Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How do I understand unexpected shutdown?


  • Please log in to reply
9 replies to this topic

#1 cafejose

cafejose

  • Members
  • 957 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 09 September 2015 - 03:42 PM

Computer was found completely off, but nobody shut it down.   A fresh start was done with no trouble.  A "Windows recovered from unexpected shutdown" notice appeared upon fresh startup.  What should I do to understand this?

 

 

 

 

Problem signature:
  Problem Event Name:    BlueScreen
  OS Version:    6.1.7601.2.1.0.768.3
  Locale ID:    1033

Additional information about the problem:
  BCCode:    a0
  BCP1:    0000000000000009
  BCP2:    FFFFFFFFC000009C
  BCP3:    0000000000000001
  BCP4:    0000000000000000
  OS Version:    6_1_7601
  Service Pack:    1_0
  Product:    768_1

Files that help describe the problem:
  C:\Windows\Minidump\090915-45193-01.dmp
  C:\Users\sidney\AppData\Local\Temp\WER-78952-0.sysdata.xml

Read our privacy statement online:
  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
  C:\Windows\system32\en-US\erofflps.txt

Edited by hamluis, 10 September 2015 - 09:49 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 Why Computer Why

Why Computer Why

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 09 September 2015 - 03:54 PM

I wouldn't worry too much about it to be honest , unless it happens frequently? 


Edited by Why Computer Why, 09 September 2015 - 03:54 PM.


#3 hamluis

hamluis

    Moderator


  • Moderator
  • 55,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:07:49 AM

Posted 09 September 2015 - 04:02 PM

Please download MiniToolBox  , save it to your desktop and run it.
 
Checkmark the following checkboxes:
  List last 10 Event Viewer log
  List Installed Programs
  List Users, Partitions and Memory size.
 
Click Go and paste the content into your next post.
 
Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 , taking care to post the link of the snapshot in your next post.
 
Louis


Edited by hamluis, 09 September 2015 - 04:55 PM.


#4 cafejose

cafejose
  • Topic Starter

  • Members
  • 957 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 09 September 2015 - 09:30 PM

The MTB.txt file:

 

MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by sidney (administrator) on 09-09-2015 at 19:21:38
Running from "C:\Users\sidney\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: NY591AA-ABA p6267c Manufacturer: HP-Pavilion
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/09/2015 03:37:38 AM) (Source: Application Error) (User: )
Description: Faulting application name: N360.exe, version: 13.0.2.6, time stamp: 0x55772924
Faulting module name: KERNEL32.DLL_unloaded, version: 0.0.0.0, time stamp: 0x55afd8e6
Exception code: 0xc0000005
Fault offset: 0x743f76e7
Faulting process id: 0x13a4
Faulting application start time: 0xN360.exe0
Faulting application path: N360.exe1
Faulting module path: N360.exe2
Report Id: N360.exe3

Error: (09/06/2015 09:11:33 AM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17937 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: c8c
Start Time: 01d0e8be7ddadcd8
Termination Time: 0
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id:

Error: (09/05/2015 06:18:43 AM) (Source: Application Error) (User: )
Description: Faulting application name: CALMAIN.exe, version: 8.2.0.1, time stamp: 0x442b232e
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeaf722
Exception code: 0xc0000005
Fault offset: 0x00009966
Faulting process id: 0x454
Faulting application start time: 0xCALMAIN.exe0
Faulting application path: CALMAIN.exe1
Faulting module path: CALMAIN.exe2
Report Id: CALMAIN.exe3

Error: (08/30/2015 12:44:54 PM) (Source: Application Error) (User: )
Description: Faulting application name: CALMAIN.exe, version: 8.2.0.1, time stamp: 0x442b232e
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeaf722
Exception code: 0xc0000005
Fault offset: 0x00009966
Faulting process id: 0x8fc
Faulting application start time: 0xCALMAIN.exe0
Faulting application path: CALMAIN.exe1
Faulting module path: CALMAIN.exe2
Report Id: CALMAIN.exe3

Error: (08/27/2015 11:40:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: CALMAIN.exe, version: 8.2.0.1, time stamp: 0x442b232e
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeaf722
Exception code: 0xc0000005
Fault offset: 0x00009966
Faulting process id: 0x898
Faulting application start time: 0xCALMAIN.exe0
Faulting application path: CALMAIN.exe1
Faulting module path: CALMAIN.exe2
Report Id: CALMAIN.exe3

Error: (08/26/2015 09:33:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: N360.exe, version: 13.0.2.6, time stamp: 0x55772924
Faulting module name: ccLib.dll, version: 13.0.2.6, time stamp: 0x55772916
Exception code: 0xc0000005
Fault offset: 0x0006b050
Faulting process id: 0x878
Faulting application start time: 0xN360.exe0
Faulting application path: N360.exe1
Faulting module path: N360.exe2
Report Id: N360.exe3

Error: (08/21/2015 08:39:43 AM) (Source: Application Error) (User: )
Description: Faulting application name: ShopAtHomeHelper.exe, version: 7.10.6.8, time stamp: 0x551acf33
Faulting module name: ShopAtHomeHelper.exe, version: 7.10.6.8, time stamp: 0x551acf33
Exception code: 0xc0000005
Fault offset: 0x000043c4
Faulting process id: 0x14f8
Faulting application start time: 0xShopAtHomeHelper.exe0
Faulting application path: ShopAtHomeHelper.exe1
Faulting module path: ShopAtHomeHelper.exe2
Report Id: ShopAtHomeHelper.exe3

Error: (08/20/2015 08:14:06 AM) (Source: Application Error) (User: )
Description: Faulting application name: CALMAIN.exe, version: 8.2.0.1, time stamp: 0x442b232e
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeaf722
Exception code: 0xc0000005
Fault offset: 0x00009966
Faulting process id: 0x7d4
Faulting application start time: 0xCALMAIN.exe0
Faulting application path: CALMAIN.exe1
Faulting module path: CALMAIN.exe2
Report Id: CALMAIN.exe3

Error: (08/16/2015 07:52:30 AM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17937 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1714
Start Time: 01d0d833021cffe2
Termination Time: 20
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id:

Error: (08/15/2015 05:10:22 AM) (Source: Application Error) (User: )
Description: Faulting application name: CALMAIN.exe, version: 8.2.0.1, time stamp: 0x442b232e
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeaf722
Exception code: 0xc0000005
Fault offset: 0x00009966
Faulting process id: 0x83c
Faulting application start time: 0xCALMAIN.exe0
Faulting application path: CALMAIN.exe1
Faulting module path: CALMAIN.exe2
Report Id: CALMAIN.exe3

System errors:
=============
Error: (09/09/2015 06:11:51 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:  AFS

Error: (09/09/2015 06:11:44 PM) (Source: Service Control Manager) (User: )
Description: The BeFrugal.com Service service failed to start due to the following error: %%2

Error: (09/09/2015 01:34:19 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer ROZ-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{969A3DA4-8EE6-474D-8B71-692AAE778268}.
The master browser is stopping or an election is being forced.

Error: (09/09/2015 01:32:22 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer ROZ-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{969A3DA4-8EE6-474D-8B71-692AAE778268}.
The master browser is stopping or an election is being forced.

Error: (09/09/2015 01:31:32 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:  AFS

Error: (09/09/2015 01:31:24 PM) (Source: Service Control Manager) (User: )
Description: The BeFrugal.com Service service failed to start due to the following error:  %%2

Error: (09/09/2015 01:31:07 PM) (Source: BugCheck) (User: )     Description: 0x000000a0 (0x0000000000000009, 0xffffffffc000009c, 0x0000000000000001, 0x0000000000000000)C:\Windows\MEMORY.DMP090915-45193-01

Error: (09/09/2015 01:31:02 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:07:02 AM on ‎9/‎9/‎2015 was unexpected.

Error: (09/09/2015 08:28:34 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PCCUJobMgr service.

Error: (09/09/2015 03:40:28 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:  AFS

Microsoft Office Sessions:
=========================
Error: (09/09/2015 03:37:38 AM) (Source: Application Error)(User: )
Description: N360.exe13.0.2.655772924KERNEL32.DLL_unloaded0.0.0.055afd8e6c0000005743f76e713a401d0ea55834e8142C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exeKERNEL32.DLLc9a07002-56de-11e5-a655-00038a000015

Error: (09/06/2015 09:11:33 AM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE11.0.9600.17937c8c01d0e8be7ddadcd80C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (09/05/2015 06:18:43 AM) (Source: Application Error)(User: )
Description: CALMAIN.exe8.2.0.1442b232emsvcrt.dll7.0.7601.177444eeaf722c00000050000996645401d0e770cabb8509C:\Program Files (x86)\Canon\CAL\CALMAIN.exeC:\Windows\syswow64\msvcrt.dlla1379d6d-53d0-11e5-ab69-00038a000015

Error: (08/30/2015 12:44:54 PM) (Source: Application Error)(User: )
Description: CALMAIN.exe8.2.0.1442b232emsvcrt.dll7.0.7601.177444eeaf722c0000005000099668fc01d0e3494e6ac03aC:\Program Files (x86)\Canon\CAL\CALMAIN.exeC:\Windows\syswow64\msvcrt.dll956a1e1b-4f4f-11e5-9cab-00038a000015

Error: (08/27/2015 11:40:24 PM) (Source: Application Error)(User: )
Description: CALMAIN.exe8.2.0.1442b232emsvcrt.dll7.0.7601.177444eeaf722c00000050000996689801d0e133aaf7113bC:\Program Files (x86)\Canon\CAL\CALMAIN.exeC:\Windows\syswow64\msvcrt.dlla90a7d56-4d4f-11e5-a16b-00038a000015

Error: (08/26/2015 09:33:40 PM) (Source: Application Error)(User: )
Description: N360.exe13.0.2.655772924ccLib.dll13.0.2.655772916c00000050006b05087801d0db5d2f29a26aC:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exeC:\Program Files (x86)\Norton 360\Engine\22.5.2.15\ccLib.dllca2a01e0-4c74-11e5-a29a-00038a000015

Error: (08/21/2015 08:39:43 AM) (Source: Application Error)(User: )   Description: ShopAtHomeHelper.exe7.10.6.8551acf33ShopAtHomeHelper.exe 7.10.6.8551 acf33c0000005000043c414f801d0dc25e1f4762e C:\Users\sidney\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe C:\Users\sidney\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exed7539031-481a-11e5-a29a-00038a000015

Error: (08/20/2015 08:14:06 AM) (Source: Application Error)(User: )
Description: CALMAIN.exe8.2.0.1442b232emsvcrt.dll7.0.7601.177444eeaf722c0000005000099667d401d0db53d73f6c40C:\Program Files (x86)\Canon\CAL\CALMAIN.exeC:\Windows\syswow64\msvcrt.dll190e4405-474e-11e5-a29a-00038a000015

Error: (08/16/2015 07:52:30 AM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE11.0.9600.17937171401d0d833021cffe220C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (08/15/2015 05:10:22 AM) (Source: Application Error)(User: )
Description: CALMAIN.exe8.2.0.1442b232emsvcrt.dll7.0.7601.177444eeaf722c00000050000996683c01d0d74bbb403daaC:\Program Files (x86)\Canon\CAL\CALMAIN.exeC:\Windows\syswow64\msvcrt.dll9a3baa19-4346-11e5-9832-00038a000015

=========================== Installed Programs ============================
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.1060 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{2748FDE2-7BA8-1D20-11A2-FF01CEB009A5}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AOL Toolbar (HKCU\...\AOL Toolbar) (Version:  - )
AOL Toolbar (HKLM-x32\...\AOL Toolbar) (Version:  - AOL Inc.)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Brink of Consciousness: Dorian Gray Syndrome Collector's Edtion (HKLM-x32\...\WTA-5b31c770-db56-4f38-8f12-b98f5a61fbf8) (Version: 2.2.0.98 - WildTangent) Hidden
Brothers In Arms (HKLM-x32\...\BrothersInArms) (Version:  - Ubisoft)
Call of Duty - United Offensive (HKLM-x32\...\{A662E280-64A8-4CF5-8407-13D0808602B3}) (Version: 1.00.0000 - Activision) Hidden
Call of Duty - United Offensive (HKLM-x32\...\InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}) (Version: 1.00.0000 - Activision)
Call of Duty (HKLM-x32\...\Call of Duty) (Version:  - )
Call of Duty® 4 - Modern Warfare™ (HKLM-x32\...\{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version:  - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version:  - )
Call of Duty: Modern Warfare 3 - Dedicated Server (HKLM-x32\...\Steam App 42750) (Version:  - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version:  - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version:  - Infinity Ward - Sledgehammer Games)
Call of Juarez® : Bound in Blood (HKLM-x32\...\Call of Juarez® : Bound in Blood) (Version:  - Ubisoft)
Canon Camera Access Library (HKLM-x32\...\CAL) (Version: 8.2.0.1 - )
Canon Camera Window DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.3.0.11 - )
Canon Camera Window MC 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowMC) (Version: 6.2.0.11 - )
Canon G.726 WMP-Decoder (HKLM-x32\...\Canon G.726 WMP-Decoder) (Version: 1.0.1.3 - )
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 2.3.0.19 - )
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 2.4.0.7 - )
Canon RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.6.0.9 - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 1.0.4.18 - )
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.18.42 - )
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 5.7.0.74 - )
Christmasville (HKLM-x32\...\72fe24ac3f81ced2107a1b2b8f23524c) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Costco Photo Organizer (HKLM-x32\...\{008739FA-4232-45BE-A58B-00B1C6998BFD}) (Version: 1.4.0.97 - Costco Wholesale Corporation)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
Cursed Fates - The Headless Horseman (HKLM-x32\...\510008416) (Version:  - Oberon Media)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden
Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - AOL Inc.)
DriverUpdate (HKLM-x32\...\{F7FBA125-E6E5-4D4F-A165-D094C10B0523}) (Version: 2.2.40819 - SlimWare Utilities, Inc.)
EA SPORTS online 2007 (HKLM-x32\...\82A44D22-9452-49FB-00FB-CEC7DCAF7E23) (Version:  - )
Foundation Factory 2 (HKLM-x32\...\Foundation Factory 2) (Version:  - )
GamesBar from ATT (HKLM-x32\...\att_en) (Version: 3.2.0.3 - Visicom Media Inc.)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.13 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GUN ™ (HKLM-x32\...\{2DFF2906-52BB-4222-8062-1509259FC013}) (Version: 1.00.0000 - Activision) Hidden
GUN ™ (HKLM-x32\...\InstallShield_{2DFF2906-52BB-4222-8062-1509259FC013}) (Version: 1.00.0000 - Activision)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5434.08 - PC-Doctor, Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Homepage Protection (HKLM-x32\...\Homepage Protection) (Version:  - AOL Products)
Hoyle Puzzle and Board Games 2011 (HKLM-x32\...\WTA-d358b2e4-b9b9-4906-8a63-2e9a7f5e7d17) (Version: 2.2.0.98 - WildTangent) Hidden
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3205 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{26280024-DFB7-4967-90DB-7F9C6660D01E}) (Version: 3.0.28.2 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet 4630 series Basic Device Software (HKLM\...\{1EEDD93E-B341-4353-92D6-9A009443C91A}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HydraVision (HKLM-x32\...\{9AE27CE5-2442-EEA6-1D66-ED8D95E2EDF6}) (Version: 4.2.98.0 - ATI Technologies Inc.) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Impulse® (HKLM-x32\...\{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}) (Version: 3.30 - GameStop) Hidden
Impulse® (HKLM-x32\...\Impulse®) (Version: 3.30 - GameStop)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jigsaw 365 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110313550}) (Version:  - Oberon Media)
LabelPrint (HKLM-x32\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LightScribe System Software (HKLM-x32\...\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}) (Version: 1.18.5.1 - LightScribe)
Little Shop - Road Trip (HKLM-x32\...\e64add651a55408b9272e6c2a59610a3) (Version:  - )
Logitech Gaming Software (HKLM-x32\...\{B9242864-2841-4ADE-86E0-8F90F91B04DD}) (Version: 4.40 - )
Madden NFL 07 (HKLM-x32\...\{C85E633E-864A-4AFE-0095-844838BFCC7E}) (Version:  - )
Medal of Honor Airborne (HKLM-x32\...\{25F28E39-FDBB-11DB-8314-0800200C9A66}) (Version: 1.0.1.0 - Electronic Arts)
Medal of Honor Allied Assault (HKLM-x32\...\{0DEA94ED-915A-4834-A87E-388D012C8E02}) (Version:  - )
Medal of Honor Allied Assault™ Breakthrough (HKLM-x32\...\{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}) (Version:  - )
Medal of Honor Allied Assault™ Spearhead (HKLM-x32\...\{7914BE1E-F186-4790-B8F4-9F63C52A41C1}) (Version:  - )
Medal of Honor Pacific Assault™ (HKLM-x32\...\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}) (Version: 1.0 - Electronic Arts)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Flight Simulator 2004 A Century of Flight (HKLM-x32\...\Flight Simulator 9.0) (Version: 9.0 - Microsoft)
Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.60905 - Microsoft Game Studios)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM-x32\...\WebPost) (Version:  - )
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.1 (HKLM\...\{8A837C47-2B21-4FDF-8370-41A1EB6A26E8}) (Version: 1.10.123.0 - Microsoft)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyPublisher (HKLM-x32\...\MyPublisher) (Version:  - MyPublisher, Inc.)
Mystery P.I. - Stolen in San Francisco (HKLM-x32\...\WTA-0cb94229-2ad4-4f4a-92b6-fa475a6f149a) (Version: 2.2.0.98 - WildTangent) Hidden
Mystery P.I. - The London Caper (HKLM-x32\...\WTA-eee04dab-c7fa-47de-83f3-c67c8299bccd) (Version: 2.2.0.95 - WildTangent) Hidden
Norton 360 Premier (HKLM-x32\...\N360) (Version: 22.5.2.15 - Symantec Corporation)
Norton PC Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.2.547 - Symantec Corporation)
NortonVRQ (HKLM-x32\...\vrq) (Version: 5.0.1.6 - Symantec Corporation)

NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
PowerDirector (HKLM-x32\...\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerRecover (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.1923 - CyberLink Corp.) Hidden
Price Check by AOL (HKLM-x32\...\Price Check by AOL) (Version: 1.11.2.1 - AOL Inc.)
Product Improvement Study for HP Officejet 4630 series (HKLM\...\{1A6CF6FE-7573-44F3-8C56-0F4E469D1791}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5882 - Realtek Semiconductor Corp.)
Shockwave (HKLM-x32\...\Shockwave) (Version:  - )
ShopAtHome.com Helper (HKCU\...\ShopAtHome.com Helper) (Version: 7.10.6.8 - ShopAtHome.com)
ShopAtHome.com Toolbar (HKCU\...\ShopAtHome.com Toolbar) (Version: 7.10.6.8 - ShopAtHome.com)

Smilebox (HKCU\...\Smilebox) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
The Print Shop 2.0 Deluxe (HKLM-x32\...\{53E4CE64-629E-4590-AB43-1D8C85A6E621}) (Version: 2.0.1.60 - Encore)
The Print Shop 20 (HKLM-x32\...\{85BB6CF7-5144-4942-87E4-5FC5C47569F8}) (Version: 20.00.0000 - Broderbund Software)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version:  - )
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.0.5.36 - WildTangent) Hidden
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
XnView 1.97.6 (HKLM-x32\...\XnView_is1) (Version: 1.97.6 - Gougelet Pierre-e)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )
ZD Manager (HKLM-x32\...\ZDManager) (Version:  - Zendeals)

========================= Memory info: ===================================
Percentage of memory in use: 23%
Total physical RAM: 8191.23 MB
Available physical RAM: 6260.99 MB
Total Virtual: 16380.66 MB
Available Virtual: 14172.45 MB

========================= Partitions: =====================================
1 Drive c: (HP) (Fixed) (Total:686.46 GB) (Free:509.97 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.08 GB) (Free:2.19 GB) NTFS
8 Drive j: (FreeAgent GoFlex Drive) (Fixed) (Total:931.51 GB) (Free:604.99 GB) NTFS

========================= Users: ========================================
User accounts for \\SIDNEY-PC

Administrator            ASPNET                   Guest                    
sidney                   

**** End of log ****
 

http://speccy.piriform.com/results/SiHr3n33dkjZBn7bOxTwgNH


Edited by hamluis, 10 September 2015 - 09:47 AM.


#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:07:49 AM

Posted 10 September 2015 - 09:48 AM

It's my judgment that you should start in the Am I Infected forum...topic moved to that forum.

 

Louis



#6 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,364 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:05:49 AM

Posted 10 September 2015 - 12:36 PM

Please run AdwCleaner
 
Please download AdwCleaner and install it.
 
When AdwCleaner opens you will see an image like the one below.
 
adwcleaner11_zps48314883.png
 
Click on Scan to start the scan.
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.
 
================
 

Please run Malwarebytes AntiMalware
 
Please download Malwarebytes Anti-Malware.  After clicking on the link the download will start automatically.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
malwarerun_zps9abd4ef1.png
 
4)  When the scan is complete the results will be displayed.  Click on Delete All.
 
malwarenew_zps34b58fdc.png
 
5)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  Copy and paste the log in your topic.
 
================
 
Please clean the extension in your browser/s that don't belong.
 

Please do the following to clean your Extensions.
 
Internet Explorer
 
Press Alt+T and click Internet Options.
Open the General tab.
Change the home page and click OK.
Press Alt+T and click Manage Add-ons.
Click Toolbars and Extensions and remove unwanted extension.
Click Search Providers and set a new default search engine.
 
Google Chrome
 
Press Alt+F and point to Tools.
Click Extensions.
Remove unwanted extensions.
Click Settings.
Under On startup, select the last option and click Set pages.
Set a new startup page.
Under Search, click Manage search engines and click enter the URL of your new default search provider. Click Ok.
 
Mozilla Firefox
 
Press Alt+T and click Options.
Open the General tab and change the home page.
Click OK.
Press Ctrl+Shift+A and click Extensions.
Remove unwanted extensions.
Close the tab.
Click the search engine icon next to the search box and select a new search provider.
 
 

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#7 cafejose

cafejose
  • Topic Starter

  • Members
  • 957 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 10 September 2015 - 09:09 PM

dc3 and hamlius,

Thanks for the advice and instructions about adwcleaner and malwarebytes.  The computer might or might not be "infected", but Norton 360 already been run, and the problem I described was that when computer is left on and unattended, it will or now seems to shut down instead of staying asleep and rewakable.  When then restarted, Windows reports that computer recovered from some bad shutdown.

 

The computer is not mine, so the regular user-owner usually will not permit me to install programs such as the suggested malwarebytes and adwcleaner.  The main user ultimately found MiniToolBox and a speccy folder on the desk top, and deleted them.  My own computer  (with Windows Vista) is in better shape, and as the way used, is safer.

 

I'll try to discuss this with the regular user and see if I can persuade to allow for adwcleaner and malwarebytes - but I do not believe the improper shutdown problem is part of an infection.



#8 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,364 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:05:49 AM

Posted 11 September 2015 - 06:56 AM

I know you have Norton, but that is an antivirus and will not find things that the other tools I suggested would.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#9 cafejose

cafejose
  • Topic Starter

  • Members
  • 957 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 17 September 2015 - 09:48 PM

Not officially a "resolution" to the problem, but I tried some searching with a search engine for tradeadexchange hijack chrome, and terms like that combined, and some discussion appeared in the search listings mentioning Adblock Plus.

Hopefully this is not premature, but after more than two days now having switched from uBlock to AdBlock Plus in google chrome browser, none of those new automatic tab-opening redirects/hijackings have been occuring.  They seem to be stopped - NOT that this cures any infection in google chrome or associated files, but the SYMPTOM is now gone.  The Adblock Plus seems to handle the problem.

 

 

(I also turned off all extensions and then turned them back on again in case this has any effect)



#10 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,364 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:05:49 AM

Posted 18 September 2015 - 09:14 AM

There are browser redirect viruses, these are real.  You need to make your friend aware of this.  What I suggested can be effective against these types of viruses.  All of the tools suggested are suggested on a regular basis  here at  Bleeping Computer.  These programs can be run and then uninstalled.  These programs will not affect other programs or data.

 

If your friend isn't willing to allow these tools to be used, then I doubt they will be rid of this if it is in fact a redirect/hijack virus.

 

Good luck


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users