Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-09-2013 02 Ran by SYSTEM on MININT-O980G1A on 02-10-2013 22:46:39 Running from G:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [] - [x] HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation) HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation) HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated) HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597928 2010-12-13] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation) HKLM\...\Run: [Eraser] - C:\PROGRA~1\Eraser\Eraser.exe [980920 2012-05-21] (The Eraser Project) HKLM-x32\...\Run: [TSleepSrv] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA) HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-29] (TOSHIBA Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [EaseUS EPM tray] - C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe [2086984 2012-11-28] (CHENGDU YIWO Tech Development Co., Ltd) HKLM-x32\...\Run: [BigPondWirelessBroadbandCM] - C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe [6215288 2012-10-15] (Telstra) HKU\Ben\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung) ==================== Services (Whitelisted) ================= S2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation) S2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-02-18] (Nero AG) S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [529704 2008-02-28] (Nero AG) S2 PLFlash DeviceIoControl Service; C:\windows\SysWOW64\IoctlSvc.exe [81920 2006-12-18] (Prolific Technology Inc.) S2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [326544 2012-06-03] (Sierra Wireless, Inc.) ==================== Drivers (Whitelisted) ==================== S3 ATIAVPCI; C:\Windows\System32\DRIVERS\atinavrr.sys [1557376 2009-10-06] (ATI Technologies Inc.) S3 AtiIrRcvr; C:\Windows\System32\DRIVERS\aticir.sys [26496 2009-10-06] (ATI Technologies Inc.) S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130903.002\BHDrvx64.sys [1525336 2013-09-03] (Symantec Corporation) S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130903.002\BHDrvx64.sys [1525336 2013-09-03] (Symantec Corporation) S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation) S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-28] (Symantec Corporation) S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-28] (Symantec Corporation) S3 epmntdrv; C:\windows\system32\epmntdrv.sys [17480 2012-12-20] () S3 epmntdrv; C:\windows\system32\epmntdrv.sys [17480 2012-12-20] () S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-28] (Symantec Corporation) S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [9800 2012-12-20] () S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [9800 2012-12-20] () S3 FsUsbExDisk; C:\windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-03-20] () S3 FsUsbExDisk; C:\windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-03-20] () S3 massfilter_lte; C:\windows\system32\drivers\massfilter_lte.sys [18456 2012-01-04] (HandSet Incorporated) S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation) S1 SRTSPX; C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation) S3 swg3kser00; C:\Windows\System32\DRIVERS\swg3kser00.sys [259328 2012-09-05] (Sierra Wireless Incorporated) S3 swiwdmbx; C:\Windows\System32\DRIVERS\swiwdmbx64.sys [108800 2012-09-05] (Sierra Wireless Inc.) S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [300544 2012-09-05] (Sierra Wireless Inc.) S0 SymDS; C:\Windows\System32\drivers\N360x64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation) S0 SymEFA; C:\Windows\System32\drivers\N360x64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation) S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-20] (Symantec Corporation) S1 SymIRON; C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation) S1 SymNetS; C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation) S5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2012-01-04] (Huawei Technologies Co., Ltd.) S1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130912.001\IDSvia64.sys [x] S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130912.018\ENG64.SYS [x] S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130912.018\EX64.SYS [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-02 22:46 - 2013-10-02 22:46 - 00000000 ____D C:\FRST 2013-10-01 01:31 - 2013-10-01 01:31 - 00028672 _____ C:\BCD_Backup 2013-10-01 01:31 - 2013-10-01 01:31 - 00025600 ___SH C:\BCD_Backup.LOG 2013-09-30 17:56 - 2013-09-30 17:56 - 00000073 _____ C:\Windows\{e202b265-db16-4c04-a9ab-5763720eb4bb} 2013-09-30 17:43 - 2013-09-30 17:43 - 00000073 _____ C:\Windows\{67f021f2-37e8-47fc-8898-593b44aee455} 2013-09-30 16:39 - 2013-09-30 16:39 - 00000073 _____ C:\Windows\{ab9c1ada-d77c-4f55-8382-eb9c5e98ea6c} 2013-09-30 16:12 - 2013-09-30 17:56 - 02256256 __RSH C:\$UGM 2013-09-30 16:12 - 2013-09-30 16:12 - 00000073 _____ C:\Windows\{5161901b-469d-4560-bffc-6918be1848a1} 2013-09-18 23:52 - 2013-09-18 23:52 - 00000000 ____D C:\Users\Ben\AppData\Local\{C5281DD0-684E-4083-94A2-75C25E2C3D8B} 2013-09-18 06:49 - 2013-09-19 16:34 - 00000336 _____ C:\Windows\setupact.log 2013-09-18 06:49 - 2013-09-18 06:49 - 00000000 _____ C:\Windows\setuperr.log 2013-09-17 23:48 - 2013-09-17 23:51 - 00000000 ____D C:\Users\Ben\AppData\Local\{9B3C9615-C9C8-4FCC-98F4-E5F6BE809F27} 2013-09-17 17:48 - 2013-09-17 17:48 - 00000000 ____D C:\Users\Ben\AppData\Local\{08D67764-C24C-4C5E-BCF7-709D027049B2} 2013-09-15 23:44 - 2013-09-15 23:44 - 00000000 ____D C:\Users\Ben\AppData\Local\{ED8073F3-BDF0-4604-BDAD-8CE2C85E4C95} 2013-09-15 01:03 - 2013-09-15 01:03 - 00000000 ____D C:\Users\Ben\AppData\Local\{6E838B9A-7668-4AAD-8085-610D5180F63C} 2013-09-14 20:11 - 2013-09-14 20:11 - 00000000 ____D C:\Users\Ben\AppData\Local\{FAA769E1-EAF4-4B7B-B5E2-14374A8A0A30} 2013-09-14 00:05 - 2013-09-14 00:06 - 00000000 ____D C:\Users\Ben\AppData\Local\{90E25535-509F-474C-9754-31A223810369} 2013-09-12 22:10 - 2013-09-12 22:10 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 2013-09-12 17:36 - 2013-08-09 21:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-09-12 17:36 - 2013-08-09 21:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-09-12 17:36 - 2013-08-09 21:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-09-12 17:36 - 2013-08-09 21:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-09-12 17:36 - 2013-08-09 21:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-09-12 17:36 - 2013-08-09 21:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-09-12 17:36 - 2013-08-09 21:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-09-12 17:36 - 2013-08-09 21:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-09-12 17:36 - 2013-08-09 21:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-09-12 17:36 - 2013-08-09 21:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-09-12 17:36 - 2013-08-09 21:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-09-12 17:36 - 2013-08-09 21:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-09-12 17:36 - 2013-08-09 21:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-09-12 17:36 - 2013-08-09 21:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-09-12 17:36 - 2013-08-09 19:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-09-12 17:36 - 2013-08-09 19:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-09-12 17:36 - 2013-08-09 19:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-09-12 17:36 - 2013-08-09 19:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-09-12 17:36 - 2013-08-09 19:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-09-12 17:36 - 2013-08-09 19:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-09-12 17:36 - 2013-08-09 19:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-09-12 17:36 - 2013-08-09 19:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-09-12 17:36 - 2013-08-09 19:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-09-12 17:36 - 2013-08-09 19:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-09-12 17:36 - 2013-08-09 19:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-09-12 17:36 - 2013-08-09 19:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-09-12 17:36 - 2013-08-09 19:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-09-12 17:36 - 2013-08-09 19:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-09-12 17:36 - 2013-08-09 19:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-09-12 17:36 - 2013-08-09 18:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-09-12 17:36 - 2013-08-09 18:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-09-12 17:28 - 2013-09-12 17:30 - 00000000 ____D C:\Users\Ben\AppData\Local\{AA2B8596-E31F-4199-BE0F-5EF5ADFCADFB} 2013-09-11 00:37 - 2013-09-11 00:37 - 00000000 ____D C:\Program Files (x86)\FileNet 2013-09-11 00:36 - 2013-09-11 00:37 - 00000000 ____D C:\Informed 2013-09-11 00:36 - 2013-09-11 00:36 - 00001740 _____ C:\Users\Ben\Desktop\e-Record 6.lnk 2013-09-10 23:40 - 2013-08-04 18:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys 2013-09-10 23:39 - 2013-08-07 17:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-09-10 23:39 - 2013-08-01 18:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-09-10 23:39 - 2013-08-01 18:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll 2013-09-10 23:39 - 2013-08-01 18:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll 2013-09-10 23:39 - 2013-08-01 18:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll 2013-09-10 23:39 - 2013-08-01 18:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll 2013-09-10 23:39 - 2013-08-01 18:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2013-09-10 23:39 - 2013-08-01 18:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll 2013-09-10 23:39 - 2013-08-01 18:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2013-09-10 23:39 - 2013-08-01 18:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll 2013-09-10 23:39 - 2013-08-01 18:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll 2013-09-10 23:39 - 2013-08-01 18:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll 2013-09-10 23:39 - 2013-08-01 18:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 18:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 17:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-09-10 23:39 - 2013-08-01 17:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-09-10 23:39 - 2013-08-01 17:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-09-10 23:39 - 2013-08-01 17:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2013-09-10 23:39 - 2013-08-01 17:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2013-09-10 23:39 - 2013-08-01 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-09-10 23:39 - 2013-08-01 17:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2013-09-10 23:39 - 2013-08-01 17:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 17:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 17:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe 2013-09-10 23:39 - 2013-08-01 16:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe 2013-09-10 23:39 - 2013-08-01 16:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-09-10 23:39 - 2013-08-01 16:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-09-10 23:39 - 2013-08-01 16:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-09-10 23:39 - 2013-08-01 16:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-09-10 23:39 - 2013-08-01 16:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 16:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 16:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2013-09-10 23:39 - 2013-08-01 16:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2013-09-10 23:39 - 2013-07-25 18:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-09-10 23:39 - 2013-07-25 18:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-09-10 23:39 - 2013-07-25 17:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-09-10 23:39 - 2013-07-25 17:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-09-10 22:43 - 2013-09-10 22:43 - 00000000 ____D C:\Users\Ben\AppData\Local\{819FD092-06FB-4D6F-9D48-6D9F95F6C2A9} 2013-09-09 04:42 - 2013-09-09 04:42 - 00000000 ____D C:\Users\Ben\AppData\Local\{02FC6E9D-906C-4CC1-B000-77D1832914E9} 2013-09-09 02:16 - 2013-09-09 02:16 - 00000000 ____D C:\Users\Ben\AppData\Local\{E5AC389C-6473-44DD-8657-B39A53C76DFE} 2013-09-08 03:44 - 2013-09-08 03:45 - 00000000 ____D C:\Users\Ben\AppData\Local\{601AE288-EA6C-4709-B34E-6B613F6EB0E0} 2013-09-07 07:30 - 2013-09-07 07:31 - 00000000 ____D C:\Users\Ben\AppData\Local\{8F389114-8518-4811-905C-C765C60D933E} 2013-09-05 07:39 - 2013-09-05 07:39 - 00000000 ____D C:\Users\Public\Documents\CrashDump 2013-09-05 07:12 - 2013-06-20 16:07 - 00203672 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys 2013-09-04 23:21 - 2013-09-04 23:22 - 00000000 ____D C:\Users\Ben\AppData\Local\{B11621C9-6DA7-48B2-AFC7-74AB6447494F} 2013-09-03 04:14 - 2013-09-03 04:14 - 00000000 ____D C:\Users\Ben\AppData\Local\{A6DD5F7E-31F4-4F97-8967-37C0EB039A98} ==================== One Month Modified Files and Folders ======= 2013-10-02 22:46 - 2013-10-02 22:46 - 00000000 ____D C:\FRST 2013-10-01 01:31 - 2013-10-01 01:31 - 00028672 _____ C:\BCD_Backup 2013-10-01 01:31 - 2013-10-01 01:31 - 00025600 ___SH C:\BCD_Backup.LOG 2013-09-30 17:56 - 2013-09-30 17:56 - 00000073 _____ C:\Windows\{e202b265-db16-4c04-a9ab-5763720eb4bb} 2013-09-30 17:56 - 2013-09-30 16:12 - 02256256 __RSH C:\$UGM 2013-09-30 17:43 - 2013-09-30 17:43 - 00000073 _____ C:\Windows\{67f021f2-37e8-47fc-8898-593b44aee455} 2013-09-30 16:39 - 2013-09-30 16:39 - 00000073 _____ C:\Windows\{ab9c1ada-d77c-4f55-8382-eb9c5e98ea6c} 2013-09-30 16:12 - 2013-09-30 16:12 - 00000073 _____ C:\Windows\{5161901b-469d-4560-bffc-6918be1848a1} 2013-09-19 16:43 - 2012-04-09 04:49 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-19 16:36 - 2012-04-09 04:49 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-19 16:35 - 2012-04-06 23:30 - 00000000 ____D C:\ProgramData\NVIDIA 2013-09-19 16:35 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-19 16:34 - 2013-09-18 06:49 - 00000336 _____ C:\Windows\setupact.log 2013-09-19 16:22 - 2012-04-06 23:52 - 00002181 _____ C:\Users\Public\Desktop\Recovery Media Creator.lnk 2013-09-19 07:35 - 2013-03-03 02:08 - 01601828 _____ C:\Windows\WindowsUpdate.log 2013-09-19 04:15 - 2012-04-07 03:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-19 02:33 - 2009-07-13 20:45 - 00025120 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-19 02:33 - 2009-07-13 20:45 - 00025120 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-19 02:25 - 2013-05-05 03:56 - 00000000 ____D C:\Users\Ben\AppData\Roaming\Telstra 2013-09-19 02:21 - 2009-07-13 21:08 - 00032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-09-18 23:52 - 2013-09-18 23:52 - 00000000 ____D C:\Users\Ben\AppData\Local\{C5281DD0-684E-4083-94A2-75C25E2C3D8B} 2013-09-18 23:52 - 2012-04-09 08:57 - 00000000 ____D C:\Users\Ben\Tracing 2013-09-18 06:49 - 2013-09-18 06:49 - 00000000 _____ C:\Windows\setuperr.log 2013-09-18 05:28 - 2009-07-13 21:13 - 00005452 _____ C:\Windows\System32\PerfStringBackup.INI 2013-09-18 05:22 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2013-09-17 23:51 - 2013-09-17 23:48 - 00000000 ____D C:\Users\Ben\AppData\Local\{9B3C9615-C9C8-4FCC-98F4-E5F6BE809F27} 2013-09-17 17:48 - 2013-09-17 17:48 - 00000000 ____D C:\Users\Ben\AppData\Local\{08D67764-C24C-4C5E-BCF7-709D027049B2} 2013-09-15 23:44 - 2013-09-15 23:44 - 00000000 ____D C:\Users\Ben\AppData\Local\{ED8073F3-BDF0-4604-BDAD-8CE2C85E4C95} 2013-09-15 01:03 - 2013-09-15 01:03 - 00000000 ____D C:\Users\Ben\AppData\Local\{6E838B9A-7668-4AAD-8085-610D5180F63C} 2013-09-14 20:11 - 2013-09-14 20:11 - 00000000 ____D C:\Users\Ben\AppData\Local\{FAA769E1-EAF4-4B7B-B5E2-14374A8A0A30} 2013-09-14 01:04 - 2011-04-08 19:22 - 00000000 ____D C:\Windows\Panther 2013-09-14 01:03 - 2012-04-07 03:19 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-09-14 01:03 - 2012-04-07 03:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-09-14 01:03 - 2012-04-07 03:19 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-09-14 00:06 - 2013-09-14 00:05 - 00000000 ____D C:\Users\Ben\AppData\Local\{90E25535-509F-474C-9754-31A223810369} 2013-09-12 22:10 - 2013-09-12 22:10 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 2013-09-12 20:27 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-09-12 17:55 - 2009-07-13 20:45 - 00268856 _____ C:\Windows\System32\FNTCACHE.DAT 2013-09-12 17:36 - 2013-08-15 10:26 - 00000000 ____D C:\Windows\System32\MRT 2013-09-12 17:36 - 2012-04-07 08:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client 2013-09-12 17:34 - 2012-04-16 08:08 - 79143768 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-09-12 17:30 - 2013-09-12 17:28 - 00000000 ____D C:\Users\Ben\AppData\Local\{AA2B8596-E31F-4199-BE0F-5EF5ADFCADFB} 2013-09-11 00:37 - 2013-09-11 00:37 - 00000000 ____D C:\Program Files (x86)\FileNet 2013-09-11 00:37 - 2013-09-11 00:36 - 00000000 ____D C:\Informed 2013-09-11 00:36 - 2013-09-11 00:36 - 00001740 _____ C:\Users\Ben\Desktop\e-Record 6.lnk 2013-09-10 22:43 - 2013-09-10 22:43 - 00000000 ____D C:\Users\Ben\AppData\Local\{819FD092-06FB-4D6F-9D48-6D9F95F6C2A9} 2013-09-09 05:47 - 2012-05-21 09:34 - 00873472 ___SH C:\Users\Ben\Documents\Thumbs.db 2013-09-09 04:42 - 2013-09-09 04:42 - 00000000 ____D C:\Users\Ben\AppData\Local\{02FC6E9D-906C-4CC1-B000-77D1832914E9} 2013-09-09 02:16 - 2013-09-09 02:16 - 00000000 ____D C:\Users\Ben\AppData\Local\{E5AC389C-6473-44DD-8657-B39A53C76DFE} 2013-09-08 03:45 - 2013-09-08 03:44 - 00000000 ____D C:\Users\Ben\AppData\Local\{601AE288-EA6C-4709-B34E-6B613F6EB0E0} 2013-09-07 07:44 - 2012-04-09 04:50 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-09-07 07:31 - 2013-09-07 07:30 - 00000000 ____D C:\Users\Ben\AppData\Local\{8F389114-8518-4811-905C-C765C60D933E} 2013-09-05 07:39 - 2013-09-05 07:39 - 00000000 ____D C:\Users\Public\Documents\CrashDump 2013-09-05 07:14 - 2011-04-08 03:05 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-09-05 07:13 - 2013-04-08 05:40 - 00002017 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk 2013-09-05 07:13 - 2012-04-09 05:00 - 00000000 ____D C:\Program Files (x86)\Samsung 2013-09-05 07:13 - 2012-04-09 04:59 - 00000000 ____D C:\Users\Ben\AppData\Local\Downloaded Installations 2013-09-04 23:22 - 2013-09-04 23:21 - 00000000 ____D C:\Users\Ben\AppData\Local\{B11621C9-6DA7-48B2-AFC7-74AB6447494F} 2013-09-03 04:14 - 2013-09-03 04:14 - 00000000 ____D C:\Users\Ben\AppData\Local\{A6DD5F7E-31F4-4F97-8967-37C0EB039A98} ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 14% Total physical RAM: 4077.86 MB Available physical RAM: 3494.95 MB Total Pagefile: 4076.06 MB Available Pagefile: 3486.78 MB Total Virtual: 8192 MB Available Virtual: 8191.87 MB ==================== Drives ================================ Drive c: (S3A4489D001) (Fixed) (Total:683.78 GB) (Free:621.11 GB) NTFS Drive d: (System) (Fixed) (Total:1.46 GB) (Free:0.97 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive g: () (Removable) (Total:7.45 GB) (Free:0.65 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 5BC53D8B) Partition 1: (Active) - (Size=1 GB) - (Type=27) Partition 2: (Not Active) - (Size=684 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=13 GB) - (Type=17) ======================================================== Disk: 2 (Size: 7 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=7 GB) - (Type=0B) LastRegBack: 2013-09-12 20:19 ==================== End Of Log ============================