Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I Infected? Windows Gets Hung Up On Both Startup & Shutdown


  • This topic is locked This topic is locked
65 replies to this topic

#1 Tumbo

Tumbo

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:51 PM

Posted 29 October 2014 - 09:48 PM

I have been working with user "boopme" and was asked to start this topic in this forum.  Here is a link to our discussion up to this point:

 

http://www.bleepingcomputer.com/forums/t/552482/am-i-infected-windows-gets-hung-up-on-both-startup-shutdown/#entry3520280

 

 

The DDS log is here, along with the attached file as was requested:

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 11.25.2
Run by Dana at 15:53:28 on 2014-10-29
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6031.4142 [GMT -10:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dell.com
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
uRun: [DellSystemDetect] C:\Users\Dana\AppData\Local\Apps\2.0\PB62QDGM.JCN\8L9BL22R.4NT\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: dell.com
TCP: NameServer = 24.25.227.55 209.18.47.61 24.25.227.53
TCP: Interfaces\{70A5C932-B068-4766-8E9B-9DA5A4314B6E} : DHCPNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\btvstack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\athbttray.exe"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\piug3ttm.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/?gws_rd=ssl
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-9-22 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-9-22 224896]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-8-30 644968]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-8-30 28008]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-9-22 20464]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-9-22 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-9-22 427360]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-9-22 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-9-22 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-9-22 92008]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2013-2-6 204928]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-9-22 50344]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-30 15720]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2014-9-22 165760]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2014-9-22 364416]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2014-9-22 81536]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2013-2-6 36480]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2013-2-6 341120]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2013-2-6 111232]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2013-2-6 30848]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2013-2-6 168064]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2013-2-6 68736]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2013-2-6 281728]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2013-2-6 551552]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-9-22 342528]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-9-22 358896]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-9-22 792560]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2014-10-27 315536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-9-22 726160]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2014-10-1 31472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-14 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-9-28 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-9-28 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-9-28 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-9-23 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-10-30 00:45:19    11627712    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EA1C8D71-2252-4788-9107-7DA9E5C8DD53}\mpengine.dll
2014-10-28 18:56:05    --------    d-----w-    C:\Windows\System32\catroot2
2014-10-28 07:06:18    --------    d-----w-    C:\Windows\SysWow64\sda
2014-10-28 07:05:30    9888912    ----a-w-    C:\Windows\SysWow64\RtsUVStoricon.dll
2014-10-28 07:05:30    315536    ----a-w-    C:\Windows\System32\drivers\RtsUVStor.sys
2014-10-28 06:48:31    --------    d-----w-    C:\Users\Dana\Intel
2014-10-28 05:46:14    --------    d-----w-    C:\Program Files\WhoCrashed
2014-10-23 23:39:59    --------    d-----w-    C:\Windows\ERUNT
2014-10-22 18:29:13    1643520    ----a-w-    C:\Windows\System32\DWrite.dll
2014-10-22 18:29:13    1247744    ----a-w-    C:\Windows\SysWow64\DWrite.dll
2014-10-21 02:17:00    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-10-21 02:07:27    98816    ----a-w-    C:\Windows\sed.exe
2014-10-21 02:07:27    256000    ----a-w-    C:\Windows\PEV.exe
2014-10-21 02:07:27    208896    ----a-w-    C:\Windows\MBR.exe
2014-10-17 02:16:42    --------    d-----w-    C:\Windows\SysWow64\wbem\Performance
2014-10-17 02:07:06    --------    d-----w-    C:\RegBackup
2014-10-17 00:32:08    --------    d-----w-    C:\Program Files (x86)\Tweaking.com
2014-10-15 05:14:48    --------    d-----w-    C:\ProgramData\Kaspersky Lab
2014-10-15 04:53:37    3241472    ----a-w-    C:\Windows\System32\msi.dll
2014-10-15 04:52:54    6584320    ----a-w-    C:\Windows\System32\mstscax.dll
2014-10-15 04:52:53    77312    ----a-w-    C:\Windows\System32\packager.dll
2014-10-15 04:52:53    67072    ----a-w-    C:\Windows\SysWow64\packager.dll
2014-10-15 04:52:53    5703168    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2014-10-15 04:04:38    --------    d-----w-    C:\AdwCleaner
2014-10-09 22:53:11    --------    d-----w-    C:\Program Files\Speccy
2014-10-02 06:36:00    --------    d-----w-    C:\Program Files\Synaptics
2014-10-02 06:35:40    742640    ----a-w-    C:\Windows\System32\SynCOM.dll
2014-10-02 06:35:40    402672    ----a-w-    C:\Windows\SysWow64\SynCom.dll
2014-10-02 06:35:40    208112    ----a-w-    C:\Windows\System32\SynTPCo20.dll
2014-10-02 06:35:40    1795952    ----a-w-    C:\Windows\System32\WdfCoInstaller01011.dll
2014-10-02 06:35:39    540912    ----a-w-    C:\Windows\System32\drivers\SynTP.sys
2014-10-02 06:35:39    31472    ----a-w-    C:\Windows\System32\drivers\Smb_driver_Intel.sys
2014-10-02 06:35:39    254704    ----a-w-    C:\Windows\System32\SynTPAPI.dll
2014-10-02 06:01:09    53248    ----a-w-    C:\Windows\SysWow64\CSVer.dll
2014-10-01 05:21:01    519680    ----a-w-    C:\Windows\SysWow64\qdvd.dll
2014-10-01 05:21:01    371712    ----a-w-    C:\Windows\System32\qdvd.dll
.
==================== Find3M  ====================
.
2014-10-28 06:08:58    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-21 07:36:46    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-03 01:53:02    278152    ------w-    C:\Windows\System32\MpSigStub.exe
2014-09-29 00:58:48    3198976    ----a-w-    C:\Windows\System32\win32k.sys
2014-09-25 22:32:04    2017280    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02    2108416    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-09-23 20:33:23    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-23 20:33:23    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-23 19:32:15    878080    ----a-w-    C:\Windows\System32\advapi32.dll
2014-09-23 19:32:15    859648    ----a-w-    C:\Windows\System32\tdh.dll
2014-09-23 19:32:15    640512    ----a-w-    C:\Windows\SysWow64\advapi32.dll
2014-09-23 19:32:15    619520    ----a-w-    C:\Windows\SysWow64\tdh.dll
2014-09-23 19:32:15    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2014-09-23 19:32:15    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2014-09-23 19:31:27    327168    ----a-w-    C:\Windows\System32\mswsock.dll
2014-09-23 19:31:27    231424    ----a-w-    C:\Windows\SysWow64\mswsock.dll
2014-09-23 19:24:33    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
2014-09-23 19:24:33    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2014-09-23 04:12:00    93568    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-09-23 04:12:00    92008    ----a-w-    C:\Windows\System32\drivers\aswStm.sys
2014-09-23 04:12:00    79184    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-09-23 04:12:00    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-09-23 04:12:00    43152    ----a-w-    C:\Windows\avastSS.scr
2014-09-23 04:12:00    29208    ----a-w-    C:\Windows\System32\drivers\aswHwid.sys
2014-09-23 04:12:00    224896    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-09-23 04:12:00    1041168    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2014-09-19 01:56:02    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03    547328    ----a-w-    C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27    83968    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57    5829632    ----a-w-    C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12    4201472    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09    758272    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47    72704    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40    61952    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31    597504    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18    2309632    ----a-w-    C:\Windows\System32\wininet.dll
2014-09-19 00:18:55    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11    1810944    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-09-18 01:32:52    2363904    ----a-w-    C:\Windows\SysWow64\msi.dll
2014-09-09 22:11:04    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-09-09 21:47:10    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20    424448    ----a-w-    C:\Windows\System32\rastls.dll
2014-09-04 05:04:15    372736    ----a-w-    C:\Windows\SysWow64\rastls.dll
2014-08-29 02:07:13    3179520    ----a-w-    C:\Windows\System32\rdpcorets.dll
2014-08-23 02:07:00    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-08-19 03:11:28    693176    ----a-w-    C:\Windows\System32\winload.efi
2014-08-19 03:10:10    616352    ----a-w-    C:\Windows\System32\winresume.efi
2014-08-19 03:08:04    503808    ----a-w-    C:\Windows\System32\srcore.dll
2014-08-19 03:08:04    50176    ----a-w-    C:\Windows\System32\srclient.dll
2014-08-19 03:08:03    63488    ----a-w-    C:\Windows\System32\setbcdlocale.dll
2014-08-19 03:07:51    58880    ----a-w-    C:\Windows\System32\appidapi.dll
2014-08-19 03:07:51    32256    ----a-w-    C:\Windows\System32\appidsvc.dll
2014-08-19 03:07:33    296960    ----a-w-    C:\Windows\System32\rstrui.exe
2014-08-19 03:07:11    17920    ----a-w-    C:\Windows\System32\appidcertstorecheck.exe
2014-08-19 03:07:11    146944    ----a-w-    C:\Windows\System32\appidpolicyconverter.exe
2014-08-19 02:41:39    43008    ----a-w-    C:\Windows\SysWow64\srclient.dll
2014-08-19 02:41:22    50688    ----a-w-    C:\Windows\SysWow64\appidapi.dll
2014-08-19 02:06:56    61440    ----a-w-    C:\Windows\System32\drivers\appid.sys
2014-08-01 11:53:22    1031168    ----a-w-    C:\Windows\System32\TSWorkspace.dll
2014-08-01 11:35:06    793600    ----a-w-    C:\Windows\SysWow64\TSWorkspace.dll
.
============= FINISH: 15:54:07.87 ===============
 


Edited by Tumbo, 30 October 2014 - 01:40 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,602 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:51 AM

Posted 04 November 2014 - 03:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/553942 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Tumbo

Tumbo
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:51 PM

Posted 04 November 2014 - 08:26 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 11.25.2
Run by Dana at 15:23:06 on 2014-11-04
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6031.4209 [GMT -10:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Users\Dana\AppData\Local\Apps\2.0\PB62QDGM.JCN\8L9BL22R.4NT\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\splwow64.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dell.com
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
uRun: [DellSystemDetect] C:\Users\Dana\AppData\Local\Apps\2.0\PB62QDGM.JCN\8L9BL22R.4NT\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: dell.com
TCP: NameServer = 24.25.227.55 209.18.47.61 24.25.227.53
TCP: Interfaces\{70A5C932-B068-4766-8E9B-9DA5A4314B6E} : DHCPNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\btvstack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\athbttray.exe"
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\piug3ttm.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/?gws_rd=ssl
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-9-22 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-9-22 224896]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-8-30 644968]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-8-30 28008]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2014-9-22 20464]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-9-22 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-9-22 427360]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-9-22 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-9-22 79184]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2013-2-6 204928]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-9-22 50344]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-30 15720]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2014-9-22 165760]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2014-9-22 364416]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2014-9-22 81536]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2013-2-6 36480]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2013-2-6 341120]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2013-2-6 111232]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2013-2-6 30848]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2013-2-6 168064]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2013-2-6 68736]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2013-2-6 281728]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2013-2-6 551552]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2014-9-22 342528]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2014-9-22 358896]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2014-9-22 792560]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2014-10-27 315536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-9-22 726160]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2014-10-1 31472]
S2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-9-22 92008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-14 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-9-28 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-9-28 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-9-28 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-9-23 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-11-05 00:37:40    11627712    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2DE95DB4-4F17-4A8C-AAA2-0E2E9CB232BA}\mpengine.dll
2014-10-28 18:56:05    --------    d-----w-    C:\Windows\System32\catroot2
2014-10-28 07:06:18    --------    d-----w-    C:\Windows\SysWow64\sda
2014-10-28 07:05:30    9888912    ----a-w-    C:\Windows\SysWow64\RtsUVStoricon.dll
2014-10-28 07:05:30    315536    ----a-w-    C:\Windows\System32\drivers\RtsUVStor.sys
2014-10-28 06:48:31    --------    d-----w-    C:\Users\Dana\Intel
2014-10-28 05:46:14    --------    d-----w-    C:\Program Files\WhoCrashed
2014-10-23 23:39:59    --------    d-----w-    C:\Windows\ERUNT
2014-10-22 18:29:13    1643520    ----a-w-    C:\Windows\System32\DWrite.dll
2014-10-22 18:29:13    1247744    ----a-w-    C:\Windows\SysWow64\DWrite.dll
2014-10-21 02:17:00    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-10-21 02:07:27    98816    ----a-w-    C:\Windows\sed.exe
2014-10-21 02:07:27    256000    ----a-w-    C:\Windows\PEV.exe
2014-10-21 02:07:27    208896    ----a-w-    C:\Windows\MBR.exe
2014-10-17 02:16:42    --------    d-----w-    C:\Windows\SysWow64\wbem\Performance
2014-10-17 02:07:06    --------    d-----w-    C:\RegBackup
2014-10-17 00:32:08    --------    d-----w-    C:\Program Files (x86)\Tweaking.com
2014-10-15 05:14:48    --------    d-----w-    C:\ProgramData\Kaspersky Lab
2014-10-15 04:53:37    3241472    ----a-w-    C:\Windows\System32\msi.dll
2014-10-15 04:52:54    6584320    ----a-w-    C:\Windows\System32\mstscax.dll
2014-10-15 04:52:53    77312    ----a-w-    C:\Windows\System32\packager.dll
2014-10-15 04:52:53    67072    ----a-w-    C:\Windows\SysWow64\packager.dll
2014-10-15 04:52:53    5703168    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2014-10-15 04:04:38    --------    d-----w-    C:\AdwCleaner
2014-10-09 22:53:11    --------    d-----w-    C:\Program Files\Speccy
.
==================== Find3M  ====================
.
2014-11-03 04:37:44    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-03 04:37:44    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-10-28 16:34:58    275080    ------w-    C:\Windows\System32\MpSigStub.exe
2014-10-28 06:08:58    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-21 07:36:46    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-29 00:58:48    3198976    ----a-w-    C:\Windows\System32\win32k.sys
2014-09-25 22:32:04    2017280    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02    2108416    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-09-25 02:08:38    371712    ----a-w-    C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50    519680    ----a-w-    C:\Windows\SysWow64\qdvd.dll
2014-09-23 19:32:15    878080    ----a-w-    C:\Windows\System32\advapi32.dll
2014-09-23 19:32:15    859648    ----a-w-    C:\Windows\System32\tdh.dll
2014-09-23 19:32:15    640512    ----a-w-    C:\Windows\SysWow64\advapi32.dll
2014-09-23 19:32:15    619520    ----a-w-    C:\Windows\SysWow64\tdh.dll
2014-09-23 19:32:15    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2014-09-23 19:32:15    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2014-09-23 19:31:27    327168    ----a-w-    C:\Windows\System32\mswsock.dll
2014-09-23 19:31:27    231424    ----a-w-    C:\Windows\SysWow64\mswsock.dll
2014-09-23 19:24:33    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
2014-09-23 19:24:33    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2014-09-23 04:12:00    93568    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-09-23 04:12:00    92008    ----a-w-    C:\Windows\System32\drivers\aswStm.sys
2014-09-23 04:12:00    79184    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-09-23 04:12:00    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-09-23 04:12:00    43152    ----a-w-    C:\Windows\avastSS.scr
2014-09-23 04:12:00    29208    ----a-w-    C:\Windows\System32\drivers\aswHwid.sys
2014-09-23 04:12:00    224896    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-09-23 04:12:00    1041168    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2014-09-19 01:56:02    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03    547328    ----a-w-    C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27    83968    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57    5829632    ----a-w-    C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12    4201472    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09    758272    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47    72704    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40    61952    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31    597504    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18    2309632    ----a-w-    C:\Windows\System32\wininet.dll
2014-09-19 00:18:55    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11    1810944    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-09-18 01:32:52    2363904    ----a-w-    C:\Windows\SysWow64\msi.dll
2014-09-09 22:11:04    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-09-09 21:47:10    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20    424448    ----a-w-    C:\Windows\System32\rastls.dll
2014-09-04 05:04:15    372736    ----a-w-    C:\Windows\SysWow64\rastls.dll
2014-08-29 02:07:13    3179520    ----a-w-    C:\Windows\System32\rdpcorets.dll
2014-08-23 02:07:00    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-08-19 03:11:28    693176    ----a-w-    C:\Windows\System32\winload.efi
2014-08-19 03:10:10    616352    ----a-w-    C:\Windows\System32\winresume.efi
2014-08-19 03:08:04    503808    ----a-w-    C:\Windows\System32\srcore.dll
2014-08-19 03:08:04    50176    ----a-w-    C:\Windows\System32\srclient.dll
2014-08-19 03:08:03    63488    ----a-w-    C:\Windows\System32\setbcdlocale.dll
2014-08-19 03:07:51    58880    ----a-w-    C:\Windows\System32\appidapi.dll
2014-08-19 03:07:51    32256    ----a-w-    C:\Windows\System32\appidsvc.dll
2014-08-19 03:07:33    296960    ----a-w-    C:\Windows\System32\rstrui.exe
2014-08-19 03:07:11    17920    ----a-w-    C:\Windows\System32\appidcertstorecheck.exe
2014-08-19 03:07:11    146944    ----a-w-    C:\Windows\System32\appidpolicyconverter.exe
2014-08-19 02:41:39    43008    ----a-w-    C:\Windows\SysWow64\srclient.dll
2014-08-19 02:41:22    50688    ----a-w-    C:\Windows\SysWow64\appidapi.dll
2014-08-19 02:06:56    61440    ----a-w-    C:\Windows\System32\drivers\appid.sys
.
============= FINISH: 15:23:17.77 ===============


 

 

I still have my original windows CD.  (Note:  I reinstalled Windows weeks ago and the problem still persists).


Edited by Tumbo, 05 November 2014 - 01:07 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:51 PM

Posted 07 November 2014 - 11:05 AM

Greetings Tumbo and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Copy/paste the following in the Search Field
iastore.sys
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of all 3 documents your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • Search.txt
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Tumbo

Tumbo
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:51 PM

Posted 07 November 2014 - 12:01 PM

Hi Gary....thank you for taking the time to assist me....I greatly appreciate it. 

 

Everything ran fine except one problem.  I couldn't attach the Summary.zip because the "file was too big to upload" at about 48kb (956kb unzipped).  "You can upload up to 16.36KB of files (Max. single file size: 16.36KB)."  I will await your instructions on what to do about that file.

 

Dana

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by Dana at 2014-11-07 06:46:11
Running from C:\Users\Dana\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{DBFBFCF5-DAFA-FBE2-F0D4-9BF130FE22D0}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.170 - Atheros)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Dell System Detect (HKCU\...\73f463568823ebbe) (Version: 5.12.0.3 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.0.1.0 - Synaptics Incorporated)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.2 - Mozilla)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.61.612.2012 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.0 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WhoCrashed 5.02 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

28-10-2014 07:05:32 Installed Realtek USB 2.0 Card Reader
28-10-2014 18:38:03 Tweaking.com - Windows Repair
30-10-2014 00:44:50 Windows Update
03-11-2014 06:58:42 Removed Java 7 Update 67
05-11-2014 00:37:05 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 16:34 - 2014-10-28 08:49 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {14C03B15-1CBF-445F-A76C-16455D3681C5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-02] (Adobe Systems Incorporated)
Task: {93ED6464-0F82-475A-8D56-0C4D187F0D84} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-22] (AVAST Software)
Task: {B5F3D1C9-6A0C-4C58-85EE-8BF3C5401EBE} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {BB298A18-C2DD-4AFB-A3FE-365A8D823A3C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-09-22 17:00 - 2012-08-14 15:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-09-22 18:11 - 2014-09-22 18:11 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-11-06 15:17 - 2014-11-06 15:17 - 02899456 _____ () C:\Program Files\AVAST Software\Avast\defs\14110601\algo.dll
2014-11-07 06:37 - 2014-11-07 06:37 - 02900480 _____ () C:\Program Files\AVAST Software\Avast\defs\14110700\algo.dll
2014-09-22 18:11 - 2014-09-22 18:11 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-28 20:18 - 2014-10-28 20:18 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-09-22 16:44 - 2012-06-24 19:11 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-451217856-685515885-3611321925-500 - Administrator - Disabled)
Dana (S-1-5-21-451217856-685515885-3611321925-1000 - Administrator - Enabled) => C:\Users\Dana
Guest (S-1-5-21-451217856-685515885-3611321925-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-451217856-685515885-3611321925-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/06/2014 06:11:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/05/2014 08:26:57 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/04/2014 09:33:07 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/03/2014 04:43:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/02/2014 09:22:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (11/02/2014 08:45:57 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed Java 7 Update 67; Error = 0x81000101).

Error: (11/02/2014 08:37:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a58

Start Time: 01cff71cc509362f

Termination Time: 31

Application Path: C:\Windows\Explorer.EXE

Report Id:

Error: (11/02/2014 08:27:57 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\sysmain.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\Windows\System32\sysmain.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (11/02/2014 08:27:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000006
Fault offset: 0x0000000000029c42
Faulting process id: 0x1c4
Faulting application start time: 0xsvchost.exe_SysMain0
Faulting application path: svchost.exe_SysMain1
Faulting module path: svchost.exe_SysMain2
Report Id: svchost.exe_SysMain3

Error: (11/02/2014 06:38:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (11/07/2014 06:38:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (11/07/2014 06:38:06 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (11/07/2014 06:38:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (11/07/2014 06:38:06 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (11/07/2014 06:38:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535

Error: (11/07/2014 06:38:06 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error:
%%-2140993535

Error: (11/07/2014 06:38:06 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (11/07/2014 06:38:06 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (11/07/2014 06:38:06 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801

Error: (11/07/2014 06:37:55 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:
%%-2140993535


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-10-20 16:13:49.208
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-20 16:13:49.177
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-27 18:40:25.577
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sfc_os.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 34%
Total physical RAM: 6031.36 MB
Available physical RAM: 3943.47 MB
Total Pagefile: 12060.89 MB
Available Pagefile: 9692.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:676.93 GB) (Free:634.76 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:21.67 GB) (Free:11.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: F34228B0)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=21.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=676.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by Dana (administrator) on INSPIRON on 07-11-2014 06:45:14
Running from C:\Users\Dana\Desktop
Loaded Profile: Dana (Available profiles: Dana)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell) C:\Users\Dana\AppData\Local\Apps\2.0\PB62QDGM.JCN\8L9BL22R.4NT\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\btvstack.exe [1023104 2013-02-06] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\athbttray.exe [801920 2013-02-06] (Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2796272 2013-11-22] (Synaptics Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-22] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-11] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-451217856-685515885-3611321925-1000\...\Run: [DellSystemDetect] => C:\Users\Dana\AppData\Local\Apps\2.0\PB62QDGM.JCN\8L9BL22R.4NT\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe [264488 2014-10-27] (Dell)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-451217856-685515885-3611321925-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 24.25.227.55 209.18.47.61 24.25.227.53

FireFox:
========
FF ProfilePath: C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\piug3ttm.default
FF NewTab: https://www.google.com/
FF Homepage: https://www.google.com/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Xmarks - C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\piug3ttm.default\Extensions\foxmarks@kei.com [2014-09-23]
FF Extension: Adblock Plus - C:\Users\Dana\AppData\Roaming\Mozilla\Firefox\Profiles\piug3ttm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-23]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-22]
FF Extension: No Name - wrc@avast.com [Not Found]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-22] (AVAST Software)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-02-06] (Atheros)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-22] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-30] (Intel Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2013-11-22] (Synaptics Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-07 06:45 - 2014-11-07 06:45 - 00010471 _____ () C:\Users\Dana\Desktop\FRST.txt
2014-11-07 06:45 - 2014-11-07 06:45 - 00000000 ____D () C:\FRST
2014-11-07 06:44 - 2014-11-07 06:44 - 02114560 _____ (Farbar) C:\Users\Dana\Desktop\FRST64.exe
2014-11-07 06:37 - 2014-11-07 06:37 - 00000000 ___RD () C:\Users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-11-05 19:48 - 2014-11-05 19:48 - 00000308 _____ () C:\Users\Dana\Desktop\What's The Difference Between a Deductible and an Out-of-Pocket Limit.URL
2014-11-05 13:16 - 2014-11-05 13:16 - 00281872 _____ () C:\Windows\Minidump\110514-46301-01.dmp
2014-11-04 17:56 - 2014-11-04 17:56 - 00000329 _____ () C:\Users\Dana\Desktop\Iastor.sys shows on a blue screen and computer restarts - Microsoft Community.URL
2014-11-04 15:13 - 2014-11-04 15:23 - 00017986 _____ () C:\Users\Dana\Desktop\dds.txt
2014-11-04 15:13 - 2014-11-04 15:23 - 00012989 _____ () C:\Users\Dana\Desktop\attach.txt
2014-11-04 15:12 - 2014-11-04 15:12 - 00688992 ____R (Swearware) C:\Users\Dana\Desktop\dds.com
2014-11-03 21:15 - 2014-11-03 21:15 - 00281872 _____ () C:\Windows\Minidump\110314-380798-01.dmp
2014-11-02 18:39 - 2014-11-02 18:40 - 00000000 ____D () C:\Users\Dana\Desktop\All Problem Related Files
2014-11-02 18:14 - 2014-11-02 18:14 - 00281872 _____ () C:\Windows\Minidump\110214-66316-01.dmp
2014-10-28 20:18 - 2014-10-28 20:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-28 08:15 - 2014-10-28 08:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-10-27 21:06 - 2014-10-27 21:06 - 00000000 ____D () C:\Windows\SysWOW64\sda
2014-10-27 21:05 - 2012-06-14 19:50 - 09888912 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsUVStoricon.dll
2014-10-27 21:05 - 2012-06-14 19:50 - 00315536 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUVStor.sys
2014-10-27 20:48 - 2014-10-27 20:48 - 00000000 ____D () C:\Users\Dana\Intel
2014-10-27 19:46 - 2014-10-27 20:50 - 00000000 ____D () C:\Program Files\WhoCrashed
2014-10-27 19:46 - 2014-10-27 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
2014-10-26 08:03 - 2014-10-26 08:04 - 00734312 _____ () C:\Windows\Minidump\102614-16520-01.dmp
2014-10-23 13:39 - 2014-10-23 13:39 - 00000000 ____D () C:\Windows\ERUNT
2014-10-22 10:15 - 2014-10-22 10:15 - 00734744 _____ () C:\Windows\Minidump\102214-24866-01.dmp
2014-10-22 08:29 - 2013-04-09 13:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-10-22 08:29 - 2013-04-02 12:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-10-20 16:07 - 2011-06-25 20:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-20 16:07 - 2010-11-07 07:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-20 16:07 - 2009-04-19 18:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-20 16:07 - 2000-08-30 14:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-20 16:07 - 2000-08-30 14:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-20 16:07 - 2000-08-30 14:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-20 16:07 - 2000-08-30 14:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-20 16:07 - 2000-08-30 14:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-20 16:01 - 2014-10-20 16:16 - 00000000 ____D () C:\Qoobox
2014-10-20 16:00 - 2014-10-20 16:15 - 00000000 ____D () C:\Windows\erdnt
2014-10-20 14:30 - 2014-10-20 14:30 - 00734312 _____ () C:\Windows\Minidump\102014-15802-01.dmp
2014-10-16 20:24 - 2014-10-16 20:24 - 00281872 _____ () C:\Windows\Minidump\101614-16192-01.dmp
2014-10-16 19:34 - 2014-10-16 19:34 - 00734312 _____ () C:\Windows\Minidump\101614-23774-01.dmp
2014-10-16 16:07 - 2014-10-16 16:07 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-INSPIRON-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-10-16 16:07 - 2014-10-16 16:07 - 00000000 ____D () C:\RegBackup
2014-10-16 14:32 - 2014-10-16 14:32 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-10-16 12:29 - 2014-10-16 12:29 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\Oracle
2014-10-14 19:14 - 2014-10-14 19:14 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-10-14 18:56 - 2014-10-06 16:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-14 18:56 - 2014-10-06 16:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-14 18:56 - 2014-09-28 14:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 18:56 - 2014-09-25 12:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 18:56 - 2014-09-25 12:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-14 18:56 - 2014-09-25 12:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-14 18:56 - 2014-09-25 12:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-14 18:56 - 2014-09-25 12:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-14 18:56 - 2014-09-25 12:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-14 18:56 - 2014-09-25 12:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 18:56 - 2014-09-18 16:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 18:56 - 2014-09-18 15:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-14 18:56 - 2014-09-18 15:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-14 18:56 - 2014-09-18 15:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-14 18:56 - 2014-09-18 15:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 18:56 - 2014-09-18 15:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-14 18:56 - 2014-09-18 15:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-14 18:56 - 2014-09-18 15:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-14 18:56 - 2014-09-18 15:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-14 18:56 - 2014-09-18 15:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 18:56 - 2014-09-18 15:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-14 18:56 - 2014-09-18 15:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-14 18:56 - 2014-09-18 15:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-14 18:56 - 2014-09-18 15:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-14 18:56 - 2014-09-18 15:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-14 18:56 - 2014-09-18 15:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-14 18:56 - 2014-09-18 15:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-14 18:56 - 2014-09-18 15:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-14 18:56 - 2014-09-18 15:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-14 18:56 - 2014-09-18 15:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-14 18:56 - 2014-09-18 15:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-14 18:56 - 2014-09-18 15:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-14 18:56 - 2014-09-18 15:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-14 18:56 - 2014-09-18 15:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-14 18:56 - 2014-09-18 15:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-14 18:56 - 2014-09-18 15:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 18:56 - 2014-09-18 14:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-14 18:56 - 2014-09-18 14:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 18:56 - 2014-09-18 14:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-14 18:56 - 2014-09-18 14:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-14 18:56 - 2014-09-18 14:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-14 18:56 - 2014-09-18 14:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-14 18:56 - 2014-09-18 14:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-14 18:56 - 2014-09-18 14:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-14 18:56 - 2014-09-18 14:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 18:56 - 2014-09-18 14:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-14 18:56 - 2014-09-18 14:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-14 18:56 - 2014-09-18 14:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-14 18:56 - 2014-09-18 14:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 18:56 - 2014-09-18 14:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-14 18:56 - 2014-09-18 14:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-14 18:56 - 2014-09-18 14:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-14 18:56 - 2014-09-18 14:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 18:56 - 2014-09-18 13:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-14 18:56 - 2014-09-18 13:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-14 18:56 - 2014-09-18 13:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-14 18:56 - 2014-09-18 13:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-14 18:56 - 2014-08-18 17:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-14 18:56 - 2014-08-18 17:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-14 18:56 - 2014-08-18 17:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-14 18:56 - 2014-08-18 17:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-14 18:56 - 2014-08-18 17:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-14 18:56 - 2014-08-18 17:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-14 18:56 - 2014-08-18 17:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-14 18:56 - 2014-08-18 17:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-14 18:56 - 2014-08-18 17:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-14 18:56 - 2014-08-18 17:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-14 18:56 - 2014-08-18 16:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-14 18:56 - 2014-08-18 16:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-14 18:56 - 2014-08-18 16:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-14 18:56 - 2014-07-06 16:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-14 18:56 - 2014-07-06 16:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-14 18:56 - 2014-07-06 16:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-14 18:56 - 2014-07-06 16:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 18:56 - 2014-07-06 16:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-14 18:56 - 2014-07-06 16:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-14 18:56 - 2014-07-06 16:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-14 18:56 - 2014-07-06 16:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-14 18:56 - 2014-07-06 16:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-14 18:56 - 2014-07-06 16:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-14 18:56 - 2014-07-06 16:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-14 18:56 - 2014-07-06 16:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-14 18:56 - 2014-07-06 16:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-14 18:56 - 2014-07-06 16:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-14 18:56 - 2014-07-06 16:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-14 18:56 - 2014-07-06 16:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-14 18:56 - 2014-07-06 16:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-14 18:56 - 2014-07-06 16:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-14 18:56 - 2014-07-06 16:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-14 18:56 - 2014-07-06 16:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-14 18:56 - 2014-07-06 16:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-14 18:56 - 2014-07-06 16:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-14 18:56 - 2014-07-06 16:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-14 18:56 - 2014-07-06 16:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-14 18:56 - 2014-07-06 16:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-14 18:56 - 2014-07-06 16:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-14 18:56 - 2014-07-06 16:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-14 18:56 - 2014-07-06 16:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-14 18:56 - 2014-07-06 16:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-14 18:56 - 2014-07-06 16:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-14 18:56 - 2014-07-06 16:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-14 18:56 - 2014-07-06 16:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-14 18:56 - 2014-07-06 15:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-14 18:56 - 2014-07-06 15:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-14 18:56 - 2014-07-06 15:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-14 18:56 - 2014-07-06 15:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-14 18:56 - 2014-07-06 15:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-14 18:56 - 2014-07-06 15:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-14 18:56 - 2014-07-06 15:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-14 18:56 - 2014-07-06 15:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-14 18:56 - 2014-07-06 15:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-14 18:56 - 2014-07-06 15:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-14 18:56 - 2014-07-06 15:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-14 18:56 - 2014-07-06 15:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-14 18:56 - 2014-07-06 15:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-14 18:56 - 2014-07-06 15:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-14 18:56 - 2014-07-06 15:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-14 18:56 - 2014-07-06 15:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-14 18:56 - 2014-07-06 15:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-14 18:56 - 2014-07-06 15:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-14 18:56 - 2014-07-06 15:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-14 18:56 - 2014-07-06 15:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-14 18:56 - 2014-07-06 15:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-14 18:56 - 2014-07-06 15:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-14 18:56 - 2014-07-06 15:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-14 18:56 - 2014-07-06 15:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-14 18:56 - 2014-07-06 15:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-14 18:56 - 2014-07-06 15:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-14 18:56 - 2014-07-06 15:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-14 18:56 - 2014-07-06 15:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-14 18:56 - 2014-07-06 15:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-14 18:56 - 2014-07-06 15:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-14 18:56 - 2014-06-27 14:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-14 18:56 - 2014-06-27 14:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-14 18:56 - 2014-06-27 14:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-14 18:56 - 2014-06-18 12:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-14 18:56 - 2014-06-18 12:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-14 18:56 - 2014-06-18 12:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-14 18:56 - 2014-06-18 12:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-14 18:56 - 2014-06-18 12:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-14 18:56 - 2014-06-18 12:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-14 18:53 - 2014-09-17 16:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-14 18:53 - 2014-09-17 15:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-14 18:53 - 2014-09-03 19:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 18:53 - 2014-09-03 19:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-14 18:53 - 2014-08-28 16:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-14 18:53 - 2014-07-16 16:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-14 18:53 - 2014-07-16 16:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-14 18:53 - 2014-07-16 16:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-14 18:53 - 2014-07-16 16:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-14 18:53 - 2014-07-16 16:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-14 18:53 - 2014-07-16 16:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-14 18:53 - 2014-07-16 15:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-14 18:53 - 2014-07-16 15:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-14 18:53 - 2014-07-16 15:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-14 18:53 - 2014-07-16 15:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-14 18:53 - 2014-07-16 15:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 18:52 - 2014-09-12 15:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 18:52 - 2014-09-12 15:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 18:52 - 2014-09-04 16:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-14 18:52 - 2014-09-04 15:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-14 18:04 - 2014-10-23 13:35 - 00000000 ____D () C:\AdwCleaner
2014-10-12 16:51 - 2014-10-12 16:51 - 00281872 _____ () C:\Windows\Minidump\101214-18142-01.dmp
2014-10-11 12:48 - 2014-10-11 12:49 - 00281816 _____ () C:\Windows\Minidump\101114-76768-01.dmp
2014-10-09 12:53 - 2014-10-09 12:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2014-10-09 12:53 - 2014-10-09 12:53 - 00000000 ____D () C:\Program Files\Speccy
2014-10-08 10:56 - 2014-10-08 10:56 - 00281816 _____ () C:\Windows\Minidump\100814-16645-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-07 06:43 - 2014-09-22 11:27 - 01772522 _____ () C:\Windows\WindowsUpdate.log
2014-11-07 06:42 - 2009-07-13 18:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-07 06:42 - 2009-07-13 18:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-07 06:41 - 2009-07-13 19:13 - 00783114 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-07 06:36 - 2009-07-13 19:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-07 06:36 - 2009-07-13 18:51 - 00055798 _____ () C:\Windows\setupact.log
2014-11-06 20:17 - 2014-09-23 10:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-05 13:16 - 2014-09-23 12:04 - 00000000 ____D () C:\Windows\Minidump
2014-11-05 13:16 - 2014-09-23 12:03 - 531354556 _____ () C:\Windows\MEMORY.DMP
2014-11-04 21:17 - 2014-09-24 10:06 - 00000000 ____D () C:\Users\Dana\AppData\Roaming\vlc
2014-11-04 14:31 - 2014-09-22 18:12 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-02 20:59 - 2014-09-23 15:00 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-02 18:37 - 2014-09-23 10:33 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-02 18:37 - 2014-09-23 10:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-02 18:37 - 2014-09-23 10:33 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-30 14:48 - 2014-09-22 18:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-28 08:57 - 2014-09-22 16:34 - 00109296 _____ () C:\Users\Dana\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-28 08:55 - 2009-07-13 18:45 - 00410928 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-28 08:54 - 2010-11-20 17:47 - 00015926 _____ () C:\Windows\PFRO.log
2014-10-28 08:49 - 2009-07-13 16:34 - 00000514 _____ () C:\Windows\win.ini
2014-10-28 08:45 - 2014-09-22 16:58 - 00783114 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-10-28 06:34 - 2010-11-20 17:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-27 21:06 - 2014-09-22 16:12 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-27 21:05 - 2014-09-22 16:12 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-10-27 20:48 - 2014-09-22 14:48 - 00000000 ____D () C:\Users\Dana
2014-10-27 20:33 - 2014-09-22 16:34 - 00000000 ____D () C:\Users\Dana\AppData\Local\Deployment
2014-10-27 20:10 - 2014-09-27 18:40 - 00000000 ____D () C:\Users\Dana\AppData\Local\CrashDumps
2014-10-27 20:09 - 2014-09-23 15:01 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-27 20:08 - 2014-09-23 15:01 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-27 20:08 - 2014-09-23 15:01 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-27 20:08 - 2014-09-23 15:01 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-27 20:08 - 2014-09-23 15:01 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-24 19:36 - 2009-07-13 19:08 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-21 21:47 - 2014-09-22 16:34 - 00000000 ____D () C:\Users\Dana\AppData\Local\Apps\2.0
2014-10-20 21:36 - 2014-09-27 13:53 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-20 16:14 - 2009-07-13 16:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-20 16:14 - 2009-07-13 16:34 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_799
2014-10-16 19:19 - 2014-09-22 16:47 - 00000000 ____D () C:\Users\Dana\Documents\Bluetooth Folder
2014-10-16 19:16 - 2014-09-22 17:18 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-10-16 16:34 - 2010-11-20 21:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-10-16 16:29 - 2009-07-13 16:34 - 00000855 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_983
2014-10-16 13:09 - 2014-09-23 15:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-16 13:09 - 2009-07-13 17:20 - 00000000 ____D () C:\Windows\registration
2014-10-14 20:31 - 2009-07-13 17:20 - 00000000 ____D () C:\Windows\rescache
2014-10-14 19:39 - 2009-07-13 17:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-14 19:39 - 2009-07-13 17:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-14 19:36 - 2014-09-23 11:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-14 19:33 - 2014-09-23 08:45 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-14 19:29 - 2014-09-23 08:45 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Dana\AppData\Local\Temp\Quarantine.exe
C:\Users\Dana\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-05 08:26

==================== End Of Log ============================

 

Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by Dana at 2014-11-07 06:49:02
Running from C:\Users\Dana\Desktop
Boot Mode: Normal

================== Search Files: "iastore.sys" =============

====== End Of Search ======

 

 


Edited by Tumbo, 07 November 2014 - 01:20 PM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:51 PM

Posted 08 November 2014 - 03:13 PM

Greetings Dana,

Thanks for your patience. Please do this.

===================================================

Managing Attachments

----------
  • Navigate to the top of this post
  • In the upper right hand corner you will see your screen name
  • Left click on that and a drop down list will appear
  • Select My Settings
  • On the left hand side under General Settings click on Manage Attachments
  • To the very right on the blue bar just above the first entry click on the open check box
  • All of the checkboxes should now be checked
  • Click Delete Selected
  • Your should now see You have used 0bytes of 250K
  • Please attempt to attach the System Summary report
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-451217856-685515885-3611321925-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:filefind
iastor*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Attached System Summary log
  • Fixlog
  • SystemLook report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Tumbo

Tumbo
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:51 PM

Posted 08 November 2014 - 03:50 PM

Many thanks for your continued assistance, Gary.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-11-2014 01
Ran by Dana at 2014-11-08 10:42:49 Run:1
Running from C:\Users\Dana\Desktop
Loaded Profile: Dana (Available profiles: Dana)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-451217856-685515885-3611321925-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-451217856-685515885-3611321925-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
catchme => Service deleted successfully.

==== End of Fixlog ====

 

 

 

SystemLook 30.07.11 by jpshortstuff
Log created at 10:47 on 08/11/2014 by Dana
Administrator - Elevation successful

========== filefind ==========

Searching for "iastor*"
C:\Drivers\storage\33F3V\f6flpy-x64\iaStorA.sys    --a---- 652344 bytes    [06:47 03/07/2013]    [23:50 04/12/2012] AE0C5DF7E7DA3E7AC29B64CFA8C4F044
C:\Drivers\storage\33F3V\f6flpy-x64\iaStorAC.cat    --a---- 8217 bytes    [06:47 03/07/2013]    [23:50 04/12/2012] FB0B0F3B56511005CA00F768BC4E01DA
C:\Drivers\storage\33F3V\f6flpy-x64\iaStorAC.inf    --a---- 7396 bytes    [06:47 03/07/2013]    [23:50 04/12/2012] 60E61EA1ECA64086772D30A7C312F279
C:\Drivers\storage\33F3V\f6flpy-x64\iaStorF.sys    --a---- 28216 bytes    [06:47 03/07/2013]    [23:50 04/12/2012] 711241EA1BA9DB44F34D03D2AD00ED08
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorCommon.dll    --a---- 11264 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 5AF6F3DC2871BEEA703A201AF68526E7
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgr.dll    --a---- 32256 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 351A6F6E4D676DCC5C61DEA7E513E5C9
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgr.dll.config    --a---- 121 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] ED481D6BBB4C4C71D8F0079CCAA7EFAC
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrApp.exe    --a---- 15208 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 63C3A4DE6EE2F60D0BCCC39DC38D087F
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrApp.exe.config    --a---- 1252 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] D4B8C9D45558BC8D6954DA6088AE1E2D
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe    --a---- 15720 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] B64E1D5BABD095C13A382838F9DCC77F
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe.config    --a---- 1310 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 9B1187A34BD493E8A2D6B2AEBCCCF472
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvcInterfaces.dll    --a---- 10240 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 8A640AC06501BBE7948837C33B5C403E
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDialogControl.dll    --a---- 14848 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 1833C95A18CEF8765483AE2EA217749D
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorHelp.exe    --a---- 1120616 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] F6AB577BCE6D71976EB90695147ED079
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorHelp.exe.config    --a---- 595 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 516E202EA6EA37894287C87251DB3304
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe    --a---- 287592 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] F93E4DC33900B8F2A82BD22FFAF21C96
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe.config    --a---- 1064 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 6187E7D56E427393B53F9E21C120EE36
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe    --a---- 36352 bytes    [07:19 31/08/2013]    [07:19 31/08/2013] BAD24090378CD1D9D70DD21CF21D1BFB
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorUI.exe    --a---- 670056 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 0C63820E41F3B338FD81A9B8D9463BF9
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorUI.exe.config    --a---- 554 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 60416FD6EB02D752F06A9C0B9D00023A
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorUtil.dll    --a---- 124416 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] EA6558374ED04830AF5636DCD1D40F5A
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorViewModel.dll    --a---- 387072 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] AAE71CC48C07C7457F5DA23502B877DA
C:\Program Files\Intel\Intel® Rapid Storage Technology\ar-SA\IAStorDataMgr.resources.dll    --a---- 7680 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 2378DF65380ACB088E699BEEFF20CB2A
C:\Program Files\Intel\Intel® Rapid Storage Technology\ar-SA\IAStorHelp.resources.dll    --a---- 421888 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] C2E03D7AA6FF6CEABCE13899C08AA57E
C:\Program Files\Intel\Intel® Rapid Storage Technology\ar-SA\IAStorIcon.resources.dll    --a---- 32768 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] CB286084DE25D7BFA7AA738DBD9B1B1D
C:\Program Files\Intel\Intel® Rapid Storage Technology\ar-SA\IAStorUI.resources.dll    --a---- 65536 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 289F6F895918C9812C300B50FF383B65
C:\Program Files\Intel\Intel® Rapid Storage Technology\ar-SA\IAStorUtil.resources.dll    --a---- 14848 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] D42E4EBE1A4A1A2075318085E00CF7B3
C:\Program Files\Intel\Intel® Rapid Storage Technology\ar-SA\IAStorViewModel.resources.dll    --a---- 53248 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] B26A04E8053AE9FC2925E3453B609080
C:\Program Files\Intel\Intel® Rapid Storage Technology\cs-CZ\IAStorDataMgr.resources.dll    --a---- 6656 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] F190942268FA5A1C004AC5773A0B1C6E
C:\Program Files\Intel\Intel® Rapid Storage Technology\cs-CZ\IAStorHelp.resources.dll    --a---- 323584 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] ECA2B4A9CCC38F1CA6561F08FE9D200A
C:\Program Files\Intel\Intel® Rapid Storage Technology\cs-CZ\IAStorIcon.resources.dll    --a---- 32768 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 1B7CC9CB22493E8F638F1D083E6489F2
C:\Program Files\Intel\Intel® Rapid Storage Technology\cs-CZ\IAStorUI.resources.dll    --a---- 53248 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] C03752B3A74F54563711E464733D2C43
C:\Program Files\Intel\Intel® Rapid Storage Technology\cs-CZ\IAStorUtil.resources.dll    --a---- 13312 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 2EA85D0589968D54EFC1D53CB0EF33E3
C:\Program Files\Intel\Intel® Rapid Storage Technology\cs-CZ\IAStorViewModel.resources.dll    --a---- 45056 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 3D07C9415C2F6783C03949D179C91A2F
C:\Program Files\Intel\Intel® Rapid Storage Technology\da-DK\IAStorDataMgr.resources.dll    --a---- 7168 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] BEA8E341FB06E87C7BD974C3BF5F8B18
C:\Program Files\Intel\Intel® Rapid Storage Technology\da-DK\IAStorHelp.resources.dll    --a---- 315392 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] E0B79F52DE258267C11B1C66047855A2
C:\Program Files\Intel\Intel® Rapid Storage Technology\da-DK\IAStorIcon.resources.dll    --a---- 32768 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 058C87A9CE224887A3F2BD0C96C2A478
C:\Program Files\Intel\Intel® Rapid Storage Technology\da-DK\IAStorUI.resources.dll    --a---- 53248 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] ED299964862CE872FF86B2D1BE8F7BE1
C:\Program Files\Intel\Intel® Rapid Storage Technology\da-DK\IAStorUtil.resources.dll    --a---- 13312 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 67F419A8B2AB1CDD0974602609B4EEA5
C:\Program Files\Intel\Intel® Rapid Storage Technology\da-DK\IAStorViewModel.resources.dll    --a---- 45056 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] D0A451AB5BE5C5810EF65F200B5C108B
C:\Program Files\Intel\Intel® Rapid Storage Technology\de-DE\IAStorDataMgr.resources.dll    --a---- 7168 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] B2C1D4B9AE396425B32547FB939B5CD1
C:\Program Files\Intel\Intel® Rapid Storage Technology\de-DE\IAStorHelp.resources.dll    --a---- 352256 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 101DA7047E64B57A9092FF1C23F7231E
C:\Program Files\Intel\Intel® Rapid Storage Technology\de-DE\IAStorIcon.resources.dll    --a---- 32768 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 33916389116B976272145F504B49B32B
C:\Program Files\Intel\Intel® Rapid Storage Technology\de-DE\IAStorUI.resources.dll    --a---- 57344 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 3A321D5B73C4EAC3FA34E04FA83DD06E
C:\Program Files\Intel\Intel® Rapid Storage Technology\de-DE\IAStorUtil.resources.dll    --a---- 13312 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] B3BAF3F213F8AE8FF0C888F38D952A02
C:\Program Files\Intel\Intel® Rapid Storage Technology\de-DE\IAStorViewModel.resources.dll    --a---- 49152 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 224163538D2A1CE5A16E02C7339A7FB4
C:\Program Files\Intel\Intel® Rapid Storage Technology\el-GR\IAStorDataMgr.resources.dll    --a---- 8192 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 4946259C4D89761B3547B9976C89D2BF
C:\Program Files\Intel\Intel® Rapid Storage Technology\el-GR\IAStorHelp.resources.dll    --a---- 581632 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 507485DBDF5953C886FDAFBA6B4C75AC
C:\Program Files\Intel\Intel® Rapid Storage Technology\el-GR\IAStorIcon.resources.dll    --a---- 36864 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 9957D55008418371F3CE08CEE327896A
C:\Program Files\Intel\Intel® Rapid Storage Technology\el-GR\IAStorUI.resources.dll    --a---- 81920 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 3047CF2656530402C512F3EABE8F7AF0
C:\Program Files\Intel\Intel® Rapid Storage Technology\el-GR\IAStorUtil.resources.dll    --a---- 16384 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 4B1E8AD33D485AC2AD5E6E2B587EED39
C:\Program Files\Intel\Intel® Rapid Storage Technology\el-GR\IAStorViewModel.resources.dll    --a---- 69632 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 404DFF6B09DA9596C05720A585D8CDD0
C:\Program Files\Intel\Intel® Rapid Storage Technology\es-ES\IAStorDataMgr.resources.dll    --a---- 7168 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 170BFC5A2FBD79A4405086AA643EB7EA
C:\Program Files\Intel\Intel® Rapid Storage Technology\es-ES\IAStorHelp.resources.dll    --a---- 344064 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 05C9779FB72ADF709F87A3173A55F256
C:\Program Files\Intel\Intel® Rapid Storage Technology\es-ES\IAStorIcon.resources.dll    --a---- 32768 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 6B5D2928BB2583A2F6A313C5CE15CA2D
C:\Program Files\Intel\Intel® Rapid Storage Technology\es-ES\IAStorUI.resources.dll    --a---- 57344 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 1545E7CB5D7737FB1720F9BFC1F34FC9
C:\Program Files\Intel\Intel® Rapid Storage Technology\es-ES\IAStorUtil.resources.dll    --a---- 24576 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 521E81BC7A2BB3DC0204EFF65D9EDA28
C:\Program Files\Intel\Intel® Rapid Storage Technology\es-ES\IAStorViewModel.resources.dll    --a---- 49152 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 98FBFEBD995E48DB97B99E1CBD8540DE
C:\Program Files\Intel\Intel® Rapid Storage Technology\fi-FI\IAStorDataMgr.resources.dll    --a---- 6656 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] A1A6540E7983A7181CC532B28CDB15B1
C:\Program Files\Intel\Intel® Rapid Storage Technology\fi-FI\IAStorHelp.resources.dll    --a---- 319488 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 77668A5AA8E649ECE593BF9A2659B858
C:\Program Files\Intel\Intel® Rapid Storage Technology\fi-FI\IAStorIcon.resources.dll    --a---- 32768 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] F6F2029B45C93D09F1C8BA56C4269CAF
C:\Program Files\Intel\Intel® Rapid Storage Technology\fi-FI\IAStorUI.resources.dll    --a---- 57344 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] ECA62058FDCF18871449C6563D20C344
C:\Program Files\Intel\Intel® Rapid Storage Technology\fi-FI\IAStorUtil.resources.dll    --a---- 13312 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 166A8DDC7C905F8CA016DE72A317883D
C:\Program Files\Intel\Intel® Rapid Storage Technology\fi-FI\IAStorViewModel.resources.dll    --a---- 45056 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 7BE165C641FB06C6D6E00C03ABA084CB
C:\Program Files\Intel\Intel® Rapid Storage Technology\fr-FR\IAStorDataMgr.resources.dll    --a---- 7168 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 3F558743FC2B0C1B278B79BCDFEF0F81
C:\Program Files\Intel\Intel® Rapid Storage Technology\fr-FR\IAStorHelp.resources.dll    --a---- 356352 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] E67880635805EE513F5DBDC65D3A9443
C:\Program Files\Intel\Intel® Rapid Storage Technology\fr-FR\IAStorIcon.resources.dll    --a---- 32768 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 24369A389A6C6F474A8B85370E4FADE9
C:\Program Files\Intel\Intel® Rapid Storage Technology\fr-FR\IAStorUI.resources.dll    --a---- 57344 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 5EF6ECC5CE9DFCF588991A25D8F29C2B
C:\Program Files\Intel\Intel® Rapid Storage Technology\fr-FR\IAStorUtil.resources.dll    --a---- 24576 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] D7E612871D474B55F4E7DD0F18723C08
C:\Program Files\Intel\Intel® Rapid Storage Technology\fr-FR\IAStorViewModel.resources.dll    --a---- 49152 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 46467E9BD05FC13F13B8A0C75B0C6252
C:\Program Files\Intel\Intel® Rapid Storage Technology\he-IL\IAStorDataMgr.resources.dll    --a---- 7680 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] BADF8506A2204B90EA18FE54549DFA1A
C:\Program Files\Intel\Intel® Rapid Storage Technology\he-IL\IAStorHelp.resources.dll    --a---- 389120 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 10278B5E49F346F162E298C098535949
C:\Program Files\Intel\Intel® Rapid Storage Technology\he-IL\IAStorIcon.resources.dll    --a---- 32768 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] EEE2619859674442504BBAECC7234626
C:\Program Files\Intel\Intel® Rapid Storage Technology\he-IL\IAStorUI.resources.dll    --a---- 61440 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 273CCF1060721011B29D3570D3D212BD
C:\Program Files\Intel\Intel® Rapid Storage Technology\he-IL\IAStorUtil.resources.dll    --a---- 24576 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 4E1E387C69D16CF31AA162E730943113
C:\Program Files\Intel\Intel® Rapid Storage Technology\he-IL\IAStorViewModel.resources.dll    --a---- 49152 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 0E046225F32FB18C37523528AA51EFAF
C:\Program Files\Intel\Intel® Rapid Storage Technology\hu-HU\IAStorDataMgr.resources.dll    --a---- 7168 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 1B93096E698BAA75B67D2241FF0D6B30
C:\Program Files\Intel\Intel® Rapid Storage Technology\hu-HU\IAStorHelp.resources.dll    --a---- 339968 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 3EB2B166D0E77398B4BE082AD097425D
C:\Program Files\Intel\Intel® Rapid Storage Technology\hu-HU\IAStorIcon.resources.dll    --a---- 32768 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] BD69EE0CE01DE279178711481EFBB214
C:\Program Files\Intel\Intel® Rapid Storage Technology\hu-HU\IAStorUI.resources.dll    --a---- 57344 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 393B763F2EA4EC883964F936E1F806DA
C:\Program Files\Intel\Intel® Rapid Storage Technology\hu-HU\IAStorUtil.resources.dll    --a---- 13312 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 00C2033B43D00D7ACE8F04C9B1C3E017
C:\Program Files\Intel\Intel® Rapid Storage Technology\hu-HU\IAStorViewModel.resources.dll    --a---- 45056 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 723CB1507D89851BB23E985F2E3C2708
C:\Program Files\Intel\Intel® Rapid Storage Technology\it-IT\IAStorDataMgr.resources.dll    --a---- 6656 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] F4B06610634D518D7937F217113DC2DA
C:\Program Files\Intel\Intel® Rapid Storage Technology\it-IT\IAStorHelp.resources.dll    --a---- 339968 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 316C2B7BD74D20E37DA2269B29CA3E27
C:\Program Files\Intel\Intel® Rapid Storage Technology\it-IT\IAStorIcon.resources.dll    --a---- 32768 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] AD4824E36433C20E29DE0BAAC611D72A
C:\Program Files\Intel\Intel® Rapid Storage Technology\it-IT\IAStorUI.resources.dll    --a---- 57344 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 3605748DDE180C11081C49CE13F0422A
C:\Program Files\Intel\Intel® Rapid Storage Technology\it-IT\IAStorUtil.resources.dll    --a---- 13312 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 0736CE4C6226C47CB3975CF0AB84D8C4
C:\Program Files\Intel\Intel® Rapid Storage Technology\it-IT\IAStorViewModel.resources.dll    --a---- 45056 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 3F418F170053CBC5EE459D0A7EC9056C
C:\Program Files\Intel\Intel® Rapid Storage Technology\ja-JP\IAStorDataMgr.resources.dll    --a---- 7680 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] FB9E1682259995AE8176F499DA0BB7BA
C:\Program Files\Intel\Intel® Rapid Storage Technology\ja-JP\IAStorHelp.resources.dll    --a---- 405504 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 69A9D9D57B665AD465AD3DC9FAC49D26
C:\Program Files\Intel\Intel® Rapid Storage Technology\ja-JP\IAStorIcon.resources.dll    --a---- 32768 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 3284F68E138E7CC30A6D6D5BA1FF859A
C:\Program Files\Intel\Intel® Rapid Storage Technology\ja-JP\IAStorUI.resources.dll    --a---- 61440 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] F2125B7C825584B6743B85C9D5411C9A
C:\Program Files\Intel\Intel® Rapid Storage Technology\ja-JP\IAStorUtil.resources.dll    --a---- 24576 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 109887B21F4773585CBDBC707014E517
C:\Program Files\Intel\Intel® Rapid Storage Technology\ja-JP\IAStorViewModel.resources.dll    --a---- 53248 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 0754BD3EFEBEFB30A8AE8C547ADAE05A
C:\Program Files\Intel\Intel® Rapid Storage Technology\ko-KR\IAStorDataMgr.resources.dll    --a---- 7168 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] B05F9C84527EF34FE79A360A6B32D661
C:\Program Files\Intel\Intel® Rapid Storage Technology\ko-KR\IAStorHelp.resources.dll    --a---- 348160 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 829CF515B0C2C6B828E3780580C2F60C
C:\Program Files\Intel\Intel® Rapid Storage Technology\ko-KR\IAStorIcon.resources.dll    --a---- 32768 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] E1BBD31E1C3D01365818257456F18301
C:\Program Files\Intel\Intel® Rapid Storage Technology\ko-KR\IAStorUI.resources.dll    --a---- 57344 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 2E29CE2C9D474B491D1CCA0F2723ED5C
C:\Program Files\Intel\Intel® Rapid Storage Technology\ko-KR\IAStorUtil.resources.dll    --a---- 13312 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] AECD0B7D38997435D9EF3F86BDF9CBB9
C:\Program Files\Intel\Intel® Rapid Storage Technology\ko-KR\IAStorViewModel.resources.dll    --a---- 49152 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 099AF5C3A28DB89AE0A4B6B92F38A839
C:\Program Files\Intel\Intel® Rapid Storage Technology\nb-NO\IAStorDataMgr.resources.dll    --a---- 6656 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] F3024A1B6D95913DF614101284A37DC3
C:\Program Files\Intel\Intel® Rapid Storage Technology\nb-NO\IAStorHelp.resources.dll    --a---- 307200 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 775FE74DDB37E21C3CB468F2A99D8DCF
C:\Program Files\Intel\Intel® Rapid Storage Technology\nb-NO\IAStorIcon.resources.dll    --a---- 32768 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] C827A256F0B827FABCE0772210C2A16F
C:\Program Files\Intel\Intel® Rapid Storage Technology\nb-NO\IAStorUI.resources.dll    --a---- 53248 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] BE39DC8486662C64B287118ABC522B0C
C:\Program Files\Intel\Intel® Rapid Storage Technology\nb-NO\IAStorUtil.resources.dll    --a---- 13312 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 8FB7F87E889D441E55FBF63C25C29E50
C:\Program Files\Intel\Intel® Rapid Storage Technology\nb-NO\IAStorViewModel.resources.dll    --a---- 45056 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 22F47DC2A980FADD3F9C246738ACF1D2
C:\Program Files\Intel\Intel® Rapid Storage Technology\nl-NL\IAStorDataMgr.resources.dll    --a---- 7168 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] EA482169BA2EB143CBD2D74E70839BD4
C:\Program Files\Intel\Intel® Rapid Storage Technology\nl-NL\IAStorHelp.resources.dll    --a---- 335872 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 5BEF6C2ED96D57D86CFB2DB11C642BF6
C:\Program Files\Intel\Intel® Rapid Storage Technology\nl-NL\IAStorIcon.resources.dll    --a---- 32768 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] D1C47EE0D47BF270EFA36F59E5809005
C:\Program Files\Intel\Intel® Rapid Storage Technology\nl-NL\IAStorUI.resources.dll    --a---- 57344 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] D3F07C6467D739632B463B5512B44BB6
C:\Program Files\Intel\Intel® Rapid Storage Technology\nl-NL\IAStorUtil.resources.dll    --a---- 13312 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 501582137214E57C54D2D9F714551694
C:\Program Files\Intel\Intel® Rapid Storage Technology\nl-NL\IAStorViewModel.resources.dll    --a---- 45056 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 6A71CAEAA2F59193FF090A08E45F3042
C:\Program Files\Intel\Intel® Rapid Storage Technology\pl-PL\IAStorDataMgr.resources.dll    --a---- 7168 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] F15A0506E44D85A1F0C73848505C80E6
C:\Program Files\Intel\Intel® Rapid Storage Technology\pl-PL\IAStorHelp.resources.dll    --a---- 339968 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 5FE211B4B5DBFAFF754A6B55F6E0AFB7
C:\Program Files\Intel\Intel® Rapid Storage Technology\pl-PL\IAStorIcon.resources.dll    --a---- 32768 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] A48F58BED87EED76E576BE7C2A36AD48
C:\Program Files\Intel\Intel® Rapid Storage Technology\pl-PL\IAStorUI.resources.dll    --a---- 57344 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 46BB24CE686E49D331BC96211C3AE1C5
C:\Program Files\Intel\Intel® Rapid Storage Technology\pl-PL\IAStorUtil.resources.dll    --a---- 13312 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 602EDE6B31C77B15F27B2C8B7100BA58
C:\Program Files\Intel\Intel® Rapid Storage Technology\pl-PL\IAStorViewModel.resources.dll    --a---- 45056 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] E9254A8F32FE98AB4FB0C9E801F3255D
C:\Program Files\Intel\Intel® Rapid Storage Technology\pt-BR\IAStorDataMgr.resources.dll    --a---- 7168 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 0461CFE6FC257D18172A9D5A31ED9E57
C:\Program Files\Intel\Intel® Rapid Storage Technology\pt-BR\IAStorHelp.resources.dll    --a---- 335872 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 094A104965B532C4F5ADA7A489AD6FCC
C:\Program Files\Intel\Intel® Rapid Storage Technology\pt-BR\IAStorIcon.resources.dll    --a---- 32768 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] CE25EA4A993CE698A0948BF00912771F
C:\Program Files\Intel\Intel® Rapid Storage Technology\pt-BR\IAStorUI.resources.dll    --a---- 57344 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 6FEF62ABB931D83616E6558F63D0C8A1
C:\Program Files\Intel\Intel® Rapid Storage Technology\pt-BR\IAStorUtil.resources.dll    --a---- 13312 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] CDA1213BBA1A1FF6863C28DFFC3FAF9E
C:\Program Files\Intel\Intel® Rapid Storage Technology\pt-BR\IAStorViewModel.resources.dll    --a---- 45056 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] A514B74485E85C0CA94D08936E95A0C6
C:\Program Files\Intel\Intel® Rapid Storage Technology\pt-PT\IAStorDataMgr.resources.dll    --a---- 7168 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 7533A23BE965BB9E31212A323A1A364C
C:\Program Files\Intel\Intel® Rapid Storage Technology\pt-PT\IAStorHelp.resources.dll    --a---- 331776 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 6A2F154614CFDC7C49553A8844710212
C:\Program Files\Intel\Intel® Rapid Storage Technology\pt-PT\IAStorIcon.resources.dll    --a---- 32768 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 465A68A21A9AF8170A7FC0FF0A015A8B
C:\Program Files\Intel\Intel® Rapid Storage Technology\pt-PT\IAStorUI.resources.dll    --a---- 57344 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] C135D9BEF54D014B873816518CD453F3
C:\Program Files\Intel\Intel® Rapid Storage Technology\pt-PT\IAStorUtil.resources.dll    --a---- 13824 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] A2507358C7EEDDA052EA99DC4968C733
C:\Program Files\Intel\Intel® Rapid Storage Technology\pt-PT\IAStorViewModel.resources.dll    --a---- 45056 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 08BE212F2FEB61FE0D53F4DB631C277A
C:\Program Files\Intel\Intel® Rapid Storage Technology\ru-RU\IAStorDataMgr.resources.dll    --a---- 8192 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] E85CB98FEAEE1F94ADF0354E40EE2FFB
C:\Program Files\Intel\Intel® Rapid Storage Technology\ru-RU\IAStorHelp.resources.dll    --a---- 520192 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] BC5DCA1AF8F7B6F072174A2CC47BAE4A
C:\Program Files\Intel\Intel® Rapid Storage Technology\ru-RU\IAStorIcon.resources.dll    --a---- 32768 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 234B09E8C3993737A7602AEE65B8DEC6
C:\Program Files\Intel\Intel® Rapid Storage Technology\ru-RU\IAStorUI.resources.dll    --a---- 73728 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] C2CAFA7FD31B0033F6067D6D75CBC449
C:\Program Files\Intel\Intel® Rapid Storage Technology\ru-RU\IAStorUtil.resources.dll    --a---- 15872 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] D2254C0B97A535548F27C34820FC8D9E
C:\Program Files\Intel\Intel® Rapid Storage Technology\ru-RU\IAStorViewModel.resources.dll    --a---- 61440 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 1ABCF3A9337A19A08813E1678D03BB49
C:\Program Files\Intel\Intel® Rapid Storage Technology\sv-SE\IAStorDataMgr.resources.dll    --a---- 7168 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 72814D72C5FD1000418541FFC891B0EF
C:\Program Files\Intel\Intel® Rapid Storage Technology\sv-SE\IAStorHelp.resources.dll    --a---- 315392 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 2DBC579BF34DA2E281C72034F717998D
C:\Program Files\Intel\Intel® Rapid Storage Technology\sv-SE\IAStorIcon.resources.dll    --a---- 32768 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 6B25FB58C65E43572A229C7E9C0C64FC
C:\Program Files\Intel\Intel® Rapid Storage Technology\sv-SE\IAStorUI.resources.dll    --a---- 53248 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 7CA9AC28EF46FBF6023B63F6DFAEF22D
C:\Program Files\Intel\Intel® Rapid Storage Technology\sv-SE\IAStorUtil.resources.dll    --a---- 12800 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 2093A7F75A20CEC06332A73D75D5C028
C:\Program Files\Intel\Intel® Rapid Storage Technology\sv-SE\IAStorViewModel.resources.dll    --a---- 45056 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] A0312EDE1C78FB0820E0CA2F1CB5F17B
C:\Program Files\Intel\Intel® Rapid Storage Technology\th-TH\IAStorDataMgr.resources.dll    --a---- 9216 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] AEFA888224C8D9D470087E98B89DC82D
C:\Program Files\Intel\Intel® Rapid Storage Technology\th-TH\IAStorHelp.resources.dll    --a---- 643072 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] DA70D11603E86EBCD28453C549ABA3F9
C:\Program Files\Intel\Intel® Rapid Storage Technology\th-TH\IAStorIcon.resources.dll    --a---- 36864 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 36AAE081BDEE8336A7508AF885AC370D
C:\Program Files\Intel\Intel® Rapid Storage Technology\th-TH\IAStorUI.resources.dll    --a---- 90112 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] C1375D3D4F70E432123CE810E682F30D
C:\Program Files\Intel\Intel® Rapid Storage Technology\th-TH\IAStorUtil.resources.dll    --a---- 28672 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] E4579EBD6DCC737C54B9D9451306EFED
C:\Program Files\Intel\Intel® Rapid Storage Technology\th-TH\IAStorViewModel.resources.dll    --a---- 73728 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] F307E6391DC4A2820A32090EAA50D69A
C:\Program Files\Intel\Intel® Rapid Storage Technology\tr-TR\IAStorDataMgr.resources.dll    --a---- 7168 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 7D308566B22A02EB301378377D524A8A
C:\Program Files\Intel\Intel® Rapid Storage Technology\tr-TR\IAStorHelp.resources.dll    --a---- 331776 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 506C213442EFCB627B1C3FA5B53D4819
C:\Program Files\Intel\Intel® Rapid Storage Technology\tr-TR\IAStorIcon.resources.dll    --a---- 32768 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 6F7FFF104D81268EC27C56BF227D6E6B
C:\Program Files\Intel\Intel® Rapid Storage Technology\tr-TR\IAStorUI.resources.dll    --a---- 57344 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 0B1D9E4255F142C3BAD3B2E640E53131
C:\Program Files\Intel\Intel® Rapid Storage Technology\tr-TR\IAStorUtil.resources.dll    --a---- 13312 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 77034936A6AE3CB1EB2C367FDFBEF537
C:\Program Files\Intel\Intel® Rapid Storage Technology\tr-TR\IAStorViewModel.resources.dll    --a---- 45056 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] CFAE828B68504328D1A7BD775DF022D9
C:\Program Files\Intel\Intel® Rapid Storage Technology\zh-CN\IAStorDataMgr.resources.dll    --a---- 6656 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] A79DD8026D48EDACAC18F93B9DCD71CF
C:\Program Files\Intel\Intel® Rapid Storage Technology\zh-CN\IAStorHelp.resources.dll    --a---- 270336 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] C5DE1D915E2BF5B0165868E1A8F9E9A1
C:\Program Files\Intel\Intel® Rapid Storage Technology\zh-CN\IAStorIcon.resources.dll    --a---- 32768 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 7148D3000DEE3EAE0A5C1967241606AE
C:\Program Files\Intel\Intel® Rapid Storage Technology\zh-CN\IAStorUI.resources.dll    --a---- 49152 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 7F2F1C6CC9623224564654CB512FAC51
C:\Program Files\Intel\Intel® Rapid Storage Technology\zh-CN\IAStorUtil.resources.dll    --a---- 12800 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] AC0D8A4A871019D7E46413DD82F11CE9
C:\Program Files\Intel\Intel® Rapid Storage Technology\zh-CN\IAStorViewModel.resources.dll    --a---- 40960 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 73E097A9B6ED6DB8A9B43A3A07160952
C:\Program Files\Intel\Intel® Rapid Storage Technology\zh-TW\IAStorDataMgr.resources.dll    --a---- 6656 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 3C68B3C73554D114D1D971A85A20FF01
C:\Program Files\Intel\Intel® Rapid Storage Technology\zh-TW\IAStorHelp.resources.dll    --a---- 282624 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 4FB1C8288314371F9BAF408490D62408
C:\Program Files\Intel\Intel® Rapid Storage Technology\zh-TW\IAStorIcon.resources.dll    --a---- 32768 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 98255D4C2BB997FF37410680C9237030
C:\Program Files\Intel\Intel® Rapid Storage Technology\zh-TW\IAStorUI.resources.dll    --a---- 49152 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 5795956D6C2CCC17A7028C8BA36252B0
C:\Program Files\Intel\Intel® Rapid Storage Technology\zh-TW\IAStorUtil.resources.dll    --a---- 12800 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 596C13CBB11F8DE74968725F4032434C
C:\Program Files\Intel\Intel® Rapid Storage Technology\zh-TW\IAStorViewModel.resources.dll    --a---- 40960 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 1E5721225CC48DC3EA7CDAE7D48554CC
C:\Users\Dana\AppData\Local\CrashDumps\IAStorIconLaunch.exe.1724.dmp    --a---- 268904 bytes    [04:40 28/09/2014]    [04:40 28/09/2014] EC37A77F5FFE11604BABBC9781AB3FBD
C:\Users\Dana\AppData\Local\Temp\IIF7DE7.tmp\x32\iaStorA.sys    --a---- 522600 bytes    [19:49 04/08/2014]    [19:49 04/08/2014] B2B1485FF86F4922AD9554673E6BC6F5
C:\Users\Dana\AppData\Local\Temp\IIF7DE7.tmp\x32\iastorac.cat    --a---- 8639 bytes    [19:48 04/08/2014]    [19:48 04/08/2014] 9DB0B4373406B0B0488AE47D8F73CB3B
C:\Users\Dana\AppData\Local\Temp\IIF7DE7.tmp\x32\iaStorAC.inf    --a---- 11178 bytes    [19:48 04/08/2014]    [19:48 04/08/2014] 8422C269EC0048DA27710415D930AD1C
C:\Users\Dana\AppData\Local\Temp\IIF7DE7.tmp\x32\iaStorF.sys    --a---- 24424 bytes    [19:49 04/08/2014]    [19:49 04/08/2014] 0EF86BD21B370A025FF1B8C936945CB7
C:\Users\Dana\AppData\Local\Temp\IIF7DE7.tmp\x64\iaStorA.sys    --a---- 670568 bytes    [19:49 04/08/2014]    [19:49 04/08/2014] D62CBCD73F175C8A7F92CAFB6B6AF4DD
C:\Users\Dana\AppData\Local\Temp\IIF7DE7.tmp\x64\iastorac.cat    --a---- 8895 bytes    [19:48 04/08/2014]    [19:48 04/08/2014] 483B48333D3EF32BE2E177C0B0C32CB5
C:\Users\Dana\AppData\Local\Temp\IIF7DE7.tmp\x64\iaStorAC.inf    --a---- 11154 bytes    [19:48 04/08/2014]    [19:48 04/08/2014] 47C42D7FC03500E2FA2E6107D2AEE3BF
C:\Users\Dana\AppData\Local\Temp\IIF7DE7.tmp\x64\iaStorF.sys    --a---- 28008 bytes    [19:49 04/08/2014]    [19:49 04/08/2014] 1025897E0EAF0E358D92F89A6BB19154
C:\Users\Dana\AppData\Local\Temp\IIF8739.tmp\x32\iaStorA.sys    --a---- 522600 bytes    [19:49 04/08/2014]    [19:49 04/08/2014] B2B1485FF86F4922AD9554673E6BC6F5
C:\Users\Dana\AppData\Local\Temp\IIF8739.tmp\x32\iastorac.cat    --a---- 8639 bytes    [19:48 04/08/2014]    [19:48 04/08/2014] 9DB0B4373406B0B0488AE47D8F73CB3B
C:\Users\Dana\AppData\Local\Temp\IIF8739.tmp\x32\iaStorAC.inf    --a---- 11178 bytes    [19:48 04/08/2014]    [19:48 04/08/2014] 8422C269EC0048DA27710415D930AD1C
C:\Users\Dana\AppData\Local\Temp\IIF8739.tmp\x32\iaStorF.sys    --a---- 24424 bytes    [19:49 04/08/2014]    [19:49 04/08/2014] 0EF86BD21B370A025FF1B8C936945CB7
C:\Users\Dana\AppData\Local\Temp\IIF8739.tmp\x64\iaStorA.sys    --a---- 670568 bytes    [19:49 04/08/2014]    [19:49 04/08/2014] D62CBCD73F175C8A7F92CAFB6B6AF4DD
C:\Users\Dana\AppData\Local\Temp\IIF8739.tmp\x64\iastorac.cat    --a---- 8895 bytes    [19:48 04/08/2014]    [19:48 04/08/2014] 483B48333D3EF32BE2E177C0B0C32CB5
C:\Users\Dana\AppData\Local\Temp\IIF8739.tmp\x64\iaStorAC.inf    --a---- 11154 bytes    [19:48 04/08/2014]    [19:48 04/08/2014] 47C42D7FC03500E2FA2E6107D2AEE3BF
C:\Users\Dana\AppData\Local\Temp\IIF8739.tmp\x64\iaStorF.sys    --a---- 28008 bytes    [19:49 04/08/2014]    [19:49 04/08/2014] 1025897E0EAF0E358D92F89A6BB19154
C:\Users\Dana\AppData\Local\Temp\IIFFDA1.tmp\x32\iaStorA.sys    --a---- 522600 bytes    [19:49 04/08/2014]    [19:49 04/08/2014] B2B1485FF86F4922AD9554673E6BC6F5
C:\Users\Dana\AppData\Local\Temp\IIFFDA1.tmp\x32\iastorac.cat    --a---- 8639 bytes    [19:48 04/08/2014]    [19:48 04/08/2014] 9DB0B4373406B0B0488AE47D8F73CB3B
C:\Users\Dana\AppData\Local\Temp\IIFFDA1.tmp\x32\iaStorAC.inf    --a---- 11178 bytes    [19:48 04/08/2014]    [19:48 04/08/2014] 8422C269EC0048DA27710415D930AD1C
C:\Users\Dana\AppData\Local\Temp\IIFFDA1.tmp\x32\iaStorF.sys    --a---- 24424 bytes    [19:49 04/08/2014]    [19:49 04/08/2014] 0EF86BD21B370A025FF1B8C936945CB7
C:\Users\Dana\AppData\Local\Temp\IIFFDA1.tmp\x64\iaStorA.sys    --a---- 670568 bytes    [19:49 04/08/2014]    [19:49 04/08/2014] D62CBCD73F175C8A7F92CAFB6B6AF4DD
C:\Users\Dana\AppData\Local\Temp\IIFFDA1.tmp\x64\iastorac.cat    --a---- 8895 bytes    [19:48 04/08/2014]    [19:48 04/08/2014] 483B48333D3EF32BE2E177C0B0C32CB5
C:\Users\Dana\AppData\Local\Temp\IIFFDA1.tmp\x64\iaStorAC.inf    --a---- 11154 bytes    [19:48 04/08/2014]    [19:48 04/08/2014] 47C42D7FC03500E2FA2E6107D2AEE3BF
C:\Users\Dana\AppData\Local\Temp\IIFFDA1.tmp\x64\iaStorF.sys    --a---- 28008 bytes    [19:49 04/08/2014]    [19:49 04/08/2014] 1025897E0EAF0E358D92F89A6BB19154
C:\Users\Dana\Desktop\All Problem Related Files\Iastor.sys shows on a blue screen and computer restarts - Microsoft Community.URL    --a---- 329 bytes    [03:56 05/11/2014]    [03:56 05/11/2014] 7419A2461FC101866E795E21279D7661
C:\Windows\inf\iastorv.inf    --a---- 14004 bytes    [05:31 14/07/2009]    [23:14 25/09/2014] C6C62BFA61C1D0A3FF4AE6A1059F8255
C:\Windows\inf\iastorv.PNF    --a---- 17612 bytes    [04:50 14/07/2009]    [04:50 14/07/2009] D3799C95C7D3233775828B1DE5393073
C:\Windows\Prefetch\IASTORDATAMGRSVC.EXE-83A63459.pf    --a---- 203668 bytes    [05:42 26/09/2014]    [17:45 08/11/2014] 3DF029ACA0DA2EBBD65E973953B1B18F
C:\Windows\Prefetch\IASTORICON.EXE-A6E970A2.pf    --a---- 189822 bytes    [05:41 26/09/2014]    [17:44 08/11/2014] 4F729C7D6BDD9FB86F915F77CD3136B7
C:\Windows\Prefetch\IASTORICONLAUNCH.EXE-981288B9.pf    --a---- 17426 bytes    [18:36 04/11/2014]    [21:16 06/11/2014] 3FEEC18AF834D8700977FB68CDC6C260
C:\Windows\System32\drivers\iaStorA.sys    --a---- 644968 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 71341219FBB4BAB7F2462C4267DAB594
C:\Windows\System32\drivers\iaStorF.sys    --a---- 28008 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] B9D5AE799CB622C144AE5399C55EF29B
C:\Windows\System32\drivers\iaStorV.sys    --a---- 410496 bytes    [17:16 24/09/2014]    [06:41 11/03/2011] AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DriverStore\en-US\iastorv.inf_loc    --a---- 2036 bytes    [07:06 21/11/2010]    [07:06 21/11/2010] F55899C679D9851CCEAF0A4E1983A520
C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_neutral_089cff3bad1ba434\iaStorA.sys    --a---- 644968 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] 71341219FBB4BAB7F2462C4267DAB594
C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_neutral_089cff3bad1ba434\iaStorF.sys    --a---- 28008 bytes    [07:18 31/08/2013]    [07:18 31/08/2013] B9D5AE799CB622C144AE5399C55EF29B
C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iastorv.inf    --a---- 14004 bytes    [17:16 24/09/2014]    [00:18 11/03/2011] C6C62BFA61C1D0A3FF4AE6A1059F8255
C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iastorv.PNF    --a---- 16828 bytes    [23:14 25/09/2014]    [23:14 25/09/2014] 8AE5538D64EC8C3DAA1A012BCB4942DE
C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys    --a---- 410496 bytes    [17:16 24/09/2014]    [06:41 11/03/2011] AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iastorv.inf    --a---- 14004 bytes    [03:23 21/11/2010]    [03:23 21/11/2010] 811A4F4268ACE22C9A503A73F02F05C4
C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iastorv.PNF    --a---- 16828 bytes    [03:28 21/11/2010]    [03:28 21/11/2010] 06736367BC9CAF2E588187EDFADE51DF
C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys    --a---- 410496 bytes    [03:23 21/11/2010]    [03:23 21/11/2010] 3DF4395A7CF8B7A72A5F4606366B8C2D
C:\Windows\winsxs\amd64_iastorv.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_44e8ed1a9baece6e\iastorv.inf_loc    --a---- 2036 bytes    [07:06 21/11/2010]    [07:06 21/11/2010] F55899C679D9851CCEAF0A4E1983A520
C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iastorv.inf    --a---- 14004 bytes    [03:23 21/11/2010]    [03:23 21/11/2010] 811A4F4268ACE22C9A503A73F02F05C4
C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys    --a---- 410496 bytes    [03:23 21/11/2010]    [03:23 21/11/2010] 3DF4395A7CF8B7A72A5F4606366B8C2D
C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iastorv.inf    --a---- 14004 bytes    [17:16 24/09/2014]    [00:18 11/03/2011] C6C62BFA61C1D0A3FF4AE6A1059F8255
C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys    --a---- 410496 bytes    [17:16 24/09/2014]    [06:41 11/03/2011] AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iastorv.inf    --a---- 14004 bytes    [17:16 24/09/2014]    [00:18 11/03/2011] 6C20A5170C7E9099BBD91945CBBE62F7
C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys    --a---- 410496 bytes    [17:16 24/09/2014]    [06:19 11/03/2011] 5B3DE7208E5000D5B451B9D290D2579C

-= EOF =-

Attached Files



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:51 PM

Posted 08 November 2014 - 04:03 PM

Thank you for the information. Please do this now.

===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Windows 8/7/Vista users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • When prompted, Click Scan
  • A report should open and a copy of the report will be placed on your desktop
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

aswMBR1.png

  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

aswMBR2.png

  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RogueKiller report
  • aswMBR report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Tumbo

Tumbo
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:51 PM

Posted 08 November 2014 - 04:30 PM

Here are the RogueKiller and aswMBR reports:

 

 

RogueKiller V10.0.4.0 [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Dana [Administrator]
Mode : Scan -- Date : 11/08/2014  11:09:18

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 22 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-451217856-685515885-3611321925-1000\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-451217856-685515885-3611321925-1000\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-451217856-685515885-3611321925-1000\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-451217856-685515885-3611321925-1000\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page :
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 24.25.227.55 209.18.47.61 24.25.227.53 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 24.25.227.55 209.18.47.61 24.25.227.53 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 24.25.227.55 209.18.47.61 24.25.227.53 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{70A5C932-B068-4766-8E9B-9DA5A4314B6E} | DhcpNameServer : 24.25.227.55 209.18.47.61 24.25.227.53 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{70A5C932-B068-4766-8E9B-9DA5A4314B6E} | DhcpNameServer : 24.25.227.55 209.18.47.61 24.25.227.53 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{70A5C932-B068-4766-8E9B-9DA5A4314B6E} | DhcpNameServer : 24.25.227.55 209.18.47.61 24.25.227.53 [UNITED STATES (US)]  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD7500BPVT-75HXZ SCSI Disk Device +++++
--- User ---
[MBR] 3c56680ad502f87e266a4ba3393befad
[BSP] d2d5fda85f26a0d45eae7a93ce13fe80 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 22186 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 45518848 | Size: 693177 MB
User = LL1 ... OK
User = LL2 ... OK
 

 

 

aswMBR version 1.0.1.2201 Copyright© 2014 AVAST Software
Run date: 2014-11-08 11:12:38
-----------------------------
11:12:38.292    OS Version: Windows x64 6.1.7601 Service Pack 1
11:12:38.292    Number of processors: 4 586 0x3A09
11:12:38.293    ComputerName: INSPIRON  UserName: Dana
11:12:41.257    Initialize success
11:12:41.263    VM: initialized successfully
11:12:41.265    VM: Intel CPU supported virtualized
11:12:56.878    VM: disk I/O iaStorA.sys
11:13:00.466    AVAST engine defs: 14110700
11:13:44.910    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000067
11:13:44.926    Disk 0 Vendor: WDC_____ 03.0 Size: 715404MB BusType: 11
11:13:45.066    Disk 0 MBR read successfully
11:13:45.066    Disk 0 MBR scan
11:13:45.082    Disk 0 Windows 7 default MBR code
11:13:45.082    Disk 0 Partition 1 00     DE Dell Utility DELL 4.1       39 MB offset 63
11:13:45.097    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        22186 MB offset 81920
11:13:45.113    Disk 0 default boot code
11:13:45.129    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       693177 MB offset 45518848
11:13:45.175    Disk 0 scanning C:\Windows\system32\drivers
11:13:57.312    Service scanning
11:14:23.037    Modules scanning
11:14:23.037    Disk 0 trace - called modules:
11:14:23.068    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
11:14:23.083    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008a87060]
11:14:23.099    3 CLASSPNP.SYS[fffff880015b543f] -> nt!IofCallDriver -> [0xfffffa80088efc50]
11:14:23.099    5 iaStorF.sys[fffff88001890f84] -> nt!IofCallDriver -> \Device\00000067[0xfffffa80057fe9c0]
11:14:25.751    AVAST engine scan C:\Windows
11:14:30.119    AVAST engine scan C:\Windows\system32
11:17:14.590    AVAST engine scan C:\Windows\system32\drivers
11:17:31.813    AVAST engine scan C:\Users\Dana
11:26:26.987    AVAST engine scan C:\ProgramData
11:27:02.711    Disk 0 statistics 3593741/0/0 @ 2.86 MB/s
11:27:02.727    Scan finished successfully
11:27:42.195    Disk 0 MBR has been saved successfully to "C:\Users\Dana\Desktop\MBR.dat"
11:27:42.195    The log file has been saved successfully to "C:\Users\Dana\Desktop\aswMBR.txt"

 



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:51 PM

Posted 08 November 2014 - 04:41 PM

That all looks good, thank you.

===================================================

Run sfc /scannow from Elevated Command

--------------------
  • Click Start and Type cmd
  • Right click on cmd.exe above and select Run as Administrator
  • If you are prompted for an administrator password or for a confirmation, type the password, or click Allow
  • Type the following at the Command Prompt and press Enter

sfc /scannow

  • If Windows did not find any integrity violations please let me know
  • If errors were found right click inside the command window, click Select All, and hit the ctrl+C keys at the same time to copy the text
  • Right click inside the topic Reply window and select Paste to include the information in your reply
===================================================

CheckDiskGUI

--------------------
  • Download CheckDiskGUI and save it to your desktop
  • Double click the icon and select Run
  • Under the DirtyBit column please let me know if there is any indication of a Dirty Bit
  • Place a check mark in the C: drive box
  • Click Read Only
  • Once completed click File, then Save
  • Save the file to your desktop as CheckDiskGUI (should be default name)
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • sfc results
  • CheckDisk report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Tumbo

Tumbo
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:51 PM

Posted 08 November 2014 - 05:10 PM

Here's the next round of data you requested:

 

- Windows Resource Protection did not find any integrity violations.

 

- Under the DirtyBit column there is no indication of a Dirty Bit

 

 

Checkdisk of C: (Read only mode) started !

Started on : 2014/11/08 12:08:52

The type of the file system is NTFS.
Volume label is OS.
WARNING! F parameter not specified.
Running CHKDSK in read-only mode.
CHKDSK is verifying files (stage 1 of 3)...
  327168 file records processed.
File verification completed.
  333 large file records processed.
  0 bad file records processed.
  0 EA records processed.
  46 reparse records processed.
CHKDSK is verifying indexes (stage 2 of 3)...
  370656 index entries processed.
Index verification completed.
  0 unindexed files scanned.
  0 unindexed files recovered.
CHKDSK is verifying security descriptors (stage 3 of 3)...
  327168 file SDs/SIDs processed.
Security descriptor verification completed.
  21745 data files processed.
CHKDSK is verifying Usn Journal...
  34172152 USN bytes processed.
Usn Journal verification completed.
Windows has checked the file system and found no problems.
  709813247 KB total disk space.
  44677484 KB in 130355 files.
  82364 KB in 21746 indexes.
  0 KB in bad sectors.
  451295 KB in use by the system.
  65536 KB occupied by the log file.
  664602104 KB available on disk.
  4096 bytes in each allocation unit.
  177453311 total allocation units on disk.
  166150526 allocation units available on disk.

Checkdisk of C: (Read only mode) completed !

Ended on : 2014/11/08 12:09:50

Time elapsed : 58 seconds
 



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:51 PM

Posted 08 November 2014 - 05:16 PM

Looks good again.

Could you please boot into Safe Mode and tell me if boot up and shutdown are normal.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Tumbo

Tumbo
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:51 PM

Posted 08 November 2014 - 05:24 PM

Boot up and shutdown seem normal in Safe Mode.  (I haven't restarted the machine in normal mode yet...it is still off...I will await your next instructions).  Dana



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,414 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:51 PM

Posted 08 November 2014 - 05:28 PM

Hi Dana,

Very good. Don't try to boot into Normal Boot yet but instead please do this.

===================================================

Clean Boot

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • Click the General tab then click Selective Startup
  • Check Load system services
  • Uncheck Load Startup Items

2440069.png

  • Click the Services tab
  • Click to select the Hide All Microsoft Services check box
  • Click Disable All, and then click OK
  • When you are prompted, click Restart and boot into Normal Mode
  • Check your boot up and shutdown
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Tumbo

Tumbo
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:51 PM

Posted 08 November 2014 - 05:36 PM

Note:  when I tried to start the computer this time to boot into Safe Mode to follow your instructions all I got was a light black screen and nothing.  After waiting for a little while I had to manually power-down and try again.  This time I was able to boot into Safe Mode and follow your instructions.

 

 

I then followed your instructions above, went fine, but when the machine restarted it is back to the light completely black screen.  I have it there right now.....I will await your instructions.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users