Jump to content

[Infected] Windows must now restart because the Plug and Play


Recommended Posts

My PC got pop up message windows must now restart because the plug and play terminated unexpectedly, sometimes a different pop up message also appears saying that "Windows will shut down in 1 minute because of critical error". Tried every possible way already including:

-Scanning using malwarebytes on safe mode

-Scanning using MBAR on safe mode

-Flashing Kaspersky recovery disk 2018

-Command shutdown.exe -a on CMD administrator mode

-Re-registering the whole .dll on pc

 

It only happens when I played a really big game (MMORPG/40gb+ game). The game will have few second froze every several seconds before complete 30 second frozen then I got the message "Windows will shutdown in 1 minute due to critical error" my windows 7 Aero will turn off and I cannot access any files/programs saying that the unspecified path error with large X red icon. Cannot even search anything from start menu and I cannot access my task manager. Only those programs currently opened I can access it.

 

This occurs almost every time, but scanning things and removing malwares did not do anything for me.

 

What do I do? I tried system restore to way back around 1/2 week before problem persists but up until now it still occurs. Re-installing the whole PC is mostly not an option for me due to heavy customization/very long use already and my data is already piling up. Please help...

Edited by Zeroneos
Link to post
Share on other sites

  • Replies 54
  • Created
  • Last Reply

Top Posters In This Topic

Hello Zeroneos and welcome to Malwarebytes,

Lets run a diagnostic scan and have a look at your system....

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Thank you,

Kevin...
Link to post
Share on other sites

Thanks for those logs Zeroneos,

Couple of points to clarify before progressing any futher...

Quote

GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

Are those group polocies known to you or trusted...?

Quote

FirewallRules: [{448B46CC-5DB6-4C3C-AC7D-C7776A07D91A}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩晤湩層楷摮楦摮攮數
FirewallRules: [{644511DC-C170-4867-BAB3-E3CD5802A44E}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩晤湩層楷摮楦摮⹟硥e

Are those Firewall rules known to you and trusted, I tried running what appears to be Chinese writing through a translator, unable to be translated..

Quote

Name: AMDA00 Interface
Description: AMDA00 Interface
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: ASUSTeK Computer Inc.
Service: WUDFRd
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

That is an error from event viewer, more than likely a Graphics card issue, have you recently upgraded the card, or its driver. Or altered any settings for the Graphice card...

Have a look in Device Manager, scroll to and expand Display Adapters. Are the any explanation marks or similar against those entries...

Thank you,

Kevin...

Link to post
Share on other sites

Quote

Are those group policies known to you or trusted...?

No, I don't know anything about that

Quote

Are those Firewall rules known to you and trusted, I tried running what appears to be Chinese writing through a translator, unable to be translated..

I did not know this either, my pc is in english and I never visited any chinese website.

Quote

That is an error from event viewer, more than likely a Graphics card issue, have you recently upgraded the card, or its driver. Or altered any settings for the Graphice card...

Have a look in Device Manager, scroll to and expand Display Adapters. Are the any explanation marks or similar against those entries...

There is indeed an exclamation mark in device manager with the devices called AMDA00 Interface. What should I do about it? Uninstall it?

 

Thank you

Link to post
Share on other sites

Thanks for the update, yes i`d unistall that driver and then reboot. Windows will attribute a fresh driver during POST, see what happens after that. I`m actually away on Holiday so will be offline until later tonight. After you let me know the outcome of the update of the Graphics card i`ll sort a fix out for the other entries...

Cheers,

Kevin..

Link to post
Share on other sites

See if you can find out what the unknown device is with the following:

Open Device Manager, right-click on the listing for the Unknown Device, select Properties from the context menu, and then click on the Details tab at the top of the resulting window.

On the Details tab, you’ll see a drop down menu labeled “Property”. The items listed in that drop down menu should show information about the mysterious device, it’s the Hardware IDs that are most relevant to this case.

Select Hardware IDs from the drop down menu and the “Value” field below will populate with a list of values. Post to Google for one of the values listed in the Window it should the device’s identity.

Repeat if necessary...

Link to post
Share on other sites

Found it, it's the troublesome driver AMDA00 Interface from earlier post, I tried uninstalling it and got this again. It seems it has problems with my asus motherboard and seems does not install itself correctly. This is my current motherboard and graphic card:

Motherboard: Asus z97-AR Intel i7 Haswell 4790k CPU @4.00ghz

VGA: MSI GTX 1070 Gaming X 8G

 

At this state it cannot be uninstalled, but when it goes back to unknown device it can be uninstalled but everytime after reboot, it'll just go back like this again.

 

image.png.683857d849214d986a5429a9f3b55151.png

Edited by Zeroneos
Link to post
Share on other sites

Run the following fix with FRST...

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Set windows up for "Clean Boot" mode, full instructions here: https://support.microsoft.com/en-gb/kb/929135

Basically all none MS services are disabled, see how your system runs in that mode. Does the issue clear in that mode...?

fixlist.txt

Link to post
Share on other sites

Hello again Zeroneos,

Thanks for those updates, yes sleep is very much needed. We are probably in different time zones, I`m in the UK... The idea of clean boot is to see if a none Microsoft service is causing the issue, in your case this certainly seems to be so. Now we need to identify the said service, this may turn out to time consuming but well worth the effort..

As clean boot makes your system work correctly it is now a process of elimination to find which non MS service(s) was affecting your system...

Go through the process again, this time with all MS services hidden again enable the top half of non MS services, re-boot and see how your system responds, if still ok the top half can be left enabled.

Repeat again, enable so many of the bottom half then re-boot. Continue until you locate the problem service(s). A process of elimination, a bit long winded but worth the effort. Let me know the outcome...

Cheers,

Kevin...

 

Link to post
Share on other sites

Thanks Kevin

I tried following your advice, I tried restarting the game multiple times and restarting PC to see if I my pc crashed while running that game. Using clean boot and top half (A-K listing) seems fine, there is no freeze/delay in my game unlike before. Now i'm turning on all bottom half (I don't turn every single of them because there is a startup that I actually don't need so...)

I'll keep reporting back. thanks for keeping up with me...

Link to post
Share on other sites

Hello Kevin

So I am at the point where I turned on everything back like before I do all these stuff (msconfig/services/startup) clean booting. So far the game and my pc does not crash on me. Perhaps the problem only lies with the AMDA00 Interface? Because instead of uninstalling it for it to be appear again after reboot I just disabled it. So far I tried restarting PC by myself few times and log on into game, no crash or freeze detected at all today. So, what next after this? Should I continue to search for the malware (might be caused by it) by using roguekiller/tdss stuff like that?

 

Thank you

Link to post
Share on other sites

I do not believe we are dealing with any malware or infection, I believe the issue is related to a previous driver that has not been fully removed from your system...

Check out the following link on how to remove old drivers from Windows...

https://www.thewindowsclub.com/how-to-remove-old-unused-device-drivers-in-windows-7

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.