Windows 10: Unsure if we have a virus or not, shutdown failures etc

So yesterday something popped up on my fiance's computer which said that universal driver updater was unable to run. Then Avira popped up and said it had moved it to quarantine. He ran a whole scan, the program was not in the program list, nothing else seemed out of place.

Until we tried to shut down. It looked like it was shutting down and then went to the welcome screen where you log in. It did this 4 times, we tried shutting down from the welcome screen, after logging in...and then finally we had to disconnect the power.

He said to me he clicked a Facebook quiz link for fun and a new tab opened and then closed so I think he might have been hit by a driveby.....but I don't know what it was or how to find out and fix it. Any help is appreciated.

Is this the workings of a virus? How do we troubleshoot it and also how do we uninstall that driver thing (we deleted its folder in program files but it pops up saying it's trying to install)? His specs are the same as my profile except he uses windows 10 and has a different screen *Smile.

:)

 

Windows 10 Not Shutting Down ! ?

we removed our anti-virus (trend micro) this fixed our shutdown issue

 

If we have any self respect, we should boycott Nokia in India. At least till the company closes down.

Exactly. As far as I can see, chowdhury hasn't actually taken the issue up with Nokia themselves yet.

One defective device does not a scam make.

 

Hi.
Give this a try. Post the logs if you'd like me to evaluate.

Run these scans, in this order; if you post logs, use CODE tags (# button).

Create a restore point
RKILL
TDSSKiller (select all options - it will reboot to scan properly)
RKILL (again, because everything RKILL does is undone by a reboot)
ADWCleaner (it will reboot to clean)
RKILL (again)
Malwarebytes Antimalware (run a custom scan, select the box to scan for rootkits, and check the box to scan your entire system drive)
JRT
TempFile Cleaner
Ccleaner - run on browsers and clean out temp + cache, then run on registry

 

We're up to TDSSKiller. Universal Driver Updater is back (including error popups because it's unable to excecute its file, createprocess failed with error code 2 because we deleted the file). I am attaching the Avira notice cause it may help, also attaching the scan...what should we do? The last two are legit things installed but not sure on the first one.

 

On fiance's computer, just easier this way....

Code: # AdwCleaner v6.020 - Logfile created 29/09/2016 at 11:16:13# Updated on 14/09/2016 by ToolsLib # Database : 2016-09-28.1 [Server] # Operating System : Windows 10 Pro (X64) # Username : Michael - DESKTOP-BH8K9VQ # Running from : D:\Library on D\Downloads on D\adwcleaner_6.020 (1).exe # Mode: Clean # Support : ToolsLib ***** [ Services ] ***** [-] Service deleted: AppVerifier ***** [ Folders ] ***** [-] Folder deleted: C:\Users\Mikey\AppData\Roaming\Advancedpccare.com [-] Folder deleted: C:\Users\Mikey\AppData\Roaming\EasyFileOpener [-] Folder deleted: C:\Program Files\Advanced PC Care [-] Folder deleted: C:\ProgramData\Advancedpccare.com [-] Folder deleted: C:\ProgramData\AppVerifier [#] Folder deleted on reboot: C:\ProgramData\Appverifier [#] Folder deleted on reboot: C:\ProgramData\Application Data\Advancedpccare.com [#] Folder deleted on reboot: C:\ProgramData\Application Data\AppVerifier [#] Folder deleted on reboot: C:\ProgramData\Application Data\Appverifier [-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced PC Care ***** [ Files ] ***** [-] File deleted: C:\appverifier.txt ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\AppVerifier [#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\AppVerifier [-] Key deleted: HKU\S-1-5-21-1397434896-1249509146-2682902517-1001\Software\Advancedpccare.com [-] Key deleted: HKU\S-1-5-21-1397434896-1249509146-2682902517-1001\Software\ICSW1.17 [-] Key deleted: HKU\S-1-5-21-1397434896-1249509146-2682902517-1001\Software\ICSW1.19 [-] Key deleted: HKU\S-1-5-21-1397434896-1249509146-2682902517-1001\Software\csastats [#] Key deleted on reboot: HKCU\Software\Advancedpccare.com [#] Key deleted on reboot: HKCU\Software\ICSW1.17 [#] Key deleted on reboot: HKCU\Software\ICSW1.19 [#] Key deleted on reboot: HKCU\Software\csastats [#] Key deleted on reboot: [x64] HKCU\Software\Advancedpccare.com [#] Key deleted on reboot: [x64] HKCU\Software\ICSW1.17 [#] Key deleted on reboot: [x64] HKCU\Software\ICSW1.19 [#] Key deleted on reboot: [x64] HKCU\Software\csastats [-] Key deleted: [x64] HKLM\SOFTWARE\Advancedpccare.com [-] Key deleted: [x64] HKLM\SOFTWARE\AppVerifierService [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com ***** [ Web browsers ] ***** [-] [C:\Users\Mikey\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://www.oursurfing.com/?type=hp&ts=1435465737&z=facc5ed2533890d3d835c61gbz0c2w4z6qbw6m5c7m&from=dig2&uid=ST9500325AS_6VEJ7EY5XXXX6VEJ7EY5 ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [3222 Bytes] - [29/09/2016 11:16:13] C:\AdwCleaner\AdwCleaner[S0].txt - [3165 Bytes] - [29/09/2016 11:14:55] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3368 Bytes] ##########[/quote] I think it's clear it picked something up, just wanted to keep you posted. I guess that appverifier has been taken care of.

 

Okay all of those are done now and it's shutting down right and we haven't had a universal driver popup again yet! *Biggrin

I think you fixed it!! *Biggrin

 

It seems you had quite a load of PUPs there.

 

Yeah the only thing recently installed was the Hi-REZ thing, which was required to play their game Paladins, which was installed from Steam. We're not sure if it was a drive by (because of the tab popping up then vanishing) or if it was somehow attached to something or what.

 

Glad things are getting under control. If you have any PC Care utilities, like SlimWare, or any other health programs or driver updaters, please uninstall them.
Then run Ccleaner on the registry to get rid of leftovers.

Then continue with the rest of my first post (if you haven't completed already):

RKILL (again, because everything RKILL does is undone by a reboot)
ADWCleaner (it will reboot to clean)
RKILL (again)
Malwarebytes Antimalware (run a custom scan, select the box to scan for rootkits, and check the box to scan your entire system drive)
JRT
TempFile Cleaner
Ccleaner - run on browsers and clean out temp + cache, then run on registry

You may find you need to RESET Internet Explorer (even if you don't use it), and all other browsers on the system.

 

What do you mean Reset? We did complete the list *Biggrin.

 

Okay, good.
To reset Chrome, Firefox and IE browsers, see info here:
How to Reset Your Web Browser To Its Default Settings

For Edge, see here:
Microsoft Edge - Reset to Default in Windows 10 - Windows 10 Forums

Glad everything's working now. Cheers! *Thumbs

 

p.s. Create a new restore point, and call it CLEAN. Then, open Ccleaner, go to Tools>System Restore, and delete all other restore points, to be sure you don't reintroduce the infection in the future.

 

Thank you so much!! We really appreciate the help *Biggrin.

 

You're quite welcome. If all is well, please mark the thread as solved.