Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem with bluescreen, Antivirus-Program and Wifi


  • This topic is locked This topic is locked
16 replies to this topic

#1 greg2657

greg2657

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 21 May 2014 - 08:12 AM

Hi,

 

since I had a bluescreen a week ago, my Ultrabook is behaving strangely. The first problem I had is that the Windows Explorer settings had been changed back to the default ones (for example no more file name extensions were displayed anymore). I changed everything back to the desired settings and thought that that was everything. Then I realized that the text in NIS 2014 was partially in English although I'm using the German version. I reinstalled Norton and that issue was also resolved. Then another issue started: I'm not able to update Norton properly because always the same two updates fail. If anyone is interested in reading the whole story, please see here: http://community.norton.com/t5/Norton-Internet-Security-Norton/NIS-Update-fails-Norton-Web-Protection-Definitions/td-p/1135976. No matter what I did, this issue couldn't be resolved. And today another issue arised: My Wifi just stoppes working every few minutes and I have to restart my PC in order for it to work again (in the windows event viewer it says that the Wifi-enhancement module (or whatever it's called exactly in Englisch since I'm German ;-) ) has been terminated.

So all in all I'm starting to get worried that I have a malware problem, so I attached an OTL-Log (I did a quick scan with the default settings and strangely no Extras.txt has been created (perhaps because I ran OTL a week ago also?)). A DDS-Log didn't work because I use Windows 8.1 Update 1 (couldn't start the tool).

 

It would help me very much if someone could analyse the log and tell me if I'm infected or if these issues must be on the hardware/driver side.

 

Thank you very much in advance

greg2657

Attached Files

  • Attached File  OTL.Txt   142.74KB   2 downloads


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:17 AM

Posted 25 May 2014 - 08:05 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

This tool is similar to the DDS tool and will work in Windows 8.

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.

#3 greg2657

greg2657
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 25 May 2014 - 10:58 AM

Hi nasdaq,

 

thanks for helping me :)

Here is the content of the FRST.txt file. I attached the Addition.txt file. Windows SmartScreen gave me a warning when I launched the tool but I guess that can happen with such a program :wink:

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 01
Ran by *** (administrator) on *** on 25-05-2014 17:32:01
Running from C:\Users\***\Desktop
Platform: Windows 8.1 (Update 1) (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Spotify Ltd) C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
() C:\Users\***\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Dropbox, Inc.) C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\livecomm.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [79376 2013-07-31] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13654744 2013-09-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1353432 2013-09-26] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7818040 2013-10-09] (Motorola Solutions, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-26] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3734813317-3092876567-2697954302-1001\...\Run: [Spotify Web Helper] => C:\Users\***\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-11] (Spotify Ltd)
HKU\S-1-5-21-3734813317-3092876567-2697954302-1001\...\Run: [Amazon Cloud Player] => C:\Users\***\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-3734813317-3092876567-2697954302-1001\...\MountPoints2: {0373ad81-df43-11e3-beb4-5c514f80a371} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL http://www.ultimatebootcd.com/
Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASU2JS
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5cmbtb5p.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DblClicker - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5cmbtb5p.default\Extensions\dblclicker@byo.co.il.xpi [2014-05-20]
FF Extension: Adblock Plus - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5cmbtb5p.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-20]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\IPSFF [2014-05-20]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.2.0.38\coFFPlgn\ []

==================== Services (Whitelisted) =================

R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-07-23] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] ()
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [283296 2013-07-26] (Intel Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2266296 2014-05-16] (Microsoft Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83032 2013-07-31] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [100032 2013-07-31] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [84568 2013-07-31] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [92864 2013-07-31] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-31] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [197608 2013-07-22] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-31] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-08-23] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe [276376 2014-05-11] (Symantec Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3667696 2013-08-23] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70928 2013-12-12] (ASUS Corporation)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows ® Win 7 DDK provider)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1503000.00C\ccSetx64.sys [162392 2014-02-25] (Symantec Corporation)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [68072 2013-07-31] (Intel Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [57216 2013-07-31] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [120256 2013-07-31] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [200808 2013-07-31] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-05-19] (Symantec Corporation)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [31648 2014-05-17] (REALiX™)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [142280 2013-10-18] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\IPSDefs\20140523.001\IDSvia64.sys [525016 2014-05-19] (Symantec Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-07-22] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-07-22] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-07-22] ()
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-04-05] (Microsoft Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-07-22] ()
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-20] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140524.016\ENG64.SYS [126040 2014-05-19] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.2.0.38\Definitions\VirusDefs\20140524.016\EX64.SYS [2099288 2014-05-19] (Symantec Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3433952 2014-02-18] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [3648480 2013-08-30] (Intel Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-07-23] (Windows ® Win 7 DDK provider)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
R3 RTLU3E8023-W8-64; C:\Windows\system32\DRIVERS\rtu30x64w8.sys [92376 2013-10-11] (Realtek                                            )
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-04-05] (Microsoft Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1503000.00C\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1503000.00C\SRTSPX64.SYS [36952 2013-10-30] (Symantec Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1503000.00C\SymELAM.sys [23568 2013-10-30] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-05-20] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1503000.00C\Ironx64.SYS [264280 2013-10-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1503000.00C\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-06-20] (Windows ® Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-25 17:32 - 2014-05-25 17:32 - 00020158 _____ () C:\Users\***\Desktop\FRST.txt
2014-05-25 17:31 - 2014-05-25 17:32 - 00000000 ____D () C:\FRST
2014-05-25 17:19 - 2014-05-25 17:19 - 02066944 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2014-05-22 18:15 - 2014-05-22 18:15 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2014-05-22 18:02 - 2014-05-22 18:16 - 00000000 ____D () C:\Users\***\AppData\Roaming\Audacity
2014-05-22 18:01 - 2014-05-22 18:01 - 00000997 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-05-22 18:01 - 2014-05-22 18:01 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-05-21 14:54 - 2014-05-21 14:56 - 00146164 _____ () C:\Users\***\Desktop\OTL.Txt
2014-05-21 14:50 - 2014-05-21 14:50 - 00602112 _____ (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2014-05-21 14:48 - 2014-05-21 14:48 - 00000000 ____D () C:\Users\***\Desktop\Neuer Ordner
2014-05-21 14:29 - 2014-05-21 14:29 - 00688992 _____ (Swearware) C:\Users\***\Desktop\dds.com
2014-05-21 14:22 - 2014-05-21 14:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2014-05-21 14:22 - 2014-05-21 14:22 - 00000000 ____D () C:\Program Files\Common Files\Intel
2014-05-21 14:22 - 2014-05-21 14:22 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-05-21 13:56 - 2014-05-21 14:31 - 00000000 ____D () C:\WINDOWS\LastGood
2014-05-21 09:10 - 2014-05-21 09:10 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-05-20 09:32 - 2014-05-21 14:22 - 00066166 _____ () C:\WINDOWS\DPINST.LOG
2014-05-20 09:27 - 2014-05-20 09:27 - 00000000 ____D () C:\Users\***\Downloads\WiFi_Intel_Win81_64_VER17015
2014-05-20 09:02 - 2014-05-20 09:02 - 00001137 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-20 09:02 - 2014-05-20 09:02 - 00001125 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-20 09:02 - 2014-05-20 09:02 - 00000000 ____D () C:\Users\***\AppData\Roaming\Mozilla
2014-05-20 09:02 - 2014-05-20 09:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-20 08:54 - 2014-05-21 09:05 - 00002483 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-05-20 08:54 - 2014-05-20 08:54 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-05-20 08:54 - 2014-05-20 08:54 - 00008222 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2014-05-20 08:54 - 2014-05-20 08:54 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-05-20 08:53 - 2014-05-21 09:05 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-05-20 08:53 - 2014-05-20 08:53 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-05-19 18:57 - 2014-05-19 18:57 - 00006481 _____ () C:\Users\***\Desktop\bookmarks-2014-05-19.json
2014-05-19 18:55 - 2014-05-19 18:56 - 28852416 _____ (Mozilla) C:\Users\***\Desktop\Firefox Setup 29.0.1.exe
2014-05-19 14:22 - 2014-05-19 14:22 - 00000000 ____D () C:\Users\***\Desktop\CDBurnerXP-4.5.3.4746
2014-05-19 14:19 - 2014-05-19 14:20 - 00000175 _____ () C:\Users\***\AppData\Roaming\Checksum.ini
2014-05-19 14:18 - 2014-05-19 14:18 - 00000000 ____D () C:\Users\***\Desktop\checksum
2014-05-19 13:39 - 2014-05-19 13:54 - 602079232 _____ () C:\Users\***\Desktop\ubcd_529.iso
2014-05-19 12:42 - 2014-05-25 08:29 - 00425840 _____ () C:\WINDOWS\PFRO.log
2014-05-19 12:33 - 2014-05-19 12:33 - 07540560 _____ (Symantec Corporation) C:\Users\***\Desktop\NRnR.exe
2014-05-17 13:33 - 2014-05-17 13:33 - 00031648 _____ (REALiX™) C:\WINDOWS\system32\Drivers\HWiNFO64A.SYS
2014-05-17 13:32 - 2014-05-17 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
2014-05-17 13:32 - 2014-05-17 13:32 - 00000000 ____D () C:\Program Files\HWiNFO64
2014-05-17 12:01 - 2014-05-17 12:04 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-17 12:01 - 2014-05-17 12:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-17 11:43 - 2014-05-17 11:43 - 00062108 _____ () C:\Users\***\Documents\Extras.Txt
2014-05-17 11:42 - 2014-05-17 11:49 - 00143776 _____ () C:\Users\***\Documents\OTL.Txt
2014-05-17 11:20 - 2014-05-17 11:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-05-17 11:19 - 2014-05-17 11:20 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-05-17 11:15 - 2014-05-25 08:30 - 00006480 _____ () C:\WINDOWS\setupact.log
2014-05-17 11:15 - 2014-05-17 11:15 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-17 11:14 - 2014-05-17 11:14 - 00000000 ____D () C:\Users\***\Downloads\Audio_Realtek_Win81_64_VER6017054
2014-05-16 18:32 - 2014-05-25 08:50 - 01055084 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-16 15:11 - 2014-05-16 15:11 - 00000000 ____D () C:\Users\***\Desktop\AS_SSD17_Benchmark
2014-05-15 16:48 - 2014-05-15 16:48 - 00000000 ____D () C:\NPE
2014-05-15 16:47 - 2014-05-15 16:51 - 00000000 ____D () C:\Users\***\AppData\Local\NPE
2014-05-15 16:35 - 2014-05-15 16:35 - 00000000 ____D () C:\ProgramData\PCSettings
2014-05-14 22:43 - 2014-05-14 22:43 - 00000000 ____D () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2014-05-14 22:43 - 2014-05-14 22:43 - 00000000 ____D () C:\Program Files (x86)\NirSoft
2014-05-14 21:18 - 2014-05-16 12:43 - 00000000 ____D () C:\WINDOWS\Minidump
2014-05-14 19:00 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-14 19:00 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-14 19:00 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-14 19:00 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-14 19:00 - 2014-03-27 11:12 - 21225584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-05-14 19:00 - 2014-03-27 09:48 - 18679728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-05-14 18:59 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-05-14 18:59 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-05-14 18:59 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-14 18:59 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-05-14 18:59 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-05-14 18:59 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-05-14 18:59 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-05-14 18:59 - 2014-04-11 05:36 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-05-14 18:59 - 2014-04-11 05:24 - 13288960 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-05-14 18:59 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-14 18:59 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 18:59 - 2014-04-11 05:05 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-14 18:59 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 18:59 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-05-14 18:59 - 2014-04-11 05:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-05-14 18:59 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-14 18:59 - 2014-04-11 04:59 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-14 18:59 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-05-14 18:59 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-05-14 18:59 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-05-14 18:59 - 2014-04-11 04:53 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-05-14 18:59 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-05-14 18:59 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-05-14 18:59 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-14 18:59 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-14 18:59 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-05-14 18:59 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-05-14 18:59 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2014-05-14 18:59 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2014-05-14 18:59 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-14 18:59 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-14 18:59 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-05-14 18:59 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-05-14 18:59 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-05-14 18:59 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-05-14 18:59 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-05-08 23:32 - 2014-05-08 23:32 - 00001282 _____ () C:\Users\***\Desktop\Amazon Cloud Player.lnk
2014-05-08 23:32 - 2014-05-08 23:32 - 00000000 ____D () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-05-08 23:32 - 2014-05-08 23:32 - 00000000 ____D () C:\Users\***\AppData\Local\Amazon Cloud Player
2014-05-06 23:37 - 2014-05-06 23:37 - 00000021 _____ () C:\Users\***\AppData\Roaming\my_intel.sys
2014-05-05 08:52 - 2014-02-06 13:30 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-05-05 08:52 - 2014-02-06 12:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-01 21:30 - 2014-05-20 09:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-01 21:30 - 2014-05-01 21:30 - 00000000 ____D () C:\ProgramData\Mozilla
2014-05-01 10:06 - 2014-05-01 10:06 - 00003028 _____ () C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2014-04-29 21:05 - 2014-04-29 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

==================== One Month Modified Files and Folders =======

2014-05-25 17:32 - 2014-05-25 17:32 - 00020158 _____ () C:\Users\***\Desktop\FRST.txt
2014-05-25 17:32 - 2014-05-25 17:31 - 00000000 ____D () C:\FRST
2014-05-25 17:19 - 2014-05-25 17:19 - 02066944 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2014-05-25 17:04 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-05-25 15:46 - 2014-04-11 17:05 - 00000000 ____D () C:\Users\***\AppData\Roaming\Dropbox
2014-05-25 12:00 - 2013-12-27 22:13 - 00003474 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update1
2014-05-25 11:14 - 2014-04-13 10:17 - 00005152 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ***-*** ***
2014-05-25 08:50 - 2014-05-16 18:32 - 01055084 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-25 08:34 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-25 08:34 - 2013-11-14 09:11 - 00773008 _____ () C:\WINDOWS\system32\perfh007.dat
2014-05-25 08:34 - 2013-11-14 09:11 - 00162310 _____ () C:\WINDOWS\system32\perfc007.dat
2014-05-25 08:31 - 2014-03-08 01:17 - 00000062 _____ () C:\Users\***\AppData\Roaming\sp_data.sys
2014-05-25 08:31 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-05-25 08:30 - 2014-05-17 11:15 - 00006480 _____ () C:\WINDOWS\setupact.log
2014-05-25 08:30 - 2014-04-11 17:07 - 00000000 ___RD () C:\Users\***\Dropbox
2014-05-25 08:30 - 2014-04-11 17:06 - 00000000 ____D () C:\Users\***\AppData\Roaming\DropboxMaster
2014-05-25 08:30 - 2014-04-05 15:26 - 00000000 __RDO () C:\Users\***\SkyDrive
2014-05-25 08:30 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-25 08:29 - 2014-05-19 12:42 - 00425840 _____ () C:\WINDOWS\PFRO.log
2014-05-24 18:25 - 2014-04-06 11:34 - 00003946 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1678E523-962C-4C64-876A-04704240494B}
2014-05-24 12:24 - 2014-03-08 01:24 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3734813317-3092876567-2697954302-1001
2014-05-24 11:59 - 2014-04-11 17:06 - 00000000 ____D () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-24 11:59 - 2014-03-08 01:19 - 00000000 ___RD () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-24 10:04 - 2014-04-13 10:00 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-05-22 18:18 - 2014-04-10 19:39 - 00000000 ____D () C:\Users\***\AppData\Roaming\vlc
2014-05-22 18:16 - 2014-05-22 18:02 - 00000000 ____D () C:\Users\***\AppData\Roaming\Audacity
2014-05-22 18:15 - 2014-05-22 18:15 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2014-05-22 18:01 - 2014-05-22 18:01 - 00000997 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-05-22 18:01 - 2014-05-22 18:01 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-05-21 23:03 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-05-21 22:27 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-05-21 14:56 - 2014-05-21 14:54 - 00146164 _____ () C:\Users\***\Desktop\OTL.Txt
2014-05-21 14:50 - 2014-05-21 14:50 - 00602112 _____ (OldTimer Tools) C:\Users\***\Desktop\OTL.exe
2014-05-21 14:48 - 2014-05-21 14:48 - 00000000 ____D () C:\Users\***\Desktop\Neuer Ordner
2014-05-21 14:31 - 2014-05-21 13:56 - 00000000 ____D () C:\WINDOWS\LastGood
2014-05-21 14:29 - 2014-05-21 14:29 - 00688992 _____ (Swearware) C:\Users\***\Desktop\dds.com
2014-05-21 14:23 - 2014-04-05 15:12 - 00000000 ____D () C:\Program Files\Intel
2014-05-21 14:23 - 2014-03-08 01:17 - 00000000 ____D () C:\Users\***\AppData\Roaming\Intel
2014-05-21 14:22 - 2014-05-21 14:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2014-05-21 14:22 - 2014-05-21 14:22 - 00000000 ____D () C:\Program Files\Common Files\Intel
2014-05-21 14:22 - 2014-05-21 14:22 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-05-21 14:22 - 2014-05-20 09:32 - 00066166 _____ () C:\WINDOWS\DPINST.LOG
2014-05-21 14:22 - 2014-04-05 15:12 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-05-21 14:22 - 2013-12-27 22:09 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-21 14:22 - 2013-12-27 22:09 - 00000000 ____D () C:\ProgramData\Intel
2014-05-21 13:50 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-05-21 13:49 - 2012-07-26 10:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-05-21 09:10 - 2014-05-21 09:10 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-05-21 09:05 - 2014-05-20 08:54 - 00002483 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-05-21 09:05 - 2014-05-20 08:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-05-21 09:05 - 2014-04-10 15:22 - 00002525 _____ () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton Internet Security.lnk
2014-05-21 09:05 - 2014-04-06 13:25 - 00003234 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration
2014-05-21 09:05 - 2014-04-06 13:25 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NISx64
2014-05-20 10:04 - 2014-04-16 18:57 - 00235520 ___SH () C:\Users\***\Desktop\Thumbs.db
2014-05-20 09:36 - 2014-05-01 21:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-20 09:27 - 2014-05-20 09:27 - 00000000 ____D () C:\Users\***\Downloads\WiFi_Intel_Win81_64_VER17015
2014-05-20 09:02 - 2014-05-20 09:02 - 00001137 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-20 09:02 - 2014-05-20 09:02 - 00001125 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-20 09:02 - 2014-05-20 09:02 - 00000000 ____D () C:\Users\***\AppData\Roaming\Mozilla
2014-05-20 09:02 - 2014-05-20 09:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-20 08:54 - 2014-05-20 08:54 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-05-20 08:54 - 2014-05-20 08:54 - 00008222 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2014-05-20 08:54 - 2014-05-20 08:54 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-05-20 08:53 - 2014-05-20 08:53 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-05-20 08:53 - 2014-04-06 13:25 - 00000000 ____D () C:\ProgramData\Norton
2014-05-19 20:54 - 2014-04-10 16:51 - 00000000 ____D () C:\Users\***\AppData\Local\CrashDumps
2014-05-19 18:57 - 2014-05-19 18:57 - 00006481 _____ () C:\Users\***\Desktop\bookmarks-2014-05-19.json
2014-05-19 18:56 - 2014-05-19 18:55 - 28852416 _____ (Mozilla) C:\Users\***\Desktop\Firefox Setup 29.0.1.exe
2014-05-19 14:22 - 2014-05-19 14:22 - 00000000 ____D () C:\Users\***\Desktop\CDBurnerXP-4.5.3.4746
2014-05-19 14:20 - 2014-05-19 14:19 - 00000175 _____ () C:\Users\***\AppData\Roaming\Checksum.ini
2014-05-19 14:18 - 2014-05-19 14:18 - 00000000 ____D () C:\Users\***\Desktop\checksum
2014-05-19 13:54 - 2014-05-19 13:39 - 602079232 _____ () C:\Users\***\Desktop\ubcd_529.iso
2014-05-19 12:33 - 2014-05-19 12:33 - 07540560 _____ (Symantec Corporation) C:\Users\***\Desktop\NRnR.exe
2014-05-17 13:33 - 2014-05-17 13:33 - 00031648 _____ (REALiX™) C:\WINDOWS\system32\Drivers\HWiNFO64A.SYS
2014-05-17 13:32 - 2014-05-17 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
2014-05-17 13:32 - 2014-05-17 13:32 - 00000000 ____D () C:\Program Files\HWiNFO64
2014-05-17 12:04 - 2014-05-17 12:01 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-17 12:01 - 2014-05-17 12:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-17 11:49 - 2014-05-17 11:42 - 00143776 _____ () C:\Users\***\Documents\OTL.Txt
2014-05-17 11:43 - 2014-05-17 11:43 - 00062108 _____ () C:\Users\***\Documents\Extras.Txt
2014-05-17 11:21 - 2013-12-27 22:07 - 00016278 _____ () C:\WINDOWS\system32\results.xml
2014-05-17 11:20 - 2014-05-17 11:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-05-17 11:20 - 2014-05-17 11:19 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-05-17 11:15 - 2014-05-17 11:15 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-17 11:14 - 2014-05-17 11:14 - 00000000 ____D () C:\Users\***\Downloads\Audio_Realtek_Win81_64_VER6017054
2014-05-16 20:50 - 2014-03-08 01:43 - 00000000 ____D () C:\Users\***\AppData\Local\Adobe
2014-05-16 15:11 - 2014-05-16 15:11 - 00000000 ____D () C:\Users\***\Desktop\AS_SSD17_Benchmark
2014-05-16 12:53 - 2014-04-11 17:44 - 00000000 ____D () C:\Users\***\AppData\Roaming\Spotify
2014-05-16 12:43 - 2014-05-14 21:18 - 00000000 ____D () C:\WINDOWS\Minidump
2014-05-15 16:51 - 2014-05-15 16:47 - 00000000 ____D () C:\Users\***\AppData\Local\NPE
2014-05-15 16:48 - 2014-05-15 16:48 - 00000000 ____D () C:\NPE
2014-05-15 16:35 - 2014-05-15 16:35 - 00000000 ____D () C:\ProgramData\PCSettings
2014-05-14 22:43 - 2014-05-14 22:43 - 00000000 ____D () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2014-05-14 22:43 - 2014-05-14 22:43 - 00000000 ____D () C:\Program Files (x86)\NirSoft
2014-05-14 21:41 - 2014-04-05 15:14 - 00000000 ____D () C:\Users\***
2014-05-14 20:31 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-05-14 19:02 - 2014-03-08 01:19 - 00000000 ___RD () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 19:01 - 2014-03-08 01:59 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-14 19:01 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-05-14 19:01 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 19:01 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-14 19:01 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-05-14 19:01 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-05-14 19:01 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-14 19:01 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-14 19:00 - 2014-03-08 01:59 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-08 23:32 - 2014-05-08 23:32 - 00001282 _____ () C:\Users\***\Desktop\Amazon Cloud Player.lnk
2014-05-08 23:32 - 2014-05-08 23:32 - 00000000 ____D () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2014-05-08 23:32 - 2014-05-08 23:32 - 00000000 ____D () C:\Users\***\AppData\Local\Amazon Cloud Player
2014-05-07 17:48 - 2014-03-08 01:17 - 00000000 ____D () C:\Users\***\AppData\Local\Packages
2014-05-07 16:26 - 2014-04-11 17:45 - 00000000 ____D () C:\Users\***\AppData\Local\Spotify
2014-05-06 23:37 - 2014-05-06 23:37 - 00000021 _____ () C:\Users\***\AppData\Roaming\my_intel.sys
2014-05-06 06:40 - 2014-05-14 19:00 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-06 05:25 - 2014-05-14 19:00 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-06 05:00 - 2014-05-14 19:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-14 19:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-01 22:30 - 2013-08-22 17:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-01 22:30 - 2013-08-22 17:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-01 21:30 - 2014-05-01 21:30 - 00000000 ____D () C:\ProgramData\Mozilla
2014-05-01 21:30 - 2014-04-10 16:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-01 10:06 - 2014-05-01 10:06 - 00003028 _____ () C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2014-05-01 10:06 - 2013-04-26 01:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2014-05-01 10:06 - 2013-04-26 01:16 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-04-29 21:05 - 2014-04-29 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-04-29 21:05 - 2014-04-10 16:01 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-04-29 21:05 - 2014-04-10 16:01 - 00000000 ____D () C:\Program Files\CCleaner

Files to move or delete:
====================
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS


Some content of TEMP:
====================
C:\Users\***\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbbk5xk.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-25 08:59

==================== End Of Log ============================

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:17 AM

Posted 26 May 2014 - 07:17 AM

Your log is clean.

It may just be that we are looking at some hardware issue.
Not my forte but let see what the Event Viewer log will show.


Please download MiniToolBox to Desktop and run it.

Check mark the following boxe:
  • List last 10 Event Viewer log

  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


#5 greg2657

greg2657
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 28 May 2014 - 10:30 AM

Thanks for looking through my logs. Now, that I know that my system is clean, I'm relieved :)

Here is the Result.txt file:

 

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

MiniToolBox by Farbar  Version: 23-01-2014
Ran by *** (administrator) on 26-05-2014 at 16:03:42
Running from "C:\Users\***\Desktop"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/26/2014 09:39:33 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.3.9600.17031, Zeitstempel: 0x53085927
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17055, Zeitstempel: 0x532954fb
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000005bf8
ID des fehlerhaften Prozesses: 0xde0
Startzeit der fehlerhaften Anwendung: 0xwwahost.exe0
Pfad der fehlerhaften Anwendung: wwahost.exe1
Pfad des fehlerhaften Moduls: wwahost.exe2
Berichtskennung: wwahost.exe3
Vollständiger Name des fehlerhaften Pakets: wwahost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: wwahost.exe5

Error: (05/26/2014 09:39:33 AM) (Source: .NET Runtime) (User: )
Description: Anwendung: wwahost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Runtime.InteropServices.InvalidComObjectException
Stapel:
   bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (05/25/2014 09:01:22 AM) (Source: Microsoft-Windows-Defrag) (User: )
Description: Das Volume "\\?\Volume{a9222e07-acf0-4a03-aedc-186f0f0d21ed}\" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (05/25/2014 09:01:22 AM) (Source: Microsoft-Windows-Defrag) (User: )
Description: Das Volume "Recovery" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (05/24/2014 08:56:50 PM) (Source: Application Hang) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20461 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 17f4

Startzeit: 01cf7772821e3c1e

Endzeit: 4294967295

Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\LiveComm.exe

Berichts-ID: 26b74fae-e375-11e3-bed8-5c514f80a371

Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/24/2014 11:17:26 AM) (Source: Microsoft-Windows-Defrag) (User: )
Description: Das Volume "\\?\Volume{a9222e07-acf0-4a03-aedc-186f0f0d21ed}\" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (05/24/2014 11:17:25 AM) (Source: Microsoft-Windows-Defrag) (User: )
Description: Das Volume "Recovery" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (05/24/2014 10:54:04 AM) (Source: ISCTAgent) (User: )
Description: ISCT - CWinPcapWrapper::AnalyzeStatistics   InetMonRemoveFilter(filter=(null)) failed: 87

Error: (05/24/2014 10:04:28 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageCode", Wert: "GUID") für Schlüssel "HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219".

Error: (05/24/2014 10:04:27 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageCode", Wert: "GUID") für Schlüssel "HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219".


System errors:
=============
Error: (05/25/2014 10:03:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
%%1062

Error: (05/24/2014 03:10:04 PM) (Source: BTHUSB) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.

Error: (05/22/2014 10:43:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
%%1062

Error: (05/21/2014 11:03:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
%%1062

Error: (05/21/2014 10:28:32 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
%%1062

Error: (05/21/2014 03:28:16 PM) (Source: Tcpip) (User: )
Description: Fehler beim Löschen eines Paketzusammenfügungsfilters für den Netzwerkadapter mit der Hardwareadresse *** (IPv4 ***).

Error: (05/21/2014 03:28:16 PM) (Source: Tcpip) (User: )
Description: Fehler beim Löschen eines Paketzusammenfügungsfilters für den Netzwerkadapter mit der Hardwareadresse *** (IPv4 ***).

Error: (05/21/2014 03:28:16 PM) (Source: Tcpip) (User: )
Description: Fehler beim Löschen eines Paketzusammenfügungsfilters für den Netzwerkadapter mit der Hardwareadresse *** (IPv4 ***).

Error: (05/21/2014 03:28:16 PM) (Source: Tcpip) (User: )
Description: Fehler beim Löschen eines Paketzusammenfügungsfilters für den Netzwerkadapter mit der Hardwareadresse *** (IPv4 ***).

Error: (05/21/2014 03:28:16 PM) (Source: Tcpip) (User: )
Description: Fehler beim Löschen eines Paketzusammenfügungsfilters für den Netzwerkadapter mit der Hardwareadresse *** (IPv4 ***).


Microsoft Office Sessions:
=========================
Error: (05/26/2014 09:39:33 AM) (Source: Application Error)(User: )
Description: wwahost.exe6.3.9600.1703153085927KERNELBASE.dll6.3.9600.17055532954fbe04343520000000000005bf8de001cf78b4339dac95C:\WINDOWS\system32\wwahost.exeC:\WINDOWS\system32\KERNELBASE.dlle0b0ee5a-e4a8-11e3-beda-5c514f80a371AppUp.IntelExperienceCenter_1.9.1.8_x64__8j3eq9eme6cttApp

Error: (05/26/2014 09:39:33 AM) (Source: .NET Runtime)(User: )
Description: Anwendung: wwahost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Runtime.InteropServices.InvalidComObjectException
Stapel:
   bei System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (05/25/2014 09:01:22 AM) (Source: Microsoft-Windows-Defrag)(User: )
Description: \\?\Volume{a9222e07-acf0-4a03-aedc-186f0f0d21ed}\Falscher Parameter. (0x80070057)

Error: (05/25/2014 09:01:22 AM) (Source: Microsoft-Windows-Defrag)(User: )
Description: RecoveryFalscher Parameter. (0x80070057)

Error: (05/24/2014 08:56:50 PM) (Source: Application Hang)(User: )
Description: LiveComm.exe17.5.9600.2046117f401cf7772821e3c1e4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbwe\LiveComm.exe26b74fae-e375-11e3-bed8-5c514f80a371microsoft.windowscommunicationsapps_17.5.9600.20461_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (05/24/2014 11:17:26 AM) (Source: Microsoft-Windows-Defrag)(User: )
Description: \\?\Volume{a9222e07-acf0-4a03-aedc-186f0f0d21ed}\Falscher Parameter. (0x80070057)

Error: (05/24/2014 11:17:25 AM) (Source: Microsoft-Windows-Defrag)(User: )
Description: RecoveryFalscher Parameter. (0x80070057)

Error: (05/24/2014 10:54:04 AM) (Source: ISCTAgent)(User: )
Description: ISCT - CWinPcapWrapper::AnalyzeStatistics   InetMonRemoveFilter(filter=(null)) failed: 87

Error: (05/24/2014 10:04:28 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: PackageCodeGUIDHKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219(NULL)(NULL)(NULL)

Error: (05/24/2014 10:04:27 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT)
Description: PackageCodeGUIDHKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219(NULL)(NULL)(NULL)


**** End of log ****

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

For the case, that it maybe helps, I attached a file where I searched for errors/critical events in the event log that occured around the time that I got my bluescreen.

 

Greets

greg2657

 

p.s.: Since I'm German, the names and descriptions of the events from the event viewer are written in German, but maybe it still helps. If not, I can also translate some of the events/messages.

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:17 AM

Posted 28 May 2014 - 12:38 PM

It looks like the offending file is wwahost.exe which is responsible for the Apps.
Refer to this page.
http://www.eightforums.com/tutorials/21051-apps-tiles-not-working-responding-fix-windows-8-a.html

I sugges for now that you try the fix here.

Troubleshoot and Fix Store App Issues in Windows 8 and 8.1 with "Windows Store Apps" Troubleshooter
http://www.eightforums.com/tutorials/20291-windows-store-apps-troubleshooter-fix-apps-windows-8-a.html

If that fails

Run this command.
SFC /SCANNOW Command - Run in Windows 8

Try the OPTION TWO on this page.
http://www.eightforums.com/tutorials/3047-sfc-scannow-command-run-windows-8-a.html

Keep me posted.

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:17 AM

Posted 04 June 2014 - 07:28 AM

Are you still with me?

#8 greg2657

greg2657
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 04 June 2014 - 10:50 AM

Yes I am :) Sorry, I was very busy during the last week.

I will try the suggestions provided through the links. Which problem is this supposed to fix? That I can't update Norton properly anymore or that my wifi connection drops every few minutes. I ask because it says on the first two linked pages that those are steps for fixing store app issues or tile problems which I fortunately don't have.

 

Thanks for your help

greg2657



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:17 AM

Posted 04 June 2014 - 12:17 PM

I ask because it says on the first two linked pages that those are steps for fixing store app issues or tile problems which I fortunately don't have.

That came from looking at your error log.

===

Just run the SFC tool for now.

http://www.eightforums.com/tutorials/3047-sfc-scannow-command-run-windows-8-a.html
===

Then:

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#10 greg2657

greg2657
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 10 June 2014 - 05:27 AM

I ran the SFC tool and it told me, that the windows resource protection didn't find any integrity violations.

 

Here is the FSS.txt log:

 

==========================================================================================================================

 

Farbar Service Scanner Version: 09-06-2014
Ran by *** (administrator) on 10-06-2014 at 12:17:59
Running from "C:\Users\***\Desktop"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2014-04-10 15:21] - [2014-03-04 14:15] - 2519384 ____A (Microsoft Corporation) FEEFE783D87C9063CDAC6DBDCF95F533

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\wscsvc.dll
[2014-04-10 15:24] - [2014-02-22 10:52] - 0134144 ____A (Microsoft Corporation) 515583507D3828E827FF6352C9ACCEFA

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 

==========================================================================================================================

 

I also had another bluescreen. If I should run any tool again or upload the .dmp files of the two bluescreens, please let me know.

 

Thanks a lot for your help

greg2657



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:17 AM

Posted 10 June 2014 - 08:20 AM

This is not malware and not my forte.

You can run this tool to find out if a driver is the culprit.
If we fail to find out what crashed the system you can then start a new topic in the Internal hardware forum
http://www.bleepingcomputer.com/forums/forum7.html

WhoCrashed reveals the drivers responsible for crashing your computer.

Introduction.
http://www.resplendence.com/whocrashed

Please download the free home edition of WhoCrashed to your Desktop from here whocra10.png and install it by double-clicking "whocrashedSetup.exe".
At the end, it will open automatically. Click the "Analyze" button.

Please scroll down the Information window to copy and paste the results in your next reply.

whocra11.png



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:17 AM

Posted 16 June 2014 - 08:06 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:17 AM

Posted 19 June 2014 - 07:20 AM

This topic has been re-opened at the request of the person who originally posted.

#14 greg2657

greg2657
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:17 PM

Posted 19 June 2014 - 07:37 AM

Thanks for reopening the topic and helping me :-)

 

Here is the WhoCrashed-Log:

 

============================================================================================================================

 

System Information (local)

computer name:  ***
windows version: Windows 8.1 , 6.2, build: 9200
windows dir: C:\WINDOWS
Hardware: UX301LAA, ASUSTeK COMPUTER INC.
CPU: GenuineIntel Intel® Core™ i7-4500U CPU @ 1.80GHz Intel586, level: 6
4 logical processors, active mask: 15
RAM: 8467480576 total
VM: 2147352576, free: 1918562304


 

Crash Dump Analysis


Crash dump directory: C:\WINDOWS\Minidump

Crash dumps are enabled on your computer.

On Tue 17.06.2014 12:09:31 GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\061714-8250-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x156E36)
Bugcheck code: 0x9F (0x4, 0x12C, 0xFFFFE000CABD6880, 0xFFFFD000D5EB8950)
Error: DRIVER_POWER_STATE_FAILURE
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This bug check indicates that the driver is in an inconsistent or invalid power state.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Tue 17.06.2014 12:09:31 GMT your computer crashed
crash dump file: C:\WINDOWS\memory.dmp
This was probably caused by the following module: ntkrnlmp.exe (nt!KeBugCheckEx+0x0)
Bugcheck code: 0x9F (0x4, 0x12C, 0xFFFFE000CABD6880, 0xFFFFD000D5EB8950)
Error: DRIVER_POWER_STATE_FAILURE
Bug check description: This bug check indicates that the driver is in an inconsistent or invalid power state.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Fri 06.06.2014 07:47:36 GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\060614-8093-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x156E36)
Bugcheck code: 0x9F (0x4, 0x12C, 0xFFFFE001908A7880, 0xFFFFD0006AEFBCA0)
Error: DRIVER_POWER_STATE_FAILURE
file path: C:\WINDOWS\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This bug check indicates that the driver is in an inconsistent or invalid power state.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.



On Wed 14.05.2014 19:18:01 GMT your computer crashed
crash dump file: C:\WINDOWS\Minidump\051414-6906-01.dmp
This was probably caused by the following module: fltmgr.sys (fltmgr+0x4E2B)
Bugcheck code: 0x1000007E (0xFFFFFFFFC0000005, 0xFFFFF8006B21EE2B, 0xFFFFD000226C5408, 0xFFFFD000226C4C10)
Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
file path: C:\WINDOWS\system32\drivers\fltmgr.sys
product: Betriebssystem Microsoft® Windows®
company: Microsoft Corporation
description: Microsoft Dateisystem-Filter-Manager
Bug check description: This indicates that a system thread generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.





Conclusion

4 crash dumps have been found and analyzed. No offending third party drivers have been found. Connsider using WhoCrashed Professional which offers more detailed analysis using symbol resolution. Also configuring your system to produce a full memory dump may help you.

 

================================================================================================================

 

Greets

greg2657



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:17 AM

Posted 19 June 2014 - 07:54 AM


Run the System File Checker tool (SFC.exe)
http://support.microsoft.com/kb/929833


If nothing is found or corrected I suggest you start a new topic in the Windows 8 Forum
http://www.bleepingcomputer.com/forums/f/209/windows-8/

As this is not my forte.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users