Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Plug and Play, DCOM and Power unexpectedly terminate and cause a restart.


  • Please log in to reply
14 replies to this topic

#1 maburns

maburns

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 23 April 2014 - 08:25 PM

Cannot find a solution--don't know enough about it to even start.  Most online entries point toward malware (perhaps in svchost.exe).  Nothing shows up on scans.  Can it be a hardware problem?

 

Opening the device manager causes it.


Edited by hamluis, 24 April 2014 - 02:02 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,290 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:20 PM

Posted 24 April 2014 - 10:08 AM

Please download MiniToolBox  , save it to your desktop and run it.
 
Checkmark the following checkboxes:
  List last 10 Event Viewer log
  List Installed Programs
  List Users, Partitions and Memory size.
 
Click Go and paste the content into your next post.
 
Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 , taking care to post the link of the snapshot in your next post.
 
Louis



#3 maburns

maburns
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 24 April 2014 - 01:18 PM

Louis,
I do appreciate the help.  Below are the MiniToolBox results.
Opening Speccy causes the computer to restart, about a minute after opening. Likewise opening Device Manager causes a restart.
Mike
 
MiniToolBox by Farbar  Version: 23-01-2014
Ran by MichaelandPeggy (administrator) on 24-04-2014 at 12:43:40
Running from "C:\Users\MichaelandPeggy\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (04/24/2014 00:31:15 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_PlugPlay, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x2e0
Faulting application start time: 0xsvchost.exe_PlugPlay0
Faulting application path: svchost.exe_PlugPlay1
Faulting module path: svchost.exe_PlugPlay2
Report Id: svchost.exe_PlugPlay3
 
Error: (04/24/2014 00:15:09 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_PlugPlay, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x2e0
Faulting application start time: 0xsvchost.exe_PlugPlay0
Faulting application path: svchost.exe_PlugPlay1
Faulting module path: svchost.exe_PlugPlay2
Report Id: svchost.exe_PlugPlay3
 
Error: (04/23/2014 08:32:33 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_PlugPlay, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x2dc
Faulting application start time: 0xsvchost.exe_PlugPlay0
Faulting application path: svchost.exe_PlugPlay1
Faulting module path: svchost.exe_PlugPlay2
Report Id: svchost.exe_PlugPlay3
 
Error: (04/23/2014 08:25:11 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_PlugPlay, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x2d8
Faulting application start time: 0xsvchost.exe_PlugPlay0
Faulting application path: svchost.exe_PlugPlay1
Faulting module path: svchost.exe_PlugPlay2
Report Id: svchost.exe_PlugPlay3
 
Error: (04/23/2014 07:26:23 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_PlugPlay, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x2d8
Faulting application start time: 0xsvchost.exe_PlugPlay0
Faulting application path: svchost.exe_PlugPlay1
Faulting module path: svchost.exe_PlugPlay2
Report Id: svchost.exe_PlugPlay3
 
Error: (04/23/2014 06:58:33 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_PlugPlay, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x2e0
Faulting application start time: 0xsvchost.exe_PlugPlay0
Faulting application path: svchost.exe_PlugPlay1
Faulting module path: svchost.exe_PlugPlay2
Report Id: svchost.exe_PlugPlay3
 
Error: (04/23/2014 05:26:23 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_PlugPlay, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x2d4
Faulting application start time: 0xsvchost.exe_PlugPlay0
Faulting application path: svchost.exe_PlugPlay1
Faulting module path: svchost.exe_PlugPlay2
Report Id: svchost.exe_PlugPlay3
 
Error: (04/23/2014 03:59:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_PlugPlay, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x2cc
Faulting application start time: 0xsvchost.exe_PlugPlay0
Faulting application path: svchost.exe_PlugPlay1
Faulting module path: svchost.exe_PlugPlay2
Report Id: svchost.exe_PlugPlay3
 
Error: (04/23/2014 03:32:13 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_PlugPlay, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x2d8
Faulting application start time: 0xsvchost.exe_PlugPlay0
Faulting application path: svchost.exe_PlugPlay1
Faulting module path: svchost.exe_PlugPlay2
Report Id: svchost.exe_PlugPlay3
 
Error: (04/23/2014 02:58:25 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_PlugPlay, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x2d8
Faulting application start time: 0xsvchost.exe_PlugPlay0
Faulting application path: svchost.exe_PlugPlay1
Faulting module path: svchost.exe_PlugPlay2
Report Id: svchost.exe_PlugPlay3
 
 
System errors:
=============
Error: (04/24/2014 00:36:07 PM) (Source: Service Control Manager) (User: )
Description: The HP Health Check Service service failed to start due to the following error: 
%%2
 
Error: (04/24/2014 00:31:20 PM) (Source: Service Control Manager) (User: )
Description: The WMI Performance Adapter service terminated with the following error: 
%%-2147024809
 
Error: (04/24/2014 00:31:16 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Power service, but this action failed with the following error: 
%%1190
 
Error: (04/24/2014 00:31:16 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: 
%%1190
 
Error: (04/24/2014 00:31:16 PM) (Source: Service Control Manager) (User: )
Description: The Power service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
 
Error: (04/24/2014 00:31:16 PM) (Source: Service Control Manager) (User: )
Description: The Plug and Play service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
 
Error: (04/24/2014 00:31:16 PM) (Source: Service Control Manager) (User: )
Description: The DCOM Server Process Launcher service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
 
Error: (04/24/2014 00:21:07 PM) (Source: Service Control Manager) (User: )
Description: The HP Health Check Service service failed to start due to the following error: 
%%2
 
Error: (04/24/2014 00:15:09 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error: 
%%1190
 
Error: (04/24/2014 00:15:09 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Plug and Play service, but this action failed with the following error: 
%%1190
 
 
Microsoft Office Sessions:
=========================
Error: (11/06/2010 08:53:03 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1226 seconds with 900 seconds of active time.  This session ended with a crash.
 
 
=========================== Installed Programs ============================
 
 Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Active@ ISO Burner (Version: 2.5.1)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.77)
Adobe Flash Player 12 Plugin (Version: 12.0.0.77)
Adobe Reader XI (11.0.06) (Version: 11.0.06)
Amazon Kindle
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support (Version: 2.3.4)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.765.0)
Audacity 1.3.13 (Unicode)
Belkin Setup and Router Monitor
Belkin USB Print and Storage Center (Version: 1.1.4)
Bing Bar (Version: 7.0.850.0)
Canon IJ Network Scanner Selector EX
Canon IJ Network Tool
Canon MG8200 series MP Drivers
Canon MG8200 series User Registration
Canon MP Navigator EX 1.0
Canon My Printer
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0310.1824.32984)
Catalyst Control Center Graphics Full Existing (Version: 2010.0310.1824.32984)
Catalyst Control Center Graphics Full New (Version: 2010.0310.1824.32984)
Catalyst Control Center Graphics Light (Version: 2010.0310.1824.32984)
Catalyst Control Center Graphics Previews Common (Version: 2010.0310.1824.32984)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0310.1824.32984)
Catalyst Control Center HydraVision Full (Version: 2010.0310.1824.32984)
Catalyst Control Center InstallProxy (Version: 2009.0908.2225.38429)
Catalyst Control Center InstallProxy (Version: 2010.0310.1824.32984)
Catalyst Control Center Localization All (Version: 2010.0310.1824.32984)
CCC Help Chinese Standard (Version: 2010.0310.1823.32984)
CCC Help Chinese Traditional (Version: 2010.0310.1823.32984)
CCC Help Czech (Version: 2010.0310.1823.32984)
CCC Help Danish (Version: 2010.0310.1823.32984)
CCC Help Dutch (Version: 2010.0310.1823.32984)
CCC Help English (Version: 2010.0310.1823.32984)
CCC Help Finnish (Version: 2010.0310.1823.32984)
CCC Help French (Version: 2010.0310.1823.32984)
CCC Help German (Version: 2010.0310.1823.32984)
CCC Help Greek (Version: 2010.0310.1823.32984)
CCC Help Hungarian (Version: 2010.0310.1823.32984)
CCC Help Italian (Version: 2010.0310.1823.32984)
CCC Help Japanese (Version: 2010.0310.1823.32984)
CCC Help Korean (Version: 2010.0310.1823.32984)
CCC Help Norwegian (Version: 2010.0310.1823.32984)
CCC Help Polish (Version: 2010.0310.1823.32984)
CCC Help Portuguese (Version: 2010.0310.1823.32984)
CCC Help Russian (Version: 2010.0310.1823.32984)
CCC Help Spanish (Version: 2010.0310.1823.32984)
CCC Help Swedish (Version: 2010.0310.1823.32984)
CCC Help Thai (Version: 2010.0310.1823.32984)
CCC Help Turkish (Version: 2010.0310.1823.32984)
ccc-core-static (Version: 2010.0310.1824.32984)
ccc-utility64 (Version: 2010.0310.1824.32984)
Cisco AnyConnect VPN Client (Version: 2.5.2014)
Crimson Editor SVN286 (Version: SVN286)
Crystal Reports Basic for Visual Studio 2008 (Version: 10.5.0.0)
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (Version: 10.5.0.0)
Crystal Reports for Visual Studio (Version: 12.51.0.240)
D3DX10 (Version: 15.4.2368.0902)
Dashlane (Version: 2.4.0.56656)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904)
Dropbox (Version: 2.4.11)
DVD Menu Pack for HP MediaSmart Video (Version: 3.1.3224)
Epson Connect
Epson Download Navigator (Version: 1.0.1)
Epson Event Manager (Version: 2.50.0000)
EPSON NX430 Series Printer Uninstall
EPSON Scan
EpsonNet Print (Version: 2.5.00)
eReg (Version: 1.20.138.34)
erLT (Version: 1.20.0137)
Evernote v. 5.1.2 (Version: 5.1.2.2387)
FileZilla Client 3.5.3 (Version: 3.5.3)
Google Chrome (Version: 34.0.1847.116)
Google Drive (Version: 1.14.6059.644)
Google Earth (Version: 7.1.2.2041)
Google SketchUp 8 (Version: 3.0.3117)
Google Update Helper (Version: 1.3.23.9)
H&R Block Arkansas 2011 (Version: 1.11.2601)
H&R Block Arkansas 2012 (Version: 1.12.2201)
H&R Block Deluxe + Efile + State 2011 (Version: 11.05.7102)
H&R Block Deluxe + Efile + State 2012 (Version: 12.05.7803)
H&R Block Deluxe + Efile + State 2013 (Version: 13.05.6502)
HP Customer Experience Enhancements (Version: 6.0.1.3)
HP MediaSmart DVD (Version: 3.1.3317)
HP MediaSmart Music/Photo/Video (Version: 3.1.3422)
HP MediaSmart SmartMenu (Version: 3.1.0.1)
HP MediaSmart/TouchSmart Netflix (Version: 1.0.2.0)
HydraVision (Version: 4.2.162.0)
Iomega Home Storage Manager (Version: 1.0.0.21)
Iomega Product Registration (Version: 7.24.0000)
Junk Mail filter update (Version: 15.4.3502.0922)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.96)
Logitech SetPoint 6.32 (Version: 6.32.20)
Logitech Unifying Software 2.00 (Version: 2.00.43)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Compact Framework 2.0 SP2 (Version: 2.0.7045)
Microsoft .NET Compact Framework 3.5 (Version: 3.5.7283)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (Version: 2.0.50217.0)
Microsoft ASP.NET MVC 2 (Version: 2.0.50217.0)
Microsoft Device Emulator (64 bit) version 3.0 - ENU (Version: 9.0.21022)
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008 (Version: 9.0.21022)
Microsoft Help Viewer 1.1 (Version: 1.1.40219)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 365 - en-us (Version: 15.0.4605.1003)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Professional 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000)
Microsoft Office Visual Web Developer 2007 (Version: 12.0.4518.1066)
Microsoft Office Visual Web Developer MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft OneDrive (Version: 17.0.4035.0328)
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft Silverlight 3 SDK (Version: 3.0.40818.0)
Microsoft Silverlight 4 SDK (Version: 4.0.50826.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00)
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Common Files (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Native Client (Version: 10.3.5500.0)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2 Management Objects (x64) (Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (Version: 10.50.1750.9)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Setup Support Files  (Version: 10.3.5500.0)
Microsoft SQL Server Compact 3.5 Design Tools ENU (Version: 3.5.5386.0)
Microsoft SQL Server Compact 3.5 for Devices ENU (Version: 3.5.5386.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Database Publishing Wizard 1.2 (Version: 1.2.0.0)
Microsoft SQL Server Database Publishing Wizard 1.4 (Version: 10.1.2512.8)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server System CLR Types (Version: 10.50.1750.9)
Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1750.9)
Microsoft SQL Server VSS Writer (Version: 10.3.5500.0)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (Version: 1.0.3010.0)
Microsoft Sync Framework SDK v1.0 SP1 (Version: 1.0.3010.0)
Microsoft Sync Framework Services v1.0 SP1 (x64) (Version: 1.0.3010.0)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (Version: 2.0.3010.0)
Microsoft Team Foundation Server 2010 Object Model - ENU (Version: 10.0.40219)
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++  Compilers 2010 Standard - enu - x64 (Version: 10.0.40219)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual F# 2.0 Runtime (Version: 10.0.40219)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio 2008 Professional Edition - ENU (Version: 9.0.21022)
Microsoft Visual Studio 2008 Remote Debugger - ENU
Microsoft Visual Studio 2008 Remote Debugger - ENU (Version: 9.0.21022)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.40219)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (Version: 10.0.40219)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (Version: 10.0.40219)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 10.0.40219)
Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU (Version: 10.0.40219)
Microsoft Visual Studio 2010 Service Pack 1 (Version: 10.0.40219)
Microsoft Visual Studio 2010 SharePoint Developer Tools (Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)
Microsoft Visual Studio 2010 Ultimate - ENU (Version: 10.0.30319)
Microsoft Visual Studio 2010 Ultimate - ENU (Version: 10.0.40219)
Microsoft Visual Studio Macro Tools (Version: 9.0.30729)
Microsoft Visual Studio Web Authoring Component (Version: 12.0.4518.1066)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools (Version: 3.5.21022)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 Tools (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools (Version: 6.1.5288.17011)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
neroxml (Version: 1.0.0)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4605.1003)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4605.1003)
Office 15 Click-to-Run Localization Component (Version: 15.0.4605.1003)
Oracle VM VirtualBox 4.2.4 (Version: 4.2.4)
PowerDirector (Version: 7.0.3503)
Python 2.7 PyGTK 2.24.0 (Version: 2.24.0)
Python 2.7.2 (Version: 2.7.2150)
QuickTime (Version: 7.74.80.86)
Realtek High Definition Audio Driver (Version: 6.0.1.6196)
Recovery Manager (Version: 5.5.2216)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (Version: 10.3.5500.0)
Speccy (Version: 1.25)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0)
Symantec Endpoint Protection (Version: 11.0.6005.562)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221) (Version: 1)
VC Runtimes MSI (Version: 9.0.21022)
Video Mover
Viewpoint Media Player
Visual Studio .NET Prerequisites - English (Version: 9.0.21022)
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio 2010 Prerequisites - English (Version: 10.0.40219)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (Version: 4.0.8080.0)
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime (Version: 9.0.21022)
WCF RIA Services V1.0 SP1 (Version: 4.1.60114.0)
Web Deployment Tool (Version: 1.1.0618)
Windows 7 USB/DVD Download Tool (Version: 1.0.30)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 26%
Total physical RAM: 8191.18 MB
Available physical RAM: 5979.66 MB
Total Pagefile: 16380.54 MB
Available Pagefile: 13952.66 MB
Total Virtual: 4095.88 MB
Available Virtual: 3965.95 MB
 
========================= Partitions: =====================================
 
1 Drive c: (HP) (Fixed) (Total:920.52 GB) (Free:659.91 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.89 GB) (Free:1.59 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\HPE137C
 
Administrator            Guest                    MichaelandPeggy          
 
 
**** End of log ****
 


#4 maburns

maburns
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 24 April 2014 - 01:20 PM

http://speccy.piriform.com/results/3fcRrVqRSKZBLFNdMeoOSR2



#5 hamluis

hamluis

    Moderator


  • Moderator
  • 56,290 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:20 PM

Posted 24 April 2014 - 02:01 PM

If you are having unexpected shutdowns...it's not because of your CPU or your hard drive, they are fine, IMO.

 

A possible PSU issue...would have to be discussed in the Internal Hardware forum or by someone more knowledgeable than myself.

 

Moving topic from here to Am I Infected forum, to explore the possibility of malware.

 

Louis



#6 maburns

maburns
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 24 April 2014 - 02:19 PM

Thanks Louis,

Appreciate the help

Mike



#7 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:20 AM

Posted 25 April 2014 - 10:08 AM

Hi,
 
Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
 
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

After the tool has finished running, a text file named Rkill.txt should be located on the desktop. Please copy and paste the contents into your next reply.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#8 maburns

maburns
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 25 April 2014 - 12:00 PM

Hi xXToffeeXx~,
Thanks for your help,
Mike
 
Rkill 2.6.5 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 04/25/2014 11:55:22 AM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 * C:\Users\MichaelandPeggy\AppData\Roaming\Dashlane\DashlanePlugin.exe (PID: 6136) [UP-HEUR]
 
1 proccess terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
 * No issues found.
 
Checking HOSTS File: 
 
Checking HOSTS File: 
 
 * No issues found.
 
 * HOSTS file entries found: 
 
  127.0.0.1 localhost
 
Program finished at: 04/25/2014 11:57:48 AM
Execution time: 0 hours(s), 2 minute(s), and 25 seconds(s)
 
Program finished at: 04/25/2014 11:57:48 AM
Execution time: 0 hours(s), 2 minute(s), and 29 seconds(s)


#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:20 AM

Posted 25 April 2014 - 12:04 PM

Hi,

 

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#10 maburns

maburns
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 25 April 2014 - 12:29 PM

Farbar Service Scanner Version: 25-02-2014
Ran by MichaelandPeggy (administrator) on 25-04-2014 at 12:28:27
Running from "C:\Users\MichaelandPeggy\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****


#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,086 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:05:20 AM

Posted 25 April 2014 - 12:38 PM

Hi,
 
Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

--------------

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters
     
     
    tds2.jpg
  • Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now
     
     
    2012081514h0118.png
  • Click Start Scan and allow the scan process to run
     
     
    tds4-1.jpg
  • If threats are detected select Skip or Cure (if available) for all of them unless otherwise instructed.
    ***Do NOT select Delete!
  • Click Continue
     
     
    tds6.jpg
  • Click Reboot computer
  • Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply

--------------
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#12 maburns

maburns
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 25 April 2014 - 01:27 PM

Hi xXToffeeXx~

MBAM Scans:  

 

Below is the scan from your current instructions 4/25/2104.  In addition, below this scan are the results from a scan run on 4/23/2014 (2 days ago).

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/25/2014
Scan Time: 1:17:19 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.04.25.09
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: MichaelandPeggy
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 388517
Time Elapsed: 31 min, 3 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Here are the results from an MBAM Scan I ran 2 days ago 4/23/2014.
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/23/2014
Scan Time: 6:47:52 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.04.23.09
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: MichaelandPeggy
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 381170
Time Elapsed: 1 hr, 4 min, 14 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 7
PUP.Optional.SearchQu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}, Quarantined, [03c2101d0873fb3bfeac1b0048ba8a76], 
PUP.Optional.SearchQu, HKU\S-1-5-21-793256821-375107558-2722382272-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, Quarantined, [03c2101d0873fb3bfeac1b0048ba8a76], 
PUP.Optional.SearchQu, HKU\S-1-5-21-793256821-375107558-2722382272-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}, Quarantined, [03c2101d0873fb3bfeac1b0048ba8a76], 
PUP.Optional.DataMngr.A, HKU\S-1-5-21-793256821-375107558-2722382272-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Datamngr, Quarantined, [cdf8a28b07740d291a9d9701b84b3dc3], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-793256821-375107558-2722382272-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [665f16175625f442548af2a6a45f1de3], 
PUP.Optional.DataMngr.A, HKU\S-1-5-21-793256821-375107558-2722382272-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, Quarantined, [08bd67c6e09b9c9ab9fec6d238cb51af], 
PUP.Optional.DataMngr.A, HKU\S-1-5-21-793256821-375107558-2722382272-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, Quarantined, [f7ce072680fbde58c1f5f8a045beee12], 
 
Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-793256821-375107558-2722382272-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0V2T1I1TtF1O2W, Quarantined, [665f16175625f442548af2a6a45f1de3]
 
Registry Data: 1
Hijack.StartPage, HKU\S-1-5-21-793256821-375107558-2722382272-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.searchqu.com/406, Good: (http://www.google.com), Bad: (http://www.searchqu.com/406),Replaced,[c500b776f5868fa771716dbf64a044bc]
 
Folders: 0
(No malicious items detected)
 
Files: 5
PUP.Optional.SweetPacks.A, C:\Users\MichaelandPeggy\AppData\Local\Temp\is1598539481\zgInstaller.exe, Quarantined, [21a4df4ee299a6907e8642c0b64bba46], 
PUP.Optional.BundleInstaller.A, C:\Users\MichaelandPeggy\Downloads\adobe flash player ie setup.exe, Quarantined, [982d59d43546270f0ceb141f877aaf51], 
PUP.Optional.Searchqu.A, C:\Users\MichaelandPeggy\AppData\Local\Temp\searchqutoolbar-manifest.xml, Quarantined, [5f6656d79fdc4fe764e51485bd463fc1], 
PUP.Optional.Searchqu.A, C:\Users\MichaelandPeggy\AppData\Local\Temp\SetupDataMngr_Searchqu.exe, Quarantined, [e1e4be6f90ebe551eb5fd4c5d62dd828], 
PUP.Optional.SearchQU.A, C:\Users\MichaelandPeggy\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://www.google.com/", "http://www.searchqu.com/406" ],), Replaced,[f1d4af7ee893152102974e0b55afcc34]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#13 maburns

maburns
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 25 April 2014 - 03:38 PM

Hi xXToffeeXx~
Something may be wrong, but the full TDSSKiller Scan is 220 pages long and will not paste into the reply. Here is the start and end of the file.
Mike


13:37:34.0240 0x0a04 TDSS rootkit removing tool 3.0.0.33 Apr 24 2014 14:02:50
13:37:35.0004 0x0a04 ============================================================
13:37:35.0004 0x0a04 Current date / time: 2014/04/25 13:37:35.0004
13:37:35.0004 0x0a04 SystemInfo:
13:37:35.0004 0x0a04
13:37:35.0004 0x0a04 OS Version: 6.1.7601 ServicePack: 1.0
13:37:35.0004 0x0a04 Product type: Workstation
13:37:35.0004 0x0a04 ComputerName: HPE137C
13:37:35.0004 0x0a04 UserName: MichaelandPeggy
13:37:35.0004 0x0a04 Windows directory: C:\Windows
13:37:35.0004 0x0a04 System windows directory: C:\Windows
13:37:35.0004 0x0a04 Running under WOW64
13:37:35.0004 0x0a04 Processor architecture: Intel x64
13:37:35.0004 0x0a04 Number of processors: 4
13:37:35.0004 0x0a04 Page size: 0x1000
13:37:35.0004 0x0a04 Boot type: Normal boot
13:37:35.0004 0x0a04 ============================================================
13:37:35.0004 0x0a04 BG loaded
13:37:35.0301 0x0a04 System UUID: {978B613C-6DEA-374C-883F-A50E05A373BB}
13:37:36.0455 0x0a04 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:37:36.0486 0x0a04 ============================================================
13:37:36.0486 0x0a04 \Device\Harddisk0\DR0:
13:37:36.0486 0x0a04 MBR partitions:
13:37:36.0486 0x0a04 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:37:36.0486 0x0a04 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3283F, BlocksNum 0x7310AFC1
13:37:36.0486 0x0a04 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x7313D800, BlocksNum 0x15C8800
13:37:36.0486 0x0a04 ============================================================
13:37:36.0518 0x0a04 C: <-> \Device\Harddisk0\DR0\Partition2
13:37:36.0611 0x0a04 D: <-> \Device\Harddisk0\DR0\Partition3
13:37:36.0611 0x0a04 ============================================================
13:37:36.0611 0x0a04 Initialize success
13:37:36.0611 0x0a04 ============================================================
13:39:49.0474 0x1b80 ============================================================
13:39:49.0474 0x1b80 Scan started
13:39:49.0474 0x1b80 Mode: Manual;
13:39:49.0474 0x1b80 ============================================================
13:39:49.0474 0x1b80 KSN ping started
13:39:52.0376 0x1b80 KSN ping finished: true
13:39:54.0190 0x1b80 ================ Scan system memory ========================
13:39:54.0190 0x1b80 System memory - ok
13:39:54.0190 0x1b80 ================ Scan services =============================
13:39:54.0317 0x1b80 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:39:54.0330 0x1b80 1394ohci - ok
13:39:54.0409 0x1b80 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:39:54.0415 0x1b80 ACPI - ok
13:39:54.0429 0x1b80 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

.....(the full scan is 220 pages long and would not paste into the reply)

5671 ] C:\Windows\System32\wbem\WMIADAP.exe
13:40:27.0430 0x1b80 C:\Windows\System32\wbem\WMIADAP.exe - ok
13:40:27.0433 0x1b80 [ 9FE3ED67345F0FF829A4A53B90E09672, F70CD131DCF101B26CD55A57876DB3765B3E15C9D3A8B508FF041C91226EC504 ] C:\Windows\System32\loadperf.dll
13:40:27.0433 0x1b80 C:\Windows\System32\loadperf.dll - ok
13:40:27.0458 0x1b80 AV detected via SS2: Symantec Endpoint Protection, C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\WSCSavNotifier.exe ( 11.0.6070.422 ), 0x71000 ( enabled : updated )
13:40:27.0463 0x1b80 Win FW state via NFP2: enabled
13:40:30.0342 0x1b80 ============================================================
13:40:30.0342 0x1b80 Scan finished
13:40:30.0342 0x1b80 ============================================================
13:40:30.0351 0x1b84 Detected object count: 0
13:40:30.0351 0x1b84 Actual detected object count: 0
13:42:41.0420 0x10f8 Deinitialize success

#14 maburns

maburns
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 25 April 2014 - 03:39 PM

And here is the AdwCleaner result:


# AdwCleaner v3.202 - Report created 25/04/2014 at 14:04:20
# Updated 23/04/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : MichaelandPeggy - HPE137C
# Running from : C:\Users\MichaelandPeggy\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Program Files (x86)\StartNow Toolbar
Folder Deleted : C:\Program Files (x86)\Viewpoint
Folder Deleted : C:\Program Files\genesis
Folder Deleted : C:\Users\MichaelandPeggy\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\MichaelandPeggy\AppData\Local\PackageAware
Folder Deleted : C:\Users\MICHAE~1\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\MichaelandPeggy\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\MichaelandPeggy\AppData\LocalLow\searchquband
File Deleted : C:\Users\MICHAE~1\AppData\Local\Temp\Searchqu.ini
File Deleted : C:\Users\MICHAE~1\AppData\Local\Temp\Uninstall.exe

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}]
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : [x64] HKLM\SOFTWARE\DataMngr

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v

[ File : C:\Users\MichaelandPeggy\AppData\Roaming\Mozilla\Firefox\Profiles\qmzwwhd3.default-1397485668698\prefs.js ]


-\\ Google Chrome v34.0.1847.116

[ File : C:\Users\MichaelandPeggy\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://dts.search-results.com/sr?src=crb&appid=283&systemid=406&sr=0&q={searchTerms}
Deleted [Search Provider] : hxxp://my.webmd.com/search/search_results?query={searchTerms}&filter=mywebmd_all_filter
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [6219 octets] - [25/04/2014 13:59:23]
AdwCleaner[S0].txt - [5752 octets] - [25/04/2014 14:04:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5812 octets] ##########

#15 maburns

maburns
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 25 April 2014 - 04:06 PM

xXToffeeXx~
Re my earlier post: Something may be wrong, but the full TDSSKiller Scan is 220 pages long and will not paste into the reply. Here is the start and end of the file.

I tried to run TDSSKiller again, upon attempt to update, Internet Explorer stopped working and threw this exception: An unhandled win32 exception occurred in iexplore.exe [6384]

Mike




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users