/get/System...
http://www.emptyloop.com/unlocker/
Tutorial
http://www.addictivetips.com/window...


Report •

#35
August 5, 2015 at 17:11:37
WiseTDIFw64.sys file is now in the recycle bin. Do I keep it in there or is it okay to empty the recycle bin? If I need to keep it in the recycle bin how long do I need to do so?

Report •

#36
August 5, 2015 at 17:31:48
"Do I keep it in there"
No, it belongs to a previous program.

I prefer to install those Wise programs, which I use every day, separately.
Doing it that way, WiseTDIFw64.sys is not installed.

Run Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/Wise-D...
http://www.freewarefiles.com/screen...
http://www.wisecleaner.com/download...
http://i.imgur.com/Jecnfvb.gif
http://i.imgur.com/0xHwdom.gif
http://i.imgur.com/JZLYOLf.gif
http://i.imgur.com/4kfaeGW.gif

Wise Program Uninstaller
http://www.softpedia.com/get/Tweak/...
http://www.freewarefiles.com/Wise-P...
http://www.freewarefiles.com/screen...
http://wisecleaner.com/wiseuninstal...

Wise Registry Cleaner
http://www.softpedia.com/get/Tweak/...
http://www.wisecleaner.com/wiseregi...
http://i.imgur.com/Qy7HWcA.gif


message edited by Johnw


Report •

#37
August 5, 2015 at 17:38:01
Do I need to use WiseCleaner and wise registry cleaner since I use CCleaner and used ccleaners registry cleaner?
Isn't having wisecleaner installed on my pc in the past the possible cause of getting the blue screen errors?

message edited by ryrhino


Report •

#38
August 5, 2015 at 17:46:40
"Do I need to use WiseCleaner and wise registry cleaner"
I prefer the Wise tools.

"Isn't having wisecleaner installed on my pc in the past the possible cause of getting the blue screen errors?"
No, it is WiseTDIFw64.sys file, which only comes with the combo.


Report •

#39
August 5, 2015 at 18:11:52
I installed and ran wise disk cleaner. If I decide to keep using it how often do you suggest running it?

Report •

#40
August 5, 2015 at 18:20:06
Depends on your usage, I am constantly researching, testing programs etc.
Sometimes it is daily, sometimes every 2 - 5 days.
Every comp I work on, usually 2 or 3 a week, I run the Wise tools.

You will get into the swing of it, once you start using.

message edited by Johnw


Report •

#41
August 5, 2015 at 18:33:11
If I decide to use it I think I will run it at least 2-3 times per week.

Do you think I need to update any drivers? If so which ones and how do I do so? I don't know anything about hardware of a pc.


Report •

#42
August 5, 2015 at 18:44:25
"Do you think I need to update any drivers?"
Doubt it.
Drivers are used by programs & hardware.
If your have MS Updates set to auto, that should take care of them.
Upload a SS of your Update page & I will be able to see what is going on.

Program drivers should be Ok now, unless you get another blue screen.


Report •

#43
August 5, 2015 at 19:18:23
You are asking for a ss of windows update? How do I upload a ss to a post? I don't know how to upload to a post.

Report •

#44
August 5, 2015 at 20:52:56
"I don't know how to upload to a post"
Upload the screenshot using Zippy.

Report •

#45
August 5, 2015 at 21:24:37
http://www35.zippyshare.com/v/U6dZE...

Not sure if that is what you asked for. If not please let me know what you want to see.

I am not able to upload on zippy website I am able to browse and put file on website but when I click on upload nothing happens. When I try the html uploader bitdefender says its malware and I am not able to upload that way. I use the desktop tool to upload. Why am I not able to upload on the website?

message edited by ryrhino


Report •

#46
August 5, 2015 at 22:00:55
Refer this SS.
http://i.imgur.com/Imuo8ZY.png

Report •

#47
August 5, 2015 at 22:10:30
http://www64.zippyshare.com/v/DDvGr...

Report •

#48
August 5, 2015 at 22:21:29
No extra driver updates, so all your drivers, are up to date.

Run DelFix. Copy & Paste the contents of the log please.
https://toolslib.net/downloads/view...
DelFix is designed to delete all removal tools used during a disinfection.
Indeed, these tools are often updated. It's recommended not to have and use outdated versions on computer.
It's compatible with Windows XP, Vista, 7, 8 in 32 & 64 bits.
Run the tool by right click on the DelFix icon and Run as administrator option.
Make sure that these are checked:
Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge system restore
Reset system settings
Click Run and wait until the tool completes it's work.
Tool will create an report for you (C:\DelFix.txt)


Report •

#49
August 6, 2015 at 01:44:26
Here is delfix report

# DelFix v1.010 - Logfile created 06/08/2015 at 02:42:02
# Updated 26/04/2015 by Xplode
# Username : Ryan - LENOVO-PC
# Operating System : Windows 8.1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\Users\Ryan\Desktop\Fixlog.txt
Deleted : C:\Users\Ryan\Desktop\SystemLook.txt
Deleted : C:\Users\Ryan\Desktop\SystemLook_x64.exe
Deleted : C:\Users\Ryan\Downloads\Addition.txt
Deleted : C:\Users\Ryan\Downloads\adwcleaner_4.107.exe
Deleted : C:\Users\Ryan\Downloads\adwcleaner_4.109.exe
Deleted : C:\Users\Ryan\Downloads\adwcleaner_4.203.exe
Deleted : C:\Users\Ryan\Downloads\adwcleaner_4.208.exe
Deleted : C:\Users\Ryan\Downloads\FRST.txt
Deleted : C:\Users\Ryan\Downloads\FRST64.exe
Deleted : C:\Users\Ryan\Downloads\JRT.exe
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #84 [First restore point | 07/31/2015 20:54:29]
Deleted : RP #85 [JRT Pre-Junkware Removal | 08/01/2015 22:44:41]
Deleted : RP #86 [Windows Update | 08/05/2015 02:22:40]
Deleted : RP #87 [Installed ThinkPad 1x1 11b/g/n Wireless LAN PCI Express Half Min‡£Q | 08/06/2015 02:27:48]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########


Report •

#50
August 6, 2015 at 03:13:47
Waiting time now, don't think I've missed anything, if I have, it will raise it's head..

Report •

Ask Question