Page 1 of 2 12 LastLast
  1.    28 Sep 2016 #1
    Join Date : Jan 2016
    Posts : 17
    Windows 10 Pro 64 Bit

    Unsure if we have a virus or not, shutdown failures etc


    So yesterday something popped up on my fiance's computer which said that universal driver updater was unable to run. Then Avira popped up and said it had moved it to quarantine. He ran a whole scan, the program was not in the program list, nothing else seemed out of place.

    Until we tried to shut down. It looked like it was shutting down and then went to the welcome screen where you log in. It did this 4 times, we tried shutting down from the welcome screen, after logging in...and then finally we had to disconnect the power.

    He said to me he clicked a Facebook quiz link for fun and a new tab opened and then closed so I think he might have been hit by a driveby.....but I don't know what it was or how to find out and fix it. Any help is appreciated.

    Is this the workings of a virus? How do we troubleshoot it and also how do we uninstall that driver thing (we deleted its folder in program files but it pops up saying it's trying to install)? His specs are the same as my profile except he uses windows 10 and has a different screen .
      My ComputerSystem Spec
  2.    28 Sep 2016 #2
    Join Date : Apr 2015
    Posts : 12,588
    W10Prox64

    Hi.
    Give this a try. Post the logs if you'd like me to evaluate.

    Run these scans, in this order; if you post logs, use CODE tags (# button).

    Create a restore point
    RKILL
    TDSSKiller (select all options - it will reboot to scan properly)
    RKILL (again, because everything RKILL does is undone by a reboot)
    ADWCleaner (it will reboot to clean)
    RKILL (again)
    Malwarebytes Antimalware (run a custom scan, select the box to scan for rootkits, and check the box to scan your entire system drive)
    JRT
    TempFile Cleaner
    Ccleaner - run on browsers and clean out temp + cache, then run on registry
      My ComputerSystem Spec
  3.    28 Sep 2016 #3
    Join Date : Jan 2016
    Posts : 17
    Windows 10 Pro 64 Bit
    Thread Starter

    We're up to TDSSKiller. Universal Driver Updater is back (including error popups because it's unable to excecute its file, createprocess failed with error code 2 because we deleted the file). I am attaching the Avira notice cause it may help, also attaching the scan...what should we do? The last two are legit things installed but not sure on the first one.

    Click image for larger version. 

Name:	14518601_1310288195656043_748536590_n.jpg 
Views:	42 
Size:	13.5 KB 
ID:	103596

    Click image for larger version. 

Name:	14466980_1310298095655053_273621755_o.jpg 
Views:	3 
Size:	67.8 KB 
ID:	103598
      My ComputerSystem Spec
  4.    28 Sep 2016 #4
    Join Date : Feb 2016
    Posts : 3
    Windows 10 Pro 64 Bit

    On fiance's computer, just easier this way....

    Code:
    # AdwCleaner v6.020 - Logfile created 29/09/2016 at 11:16:13# Updated on 14/09/2016 by ToolsLib
    # Database : 2016-09-28.1 [Server]
    # Operating System : Windows 10 Pro  (X64)
    # Username : Michael - DESKTOP-BH8K9VQ
    # Running from : D:\Library on D\Downloads on D\adwcleaner_6.020 (1).exe
    # Mode: Clean
    # Support : https://toolslib.net/forum
    
    
    
    
    
    
    ***** [ Services ] *****
    
    
    [-] Service deleted: AppVerifier
    
    
    
    
    ***** [ Folders ] *****
    
    
    [-] Folder deleted: C:\Users\Mikey\AppData\Roaming\Advancedpccare.com
    [-] Folder deleted: C:\Users\Mikey\AppData\Roaming\EasyFileOpener
    [-] Folder deleted: C:\Program Files\Advanced PC Care
    [-] Folder deleted: C:\ProgramData\Advancedpccare.com
    [-] Folder deleted: C:\ProgramData\AppVerifier
    [#] Folder deleted on reboot: C:\ProgramData\Appverifier 
    [#] Folder deleted on reboot: C:\ProgramData\Application Data\Advancedpccare.com
    [#] Folder deleted on reboot: C:\ProgramData\Application Data\AppVerifier
    [#] Folder deleted on reboot: C:\ProgramData\Application Data\Appverifier 
    [-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced PC Care
    
    
    
    
    ***** [ Files ] *****
    
    
    [-] File deleted: C:\appverifier.txt
    
    
    
    
    ***** [ DLL ] *****
    
    
    
    
    
    
    ***** [ WMI ] *****
    
    
    
    
    
    
    ***** [ Shortcuts ] *****
    
    
    
    
    
    
    ***** [ Scheduled Tasks ] *****
    
    
    
    
    
    
    ***** [ Registry ] *****
    
    
    [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\AppVerifier
    [#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\AppVerifier
    [-] Key deleted: HKU\S-1-5-21-1397434896-1249509146-2682902517-1001\Software\Advancedpccare.com
    [-] Key deleted: HKU\S-1-5-21-1397434896-1249509146-2682902517-1001\Software\ICSW1.17
    [-] Key deleted: HKU\S-1-5-21-1397434896-1249509146-2682902517-1001\Software\ICSW1.19
    [-] Key deleted: HKU\S-1-5-21-1397434896-1249509146-2682902517-1001\Software\csastats
    [#] Key deleted on reboot: HKCU\Software\Advancedpccare.com
    [#] Key deleted on reboot: HKCU\Software\ICSW1.17
    [#] Key deleted on reboot: HKCU\Software\ICSW1.19
    [#] Key deleted on reboot: HKCU\Software\csastats
    [#] Key deleted on reboot: [x64] HKCU\Software\Advancedpccare.com
    [#] Key deleted on reboot: [x64] HKCU\Software\ICSW1.17
    [#] Key deleted on reboot: [x64] HKCU\Software\ICSW1.19
    [#] Key deleted on reboot: [x64] HKCU\Software\csastats
    [-] Key deleted: [x64] HKLM\SOFTWARE\Advancedpccare.com
    [-] Key deleted: [x64] HKLM\SOFTWARE\AppVerifierService
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
    
    
    
    
    ***** [ Web browsers ] *****
    
    
    [-] [C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://www.oursurfing.com/?type=hp&ts=1435465737&z=facc5ed2533890d3d835c61gbz0c2w4z6qbw6m5c7m&from=dig2&uid=ST9500325AS_6VEJ7EY5XXXX6VEJ7EY5
    
    
    
    
    *************************
    
    
    :: "Tracing" keys deleted
    :: Winsock settings cleared
    
    
    *************************
    
    
    C:\AdwCleaner\AdwCleaner[C0].txt - [3222 Bytes] - [29/09/2016 11:16:13]
    C:\AdwCleaner\AdwCleaner[S0].txt - [3165 Bytes] - [29/09/2016 11:14:55]
    
    
    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3368 Bytes] ##########
    I think it's clear it picked something up, just wanted to keep you posted. I guess that appverifier has been taken care of.
      My ComputerSystem Spec
  5.    28 Sep 2016 #5
    Join Date : Jan 2016
    Posts : 17
    Windows 10 Pro 64 Bit
    Thread Starter

    Okay all of those are done now and it's shutting down right and we haven't had a universal driver popup again yet!

    I think you fixed it!!
      My ComputerSystem Spec
  6.    29 Sep 2016 #6
    Join Date : Jul 2015
    Posts : 860
    Windows 10 Home x64

    It seems you had quite a load of PUPs there.
      My ComputerSystem Spec
  7.    29 Sep 2016 #7
    Join Date : Jan 2016
    Posts : 17
    Windows 10 Pro 64 Bit
    Thread Starter

    Yeah the only thing recently installed was the Hi-REZ thing, which was required to play their game Paladins, which was installed from Steam. We're not sure if it was a drive by (because of the tab popping up then vanishing) or if it was somehow attached to something or what.
      My ComputerSystem Spec
  8.    29 Sep 2016 #8
    Join Date : Apr 2015
    Posts : 12,588
    W10Prox64

    Glad things are getting under control. If you have any PC Care utilities, like SlimWare, or any other health programs or driver updaters, please uninstall them.
    Then run Ccleaner on the registry to get rid of leftovers.

    Then continue with the rest of my first post (if you haven't completed already):

    RKILL (again, because everything RKILL does is undone by a reboot)
    ADWCleaner (it will reboot to clean)
    RKILL (again)
    Malwarebytes Antimalware (run a custom scan, select the box to scan for rootkits, and check the box to scan your entire system drive)
    JRT
    TempFile Cleaner
    Ccleaner - run on browsers and clean out temp + cache, then run on registry

    You may find you need to RESET Internet Explorer (even if you don't use it), and all other browsers on the system.
      My ComputerSystem Spec
  9.    29 Sep 2016 #9
    Join Date : Jan 2016
    Posts : 17
    Windows 10 Pro 64 Bit
    Thread Starter

    What do you mean Reset? We did complete the list .
      My ComputerSystem Spec
  10.    29 Sep 2016 #10
    Join Date : Apr 2015
    Posts : 12,588
    W10Prox64

    Quote Originally Posted by yuk75 View Post
    What do you mean Reset? We did complete the list .
    Okay, good.
    To reset Chrome, Firefox and IE browsers, see info here:
    How to Reset Your Web Browser To Its Default Settings

    For Edge, see here:
    Microsoft Edge - Reset to Default in Windows 10 - Windows 10 Forums

    Glad everything's working now. Cheers!
      My ComputerSystem Spec

 
Page 1 of 2 12 LastLast


Similar Threads
Thread Forum
Numerous BSODs on a Dell XPS 13. Unsure what the root of the issue is.
Greetings TenForums, I have had this Dell XPS 13 2015, running Windows 10 Home (10586) to my dismay, in my possession since June 2016. I've been using it as a "back up", but i'm eventually looking to sell it. However, it appears it may be a bad...
BSOD Crashes and Debugging
Unsure how to install WIN10 from FlashDrive
Hello, I downloaded the ISO file for Windows 10, at least I believe I did. The below files are what is now on the Flashdrive. 93335 I presume that I insert the Flashdrive into the PC before turning on. Then boot into the flashdrive...is...
Installation and Upgrade
Solved W 7 Pro to W 10 on a Panasonic Toughbook - many failures
I have just updated from W 7 Pro, my Panasonic Cf-53JSWZGDE using the standard Microsoft download. I noticed that a warning flashed on the screen about a Bluetooth problem, during the update. The BT mouse no longer works, but no yellow indicator...
General Support
Windows 10 Update Failures
I've been trying to update to insider build 14342. My system shuts down and reboots normally for the update, but after the spinning cursor, I see what appears to be a command prompt on a blue screen flash briefly, then what appears to be the normal...
Windows Updates and Activation
Slow startup times-unsure what is causing them
Not sure what is going on. Not a huge deal because once it is booted up things are snappy. Only reason I am worried about it mostly is if it is a sign of something else bad. My 10 Installation on my WD Black drive became corrupted. My backup...
Performance & Maintenance
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 12:34.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums