Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013 Ran by SYSTEM on MININT-7K2CRKE on 16-11-2013 16:43:03 Running from J:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [GamecomSound] - C:\Program Files\Plantronics\GameCom780\GameCom780.exe [777448 2011-12-01] () HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [472984 2013-06-03] (Adobe Systems Incorporated) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation) HKLM\...\Run: [MsmqIntCert] - regsvr32 /s mqrt.dll HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-10-17] (NVIDIA Corporation) HKLM\...\Run: [UMonit] - C:\Windows\SysWOW64\UMonit.exe [49152 1999-12-31] () HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 1999-12-31] (Realtek Semiconductor) HKLM\...\Run: [ShadowPlay] - C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation) HKLM-x32\...\Run: [jmekey] - C:\Program Files (x86)\jmesoft\hotkey.exe [114688 2009-07-16] (JME) HKLM-x32\...\Run: [ModeSwitch] - C:\Program Files\Lenovo\Power Dial\LitModeSwitch.exe [163840 2009-09-27] (Lenovo) HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink) HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [IdeaNotesUser] - C:\Program Files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe [221872 2009-08-24] (Digital Delivery Networks, Inc.) HKLM-x32\...\Run: [SetDefaultSCR] - C:\Program Files (x86)\Lenovo\Lenovo Screensaver\SetDefaultSCR.exe [102400 2009-12-30] (Lenovo) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [1960448 2013-04-05] (Dominik Reichl) HKLM-x32\...\Run: [Aeria Ignite] - C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment) HKLM-x32\...\Run: [ROCCAT Savu Gaming Mouse] - C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe [872048 2012-09-10] (ROCCAT GmbH) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2345296 2013-10-01] (LogMeIn Inc.) HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [kxesc] - "c:\program files (x86)\kingsoft\kingsoft antiviruskxetray.exe" -autorun HKU\Default\...\RunOnce: [WLStart] - C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [768336 2009-07-26] (Microsoft Corporation) HKU\Default User\...\RunOnce: [WLStart] - C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [768336 2009-07-26] (Microsoft Corporation) HKU\Krystal\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20133824 2013-09-25] (Google) HKU\Krystal\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation) HKU\Krystal\...\Run: [Akamai NetSession Interface] - C:\Users\Krystal\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKU\Krystal\...\Run: [F.lux] - C:\Users\Krystal\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC) HKU\Krystal\...\Run: [AdobeBridge] - [x] HKU\Krystal\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd) HKU\Krystal\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759384 2013-07-08] (Sandboxie Holdings, LLC) HKU\Krystal\...\Run: [Advanced SystemCare 6] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-04-18] (IObit) HKU\Krystal\...\Run: [Copy] - C:\Users\Krystal\AppData\Roaming\Copy\CopyAgent.exe [15644704 2013-09-19] (Barracuda Networks, Inc.) HKU\UpdatusUser\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [20133824 2013-09-25] (Google) HKU\UpdatusUser\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation) HKU\UpdatusUser\...\Run: [Akamai NetSession Interface] - C:\Users\Krystal\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.) HKU\UpdatusUser\...\Run: [F.lux] - "C:\Users\Krystal\Local Settings\Apps\F.lux\flux.exe" /noshow HKU\UpdatusUser\...\Run: [AdobeBridge] - [x] HKU\UpdatusUser\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd) HKU\UpdatusUser\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759384 2013-07-08] (Sandboxie Holdings, LLC) HKU\UpdatusUser\...\Run: [Advanced SystemCare 6] - C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-04-18] (IObit) HKU\UpdatusUser\...\RunOnce: [WLStart] - C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [768336 2009-07-26] (Microsoft Corporation) ==================== Services (Whitelisted) ================= S2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [574272 2013-04-18] (IObit) S2 CEEBC40A-FDED-4C59-B354-939132350B01; C:\Program Files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe [96752 2009-10-12] () S2 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2013-05-08] (Fork Ltd.) S2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation) S4 LenovoCOMSvc; C:\Program Files\Lenovo\Power Dial\LenovoCOMSvc.exe [49152 2009-09-30] (Lenovo) S3 LitModeCtrl; C:\Program Files\Lenovo\Power Dial\LitModeCtrl.exe [81920 2009-09-27] (Lenovo) S2 MpfService; C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe [895696 2009-10-27] (McAfee, Inc.) S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation) S2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-13] (Microsoft Corporation) S2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-20] (Microsoft Corporation) S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-17] (NVIDIA Corporation) S2 PnkBstrA; C:\windows\SysWow64\PnkBstrA.exe [76888 2013-08-20] () S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [183896 2013-07-08] (Sandboxie Holdings, LLC) S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [754584 2013-06-24] (Tunngle.net GmbH) S2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation) S2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [x] ==================== Drivers (Whitelisted) ==================== S2 aswFsBlk; No ImagePath S0 aswRvrt; No ImagePath S1 aswSnx; No ImagePath S1 aswSP; No ImagePath S1 aswTdi; No ImagePath S0 aswVmm; No ImagePath S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-07-04] (Disc Soft Ltd) S3 GeneStor; C:\Windows\System32\DRIVERS\GeneStor.sys [58368 1999-12-31] (GenesysLogic) S3 hidusbf; C:\Windows\System32\DRIVERS\hidusbf.sys [7808 2009-10-19] (SweetLow) S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation) S3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-13] (Microsoft Corporation) S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation) S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-27] (NVIDIA Corporation) S3 PlantronicsGC; C:\Windows\System32\drivers\PLTGC.sys [1327104 2011-11-04] (C-Media Electronics Inc) S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation ) S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [40696 2013-05-17] (Windows (R) Win 7 DDK provider) S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [199384 2013-07-08] (Sandboxie Holdings, LLC) S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-11-02] () S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) S2 aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys [x] S1 aswRdr; \SystemRoot\System32\Drivers\aswrdr2.sys [x] S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [x] S3 ksapi64; \??\C:\windows\system32\drivers\ksapi64.sys [x] S3 sf; \??\C:\AeriaGames\SoldierFront\avital\soldierf64.sys [x] S3 X6va012; \??\C:\windows\SysWOW64\Drivers\X6va012 [x] S3 xhunter1; \??\C:\windows\xhunter1.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-12 21:27 - 2013-11-12 21:27 - 00000000 ____D C:\Windows\System32\config\HiveBackup 2013-11-03 00:18 - 2013-11-03 00:18 - 00000000 ____D C:\FRST 2013-11-01 23:22 - 2013-11-01 23:22 - 00000000 ____D C:\Users\Krystal\Desktop\Nagi No Asukara OP - lul soshite bokura wa [Single] 2013-11-01 22:41 - 2013-11-01 22:42 - 43000903 _____ C:\Users\Krystal\Desktop\Nagi No Asukara OP - lul soshite bokura wa [Single].rar 2013-11-01 17:58 - 2013-11-01 18:10 - 00000000 ____D C:\Program Files (x86)\StAPH 2013-11-01 09:30 - 2013-11-01 09:30 - 00008912 _____ C:\Windows\PFRO.log 2013-10-31 14:28 - 2013-11-02 09:23 - 00001736 _____ C:\Windows\setupact.log 2013-10-31 14:28 - 2013-10-31 14:28 - 00000000 _____ C:\Windows\setuperr.log 2013-10-29 17:41 - 2013-10-23 02:30 - 30344480 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll 2013-10-29 17:41 - 2013-10-23 02:30 - 25257248 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll 2013-10-29 17:41 - 2013-10-23 02:30 - 22933792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2013-10-29 17:41 - 2013-10-23 02:30 - 18199872 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll 2013-10-29 17:41 - 2013-10-23 02:30 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2013-10-29 17:41 - 2013-10-23 02:30 - 12572960 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys 2013-10-29 17:41 - 2013-10-23 02:30 - 11426568 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll 2013-10-29 17:41 - 2013-10-23 02:30 - 11374520 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll 2013-10-29 17:41 - 2013-10-23 02:30 - 09524088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2013-10-29 17:41 - 2013-10-23 02:30 - 09480328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2013-10-29 17:41 - 2013-10-23 02:30 - 03131680 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll 2013-10-29 17:41 - 2013-10-23 02:30 - 03124512 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll 2013-10-29 17:41 - 2013-10-23 02:30 - 02946848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2013-10-29 17:41 - 2013-10-23 02:30 - 02747168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2013-10-29 17:41 - 2013-10-23 02:30 - 01884448 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6433165.dll 2013-10-29 17:41 - 2013-10-23 02:30 - 01511712 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6433165.dll 2013-10-29 17:41 - 2013-10-23 02:30 - 00696096 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll 2013-10-29 17:41 - 2013-10-23 02:30 - 00655136 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll 2013-10-29 17:41 - 2013-10-23 02:30 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2013-10-29 17:41 - 2013-10-23 02:30 - 00560416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2013-10-29 17:41 - 2013-06-16 04:38 - 00196384 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys 2013-10-29 17:41 - 2013-06-16 04:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll 2013-10-29 17:41 - 2013-01-29 00:35 - 01510176 _____ (NVIDIA Corporation) C:\Windows\System32\nvhdagenco64.dll 2013-10-29 17:15 - 2013-10-17 17:36 - 01063200 _____ (NVIDIA Corporation) C:\Windows\System32\nvspcap64.dll 2013-10-29 17:15 - 2013-10-17 17:36 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2013-10-29 17:14 - 2013-09-27 15:01 - 00039200 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvvad64v.sys 2013-10-29 17:14 - 2013-09-27 15:01 - 00028960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2013-10-27 16:36 - 2013-10-27 16:36 - 17382076 _____ C:\Users\Krystal\Documents\130901 Sistar Bora Dance Performance.mp4 2013-10-26 23:10 - 2013-10-30 23:13 - 00000000 ____D C:\Users\Krystal\Documents\KDrama 2013-10-26 15:30 - 2013-10-26 21:26 - 00000000 ____D C:\ProgramData\Kingsoft 2013-10-26 15:30 - 2013-10-26 21:25 - 00000000 ____D C:\Users\Krystal\AppData\Roaming\shoujizhushou 2013-10-26 15:30 - 2013-10-26 15:30 - 00000000 __SHD C:\KRECYCLE 2013-10-26 15:29 - 2013-10-27 09:36 - 00000000 ____D C:\Program Files (x86)\kingsoft 2013-10-26 15:29 - 2013-10-26 15:29 - 00000000 ____D C:\Users\Krystal\.android 2013-10-26 15:29 - 2013-10-26 15:29 - 00000000 ____D C:\baidu player 2013-10-26 15:27 - 2013-10-26 15:27 - 00000305 _____ C:\Windows\SysWOW64\bdsecushr.dat 2013-10-26 15:27 - 2013-10-26 15:27 - 00000000 ____D C:\Users\Krystal\AppData\Roaming\Baidu 2013-10-26 15:26 - 2013-10-26 17:17 - 00000000 ____D C:\ProgramData\Baidu 2013-10-25 23:33 - 2013-10-25 23:32 - 00062370 _____ C:\Users\Krystal\Downloads\Good Doctor - EP9.srt 2013-10-24 06:23 - 2013-10-24 18:59 - 00068831 _____ C:\Users\Krystal\Downloads\[BakaBT.167593v0] [Coalgirls]_Durarara!!_(1920x1080_Blu-ray_FLAC).torrent 2013-10-23 02:02 - 2013-10-23 02:02 - 00589600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2013-10-20 09:44 - 2013-10-20 09:44 - 00000000 ____D C:\ProgramData\Oracle 2013-10-20 09:43 - 2013-10-08 06:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-10-20 09:43 - 2013-10-08 06:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-10-20 09:43 - 2013-10-08 06:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-10-20 09:43 - 2013-10-08 06:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-10-20 09:42 - 2013-10-20 09:43 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log 2013-10-18 23:18 - 2010-02-23 00:16 - 00294912 _____ (Microsoft Corporation) C:\Windows\System32\browserchoice.exe ==================== One Month Modified Files and Folders ======= 2013-11-12 21:27 - 2013-11-12 21:27 - 00000000 ____D C:\Windows\System32\config\HiveBackup 2013-11-03 00:18 - 2013-11-03 00:18 - 00000000 ____D C:\FRST 2013-11-02 19:22 - 2013-05-19 14:19 - 00000000 ____D C:\Users\Krystal\Desktop\Resources 2013-11-02 11:00 - 2010-05-28 17:40 - 00005619 _____ C:\Windows\System32\Config.MPF 2013-11-02 11:00 - 2010-05-28 17:25 - 01655402 _____ C:\Windows\WindowsUpdate.log 2013-11-02 11:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\inetsrv 2013-11-02 10:58 - 2013-10-08 17:13 - 00000414 _____ C:\Windows\Tasks\SlimDrivers Startup.job 2013-11-02 10:29 - 2013-05-26 21:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-11-02 10:27 - 2013-05-19 13:16 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DCCD4320-E4C3-4B8A-8BBD-38B2B7003D79} 2013-11-02 10:15 - 2013-05-19 12:49 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-11-02 09:48 - 2013-10-16 17:10 - 00000000 ____D C:\Users\Krystal\AppData\Roaming\Copy 2013-11-02 09:48 - 2013-06-29 00:19 - 00000000 ____D C:\Users\Krystal\AppData\Local\LogMeIn Hamachi 2013-11-02 09:48 - 2013-05-19 09:46 - 00000000 ____D C:\Program Files (x86)\Steam 2013-11-02 09:38 - 2013-05-28 21:08 - 00000000 ____D C:\Users\Krystal\AppData\Local\Adobe 2013-11-02 09:31 - 2009-07-13 20:45 - 00017952 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-02 09:31 - 2009-07-13 20:45 - 00017952 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-02 09:26 - 2013-10-08 17:13 - 00002844 _____ C:\Windows\System32\Tasks\SlimDrivers Startup 2013-11-02 09:25 - 2013-05-19 13:47 - 00000000 ___RD C:\Users\Krystal\Google Drive 2013-11-02 09:25 - 2013-05-19 13:10 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-11-02 09:24 - 2013-05-19 12:49 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-11-02 09:23 - 2013-10-31 14:28 - 00001736 _____ C:\Windows\setupact.log 2013-11-02 09:23 - 2013-10-08 17:13 - 00016152 _____ C:\Windows\System32\Drivers\SWDUMon.sys 2013-11-02 09:22 - 2010-05-28 17:34 - 00000000 ____D C:\ProgramData\NVIDIA 2013-11-02 09:22 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-01 23:40 - 2013-06-01 11:19 - 00000000 ____D C:\Users\Krystal\AppData\Roaming\uTorrent 2013-11-01 23:40 - 2013-05-28 16:29 - 00000000 ____D C:\Users\Krystal\AppData\Roaming\vlc 2013-11-01 23:22 - 2013-11-01 23:22 - 00000000 ____D C:\Users\Krystal\Desktop\Nagi No Asukara OP - lul soshite bokura wa [Single] 2013-11-01 22:42 - 2013-11-01 22:41 - 43000903 _____ C:\Users\Krystal\Desktop\Nagi No Asukara OP - lul soshite bokura wa [Single].rar 2013-11-01 22:25 - 2013-06-23 17:13 - 00000000 ____D C:\Users\Krystal\Documents\Anime 2013-11-01 18:59 - 2013-06-20 22:41 - 00000000 ____D C:\Users\Krystal\AppData\Local\PMB Files 2013-11-01 18:59 - 2013-06-20 22:41 - 00000000 ____D C:\ProgramData\PMB Files 2013-11-01 18:10 - 2013-11-01 17:58 - 00000000 ____D C:\Program Files (x86)\StAPH 2013-11-01 17:08 - 2013-08-05 19:04 - 00001654 _____ C:\Windows\Sandboxie.ini 2013-11-01 16:09 - 2013-06-20 22:55 - 00000000 ____D C:\Users\Krystal\Documents\Running Man 2013-11-01 09:30 - 2013-11-01 09:30 - 00008912 _____ C:\Windows\PFRO.log 2013-11-01 09:29 - 2013-05-19 12:47 - 00000000 ____D C:\users\Krystal 2013-11-01 00:00 - 2013-05-19 12:48 - 00000320 _____ C:\Windows\Tasks\McQcTask.job 2013-10-31 14:28 - 2013-10-31 14:28 - 00000000 _____ C:\Windows\setuperr.log 2013-10-30 23:13 - 2013-10-26 23:10 - 00000000 ____D C:\Users\Krystal\Documents\KDrama 2013-10-29 22:28 - 2013-06-23 23:05 - 00000000 ____D C:\Users\Krystal\Documents\Txt Files 2013-10-29 17:44 - 2013-08-20 13:03 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2013-10-29 17:43 - 2013-08-20 13:03 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2013-10-29 17:15 - 2013-08-20 13:02 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2013-10-29 13:17 - 2009-07-13 21:08 - 00032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-10-27 16:36 - 2013-10-27 16:36 - 17382076 _____ C:\Users\Krystal\Documents\130901 Sistar Bora Dance Performance.mp4 2013-10-27 09:36 - 2013-10-26 15:29 - 00000000 ____D C:\Program Files (x86)\kingsoft 2013-10-26 21:26 - 2013-10-26 15:30 - 00000000 ____D C:\ProgramData\Kingsoft 2013-10-26 21:25 - 2013-10-26 15:30 - 00000000 ____D C:\Users\Krystal\AppData\Roaming\shoujizhushou 2013-10-26 17:17 - 2013-10-26 15:26 - 00000000 ____D C:\ProgramData\Baidu 2013-10-26 15:30 - 2013-10-26 15:30 - 00000000 __SHD C:\KRECYCLE 2013-10-26 15:29 - 2013-10-26 15:29 - 00000000 ____D C:\Users\Krystal\.android 2013-10-26 15:29 - 2013-10-26 15:29 - 00000000 ____D C:\baidu player 2013-10-26 15:27 - 2013-10-26 15:27 - 00000305 _____ C:\Windows\SysWOW64\bdsecushr.dat 2013-10-26 15:27 - 2013-10-26 15:27 - 00000000 ____D C:\Users\Krystal\AppData\Roaming\Baidu 2013-10-25 23:32 - 2013-10-25 23:33 - 00062370 _____ C:\Users\Krystal\Downloads\Good Doctor - EP9.srt 2013-10-25 21:26 - 2013-05-23 18:06 - 00000000 ____D C:\Users\Krystal\AppData\Roaming\Skype 2013-10-25 16:48 - 2013-05-20 05:33 - 00000000 ____D C:\AeriaGames 2013-10-24 18:59 - 2013-10-24 06:23 - 00068831 _____ C:\Users\Krystal\Downloads\[BakaBT.167593v0] [Coalgirls]_Durarara!!_(1920x1080_Blu-ray_FLAC).torrent 2013-10-23 17:56 - 2009-07-13 21:13 - 00932048 _____ C:\Windows\System32\PerfStringBackup.INI 2013-10-23 02:30 - 2013-10-29 17:41 - 30344480 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll 2013-10-23 02:30 - 2013-10-29 17:41 - 25257248 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll 2013-10-23 02:30 - 2013-10-29 17:41 - 22933792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2013-10-23 02:30 - 2013-10-29 17:41 - 18199872 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll 2013-10-23 02:30 - 2013-10-29 17:41 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2013-10-23 02:30 - 2013-10-29 17:41 - 12572960 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys 2013-10-23 02:30 - 2013-10-29 17:41 - 11426568 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll 2013-10-23 02:30 - 2013-10-29 17:41 - 11374520 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll 2013-10-23 02:30 - 2013-10-29 17:41 - 09524088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2013-10-23 02:30 - 2013-10-29 17:41 - 09480328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2013-10-23 02:30 - 2013-10-29 17:41 - 03131680 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll 2013-10-23 02:30 - 2013-10-29 17:41 - 03124512 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll 2013-10-23 02:30 - 2013-10-29 17:41 - 02946848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2013-10-23 02:30 - 2013-10-29 17:41 - 02747168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2013-10-23 02:30 - 2013-10-29 17:41 - 01884448 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6433165.dll 2013-10-23 02:30 - 2013-10-29 17:41 - 01511712 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6433165.dll 2013-10-23 02:30 - 2013-10-29 17:41 - 00696096 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll 2013-10-23 02:30 - 2013-10-29 17:41 - 00655136 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll 2013-10-23 02:30 - 2013-10-29 17:41 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2013-10-23 02:30 - 2013-10-29 17:41 - 00560416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2013-10-23 02:30 - 2013-10-08 17:22 - 15855568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2013-10-23 02:30 - 2013-10-08 17:22 - 02695200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2013-10-23 02:30 - 2013-08-20 13:03 - 00061216 _____ (Khronos Group) C:\Windows\System32\OpenCL.dll 2013-10-23 02:30 - 2013-08-20 13:03 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2013-10-23 02:30 - 2013-08-20 13:02 - 00023287 _____ C:\Windows\System32\nvinfo.pb 2013-10-23 02:30 - 2009-09-20 19:12 - 18286416 _____ (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll 2013-10-23 02:30 - 2009-09-20 19:12 - 15212336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2013-10-23 02:30 - 2009-09-20 19:12 - 03067560 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll 2013-10-23 02:02 - 2013-10-23 02:02 - 00589600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2013-10-23 00:20 - 2009-09-08 11:53 - 03489568 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll 2013-10-23 00:20 - 2009-09-08 11:53 - 00922912 _____ (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe 2013-10-23 00:20 - 2009-09-08 11:53 - 00219424 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll 2013-10-23 00:20 - 2009-09-08 11:53 - 00063776 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll 2013-10-23 00:20 - 2009-09-08 11:52 - 06669600 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll 2013-10-20 14:16 - 2009-07-25 18:01 - 00000000 ____D C:\Windows\Panther 2013-10-20 09:44 - 2013-10-20 09:44 - 00000000 ____D C:\ProgramData\Oracle 2013-10-20 09:43 - 2013-10-20 09:42 - 00004746 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log 2013-10-20 09:43 - 2013-05-19 08:42 - 00000000 ____D C:\Program Files (x86)\Java 2013-10-19 19:47 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF 2013-10-18 17:19 - 2013-05-19 12:50 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-10-17 17:36 - 2013-10-29 17:15 - 01063200 _____ (NVIDIA Corporation) C:\Windows\System32\nvspcap64.dll 2013-10-17 17:36 - 2013-10-29 17:15 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2013-10-17 16:30 - 2013-10-16 20:00 - 00000000 ____D C:\Program Files\Aegisub 2013-10-17 16:30 - 2013-10-08 14:59 - 00000000 ____D C:\Windows\Minidump 2013-10-17 16:30 - 2013-05-20 05:33 - 00000000 ____D C:\Users\Krystal\AppData\Local\Akamai 2013-10-17 16:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 10% Total physical RAM: 8126.52 MB Available physical RAM: 7276.11 MB Total Pagefile: 8124.67 MB Available Pagefile: 7271.34 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:906.34 GB) (Free:414.12 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive j: (KRYSTAL) (Removable) (Total:3.73 GB) (Free:2.69 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 7970D5B7) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=906 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=25 GB) - (Type=12) ======================================================== Disk: 5 (Size: 4 GB) (Disk ID: 500A0DFF) No partition Table on disk 5. LastRegBack: 2013-10-31 16:14 ==================== End Of Log ============================