Lots of different BSOD

I had some problems doing the steps in the last post.
I uninstalled bitdefender but startup lite wouldn’t open when I pressed on your link. A tab would try and open but it would just close straight away, I googled startup lite and downloaded from there and it said there was no unnecessary startups found.
When I try to press fix in FRST it tells me, " No fixlist.txt found. The fixlist.txt should be in the same folder/directory the tool is located.
So it’s not creating one for me.
I downloaded Adware Cleaner but haven’t installed or run anything yet as I thought perhaps completing the FRST step might need to be done first.

@Plughole
No worries on startup lite. It is just a program to reduce startups on your machine, not really needed.

As far as FRST fix, you need to make sure and copy from start:: to end:: inside the code box, then right click frst run as admin then hit the fix button.

Run adware cleaner before or after FRST does not matter.

To make it a little easier, copy all the text in red below. From Start:: to End::
Right Click FRST run as admin.
Click the Fix button.

[COLOR=rgb(184, 49, 47)]Start::
[COLOR=rgb(184, 49, 47)]CloseProcesses:
SystemRestore: On
CreateRestorePoint:
RemoveProxy:
HKLM-x32...\Run: [] => [X]
S3 McComponentHostService; “C:\Program Files\McAfee Security Scan\3.11.2336\McCHSvc.exe” [X]
S1 amsdk; ??\C:\WINDOWS\system32\drivers\amsdk.sys [X]
C:\WINDOWS\system32\drivers\amsdk.sys
C:\Program Files\McAfee Security Scan
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUp date: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {70C7D61B-56ED-4603-BEF3-379E154D94F9} - \Microsoft\Windows\UNP\RunCampaignManager → No File <==== ATTENTION
S3 cpuz149; C:\Users\Owner\AppData\Local\Temp\cpuz149\cpuz149_ x64.sys [44320 2023-01-15] (CPUID S.A.R.L.U. → CPUID) <==== ATTENTION
HKLM-x32...\Run: [VirtualCloneDrive] => “C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe” /s (No File)
Task: {026BEAEF-0461-4116-9E4B-720E1B2F4EEA} - System32\Tasks\Avast Software\Avast SecureLine VPN Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-vpn\icarus.exe /update:avast-vpn /silent (No File)
Task: {11183B74-D89C-4CE6-91A9-7E9F3737AEDD} - System32\Tasks\Avast SecureLine VPN Update => C:\Program Files\Avast Software\SecureLine VPN\VpnUpdate.exe (No File)
Task: {70C7D61B-56ED-4603-BEF3-379E154D94F9} - \Microsoft\Windows\UNP\RunCampaignManager → No File <==== ATTENTION
Task: {C16C6FCA-A078-4482-B55D-DDD7033AA685} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (No File)
Task: {C3B118BC-AA89-4B02-BBFD-A8031C5E1C6E} - System32\Tasks\Avast Software\Avast Cleanup Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-tu\icarus.exe /update:avast-tu /silent (No File)
Task: {CB464C8C-70A7-473D-8091-1048E1B6A51B} - System32\Tasks\Avast Software\Avast Driver Updater Update => C:\Program Files\Common Files\Avast Software\Icarus\avast-du\icarus.exe /update:avast-du /silent (No File)
Task: {E98AEA25-E2EF-4A3C-834B-DFE140296019} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe /from_scheduler:1 (No File)
C:\Program Files\Common Files\Avast Software
C:\Program Files\AVAST Software
C:\ProgramData\Avast Software
Task: {394AEC87-2BF9-4E6A-A878-CF7E099A4FA5} - System32\Tasks\Avast Software\Avast SecureLine VPN Bug Report => C:\Program Files\Avast Software\SecureLine VPN\AvBugReport.exe → --send “dumps|report” --silent --product 11 --programpath “C:\Program Files\Avast Software\SecureLine VPN” --configpath “C:\ProgramData\Avast Software\SecureLine VPN” --path “C:\ProgramData\Avast Software\SecureLine VPN\log” --path “C:\ProgramData\Avast Software\Icarus\Logs” --logpath “C:\ProgramData\Avast Software\SecureLine VPN\log” --guid 52339fa6-d459-41d5-b3d8-e48496626d2a
Task: {A3CA7EF2-ECF0-4020-A357-6FA3EA85324B} - System32\Tasks\Avast Software\Avast Cleanup BugReport => C:\Program Files\Avast Software\Cleanup\AvBugReport.exe → --send “dumps|report” --silent --product 62 --programpath “C:\Program Files\Avast Software\Cleanup\Setup..” --configpath “C:\Program Files\Avast Software\Cleanup\Setup” --path “C:\ProgramData\Avast Software\Cleanup\log” --path “C:\ProgramData\Avast Software\Icarus\Logs” --logpath “C:\ProgramData\Avast Software\Cleanup\log” --guid bfb8b566-8d5d-43c6-a94d-5a585fa0d2cc
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip..\Interfaces{2b723b6d-a727-4755-ad5e-489208c21d4f}: [NameServer] 8.8.8.8
Tcpip..\Interfaces{2c0cba30-48b8-4c1b-8fa4-43d5e5a4b9a4}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip..\Interfaces{acbfd70e-0da8-4512-a045-cdc34019cf5a}: [DhcpNameServer] 192.168.1.1 0.0.0.0
C:\Windows\System32\drivers\etc\hosts
Hosts:
Edge Extension: (No Name) → AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) → BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) → LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) → PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Pro files\7ahq4wbu.default\Extensionssp@avast.com.xpi [2020-02-09]
CHR HKLM-x32...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
CHR HKLM-x32...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2021-04-26] (AVAST Software s.r.o. → The OpenVPN Project)
S3 aswWintun; C:\WINDOWS\System32\drivers\aswWintun.sys [51112 2022-12-09] (Avast Software s.r.o. → AVAST Software)
C:\WINDOWS\System32\drivers\aswTap.sys
C:\WINDOWS\System32\drivers\aswWintun.sys
C:\ProgramData\AVAST Software
C:\Users\Owner\AppData\Local\AVAST Software
C:\WINDOWS\system32\Tasks\Avast SecureLine VPN Update
C:\WINDOWS\system32\Tasks\Avast Emergency Update
C:\Users\Owner\AppData\Roaming\530354923
C:\Users\Owner\AppData\Local{3C751BC8-D380-42A6-910D-A8AAA123601E}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
Task: {A68728B3-886B-4D1E-A15D-3EEC8765DD21} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [465872 2018-05-16] () [File not signed]
S2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1275776 2018-05-16] () [File not signed]
C:\Program Files\Bitdefender Agent
Avast Update Helper (HKLM-x32...{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1579.3 - AVAST Software) Hidden
Avast Update Helper (HKLM-x32...{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.8.1065.0 - AVAST Software) Hidden
CustomCLSID: HKU\S-1-5-21-1407478479-2209512713-3320715968-1000_Classes\CLSID{88B20FC8-EBD6-4181-B5F6-50F45BFF722E}\InprocServer32 → C:\Users\Owner\AppData\Local\Microsoft\EdgeUpdate\ 1.3.167.21\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1407478479-2209512713-3320715968-1000_Classes\CLSID{997809F3-33FD-4FD6-A2ED-CEF50F3263B1}\InprocServer32 → C:\Users\Owner\AppData\Local\Microsoft\EdgeUpdate\ 1.3.169.31\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1407478479-2209512713-3320715968-1000_Classes\CLSID{ABF66F82-B04C-4FE4-8272-661539463FE1}\InprocServer32 → C:\Users\Owner\AppData\Local\Microsoft\EdgeUpdate\ 1.3.171.37\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1407478479-2209512713-3320715968-1000_Classes\CLSID{BFBE0943-74C5-40E0-9E80-0B808109E95D}\InprocServer32 → C:\Users\Owner\AppData\Local\Microsoft\EdgeUpdate\ 1.3.163.19\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1407478479-2209512713-3320715968-1000_Classes\CLSID{D1CE12B0-2529-4B24-BE8E-189735EA0DC1}\InprocServer32 → C:\Users\Owner\AppData\Local\Microsoft\EdgeUpdate\ 1.3.165.21\psuser_64.dll => No File
ContextMenuHandlers1: [VirtualCloneDrive] → {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll → No File
ContextMenuHandlers2: [VirtualCloneDrive] → {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll → No File
FirewallRules: [UDP Query User{8B652721-21BA-4109-ABBB-DEA91EFD13DD}D:\persona.4.golden-goldberg\day\p4g.exe] => (Allow) D:\persona.4.golden-goldberg\day\p4g.exe => No File
FirewallRules: [TCP Query User{1FEBCC38-859C-4954-B774-EC757C879803}D:\persona.4.golden-goldberg\day\p4g.exe] => (Allow) D:\persona.4.golden-goldberg\day\p4g.exe => No File
FirewallRules: [{6D8DE446-00D8-4436-A52C-258A1DD35DA9}] => (Block) D:\Games\Zero Escape The Nonary Games\ze1.exe => No File
FirewallRules: [{24081896-1C25-4251-BA0E-9D4BDE0D797A}] => (Block) D:\Games\Zero Escape The Nonary Games\Launcher.exe => No File
FirewallRules: [{2C1FAEE5-74C6-4078-82CA-5E758797B0C6}] => (Block) D:\Games\Zero Escape The Nonary Games\Launcher.exe => No File
FirewallRules: [{64C05F22-F86A-456A-809A-DB4099CB7169}] => (Block) D:\Games\Zero Escape The Nonary Games\ze1.exe => No File
FirewallRules: [UDP Query User{9DDDC0B9-E53C-4FAB-AEBE-82331BCC2A1F}D:\sc2\starcraft ii\versions\base77535\sc2_x64.exe] => (Allow) D:\sc2\starcraft ii\versions\base77535\sc2_x64.exe => No File
FirewallRules: [TCP Query User{F2ACE6B3-CEED-41C2-B724-7F0661D5DB42}D:\sc2\starcraft ii\versions\base77535\sc2_x64.exe] => (Allow) D:\sc2\starcraft ii\versions\base77535\sc2_x64.exe => No File
FirewallRules: [UDP Query User{B0A213B5-F0DC-4C08-A115-8ABD37EF94AB}D:\heroes of might and magic 3 complete\heroes3.exe] => (Allow) D:\heroes of might and magic 3 complete\heroes3.exe => No File
FirewallRules: [TCP Query User{B8468D9C-9E81-46F6-A65B-7AFCBD1DB42B}D:\heroes of might and magic 3 complete\heroes3.exe] => (Allow) D:\heroes of might and magic 3 complete\heroes3.exe => No File
FirewallRules: [TCP Query User{9350908F-B702-4CC4-82C5-69159B7027BB}D:\wc3\warcraft iii\war3.exe] => (Allow) D:\wc3\warcraft iii\war3.exe => No File
FirewallRules: [UDP Query User{44D192EC-F3F8-4509-90A6-E25CA36DB984}D:\wc3\warcraft iii\war3.exe] => (Allow) D:\wc3\warcraft iii\war3.exe => No File
FirewallRules: [{050505BE-F974-4547-8467-6F88356A774F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{AF99CA0D-3BF0-4BB3-AB1A-C6CE84B50F07}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{0F9B06EF-0458-49E8-A732-9CC62B04A48D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
FirewallRules: [{EBC8B7D9-E24F-4057-B887-79E00D691184}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe => No File
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\amsdk.sys => “”=“Driver”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\amsdk.sys => “”=“Driver”
FirewallRules: [{65051290-0893-4091-B2B6-8D2A46531502}] => (Allow) LPort=57209
FirewallRules: [{41E00AED-65EA-4467-A4BD-F6FFF1F14FDE}] => (Allow) LPort=57210
FirewallRules: [{33E38B84-A714-420F-B61F-06479EFF6CE1}] => (Allow) LPort=57211
FirewallRules: [{556C40E7-451F-4322-A04A-E5A780675790}] => (Allow) LPort=57212
FirewallRules: [{EDD7DDF0-3BDD-4FAC-B335-F2101402A96D}] => (Allow) LPort=57213
FirewallRules: [{CE9E6C41-028B-428D-94F6-634B5663A0D5}] => (Allow) LPort=57214
FirewallRules: [{2B5A8E0E-E71B-41F3-8135-87EB259CA9A3}] => (Allow) LPort=57215
FirewallRules: [{5FAE1C4A-FD86-468F-A29D-479B75A98352}] => (Allow) LPort=57216
FirewallRules: [{8DFFEFD1-9A77-456B-8F6E-C43A36754EE8}] => (Allow) LPort=57217
FirewallRules: [{6772F684-0980-4699-B515-F4F356AE110B}] => (Allow) LPort=57218
FirewallRules: [{5971A661-4C8F-4ED3-96CA-3E309E2CEC72}] => (Allow) LPort=57209
FirewallRules: [{5B075BF0-2EE4-4519-AB2C-1737DF35BF57}] => (Allow) LPort=57210
FirewallRules: [{37798BAA-E237-4AAE-9A1A-BB64241F090F}] => (Allow) LPort=57211
FirewallRules: [{68284A71-3356-4756-84B5-9A883D94F439}] => (Allow) LPort=57212
FirewallRules: [{8B836019-A25B-4D4E-83F1-C4262832DA85}] => (Allow) LPort=57213
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: net stop bits
Move: C:\ProgramData\Microsoft\Network\Downloader\qmgr*. db C:\ProgramData\Microsoft\Network\Downloader\qmgr*. db.old
cmd: net start bits
cmd: bitsadmin /list /allusers
CMD: “%WINDIR%\SYSTEM32\lodctr.exe /R”
CMD: “%WINDIR%\SysWOW64\lodctr.exe /R”
CMD: “C:\Windows\SYSTEM32\lodctr.exe /R”
CMD: “C:\Windows\SysWOW64\lodctr.exe /R”
CMD: del /f /s /q %windir%\prefetch*.*
CMD: del /s /q C:\Windows\SoftwareDistribution\download*.*
CMD: del /s /q “%userprofile%\AppData\Local\Google\Chrome\User Data\Default\Cache*."
cmd: del /s /q "%userprofile%\AppData\Local\Microsoft\Edge\Us er Data\Default\Cache*.”
cmd: del /s /q “%userprofile%\AppData\Local\Opera Software\Opera Stable\Cache\Cache_Data*."
CMD: del /s /q "%userprofile%\AppData\Local\temp*.”
CMD: ipconfig /flushdns
C:\ProgramData\Temp*
C:\Program Files (x86)\Temp*
C:\Windows\Temp*.*
C:\WINDOWS\system32*.tmp
C:\WINDOWS\syswow64*.tmp
C:\Windows\SystemTemp*.tmp
C:\Windows\ServiceProfiles\NetworkService\AppData\ Local\Temp*
C:\Windows\ServiceProfiles\LocalService\AppData\Lo calLow\Temp*
C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\Temp*
C:\Users\AllUserName\AppData\LocalLow\Temp*
C:\Users\AllUserName\Appdata\Local\Temp*
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
emptytemp:
Reboot:
[COLOR=rgb(184, 49, 47)]End::[/COLOR][/COLOR][/COLOR]

Okay I’m really hoping that worked. The Adware Cleaner had things quite different to what you described but I’m sure I did what you wanted regardless.

OK, let’s dig a little deeper, we have removed a lot of trash and I want to make certain every bit of rubbish is cleaned.

Run this tool for me, it is similar to FRST but checks in different areas. I’ll check logs and provide another fix for you.

Download ZHP Suite to your desktop.
Right Click Run as admin.
Hit the scanner button.
Once it is complete a file name ZHPdiag.txt will be on your desktop.
Attach it.

How is the computer running, any more bsod?

Attached.
I’m unsure if it’s still blue screening presently as I’ve been doing long hours at work this week and haven’t been using it as much. When I turned it on this morning it was fine and then I went to make a tea and came back and the computer was on but nothing was showing up so I had to turn it off and back on again. Not sure if that’s related.

Uninstall Avast Update Helper it will be visible now, use geek uninstaller if needed.

---

Copy the text in code box below.
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next message.

[COLOR=rgb(184, 49, 47)][ICODE]Start:: CloseProcesses: SystemRestore: On CreateRestorePoint: RemoveProxy: DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run|AvastBrowserAutoLaunch_2 EF41AAE0EFA048B29BD0C1048B2D149 DeleteValue: HKEY_USERS\S-1-5-21-1407478479-2209512713-3320715968-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run|AvastBrowserAutoLaunch_2 EF41AAE0EFA048B29BD0C1048B2D149 DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run|uTorrent DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run|AvastBrowserAutoLaunch_2 EF41AAE0EFA048B29BD0C1048B2D149 DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run|SUPERAntiSpyware DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run|Chromium DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run|ut DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run|Microsoft Edge Update DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run|MicrosoftEdgeAutoLaunch_ B5EF8F7A20842FF61C6E8DE6B6A1456E DeleteValue: HKEY_USERS\S-1-5-21-1407478479-2209512713-3320715968-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run|uTorrent DeleteValue: HKEY_USERS\S-1-5-21-1407478479-2209512713-3320715968-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run|AvastBrowserAutoLaunch_2 EF41AAE0EFA048B29BD0C1048B2D149 DeleteValue: HKEY_USERS\S-1-5-21-1407478479-2209512713-3320715968-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run|SUPERAntiSpyware =>.SUPERAntiSpyware DeleteValue: HKEY_USERS\S-1-5-21-1407478479-2209512713-3320715968-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run|Chromium DeleteValue: HKEY_USERS\S-1-5-21-1407478479-2209512713-3320715968-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run|ut DeleteValue: HKEY_USERS\S-1-5-21-1407478479-2209512713-3320715968-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run|Microsoft Edge Update DeleteValue: HKEY_USERS\S-1-5-21-1407478479-2209512713-3320715968-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run|MicrosoftEdgeAutoLaunch_ B5EF8F7A20842FF61C6E8DE6B6A1456E DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run|AvastUI.exe DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run|TuneupUI.exe DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run|DriverUpdUI.exe DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run|ACUW15EN DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run32|SunJavaUpdateSched DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\StartupFolder|UTEX.BAT DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\StartupFolder|McAfee Security Scan Plus.lnk DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run32|AvastUI.exe DeleteValue: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\StartupApproved\Run32|LogMeIn Hamachi Ui DeleteKeY: HKLM\SOFTWARE\4f60cf71-77d9-586f-9497-c078307716d3 DeleteKey: HKLM\SOFTWARE\4f60cf71-77d9-586f-9497-c078307716d3 DeleteKey: HKU\.DEFAULT\SOFTWARE\AVAST Software DeleteKey: HKU\S-1-5-21-1407478479-2209512713-3320715968-1000\SOFTWARE\avast software DeleteKey: HKU\S-1-5-21-1407478479-2209512713-3320715968-1000\SOFTWARE\Browser Cleanup DeleteKey: HKLM\SOFTWARE\McAfee.com DeleteKey: HKLM\SOFTWARE\mcafeeupdater DeleteKey: HKLM\SOFTWARE\WOW6432Node\McAfee DeleteKey: HKLM\SOFTWARE\WOW6432Node\McAfee.com DeleteKey: HKLM\SOFTWARE\WOW6432Node\0uyPIakKFdmD DeleteKey: HKLM\SOFTWARE\Bitdefender Agent DeleteKey: HKLM\SOFTWARE\WOW6432Node\Bitdefender Agent DeleteKey: HKU\.DEFAULT\SOFTWARE\SetID DeleteKey: HKCU\SOFTWARE\Browser Cleanup DeleteKey: HKCU\SOFTWARE\Zemana DeleteKey: HKLM\SOFTWARE\ZmnGlobalSDK DeleteKey: HKCU\SOFTWARE\ZmnGlobalSDK DeleteKey: HKU\S-1-5-21-1407478479-2209512713-3320715968-1000\SOFTWARE\Zemana DeleteKey: HKU\S-1-5-21-1407478479-2209512713-3320715968-1000\SOFTWARE\ZmnGlobalSDK C:\Users\Owner\AppData\Local\AdvinstAnalytics C:\ProgramData\RogueKiller C:\WINDOWS\System32\drivers\TrueSight.sys C:\WINDOWS\System32\drivers\lpsport.sys C:\Users\Owner\AppData\Local\LogMeIn C:\ProgramData\{3F46037A-176E-7B02-4F36-532AA7DE8BF2} C:\ProgramData\LogMeIn C:\Program Files (x86)\Temp\* C:\Program Files (x86)\Mozilla Maintenance Service C:\Users\Owner\AppData\Local\Zemana C:\WINDOWS\System32\Config\systemprofile\AppData\L ocal\Zemana C:\Program Files\Bitdefender Antivirus Free C:\ProgramData\Bitdefender C:\ProgramData\Bitdefender Agent C:\Users\Owner\AppData\Roaming\QuickScan C:\ProgramData\McAfee Security Scan C:\WINDOWS\Installer\249f93.msi C:\WINDOWS\Installer\33705ce.msi C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Pro files\7ahq4wbu.default\searchplugins\bing-lavasoft-ff59.xml C:\WINDOWS\Installer\10bae60.msi C:\WINDOWS\System32\DRIVERS\SWDUMon.sys Startbatch: sc stop sysmain sc config sysmain start= disabled sc stop DiagTrack sc config DiagTrack start= disabled sc stop dmwappushservice sc config dmwappushservice start= disabled sc stop lfsvc sc config lfsvc start= disabled EndBatch: emptytemp: Reboot: End::[/ICODE]

---

Download Kaspersky Virus Removal Tool B[/B] and save it to your Desktop.

Select the Windows Key and R Key together, the Run box should open.
Copy and paste the following into the run box.
[COLOR=rgb(184, 49, 47)]D:\Users\Owner\Desktop\KVRT.exe -dontencrypt

Select „Ok“ in the Run box.
If the „Windows protected your PC“ window opens, select „More info“. A new windows will open, select „Run anyway“.
An EULA window from KVRT will open, tick all confirmation boxes then select “Accept”.
A window from KVRT will open, select “Change Parameters”.
In the new window ensure the following boxes are ticked:
[ul]
[li]System memory[/li][li]Startup objects[/li][li]Boot sectors[/li][li]System drive[/li][/ul]
Then select “OK” and „Start scan“.
When completed: If entries are found, there will be options to choose. If “Cure” is offered, leave as it is. For any other options change to “Delete”, then select “Continue”.
Usually, your system needs a reboot to finish the removal process.
Logfiles can be found on your systemdrive (usually C: ), similar like this:

[COLOR=rgb(184, 49, 47)]C:\KVRT2020_Data\Reports\report__.klr

Right click direct onto those reports, select > open with > Notepad.
Save the files and attach them with your next reply.[/COLOR][/COLOR][/COLOR]

Hopefully they work.

@Plughole How is your computer running now? Last check looks like we are pretty much all clean, just this last tool to remove any remaining trash. This tool is similar to adware cleaner we used earlier in the thread.

ZHP cleaner Scan.

Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.
Once you have started the program, you will need to click the scanner button.
The program will close all open browsers!
Once the scan is completed, the you will want to click the Repair button.
At the end of the process you may be asked to reboot your machine.
After you reboot a report will open on your desktop.
Attach the report here in your next reply.

So I had a BSOD this morning again shortly after turning on my computer then going to get a tea. The computer was in recovery mode when I came back and some message about a kernel.
I turned my computer off and back on again and it was fine.
When scanning and repairing there were quite a few popups about zone anti-malware. I’m hoping that was just an advertisement for the program.
I’m presuming this is the file you wanted?
I have a day off tomorrow and I’ll give everything a really good clean again and be much stricter on cleaning the fans.

Ok upload your last two dump files, and we will work on reducing the startup and scheduled task on this machine as well, there are too many for normal operation…IMO

---

Download Autoruns and Autorunsc Unzip it to your desktop and then right click
[IMG alt=“Capture.PNG”]https://pchelpforum.net/attachments/capture-png.9995/

Run as Admin.
After the scan is finished then click on File----Then click----Save
The default name will be autoruns.arn make sure to leave it this way.
Attach the file in your next reply.
If the file is too large, then use catbox.moe or Ufile.io and send the link in your next reply.

---

When scanning and repairing there were quite a few popups about zone anti-malware.

Yep, nothing to worry abou, just the motions the program goes thru.

---

While you are in there cleaning, make sure and re seat everything while you are at it…

https://www.youtube.com/watch?v=DLxNPBQBfT8[/IMG]

In addition to the autoruns log, can you post an updated speccy report please.

Speccy:


Autoruns:
It won’t allow me to upload the file as it says the website doesn’t allow that kind of file so here is the link:

Also the default name wasn’t the same as you said it would be, I decided to leave it as the default name it chose, let me know if I need to change this.

I also reseated everything in my computer and gave everything another good clean.

I was thinking of ordering this SSD, I was wanting your opinion?

I’m not sure if my PC can take the other connection types of SSDs so decided it’d be easier for me to stick with a type that’s already in there.

For some reason it won’t allow me to do anything to my minidump files like it would before. It keeps telling me I don’t have permission yet there is nowhere for me to change permission or such.

Follow the instructions here to add take ownership to your right click menu, not sure why that is an issue now.



I have asked another member to take a look at the BSOD issue, and I am not sure on that SSD either.

@PeterOz or @phillpower2 will take the thread from here.

---

As far as startups.

Right click Autoruns, and run as admin. Then Under Scheduled task, uncheck everything.
Except the update Assistant.
Unless you use one drive, if you do not use it then uninstall/disable it.



Find anything related to AVAST right click and select delete.

As far as these, I would uncheck everything except Steam and Viber. That is really up to you.

[ATTACH type=“full”]11406[/ATTACH]

To apply the changes in Autoruns. you must reboot the computer.

---

Anymore BSOD after giving it a good cleaning?