Solved PC help from BSOD crashes

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up
Status
Not open for further replies.
Copy the content of the code box below.
Do not copy the word code:
Right Click FRST and run as Administrator.
Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
Attach it to your next post.


Code: 
Start::
CloseProcesses:
SystemRestore: On
CreateRestorePoint:
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {91267E87-863C-49A1-8753-B8B279039D05} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe  --automatic (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
S3 AppShopDrv103; \??\C:\Windows\SysWOW64\Drivers\AppShopDrv103.sys [X]
S3 HWiNFO_191; \??\C:\Users\BGGAME~1\AppData\Local\Temp\HWiNFO64A_191.SYS [X] <==== ATTENTION
S3 HWiNFO_201; \??\C:\Users\BGGAME~1\AppData\Local\Temp\HWiNFO_x64_201.sys [X] <==== ATTENTION
Task: {E3B85D02-E982-482C-8A89-3E21B0500629} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => C:\Windows\System32\Wscript.exe [204800 2024-07-10] (Microsoft Windows -> Microsoft Corporation) -> C:\Program Files\Intel\SUR\QUEENCREEK\x64\//B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {3AAE6A5F-FE7C-441A-847E-F399AAEAA16B} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4916640 2024-04-15] (Intel Corporation -> Intel Corporation)
Task: {44C8DB73-DCB7-430B-A8D8-D703A0EEF795} - System32\Tasks\WaterfoxLimited\Waterfox Default Browser Agent 6F940AC27A98DD61 => C:\Program Files\Waterfox\default-browser-agent.exe [678040 2024-07-08] (BrowserWorks Ltd -> Mozilla Foundation)
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActivityWatch.lnk:FB9FE75D10 [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FACEIT AC.lnk:550995E265 [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk:159ADC9AA1 [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server.lnk:A4E18C6AEC [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox Private Browsing.lnk:14F60F75DA [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox.lnk:9930A02307 [3434]
FirewallRules: [TCP Query User{60A1A913-DDB6-43C7-B145-DB300E233F6A}D:\ww3\ww3gamelauncher\sglww3.exe] => (Allow) D:\ww3\ww3gamelauncher\sglww3.exe => No File
FirewallRules: [UDP Query User{16C6BDC1-4F38-4DF9-A59F-26FDA516CB47}D:\ww3\ww3gamelauncher\sglww3.exe] => (Allow) D:\ww3\ww3gamelauncher\sglww3.exe => No File
FirewallRules: [{5DBD91D9-4A98-458C-91FB-6A3D1333FD3D}] => (Allow) D:\BlackShot\BlackShot\System\blackshot.exe => No File
FirewallRules: [{9AABA8E3-A321-46B0-ADF8-6CA2D24B2924}] => (Allow) D:\BlackShot\BlackShot\System\blackshot.exe => No File
FirewallRules: [{97B0CBC8-B936-4879-9978-75BF0FA3D8D2}] => (Allow) D:\SteamLibrary\steamapps\common\Albion Online\launcher\AlbionLauncher.exe => No File
FirewallRules: [{D3DB0E55-3343-44A9-A273-734415088197}] => (Allow) D:\SteamLibrary\steamapps\common\Albion Online\launcher\AlbionLauncher.exe => No File
FirewallRules: [{44312121-5C3F-4C0B-ADEC-106FBE9EB283}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => No File
C:\Windows\system32\drivers\etc\hosts
Hosts:
HKU\S-1-5-21-3219355904-1382751206-166821852-1001\...\StartupApproved\Run: => "OneDrive"
CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
CMD: ipconfig /flushdns
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
emptytemp:
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
Reboot:
End::


Download Malwarebytes v.4 . Install and run.


  • Once the MBAM dashboard opens, click on Settings (gear icon).
  • Click on Security tab and make sure that all four Scan options are enabled.
  • Close Settings and click on the Scan button on the dashboard.
  • Once the scan is completed make sure you have it quarantine any detections it finds.
  • If no detections were found click on the Save results drop-down, then the Export to TXT button and save the file as a Text file to your desktop.
  • If there were detections then once the quarantine has completed click on the View report button, then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other __cpLocation you can find and attach that log on your next reply.
  • If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other __cpLocation you can find and include that log on your next reply.
 
Last edited:
trying to click malwarebytes v4 but this shows up
1723075920188.png
 
Also the FRST fix log please.


Adware Cleaner


  • Download AdwCleaner and save it to your Desktop
  • Right-click on AdwCleaner.exeand select, Run as Administrator
  • Accept the EULA (I accept), then click on Scan Now
  • Let the scan complete
  • Once the scan completes, make sure that every item listed in the different tabs is checked and click on the Quarantine and delete.
  • Once the cleaning process is complete, AdwCleaner will ask you to restart your computer
  • Close all other open windows and allow it to restart
  • After the restart, Notepad will open with the AdwCleaner cleaning log
  • Please Attach the contents of that log into your next reply to me



Security Check Scan.


  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the program completes, the tool will automatically open a log file.
  • Please Copy and paste that log here in your next post.
  • There will be items listed in red when you post this log, those items need to be updated.
 
SecurityCheck by glax24 & Severnyj v.1.4.0.57 [24.01.24]
WebSite: www.safezone.cc
DateLog: 07.08.2024 20:35:43
Path starting: C:\Users\BGGames420\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: BGGames420
VersionXML: 12.43is-30.07.2024
___________________________________________________________________________

Windows 11(6.3.22631) (x64) Core Release: 23H2 Lang: English(0409)
Installation date OS: 17.06.2024 05:46:48
LicenseStatus: Windows(R), Core edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files\Waterfox\waterfox.exe
SystemDrive: C: FS: [NTFS] Capacity: [464.9 Gb] Used: [369 Gb] Free: [95.9 Gb]
------------------------------- [ Windows ] -------------------------------
User Account Control enabled (Level 3)
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service has stopped
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Malwarebytes (disabled and up to date)
Windows Defender (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Defender Firewall (mpssvc) - The service is running
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Malwarebytes version 5.1.7.121 v.5.1.7.121 [+]
--------------------------- [ OtherUtilities ] ----------------------------
Notepad++ (64-bit x64) v.8.6.8 Warning! Download Update
Python 3.12.4 (64-bit) v.3.12.4150.0
Microsoft Edge WebView2 Runtime v.126.0.2592.113 Warning! Download Update
Steam v.2.10.91.91
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.40.33810 v.14.40.33810.0
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 v.14.40.33810.0
Intel® Driver & Support Assistant v.24.4.32.8 [+]
------------------------------- [ Backup ] --------------------------------
Microsoft OneDrive v.24.141.0714.0003 [+]
------------------------------ [ ArchAndFM ] ------------------------------
WinRAR 7.01 (64-bit) v.7.01.0
------------------------------- [ Imaging ] -------------------------------
GIMP 2.10.38 v.2.10.38
-------------------------- [ IMAndCollaborate ] ---------------------------
Zoom Workplace (64-bit) v.6.0.39959 Warning! Download Update
Discord v.1.0.9149 Warning! Download Update
--------------------------------- [ P2P ] ---------------------------------
qBittorrent v.4.6.5
------------------------------- [ Browser ] -------------------------------
Waterfox (x64 en-US) v.G6.0.17
Microsoft Edge v.127.0.2651.86 [+]
------------------ [ AntivirusFirewallProcessServices ] -------------------
Malwarebytes Service (MBAMService) - The service has stopped
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MsMpEng.exe v.4.18.24070.5
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\NisSrv.exe v.4.18.24070.5
Microsoft Defender Antivirus Service (WinDefend) - The service is running
Microsoft Defender Antivirus Network Inspection Service (WdNisSvc) - The service is running
---------------------------- [ UnwantedApps ] -----------------------------
Bonjour v.3.0.0.10 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
----------------------------- [ End of Log ] ------------------------------
 

Attachments

I really see nothing of concern to be honest.

This was in defender exclusions, any idea what it is?
Code: 
"C:\Users\*\Documents\Celemony\Separations"="0"

Update everything in red from the Security Check log when you can, uninstall malwarebytes.


If you do not use these:

Uninstall OneDrive.
Disable Bitlocker
Block Edge
 
Last edited:
Melodyne 5 (Version: 5.01.01003 - Celemony Software GmbH) Seems you have this installed.

Things look good, post one last set of FRST and Additon.txt logs to make sure I did not miss anything, I may check them later tonight or tomorrow after work.
 
Malnutrition said:
Melodyne 5 (Version: 5.01.01003 - Celemony Software GmbH) Seems you have this installed.

Things look good, post one last set of FRST and Additon.txt logs to make sure I did not miss anything, I may check them later tonight or tomorrow after work.
Click to expand...
ohhhh i wanted to make music so i installed that plugin
 
also here this error im getting when installing update for Microsoft Edge WebView2 Runtime
1723078843030.png
 
Skip the edge update. If you do not really use it, if you do windows update will take care of it.
 
Let's have a look with a different tool please. 🙂

Download ZHP Suite to your desktop.
Right Click Run as admin.
Hit the scanner button.
Once it is complete a file name ZHPdiag.txt will be on your desktop.
Attach it.

Code: 
Error: (08/07/2024 08:09:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname bggames.local already in use; will try bggames-2.local instead

Error: (08/07/2024 08:09:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister   16 bggames.local. AAAA FE80:0000:0000:0000:32E8:0A07:D82C:9A9E

Error: (08/07/2024 08:09:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:32E8:0A07:D82C:9A9E:5353   16 bggames.local. AAAA 2603:9000:A300:327E:0000:0000:0000:1E62

Uninstall Bonjour with GeekUninstaller.
 
Status
Not open for further replies.
Top Bottom