[DR M]

BSOD can be a hardware issue It can be also related with other problems which most of the times have nothing to do with malware. 
 
I suggest to keep an eye on your system and let me know when you receive another BSOD. In that case, I would like you to attach a screenshot of the blue screen.
 
To uninstall Avast:

• Download the Revo Uninstaller (Free Download) and save it on your Desktop.
• Double click on the exe file created on your Desktop to run the installer, and follow the instructions to install the program.
• Double click the program's icon to open it.
• Write in the search area, on the top left, the following program:

Avast

• Choose the Uninstall tab from the menu and let the program to create a Restore point.
• Choose Scan, and then the Advanced mode scan.
• Select all the Avast items found, Delete and Next.
• Let the procedure be completed and click on Finish.
• Restart the computer.

 

When you finish the above, run FRST tool once more and attach fresh logs. 

[Advertisements]

All done, 

 

attached please find the FRST and Addition logs.

 

 

- I have downloaded ESET Mobile Security on my Samsung S21 FE, but I also have Avast, I guess I have to uninstall Avast first?

 

 

Many thanks for all your help

Attached Files

•  FRST.txt   23.18KB   35 downloads
•  Addition.txt   21.6KB   39 downloads

Edited by Cremebrulee54, 28 January 2025 - 11:22 AM.

[Cremebrulee54]

All done, 

 

attached please find the FRST and Addition logs.

 

 

- I have downloaded ESET Mobile Security on my Samsung S21 FE, but I also have Avast, I guess I have to uninstall Avast first?

 

 

Many thanks for all your help

Attached Files

•  FRST.txt   23.18KB   35 downloads
•  Addition.txt   21.6KB   39 downloads

Edited by Cremebrulee54, 28 January 2025 - 11:22 AM.

[DR M]

Yes, always one antivirus with real time protection.

 

I'll need some time to review your logs.

[DR M]

Let's remove Avast remnants.
 

1. FRST fix

Please do the following to run a FRST fix.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

• Select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.

Start::
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
2025-01-28 17:05 - 2024-12-02 13:51 - 000000000 ____D C:\ProgramData\Avast Software
2025-01-28 16:56 - 2024-12-02 13:53 - 000000000 ____D C:\Users\papir\AppData\Local\AVAST Software
Avast Update Helper (HKLM-x32\...\{19C3AB22-3718-4E4D-B203-242F5001565B}) (Version: 1.8.1697.6 - AVAST Software) Hidden
End::

• Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
• Press the Fix button once and wait.
• FRST will process fixlist.txt
• When finished, it will produce a log fixlog.txt on your Desktop.
• Post the log in your next reply.

 

2. Uninstall Avast Update Helper

• Go on and uninstall the above program.

 

 

In your next reply, please post:

1. The fixlog.txt
2. If uninstalling the Avast program ran smoothly
3. Any remaining issue/concern regarding this computer

[Cremebrulee54]

Attached please find:

 

1. fixlog.txt

2. I believe I have uninstalled Avast successfully (after locating Avast Update Helper in Control Panel I have simply clicked Uninstall)

3. Best Antivirus to use: I believe Microsoft Defender is on, with the attached 'Windows Security' overview am I protected also from Malware?

4. Device History: at some point I found the device history 'On' and this really worried me, should it stay On or Off?

 

Many thanks 

 

 

 

Attached Thumbnails

• 
• 

Attached Files

•  Fixlog.txt   1.14KB   39 downloads

[DR M]

Turning Search History on or off is a personal decision. I have it On. You can have it Off if you like. 
 
Windows Defender, together with Malwarebytes, if you use it occasionally, can keep you safe.
 
If no other questions:

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.

• Right-click kprm_(version).exe and select Run as Administrator.
• Read and accept the disclaimer.
• When the tool opens, ensure all boxes under Actions are checked.
• Under Delete Quarantines select Delete Now, then click Run.
• Once complete, click OK.
• A log will open in Notepad titled kprm-(date).txt.
• Please copy and paste its contents in your next reply.

Note: If there is a warning about this tool, go on to download it, since it is a false/positive. Choose More info and continue from there.

[Cremebrulee54]

content of the kprm-(29012025):

 

# Run at 29/01/2025 20:46:15

# KpRm (Kernel-panik) version 2.18.0

# Website https://kernel-panik.me/tool/kprm/

# Run by papir from C:\Users\papir\Downloads

# Computer Name: CARDAMON

# OS: Windows 10 X64 (19045) (10.0.19045.5371) 

# Number of passes: 1

 

- Checked options -

 

    ~ Registry Backup

    ~ Delete Tools

    ~ Restore System Settings

    ~ UAC Restore

    ~ Delete Restore Points

    ~ Create Restore Point

    ~ Delete Quarantines

 

- Create Registry Backup -

 

   ~ [OK] Hive C:\Windows\System32\config\SOFTWARE backed up

   ~ [OK] Hive C:\Users\papir\NTUSER.dat backed up

 

     [OK] Registry Backup: C:\KPRM\backup\2025-01-29-20-46-15

 

- Delete Tools -

 

 

  ## ESET Online Scanner

     [OK] C:\Users\papir\Desktop\esetonlinescanner antivirus.exe deleted

     [OK] C:\Users\papir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk deleted

     [OK] C:\Users\papir\AppData\Local\ESET\ESETOnlineScanner deleted

 

  ## FRST

     [OK] C:\Users\papir\Desktop\Fixlog.txt deleted

     [OK] C:\Users\papir\Desktop\FRST64.exe deleted

     [OK] C:\FRST deleted

 

- Restore System Settings -

 

     [OK] Reset WinSock

     [OK] FLUSHDNS

     [OK] Hide Hidden file.

     [OK] Show Extensions for known file types

     [OK] Hide protected operating system files

 

- Restore UAC -

 

     [OK] Set EnableLUA with default (1) value

     [OK] Set ConsentPromptBehaviorAdmin with default (5) value

     [OK] Set ConsentPromptBehaviorUser with default (3) value

     [OK] Set EnableInstallerDetection with default (0) value

     [OK] Set EnableSecureUIAPaths with default (1) value

     [OK] Set EnableUIADesktopToggle with default (0) value

     [OK] Set EnableVirtualization with default (1) value

     [OK] Set FilterAdministratorToken with default (0) value

     [OK] Set PromptOnSecureDesktop with default (1) value

     [OK] Set ValidateAdminCodeSignatures with default (0) value

 

- Clear Restore Points -

 

   ~ [OK] RP named Windows Modules Installer created at 01/20/2025 14:30:59 deleted

   ~ [OK] RP named Windows Modules Installer created at 01/20/2025 14:34:14 deleted

   ~ [OK] RP named Revo Uninstaller's restore point - Avast Free Antivirus created at 01/28/2025 16:55:00 deleted

   ~ [OK] RP named Windows Modules Installer created at 01/28/2025 17:25:01 deleted

   ~ [OK] RP named Removed Avast Update Helper created at 01/29/2025 14:31:57 deleted

     [OK] All system restore points have been successfully deleted

 

- Create Restore Point -

 

     [OK] System Restore Point created

 

- Display System Restore Point -

 

   ~ [I] RP named KpRm created at 01/29/2025 20:46:35

 

-- KPRM finished in 40.51s --

[DR M]

Excellent, my friend!

Since we are in the Malware Removal Forum, here are some final tips about your computer's security from now on:

Some of the following, are from Klein's (2005) article, So how did I get infected in the first place. Since then, the article has been reproduced or linked to in dozens of locations. As a result, many malware experts have continued updating it, to include current operating systems and software program information. My source is Security Garden, and I marked for you the following:

1. Keep your Windows updated!
It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.

2. Update 3rd Party Software Programs
Third Party software programs have long been targets for malware creators. It has been stated that "Adobe’s Reader and Flash and all versions of Java are together responsible for a total of 66 percent of the vulnerabilities in Windows systems exploited by malware.'' It's important to keep everything updated.

3. Update the browsers you use
Many malware infections install themselves by exploiting security holes in the Internet browser that you use. So... Keep them updated.

4. Be careful about what you download and what you open!

• Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself. Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software.
• Peer-to-peer (P2P) programs like Kazaa, BearShare, Imesh, Warez P2P, and others, allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner. BUT even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected.
• Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Have this in mind.
• Do not open any files without being certain of what they are!

5. Avoid questionable web sites!
Visit web sites that are trustworthy and reputable. Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders. Also, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is.

6. Registry cleaners/driver boosters/system optimizers
I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. Do note, however, that Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.

7. PC means personal computer!
Don't give access to your computer to friends or family who appear to be clueless about what they are doing.

8. Back-up your work!
Make back-ups of your personal files frequently. You never know when you'll have to reformat and start from scratch. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.

9. Must-Have Software
An anti-virus and an anti-spyware program is a necessity for the security of your computer. Be sure that you keep them updated, and that real time protection is enabled. You have now Windows Defender, the built-in Windows security platform. Together with Malwarebytes, if you run it occasionally, depending on how often you use your computer, can keep you safe.

Happy safe computing.


I'm glad I was able to help you.

[Cremebrulee54]

My heartfelt Thank you! from me. 

 

I was going mad, I feel very relieved that you have been able to check things thoroughly and thank you so much also for the summary of tips, I shall treasure them dearly. 

 

Regarding my Samsung devices, could you recommend an expert or a forum such as yours that is run by experts on phones?

 

Many thanks once again

[DR M]

Hi, CB.

 

Yes, I can assure you now that you are clean, and it was my pleasure to help you. 

 

It seems that no one replied to your phone topic so far, so I am not sure if there is someone who can recommend something else from what I already suggested. That is a scan with Eset for mobile (android) devices. If you still are unsure, then a reset would be the last step.

[Cremebrulee54]

Hello Grecian Geek, 

 

I hope you are well. 

 

Sadly, since I did all the reset etc.. I have noticed that I can no longer access important files that I had stored in my SD card. When I try to open pictures or word documents or M4a (audio files), I have the message below: 

'It appears that you don't have permission to view this file. Check the permissions and try again.'

Unfortunately this is quite important, how do I restore access/permissions? I am the owner of this computer so I should have permissions to access my documents. 

 

All files contained on my SD card have a lock next to them, I have tried to deactivate encryption but I am not successful. I don't really remember encrypting these files.

 

Grateful for your help 

 

Kind Regards

 

CB

Attached Thumbnails

• 

Edited by Cremebrulee54, 10 February 2025 - 03:20 PM.

[DR M]

Hi, CB.
 
This is a completely different issue from what you had the first time. 
 
What reset did you do?
 
To check what is happening, please do the following:

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

• Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
• Press Scan button and wait for a while.
• The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
• Please attach the content of these two logs in your next reply.

(To attach the files, click on the More Reply Options at the bottom right of the reply area, and then choose Attach File)

[Cremebrulee54]

Thank you for your email. 

 

attached please find the requested files.

 

1. FRST.txt

2. Addition.txt

 

Also, remember I mentioned that my laptop keeps on having blue errors, I got another one today, my Windows crashed whilst working. Picture of blue error is attached. 

 

Many thanks 

 

CB

Attached Thumbnails

• 

Attached Files

•  FRST.txt   30.96KB   37 downloads
•  Addition.txt   28.77KB   56 downloads

[DR M]

Hi, CB.

 

My comments:

 

1. The BSOD has nothing to do with malware in your case. If you continue getting these screens, let me know and I'll send you to the appropriate forum.

 

2. Your logs are clean and have nothing strange in them.

 

3. We didn't do any reset.

 

4. You said in your previous post:

 

 

Sadly, since I did all the reset etc.. I have noticed that I can no longer access important files that I had stored in my SD card. When I try to open pictures or word documents or M4a (audio files), I have the message below: 

 

'It appears that you don't have permission to view this file. Check the permissions and try again.'

 

Unfortunately this is quite important, how do I restore access/permissions? I am the owner of this computer so I should have permissions to access my documents. 

 

All files contained on my SD card have a lock next to them, I have tried to deactivate encryption but I am not successful. I don't really remember encrypting these files.

 

My question is: Is this SD card an external disk where you save your files? 

 

There are signs of corruption on a disk you used yesterday. 

[DR M]

Since the issue seems to be different from the initial one, and since you already opened a new topic at the Windows 10 Forum, I'm closing this now. 

 

We will continue from there.