Text only | Text with Images

LandzDown Forum

Security => Analysis and Malware Removal => Topic started by: babyoh on June 27, 2014, 08:23:25 AM

Title: mysterious crashes - here are logs
Post by: babyoh on June 27, 2014, 08:23:25 AM
had freeze/crashes (win7 home) on the following dates:
6.1.2014, 6.14.2014, 6.19.2014, 6.25.2014

keyboard completely unresponsive (Ctrl-Alt-Delete)- had to hold down power button to turn off.

had multiple apps open each time. i *think* i was online with Firefox each crash.

nothing unusual shows in Event Viewer prior to crashes.
Firefox has been somewhat unstable- it crashes every 1-2 weeks, then recovers gracefully. it never causes system freeze.

all my scans are clean (MBAM, MSE).

ran sfc and Chkdsk- no problems reported.

-- used safe mode to set System Restore to go back to a point 5.14.2014; didn't help.

Oh: I had Process Explorer running during one crash, curious to see if any odd/rogue process turned on immediately prior to the problem.
both my screens froze upon crash; didn't notice anything unusual in PE.

- Anyway, here are my logs.
DDS.txt
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126
Run by lappy5 at 2:42:04 on 2014-06-27
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16344.14045 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://asus.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"
mRun: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - C:\Program Files\WinHTTlappy5k\WinHTTlappy5kIEBar.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{362F548B-D9B9-4190-9495-D9D9E1BDD8AE} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6AFE652C-6D79-4464-96F5-B10F27E2D0A9} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1   www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\lappy5\AppData\Roaming\Mozilla\Firefox\Profiles\bvvw60qn.default\
FF - prefs.js: browser.search.selectedEngine - SHODAN
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6457jj8f.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-4-9 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-7-17 55856]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-2-16 277120]
R2 AsusUacSvc;Asus process privilege adjust service;C:\Program Files\ASUS\Rotation Desktop for G Series\AsusUacSvc.exe [2013-7-17 113840]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-12-29 106144]
R2 FanChkService;Fan Filter Checker Service;C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [2012-1-20 45696]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-7-17 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-7-17 161560]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 133928]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-7-17 363800]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-4-9 27760]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-12-29 158880]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2013-7-17 17152]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-12-29 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-12-29 338592]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2011-12-29 110752]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-12-29 30368]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-12-29 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-12-29 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-12-29 280992]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-12-29 548000]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-4-9 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-4-9 787736]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-4-9 108656]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver.sys [2012-4-9 22800]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-4-9 2193008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-19 111616]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-18 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-18 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-17 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .js: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-06-27 02:43:41   10779000   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F0A3FC53-5053-48FF-8AF6-BB99C3E9206A}\mpengine.dll
2014-06-25 10:53:14   10779000   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-24 22:59:46   1031560   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1AE4B994-0C3C-4A28-888A-01B466567101}\gapaengine.dll
2014-06-21 01:48:18   --------   d-----w-   C:\Users\lappy5\AppData\Roaming\WinPatrol
2014-06-21 01:47:54   --------   d-----w-   C:\ProgramData\InstallMate
2014-06-21 01:47:54   --------   d-----w-   C:\Program Files (x86)\BillP Studios
2014-06-21 00:33:14   122584   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-21 00:33:00   91352   ----a-w-   C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-21 00:33:00   63704   ----a-w-   C:\Windows\System32\drivers\mwac.sys
2014-06-21 00:33:00   --------   d-----w-   C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-20 01:45:09   801280   ----a-w-   C:\Windows\System32\usp10.dll
2014-06-20 01:44:54   2048   ----a-w-   C:\Windows\SysWow64\msxml6r.dll
2014-06-20 01:44:54   2048   ----a-w-   C:\Windows\SysWow64\msxml3r.dll
2014-06-20 01:44:54   2048   ----a-w-   C:\Windows\System32\msxml6r.dll
2014-06-20 01:44:54   2048   ----a-w-   C:\Windows\System32\msxml3r.dll
2014-06-20 01:44:54   2002432   ----a-w-   C:\Windows\System32\msxml6.dll
2014-06-20 01:44:54   1882112   ----a-w-   C:\Windows\System32\msxml3.dll
2014-06-20 01:44:54   1389056   ----a-w-   C:\Windows\SysWow64\msxml6.dll
2014-06-20 01:44:54   1237504   ----a-w-   C:\Windows\SysWow64\msxml3.dll
2014-06-20 01:01:27   --------   d-----w-   C:\Windows\pss
2014-06-10 18:29:22   209408   ----a-w-   C:\Program Files\Internet Explorer\DiagnosticsTap.dll
.
==================== Find3M  ====================
.
2014-06-27 07:39:39   71344   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-27 07:39:39   699056   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-27 07:22:06   380   ----a-w-   C:\Users\lappy5\AppData\Roaming\sp_data.sys
2014-05-30 10:02:37   2724864   ----a-w-   C:\Windows\System32\mshtml.tlb
2014-05-30 10:02:09   4096   ----a-w-   C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:39:43   548352   ----a-w-   C:\Windows\System32\vbscript.dll
2014-05-30 09:39:23   66048   ----a-w-   C:\Windows\System32\iesetup.dll
2014-05-30 09:38:29   48640   ----a-w-   C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:21:23   139264   ----a-w-   C:\Windows\System32\ieUnatt.exe
2014-05-30 09:21:05   111616   ----a-w-   C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:20:36   752640   ----a-w-   C:\Windows\System32\jscript9diag.dll
2014-05-30 09:11:24   940032   ----a-w-   C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:08:22   5782528   ----a-w-   C:\Windows\System32\jscript9.dll
2014-05-30 09:02:39   2724864   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2014-05-30 08:55:36   38400   ----a-w-   C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 08:44:28   455168   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2014-05-30 08:43:06   61952   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2014-05-30 08:42:16   51200   ----a-w-   C:\Windows\SysWow64\ieetwproxystub.dll
2014-05-30 08:28:33   112128   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2014-05-30 08:27:56   592896   ----a-w-   C:\Windows\SysWow64\jscript9diag.dll
2014-05-30 08:24:19   1249280   ----a-w-   C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:23:22   2040832   ----a-w-   C:\Windows\System32\inetcpl.cpl
2014-05-30 08:10:46   32256   ----a-w-   C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-05-30 07:56:56   2266112   ----a-w-   C:\Windows\System32\wininet.dll
2014-05-30 07:56:50   4244992   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2014-05-30 07:50:09   1068032   ----a-w-   C:\Windows\SysWow64\mshtmlmedia.dll
2014-05-30 07:49:38   1964544   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2014-05-30 07:21:10   1790976   ----a-w-   C:\Windows\SysWow64\wininet.dll
2014-05-12 12:25:56   25816   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2014-04-25 02:06:17   626688   ----a-w-   C:\Windows\SysWow64\usp10.dll
2014-04-12 02:22:05   95680   ----a-w-   C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05   155072   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38   29184   ----a-w-   C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38   136192   ----a-w-   C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37   28160   ----a-w-   C:\Windows\System32\secur32.dll
2014-04-12 02:19:32   1460736   ----a-w-   C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05   31232   ----a-w-   C:\Windows\System32\lsass.exe
2014-04-12 02:12:06   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
2014-04-05 02:47:20   1903552   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
2014-04-05 02:47:09   288192   ----a-w-   C:\Windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH:  2:42:21.84 ===============

CHECKUP.txt
Results of screen317's Security Check version 0.99.85 
Windows 7 Service Pack 1 x64 (UAC is enabled) 
Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled! 
Microsoft Security Essentials   
Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````[/u]
MVPS Hosts File 
SpywareBlaster 5.0   
Adobe Flash Player 14.0.0.125 
Adobe Reader XI 
Mozilla Firefox (30.0)
````````Process Check: objlist.exe by Laurent````````[/u] 
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
WinPatrol winpatrol.exe
BillP Studios WinPatrol WinPatrol.exe 
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]

***
ATTACH.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/17/2013 12:01:10 AM
System Uptime: 6/27/2014 2:21:18 AM (0 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. |  | G75VW
Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz | SOCKET 0 | 2301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 348 GiB total, 142.787 GiB free.
D: is FIXED (NTFS) - 559 GiB total, 141.131 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP155: 5/5/2014 5:24:54 PM - Windows Update
RP156: 5/8/2014 5:27:54 PM - Windows Update
RP157: 5/8/2014 7:31:49 PM - beforebigupdateohboy
RP158: 5/8/2014 7:34:38 PM - Windows Update
RP159: 5/12/2014 7:55:12 AM - Windows Update
RP160: 5/13/2014 3:12:47 PM - Windows Update
RP161: 5/16/2014 6:14:38 PM - Windows Update
RP162: 5/20/2014 6:16:02 AM - Windows Update
RP163: 5/24/2014 11:35:51 AM - Windows Update
RP164: 5/27/2014 6:35:03 PM - Windows Update
RP165: 5/31/2014 5:44:56 PM - Windows Update
RP166: 6/2/2014 1:57:12 PM - june
RP167: 6/5/2014 3:59:36 PM - Windows Update
RP168: 6/8/2014 5:36:35 PM - Windows Update
RP169: 6/10/2014 1:29:40 PM - Windows Update
RP170: 6/14/2014 8:01:02 PM - Windows Update
RP171: 6/18/2014 5:11:47 PM - Windows Update
RP172: 6/19/2014 8:41:22 PM - Windows Update
RP173: 6/19/2014 8:45:13 PM - Windows Update
RP174: 6/20/2014 6:40:21 PM - beforespybotsandd
RP175: 6/24/2014 5:57:09 PM - Windows Update
RP176: 6/25/2014 5:46:45 AM - Windows Update
.
==== Installed Programs ======================
.
??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 14 Plugin
Adobe Reader XI (11.0.03)
Aegisub 3.0.4
Aegisub 3.1.3
AkelPad 4.8.8
Alcor Micro USB Card Reader
Amaya
Apple Software Update
ASUS AI Recovery
ASUS Fan Filter Checker
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS Splendid Video Enhancement Technology
ASUS USB Charger Plus
ASUS Virtual Camera
ASUS WebStorage
AsusScr_G75 Series_ENG
AsusVibe2.0
Atheros Bluetooth Suite (64)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Atheros Driver Installation Program
ATK Package
Audacity 2.0.5
Avidemux 2.6 - 64bits
Bing Bar
Blender
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
CyberLink LabelPrint
CyberLink Media Suite
CyberLink Power2Go
D3DX10
DirectX 9 Runtime
Frescobaldi 2.0.13
GameFast
GIMP 2.8.10
Inkscape 0.48
InstantOn for NB
Intel(R) Manageability Engine Firmware Recovery Agent
Intel(R) Management Engine Components
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
IrfanView (remove only)
LilyPond
Malwarebytes Anti-Malware version 2.0.2.1012
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Windows Debugging Symbols
Mozilla Firefox 30.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MuseScore 1.3
Notepad++
NVIDIA 3D Vision Driver 331.65
NVIDIA Control Panel 331.65
NVIDIA Graphics Driver 331.65
NVIDIA Install Application
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.15.2
NVIDIA Update Components
Opera 12.14
Pale Moon 24.6.2 (x86 en-US)
Platform
Programmer's Notepad
Recuva
Rotation Desktop for G Series
Roxio AACS Certificate
Roxio CinePlayer
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2931365)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)
SpywareBlaster 5.0
STDU Viewer version 1.6.300.0
Subtitle Edit 3.3.9
Synaptics Pointing Device Driver
TrueCrypt
Unlocker 1.9.2
VIA Platform Device Manager
VLC media player 2.1.3
Windows Live
Windows Live ???
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinFlash
WinHasher 1.6.1
WinHTTrack Website Copier 3.46-1 (x64)
WinPatrol
Wireless Console 3
.
==== Event Viewer Messages From Past Week ========
.
6/26/2014 2:35:52 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.177.779.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10701.0     Error code: 0x8024402c     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
6/23/2014 7:19:34 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.177.460.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10701.0     Error code: 0x80072efe     Error description: The connection with the server was terminated abnormally
6/22/2014 3:37:43 AM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:      Previous Signature Version: 1.177.460.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10701.0     Error code: 0x8024402c     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
.
==== End Of File ===========================


Title: Re: mysterious crashes - here are logs
Post by: babyoh on June 27, 2014, 08:30:57 AM
P.S.
i sometimes kill my internet connection temporarily, so apps don't "phone home" or try to update while i'm working on something.

this seems to cause multiple errors in Event Viewer :
"Microsoft Antimalware has encountered an error trying to update signatures."

i've been ignoring those errors for yrs, since they always coincide (and only occur) with when i go offline.

at any rate, that error isn't new.
- Nothing *PRIOR* to the crash stands out. *Afterward* i get the "The system has rebooted without cleanly shutting down first" standard ones, that i'd expect.
Title: Re: mysterious crashes - here are logs
Post by: Corrine on June 27, 2014, 06:50:45 PM
Quote from: babyohhad freeze/crashes (win7 home) on the following dates:
6.1.2014, 6.14.2014, 6.19.2014, 6.25.2014

keyboard completely unresponsive (Ctrl-Alt-Delete)- had to hold down power button to turn off.

had multiple apps open each time. i *think* i was online with Firefox each crash.

nothing unusual shows in Event Viewer prior to crashes.
Firefox has been somewhat unstable- it crashes every 1-2 weeks, then recovers gracefully. it never causes system freeze.

all my scans are clean (MBAM, MSE).

ran sfc and Chkdsk- no problems reported.

-- used safe mode to set System Restore to go back to a point 5.14.2014; didn't help.

Oh: I had Process Explorer running during one crash, curious to see if any odd/rogue process turned on immediately prior to the problem.
both my screens froze upon crash; didn't notice anything unusual in PE.

You've certainly covered all the usual bases and I'm not seeing anything in your logs that would point to a reason for the computer freezing/becoming unresponsive.  With the freezes so sporadic, tracking down the source can be problematic.  However, since you believe Firefox was running at the time of each freeze, it seems that is the target as a process of elimination and the likely starting place.  With Pale Moon installed, which will work with your favorite extensions, please try using that for the next week or so to see if your computer freezes.  If it does freeze while using Pale Moon, it may be helpful to note any other programs that are in use at the time.
Text only | Text with Images