JMCJR Posted March 11, 2015 Author Share Posted March 11, 2015 virus total analysis . . . ALYac 20150311 AVG 20150311 AVware 20150311 Ad-Aware 20150311 AegisLab 20150311 Agnitum 20150311 AhnLab-V3 20150311 Alibaba 20150311 Antiy-AVL 20150311 Avast 20150311 Avira 20150311 Baidu-International 20150311 BitDefender 20150311 Bkav 20150311 ByteHero 20150311 CAT-QuickHeal 20150311 CMC 20150304 ClamAV 20150311 Comodo 20150311 Cyren 20150311 DrWeb 20150311 ESET-NOD32 20150311 Emsisoft 20150311 F-Prot 20150311 F-Secure 20150311 Fortinet 20150311 GData 20150311 Ikarus 20150311 Jiangmin 20150310 K7AntiVirus 20150311 K7GW 20150311 Kaspersky 20150311 Kingsoft 20150311 Malwarebytes 20150311 McAfee 20150311 McAfee-GW-Edition 20150311 MicroWorld-eScan 20150311 Microsoft 20150311 NANO-Antivirus 20150311 Norman 20150311 Panda 20150311 Qihoo-360 20150311 Rising 20150311 SUPERAntiSpyware 20150311 Sophos 20150311 Symantec 20150311 Tencent 20150311 TheHacker 20150310 TotalDefense 20150311 TrendMicro 20150311 TrendMicro-HouseCall 20150311 VBA32 20150311 VIPRE 20150311 ViRobot 20150311 Zillya 20150310 Zoner 20150311 nProtect 20150311 Link to comment Share on other sites More sharing options...
Juliet Posted March 11, 2015 Share Posted March 11, 2015 The virus total post above doesn't tell me anything, when you scanned it did it have any red flags? How's your computer now? Link to comment Share on other sites More sharing options...
JMCJR Posted March 11, 2015 Author Share Posted March 11, 2015 Juliet, I pray I'm not being paranoid, but though my computer's been acting healthy, I discovered today that a lengthy word document containing all my passwords for EVERYTHING seems to have simply vanished from my machine - I cannot even find an older version of it. What do you make of that? Link to comment Share on other sites More sharing options...
JMCJR Posted March 11, 2015 Author Share Posted March 11, 2015 Can you see the results with this link? https://www.virustotal.com/en/file/c3f22da5cb53155ac60f74bff2f126ab4eb30c58633e0a70061707ddd60902c1/analysis/1426096368/ Link to comment Share on other sites More sharing options...
Juliet Posted March 11, 2015 Share Posted March 11, 2015 Glad the computer acts healthy. I discovered today that a lengthy word document containing all my passwords for EVERYTHING seems to have simply vanished from my machine When you saved the document, what name was it saved with? I think maybe it's just been misplaced. Link to comment Share on other sites More sharing options...
JMCJR Posted March 11, 2015 Author Share Posted March 11, 2015 Think it was "current pw doc" or "current pw" - I can find early versions of the pw one, but I renamed it with "current" in front to distinguish it . . . Link to comment Share on other sites More sharing options...
Juliet Posted March 11, 2015 Share Posted March 11, 2015 I know there was nothing we did that deleted it. Please download SystemLook from one of the links below and save it to your Desktop. Download Mirror #1 Download Mirror #2 Double-click SystemLook.exe to run it. Copy the content of the following codebox into the main textfield: :folderfind current pw current pw doc :filefind current pw current pw doc :regfind current pw current pw doc Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found on your Desktop entitled SystemLook.txt Link to comment Share on other sites More sharing options...
JMCJR Posted March 12, 2015 Author Share Posted March 12, 2015 No luck . Results below. Weird though . . . first time I downloaded it (all downloads go automatically to download folder, no "save as", just "save" and that's where it saves it to, so I have to go and move it to the desktop). When I tried to move it to the desktop, it didn't appear. When I searched for it and looked at properties, it said it was on the desktop, but I could not see it. Opening the desktop folder in explorer shows it, but not just looking at the desktop. Then the txt file results did the same thing, can't see it on the desktop, but it is in the folder for the desktop. SystemLook 30.07.11 by jpshortstuffLog created at 08:36 on 12/03/2015 by LAdamsAdministrator - Elevation successful========== folderfind ==========Searching for "current pw"No folders found.Searching for "current pw doc"No folders found.========== filefind ==========Searching for "current pw"No files found.Searching for "current pw doc"No files found.========== regfind ==========Searching for "current pw"No data found.Searching for "current pw doc"No data found.-= EOF =- Link to comment Share on other sites More sharing options...
JMCJR Posted March 12, 2015 Author Share Posted March 12, 2015 Windows recovered from an unexpected shut down. Third time I noticed my computer restarted on it's own, first time to notice that message. Link to comment Share on other sites More sharing options...
Juliet Posted March 12, 2015 Share Posted March 12, 2015 Something went goofy please download Windows Repair (all in one) from here Install the program then go to step 4 and create a new system restore point and new registry backup. Go to Step 2 and allow it to run CheckDisk by clicking on Do It button: NEXT On the the Start Repairs tab => Click the Start Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default): Click on box next to the Restart System when Finished. Then click on Start. ~~~~~~~~~~~~~~~~~~~~~~~~~~` lets first have a look at the stop code. Download BlueScreenView No installation required. Double click on BlueScreenView.exe file to run the program. When scanning is done, go Edit>Select All. Go File>Save Selected Items, and save the report as BSOD.txt. Open BSOD.txt in Notepad, copy all content, and paste it into your next reply. Link to comment Share on other sites More sharing options...
JMCJR Posted March 12, 2015 Author Share Posted March 12, 2015 Install the program then go to step 4 and create a new system restore point and new registry backup. What is meant by 'create a new system restore point'? A date? i.e., do I determine this and if so how? (btw, thank you) Link to comment Share on other sites More sharing options...
Juliet Posted March 12, 2015 Share Posted March 12, 2015 If you click on the button that says System Restore, it should create one for you. If you click on the button that says Registry Backup, it should create one for you. Link to comment Share on other sites More sharing options...
JMCJR Posted March 13, 2015 Author Share Posted March 13, 2015 As soon as Windows repair was installed, system rebooted by itself again suddenly. Had a few other quirky issues, the version was different/updated but I think we got it right per your instructions, just found items in different places. here are the results of the last one you asked for: ==================================================Dump File : 031215-27596-01.dmpCrash Time : 3/12/2015 1:05:11 PMBug Check String : BAD_POOL_HEADERBug Check Code : 0x00000019Parameter 1 : 0x00000020Parameter 2 : 0x89f5c950Parameter 3 : 0x89f5d500Parameter 4 : 0x0976c2e0Caused By Driver : iaStor.sysCaused By Address : iaStor.sys+4d600File Description : Intel Rapid Storage Technology driver - x86Product Name : Intel Rapid Storage Technology driverCompany : Intel CorporationFile Version : 9.6.0.1014Processor : 32-bitCrash Address : ntkrnlpa.exe+120c6bStack Address 1 : iaStor.sys+20844Stack Address 2 : iaStor.sys+1fbc4Stack Address 3 : iaStor.sys+1fd6aComputer Name :Full Path : C:\Windows\Minidump\031215-27596-01.dmpProcessors Count : 4Major Version : 15Minor Version : 7601Dump File Size : 143,512Dump File Time : 3/12/2015 1:07:03 PM====================================================================================================Dump File : 031215-25209-01.dmpCrash Time : 3/12/2015 12:49:44 PMBug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUALBug Check Code : 0x000000d1Parameter 1 : 0x7775edd8Parameter 2 : 0x00000002Parameter 3 : 0x00000008Parameter 4 : 0x7775edd8Caused By Driver : usbehci.sysCaused By Address : usbehci.sys+4023File Description : EHCI eUSB Miniport DriverProduct Name : Microsoft® Windows® Operating SystemCompany : Microsoft CorporationFile Version : 6.1.7601.18328 (win7sp1_gdr.131126-1436)Processor : 32-bitCrash Address : ntkrnlpa.exe+40b7fStack Address 1 :Stack Address 2 : Wdf01000.sys+8008Stack Address 3 : Wdf01000.sys+3ed1Computer Name :Full Path : C:\Windows\Minidump\031215-25209-01.dmpProcessors Count : 4Major Version : 15Minor Version : 7601Dump File Size : 143,512Dump File Time : 3/12/2015 12:51:34 PM================================================== Link to comment Share on other sites More sharing options...
Juliet Posted March 13, 2015 Share Posted March 13, 2015 Caused By Driver : iaStor.sys File Description : Intel Rapid Storage Technology driver - x86 Product Name : Intel Rapid Storage Technology driver Caused By Driver : usbehci.sys Caused By Address : usbehci.sys+4023 File Description : EHCI eUSB Miniport Driver This usually points to hardware rather then software being the cause. You may also try updating your USB drivers. I've asked someone to take a look, it seems to also point back to a bad USB port? Link to comment Share on other sites More sharing options...
JMCJR Posted March 13, 2015 Author Share Posted March 13, 2015 So the machine rebooting on its own - hardware related? Any idea why that doc would have vanished? Is there anything I need to put back as before (hidden files, delete any tools)? Link to comment Share on other sites More sharing options...
Juliet Posted March 13, 2015 Share Posted March 13, 2015 So the machine rebooting on its own - hardware related? Any idea why that doc would have vanished? Is there anything I need to put back as before (hidden files, delete any tools)? It's my best guess that now the rebooting is due to hardware....for right now if you can disconnect any USB devices and keep them disconnected for a while to test that theory. I've asked another colleague to look in and give thoughts but, he might not be able to respond till this evening. I have no clue what went with the document, by chance could it had been saved or renamed to something else? Have you tried looking in odd places to see if it were saved to a hidden folder? The below is a tutorial to show all files and folders. You may have already done this, but let's try again. http://www.bleepingcomputer.com/tutorials/show-hidden-files-in-windows-7/ Try doing a windows search for the document. http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html please try the tutorial above for running SFC /SCANNOW Command - System File Checker Link to comment Share on other sites More sharing options...
Y kawika Posted March 13, 2015 Share Posted March 13, 2015 Hi JMCJR, Can you run an Overdrive Test from here at the Pit for us to take a look, it'll give us a bit more insight to the hardware & software on your rig. Please go to: Start> All Programs, then Right Click on Internet Explorer and choose: 'Run as Administrator' Navigate yourself to the Overdrive test at PC Pitstop and try to run the scan there: http://www.pcpitstop.com/betapit/default.asp If you've never done an Overdrive test, then on the top left corner click the "Sign Up Free" and create an account, then log in and give it a run. Copy the link from the top address bar when the test completes and paste it in your reply to this thread so we can have a look. Thanks Y Link to comment Share on other sites More sharing options...
JMCJR Posted March 14, 2015 Author Share Posted March 14, 2015 I was able to finally locate the document, whew! Do you guys want me now to run . . . 1st: SFC /SCANNOW Command - System File Checker; and then 2nd: run an Overdrive Test ? Link to comment Share on other sites More sharing options...
Juliet Posted March 14, 2015 Share Posted March 14, 2015 I was able to finally locate the document, whew! wowssa!, where was it?, if I can ask of course. Do you guys want me now to run . . . 1st: SFC /SCANNOW Command - System File Checker; and then 2nd: run an Overdrive Test Can you do both please? Link to comment Share on other sites More sharing options...
JMCJR Posted March 14, 2015 Author Share Posted March 14, 2015 Yes, of course. And the document was in my documents folder - it just magically appeared this time when I searched exactly as I'd done so before. How weird is that? Link to comment Share on other sites More sharing options...
JMCJR Posted March 14, 2015 Author Share Posted March 14, 2015 Entering the Pit...When you click the link below, we'll automatically take you through several steps that will determine the characteristics of the computer you are currently using. Nothing on your system will be harmed or changed. The complete series of tests should take two to four minutes on most systems. You will notice some disk activity. This is normal, as the PC PitStop utility examines your system configuration. The utility will report its progress in your browser's status bar and a status window on the web page. If you have a firewall such as Norton Internet Security, ZoneAlarm, or CA Firewall, you may need to turn it off to complete the tests. NOTE: If you suffer from epilepsy, we advise you not to watch the video portion of the test. We have heard reports of the repeated image patterns triggering an attack. Ready? Just a sec... If you're having trouble with the new test you can find the old one here. If you're having trouble running the tests, please try the suggestions on our troubleshooting page. Is the tool optimized for Explorer? I am using Firefox . . . Link to comment Share on other sites More sharing options...
JMCJR Posted March 14, 2015 Author Share Posted March 14, 2015 Also, the sfc/scannow completed and noted: Windows Resource Protection did not find any integrity violations Btw, PC hasn't been doing the random reboot and seems to be behaving Link to comment Share on other sites More sharing options...
Y kawika Posted March 14, 2015 Share Posted March 14, 2015 Is the tool optimized for Explorer? I am using Firefox . . . Yes, it will only run in Internet Explorer and should be executed as an Administrator as outlined in the previous instructions. Thanks Y Link to comment Share on other sites More sharing options...
JMCJR Posted March 14, 2015 Author Share Posted March 14, 2015 At Overdrive over in IE: PC Pitstop requires Internet Explorer 5 or higher. You do not seem to be running IE. I am running IE 11. Regarding ActiveX, also over in IE: Test Your ActiveX InstallationThis page tests whether you have your browser properly configured to download, authenticate, install, and display ActiveX controls, and manipulate them with JavaScript. When prompted with a certificate, please accept it. The current date and time should appear below: ActiveX is not supported If you see the current date and time displayed above, congratulations! ActiveX and scripting are working properly. (If you see a date and time but it isn't the right time, your PC's clock is set wrong! Double-click the time in the system tray to correct it.) If, instead of the time, you see a box with a small x in it, either: ActiveX is not supported: Use Internet Explorer to view the site. ActiveX is not enabled: See these instructions to enable ActiveX. You didn't accept the certificate: You must click Yes on the security certificate to load the ActiveX control. You are using an ad blocker, popup stopper, or firewall that blocks ActiveX: Disable these utilities to see if they are the cause. Your system has spyware installed or a virus that interferes with ActiveX: Scan for spyware with a product like Pest Patrol or Panda, available in our store. If you see a blank space, ActiveX is probably working properly, but not scripting. Check your security settings for scripting. If you see the message ActiveX is not supported, then your browser doesn't recognize ActiveX at all. Netscape, Opera, or other browsers usually do not support ActiveX. When you think you've corrected any problem you are having with this, simply refresh the page [press F5] to try again. What next? Link to comment Share on other sites More sharing options...
JMCJR Posted March 15, 2015 Author Share Posted March 15, 2015 PC just rebooted on its own, logged into the machine and a program that runs on startup was stuck (again), so I went to task mgr and there was one other item there: DSD_2156---Running. I closed task mgr but didn't stop this program. Will shut the machine down overnight. Link to comment Share on other sites More sharing options...
Recommended Posts