Group Policy Client Failed to Start (Was Unable To Run DDS)

[Law]

Hi, I have been having some problems with my laptop and it has recently slowed down tremendously. All this came about when Group Policy Client has failed to start on startup. I had a chat with one of your moderator (from https://www.sysnative.com/forums/wi...nf-corruptions-windows-8-8-1-a.html#post77563) and he told me to start a new thread here as I can't run the DDS on Windows 8 and the Security Check by screen317 did not seem to work as it stopped at "Preparing Done". I believe the link https://www.sysnative.com/forums/security-arena/2507-malware-removal-posting-instructions.html which was given to me is not going to work on a Windows 8.

I hope I have provided all that is needed for now. Please advice me!

Thanks a lot!!!

 

[Machiavelli]

Re: Unable To Run DDS

Hello and Welcome on board Law ,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:

• Removing Malware is usually very difficult.
  We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
• Please follow these instructions
  If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
• Please stay in contact with me until your problem is resolved
  As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
• Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
  Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
• Read my post completely
  If you don't do so, you may make mistakes that could result in your System crashing by your own actions!

---

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1​

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here

1. Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
2. Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
3. When the disclaimer appears, click Yes.
4. Click Scan to start FRST.
5. When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
6. Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

 

[Corrine]

Re: Unable To Run DDS

Hi, Law.

Yes, I need to update the instructions for Windows 8.1 since DDS does not work with it. However, from what I have researched, the problem with the Group Policy Client is not a malware issue. As a result, I'm moving this topic to the Windows 8 Forum.

Warning: Before making any changes to the registry, first back up the registry following the steps here: How to back up and restore the registry in Windows.

Next, carefully follow the illustrated instructions provided by Kapil, a Microsoft MVP in Windows - Consumer and a Microsoft Content Creator, at Fix: The Group Policy Client Service Failed The Logon In Windows 8, which also works with Windows 8.1.

Please let us know how you made out.

 

[Law]

Hi I am slightly confused now as I do not know whose advice to follow.

Anyway Corrine, I have tried the link - Fix: The Group Policy Client Service Failed The Logon In Windows 8 and I couldn't proceed after step 4. I received a message saying that "Data of type REG_MULTI_SZ cannot contain empty strings. Registry Editor will remove all empty strings found".

 

[Law]

Re: Unable To Run DDS

And also to Machiavelli, I have done what you told me to do so and here are the two logs

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2014
Ran by Lawry Lsw (administrator) on ROYAL on 20-07-2014 01:16:08
Running from C:\Users\Lawrence\Desktop
Platform: Windows 8.1 Single Language (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: [URL="http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/"]Downloading Farbar Recovery Scan Tool[/URL] 
Download link for 64-Bit Version: [URL="http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/"]Downloading Farbar Recovery Scan Tool[/URL] 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/URL]
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe.d8c7.deleteme
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Akamai Technologies, Inc.) C:\Users\Lawrence\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Lawrence\AppData\Local\Akamai\netsession_win.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
() C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\regedit.exe

==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtsFT] => RTFTrack.exe 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891592 2013-05-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13545032 2013-05-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [36352 2013-05-01] (Intel Corporation)
HKLM\...\Run: [UMonit64] => C:\windows\SysWOW64\UMonit64.exe [40960 2013-04-09] ()
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-15] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-10-12] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-10-12] (Lenovo(beijing) Limited)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-31] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-09] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-07] (Aeria Games & Entertainment)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-06-14] ( (Qualcomm®Atheros®))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-450748458-2682401420-2043914554-1002\...\Run: [GarenaPlus] => C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9935152 2014-06-25] ()
HKU\S-1-5-21-450748458-2682401420-2043914554-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Lawrence\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [168616 2013-12-20] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [168616 2013-12-20] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [141336 2013-12-20] (NVIDIA Corporation)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL="http://lenovo13.msn.com/?pc=LCJB"]MSN.com[/URL]
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [URL="http://www.lenovo.com"]Buy Computers Laptops & Tablets | For Those Who Do | Lenovo US[/URL]
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [URL="http://www.lenovo.com"]Buy Computers Laptops & Tablets | For Those Who Do | Lenovo US[/URL]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {F5FFD1E6-0FCD-4151-BFDF-6614F1963A57} URL = [URL="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB"]{searchTerms} - Bing[/URL]
SearchScopes: HKLM - {F5FFD1E6-0FCD-4151-BFDF-6614F1963A57} URL = [URL="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB"]{searchTerms} - Bing[/URL]
SearchScopes: HKLM-x32 - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = [URL]http://websearch.amaizingsearches.info/?l=1&q={searchTerms}&pid=2517&r=2014/04/24&hid=9531447268239634428&lg=EN&cc=MY&unqvl=51[/URL]
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = [URL]http://websearch.amaizingsearches.info/?l=1&q={searchTerms}&pid=2517&r=2014/04/24&hid=9531447268239634428&lg=EN&cc=MY&unqvl=51[/URL]
SearchScopes: HKLM-x32 - {F5FFD1E6-0FCD-4151-BFDF-6614F1963A57} URL = [URL="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB"]{searchTerms} - Bing[/URL]
SearchScopes: HKCU - DefaultScope {FCEAC75E-3562-4E41-88A1-6E2A5FB49358} URL = [URL="http://search.yahoo.com/search?fr=mcafee&type=A011US714&p={SearchTerms"]{SearchTerms - Yahoo Search Results[/URL]}
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = [URL]http://websearch.amaizingsearches.info/?l=1&q={searchTerms}&pid=2517&r=2014/04/24&hid=9531447268239634428&lg=EN&cc=MY&unqvl=51[/URL]
SearchScopes: HKCU - {F5FFD1E6-0FCD-4151-BFDF-6614F1963A57} URL = 
SearchScopes: HKCU - {FCEAC75E-3562-4E41-88A1-6E2A5FB49358} URL = [URL="http://search.yahoo.com/search?fr=mcafee&type=A011US714&p={SearchTerms"]{SearchTerms - Yahoo Search Results[/URL]}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @t.garena.com/garenatalk - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-11-25]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-11-25]
Chrome: 
=======
CHR DefaultSearchKeyword: google.com.au
CHR Extension: (Google Docs) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-02]
CHR Extension: (Google Drive) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-02]
CHR Extension: (YouTube) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-02]
CHR Extension: (Google Search) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-02]
CHR Extension: (Peter Bjorn and John) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmemmjoiahegfgfcenggecfhoedchfdl [2014-05-08]
CHR Extension: (SiteAdvisor) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-11-27]
CHR Extension: (AdBlock) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-02]
CHR Extension: (Google Wallet) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-02]
CHR Extension: (Gmail) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-02]
==================== Services (Whitelisted) =================
S2 0085211405696127mcinstcleanup; C:\WINDOWS\TEMP\008521~1.EXE [836168 2014-03-13] (McAfee, Inc.)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-06-12] (Perfect World Entertainment Inc)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-06-14] (Windows (R) Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-07-19] (Hi-Rez Studios) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-05-01] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-14] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-14] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-06-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-10-12] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-06-14] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-06-14] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-05] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22280 2013-05-16] (ELAN Microelectronic Corp.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
U3 mfehidk01; No ImagePath
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-06-18] (McAfee, Inc.)
U3 mfencbdc01; No ImagePath
U3 mfencbdc02; No ImagePath
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-06-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-22] (NVIDIA Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8243272 2013-03-15] (Realtek Semiconductor Corp.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2014-07-20 01:16 - 2014-07-20 01:16 - 00025168 _____ () C:\Users\Lawrence\Desktop\FRST.txt
2014-07-20 01:16 - 2014-07-20 01:16 - 00000000 ____D () C:\FRST
2014-07-20 01:15 - 2014-07-20 01:15 - 02089984 _____ (Farbar) C:\Users\Lawrence\Desktop\FRST64.exe
2014-07-19 20:02 - 2014-07-19 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-07-19 18:46 - 2014-07-19 18:46 - 00003023 _____ () C:\Users\Lawrence\Desktop\HiJackThis.lnk
2014-07-19 18:46 - 2014-07-19 18:46 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-07-19 18:46 - 2014-07-19 18:46 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-07-19 18:14 - 2014-07-19 18:14 - 01402880 _____ () C:\Users\Lawrence\Desktop\HijackThis.msi
2014-07-19 14:42 - 2014-07-19 14:42 - 00000003 _____ () C:\WINDOWS\system32\HRUPPROG.EXIT
2014-07-19 14:42 - 2014-07-19 14:42 - 00000002 _____ () C:\WINDOWS\system32\HRUPPROG.TXT
2014-07-17 19:14 - 2014-07-17 19:14 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-17 18:44 - 2014-07-17 18:44 - 00688992 _____ (Swearware) C:\Users\Lawrence\Desktop\dds.com
2014-07-17 17:51 - 2014-07-17 18:04 - 00000000 _____ () C:\WINDOWS\system32\1
2014-07-16 23:54 - 2014-07-17 00:47 - 00004978 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ROYAL-Lawry Lsw Royal
2014-07-16 23:34 - 2014-07-16 23:32 - 04605016 _____ () C:\Users\Lawrence\Desktop\cbs.txt
2014-07-16 23:14 - 2014-07-16 23:14 - 00002464 _____ () C:\Users\Lawrence\Desktop\SFCFix.txt
2014-07-16 23:13 - 2014-07-16 23:13 - 01296920 _____ () C:\Users\Lawrence\Desktop\SFCFix.zip
2014-07-16 01:49 - 2014-07-16 23:12 - 00566784 _____ (niemiro) C:\Users\Lawrence\Desktop\SFCFix.exe
2014-07-16 01:42 - 2014-07-16 23:14 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\niemiro
2014-07-16 01:42 - 2014-07-16 23:14 - 00000000 ____D () C:\SFCFix
2014-07-13 01:18 - 2014-07-13 01:18 - 00001052 _____ () C:\Users\Public\Desktop\Path of Exile.lnk
2014-07-13 01:13 - 2014-07-13 01:18 - 00000000 ____D () C:\Program Files (x86)\GarenaPoE
2014-07-12 16:15 - 2014-07-12 16:15 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Aeria Games
2014-07-12 16:14 - 2014-07-12 16:14 - 00000000 ____D () C:\ProgramData\Aeria Games
2014-07-12 16:12 - 2014-07-12 16:13 - 00000000 ___HD () C:\WINDOWS\msdownld.tmp
2014-07-12 16:12 - 2014-07-12 16:13 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2014-07-12 16:12 - 2014-07-12 16:12 - 00001701 _____ () C:\Users\Lawrence\Desktop\Aura Kingdom.lnk
2014-07-12 16:00 - 2014-07-12 16:00 - 00002055 _____ () C:\Users\Public\Desktop\Aeria Ignite.lnk
2014-07-12 16:00 - 2014-07-12 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
2014-07-12 16:00 - 2014-07-12 16:00 - 00000000 ____D () C:\Program Files (x86)\Aeria Games
2014-07-12 15:03 - 2014-07-12 15:05 - 00000000 ____D () C:\Users\Lawrence\Documents\InfiniteCrisis
2014-07-12 15:03 - 2014-07-12 15:03 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\InfiniteCrisis
2014-07-12 14:01 - 2014-07-12 14:01 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Turbine
2014-07-12 13:59 - 2014-07-12 15:00 - 00000000 ____D () C:\Program Files (x86)\InfiniteCrisis
2014-07-12 13:59 - 2014-07-12 13:59 - 00001107 _____ () C:\Users\Public\Desktop\InfiniteCrisis.lnk
2014-07-12 13:59 - 2014-07-12 13:59 - 00000000 ____D () C:\ProgramData\Turbine
2014-07-12 13:59 - 2014-07-12 13:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infinite Crisis
2014-07-12 13:49 - 2014-07-12 13:53 - 140770440 _____ () C:\Users\Lawrence\Downloads\InfiniteCrisis-GLOBAL_Setup.exe
2014-07-12 13:47 - 2014-07-12 13:47 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Akamai
2014-07-12 12:58 - 2014-07-12 16:00 - 00000000 ____D () C:\AeriaGames
2014-07-12 12:57 - 2014-07-12 12:57 - 00581656 _____ (Aeria Games & Entertainment) C:\Users\Lawrence\Downloads\aurakingdom_us_downloader.exe
2014-07-11 16:09 - 2014-07-11 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-11 16:09 - 2014-07-11 16:09 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-11 16:09 - 2014-07-11 16:09 - 00000000 ____D () C:\Program Files\iTunes
2014-07-11 16:09 - 2014-07-11 16:09 - 00000000 ____D () C:\Program Files\iPod
2014-07-11 16:09 - 2014-07-11 16:09 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-11 16:03 - 2014-07-11 16:05 - 113509200 _____ (Apple Inc.) C:\Users\Lawrence\Downloads\iTunes64Setup.exe
2014-07-11 16:02 - 2014-07-14 06:08 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-11 16:02 - 2014-07-11 16:02 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-07-10 09:53 - 2014-07-10 09:53 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-10 09:48 - 2014-07-10 09:48 - 939619854 _____ () C:\WINDOWS\MEMORY.DMP
2014-07-10 05:01 - 2014-04-14 13:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-10 00:42 - 2014-06-17 08:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-10 00:42 - 2014-06-17 08:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-10 00:42 - 2014-06-07 00:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-10 00:42 - 2014-05-30 13:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-10 00:42 - 2014-05-29 22:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-10 00:42 - 2014-05-29 17:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-10 00:42 - 2014-05-29 16:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-10 00:42 - 2014-05-29 16:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-10 00:42 - 2014-05-29 15:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-10 00:42 - 2014-05-29 15:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-10 00:41 - 2014-06-19 11:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-10 00:41 - 2014-06-19 10:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-10 00:41 - 2014-06-19 09:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-10 00:41 - 2014-06-19 08:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-10 00:40 - 2014-07-01 08:45 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-10 00:40 - 2014-06-28 17:48 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-10 00:40 - 2014-06-28 17:07 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-10 00:40 - 2014-06-19 10:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-10 00:40 - 2014-06-19 10:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-10 00:40 - 2014-06-19 09:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-10 00:40 - 2014-06-19 09:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-10 00:40 - 2014-06-19 09:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-10 00:40 - 2014-06-19 09:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-10 00:40 - 2014-06-19 09:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-10 00:40 - 2014-06-19 09:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-10 00:40 - 2014-06-19 09:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-10 00:40 - 2014-06-19 09:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-10 00:40 - 2014-06-19 08:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-10 00:40 - 2014-06-19 08:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-10 00:40 - 2014-06-19 08:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-10 00:40 - 2014-06-19 08:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-10 00:40 - 2014-06-19 08:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-10 00:40 - 2014-06-19 08:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-10 00:40 - 2014-06-19 08:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-10 00:40 - 2014-06-19 08:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-10 00:40 - 2014-06-19 08:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-10 00:40 - 2014-06-19 08:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-10 00:40 - 2014-06-19 08:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-10 00:40 - 2014-06-19 08:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-10 00:40 - 2014-06-19 08:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-10 00:40 - 2014-06-06 23:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-10 00:40 - 2014-06-06 22:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-10 00:40 - 2014-05-31 20:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-10 00:40 - 2014-05-31 20:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-10 00:40 - 2014-05-31 13:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-10 00:40 - 2014-05-31 13:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-10 00:40 - 2014-05-31 13:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 00:40 - 2014-05-31 13:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-10 00:40 - 2014-05-31 13:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-10 00:40 - 2014-05-31 13:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 00:40 - 2014-05-31 12:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-10 00:40 - 2014-05-31 12:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-10 00:40 - 2014-05-31 12:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-10 00:40 - 2014-05-31 12:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-10 00:40 - 2014-05-31 12:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-10 00:40 - 2014-05-31 12:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-10 00:40 - 2014-05-31 12:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-10 00:29 - 2014-07-10 00:29 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-08 23:16 - 2014-07-08 23:16 - 00001625 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-07-01 00:48 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2014-07-01 00:48 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2014-07-01 00:48 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2014-07-01 00:48 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2014-07-01 00:48 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2014-07-01 00:48 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2014-07-01 00:48 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
2014-07-01 00:48 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2014-07-01 00:48 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2014-07-01 00:48 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2014-07-01 00:48 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2014-07-01 00:48 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
2014-07-01 00:48 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
2014-07-01 00:48 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2014-07-01 00:48 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2014-07-01 00:48 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
2014-07-01 00:48 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2014-07-01 00:48 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
2014-07-01 00:48 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2014-07-01 00:48 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2014-07-01 00:48 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2014-07-01 00:48 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2014-07-01 00:48 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2014-07-01 00:48 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2014-07-01 00:48 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2014-07-01 00:48 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
2014-07-01 00:48 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2014-07-01 00:48 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll
2014-07-01 00:48 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll
2014-07-01 00:48 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2014-07-01 00:48 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2014-07-01 00:48 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll
2014-07-01 00:48 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2014-07-01 00:48 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll
2014-07-01 00:48 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2014-07-01 00:48 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_41.dll
2014-07-01 00:48 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2014-07-01 00:48 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_41.dll
2014-07-01 00:48 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2014-07-01 00:48 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2014-07-01 00:48 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2014-07-01 00:48 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2014-07-01 00:48 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2014-07-01 00:48 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2014-07-01 00:48 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2014-07-01 00:48 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2014-07-01 00:48 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2014-07-01 00:48 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2014-07-01 00:48 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2014-07-01 00:48 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2014-07-01 00:48 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2014-07-01 00:48 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2014-07-01 00:48 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2014-07-01 00:48 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2014-07-01 00:48 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2014-07-01 00:48 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2014-07-01 00:48 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2014-07-01 00:48 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2014-07-01 00:48 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2014-07-01 00:48 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2014-07-01 00:48 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
2014-07-01 00:48 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
2014-07-01 00:48 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2014-07-01 00:48 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2014-07-01 00:48 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
2014-07-01 00:48 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
2014-07-01 00:48 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2014-07-01 00:48 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2014-07-01 00:48 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll
2014-07-01 00:48 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2014-07-01 00:48 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
2014-07-01 00:48 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2014-07-01 00:48 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
2014-07-01 00:48 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2014-07-01 00:48 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
2014-07-01 00:48 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
2014-07-01 00:48 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2014-07-01 00:48 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2014-07-01 00:48 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
2014-07-01 00:48 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2014-07-01 00:48 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll
2014-07-01 00:48 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2014-07-01 00:48 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
2014-07-01 00:48 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2014-07-01 00:48 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll
2014-07-01 00:48 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2014-07-01 00:48 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
2014-07-01 00:48 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2014-07-01 00:48 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
2014-07-01 00:48 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2014-07-01 00:48 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
2014-07-01 00:48 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2014-07-01 00:48 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
2014-07-01 00:48 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2014-07-01 00:48 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
2014-07-01 00:48 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2014-07-01 00:48 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
2014-07-01 00:48 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2014-07-01 00:48 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
2014-07-01 00:48 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2014-07-01 00:48 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
2014-07-01 00:48 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2014-07-01 00:48 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
2014-07-01 00:48 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2014-07-01 00:48 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
2014-07-01 00:48 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2014-07-01 00:48 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
2014-07-01 00:48 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2014-07-01 00:48 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
2014-07-01 00:48 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2014-07-01 00:48 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
2014-07-01 00:47 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2014-07-01 00:47 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
2014-07-01 00:47 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2014-07-01 00:47 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
2014-07-01 00:47 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2014-07-01 00:47 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2014-07-01 00:47 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2014-07-01 00:47 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
2014-07-01 00:47 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2014-07-01 00:47 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
2014-07-01 00:47 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2014-07-01 00:47 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
2014-07-01 00:47 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
2014-07-01 00:47 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2014-07-01 00:47 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2014-07-01 00:47 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2014-07-01 00:47 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2014-07-01 00:47 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
2014-07-01 00:47 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2014-07-01 00:47 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2014-07-01 00:47 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
2014-07-01 00:47 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2014-07-01 00:47 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2014-07-01 00:47 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2014-07-01 00:47 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
2014-07-01 00:47 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
2014-07-01 00:47 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
2014-07-01 00:47 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2014-07-01 00:47 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2014-07-01 00:47 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2014-07-01 00:47 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2014-07-01 00:47 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2014-07-01 00:47 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2014-07-01 00:47 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2014-07-01 00:47 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2014-07-01 00:47 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
2014-07-01 00:47 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2014-07-01 00:47 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
2014-07-01 00:47 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2014-07-01 00:47 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2014-07-01 00:47 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2014-07-01 00:47 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
2014-07-01 00:47 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2014-07-01 00:47 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
2014-07-01 00:47 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2014-07-01 00:47 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2014-07-01 00:47 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2014-07-01 00:47 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2014-07-01 00:47 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2014-07-01 00:47 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
2014-07-01 00:44 - 2014-07-02 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2014-07-01 00:44 - 2014-07-01 00:44 - 00000000 ____D () C:\Users\Lawrence\Downloads\Gameforge Live
2014-07-01 00:42 - 2014-07-01 00:43 - 20097456 _____ (Gameforge ) C:\Users\Lawrence\Downloads\AION_GameforgeLiveSetup_EN.exe
2014-06-30 02:01 - 2014-06-30 02:01 - 00000000 ____D () C:\Users\Lawrence\Documents\My Games
2014-06-30 02:00 - 2014-07-12 14:00 - 00028116 _____ () C:\WINDOWS\DirectX.log
2014-06-30 02:00 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2014-06-30 02:00 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2014-06-30 02:00 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2014-06-30 02:00 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2014-06-30 02:00 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2014-06-30 02:00 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2014-06-30 02:00 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2014-06-30 02:00 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2014-06-29 23:28 - 2014-06-29 23:28 - 00000000 ___HD () C:\ArcTemp
2014-06-29 23:26 - 2014-06-29 23:28 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\Arc
2014-06-29 23:23 - 2014-06-29 23:28 - 00000000 ____D () C:\Program Files (x86)\Perfect World Entertainment
2014-06-29 23:23 - 2014-06-29 23:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2014-06-29 23:22 - 2014-06-29 23:22 - 09686144 _____ (Perfect World Entertainment) C:\Users\Lawrence\Downloads\ArcInstall_v20140527a.exe
2014-06-29 19:28 - 2014-06-29 19:28 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\Awesomium
2014-06-29 19:27 - 2014-06-29 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2014-06-29 19:27 - 2014-06-29 19:27 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-06-29 19:27 - 2014-06-29 19:27 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios
2014-06-29 19:24 - 2014-06-29 19:25 - 39967251 _____ (Hi-Rez Studios) C:\Users\Lawrence\Downloads\InstallHiRezGamesEnglish.exe
2014-06-27 22:14 - 2014-06-28 12:41 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-06-27 22:14 - 2014-06-27 22:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2014-06-25 18:22 - 2014-06-25 18:22 - 32259000 _____ (Riot Games) C:\Users\Lawrence\Downloads\LeagueofLegends_OC1_Installer_06_11_13 (1).exe
2014-06-25 17:19 - 2014-07-19 14:51 - 00003496 _____ () C:\WINDOWS\System32\Tasks\gg_uac_daemon_Lawry Lsw
2014-06-25 01:34 - 2014-06-25 01:34 - 01455528 _____ () C:\Users\Lawrence\Downloads\SystemCheck_enUS.exe
2014-06-25 01:16 - 2014-07-12 02:25 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Battle.net
2014-06-25 01:16 - 2014-06-25 01:16 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\Battle.net
2014-06-25 01:15 - 2014-07-12 02:24 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-06-25 01:15 - 2014-06-25 01:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-06-25 01:14 - 2014-06-25 01:14 - 02907552 _____ (Blizzard Entertainment) C:\Users\Lawrence\Downloads\Battle.net-Setup-enGB.exe
2014-06-25 01:12 - 2014-06-25 01:12 - 00003194 _____ () C:\WINDOWS\System32\Tasks\{DABFB4C8-5212-4BE8-9512-BCC811A32D4D}
2014-06-25 01:11 - 2014-06-25 01:11 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Blizzard Entertainment
2014-06-21 14:31 - 2014-06-21 14:31 - 00003172 _____ () C:\WINDOWS\System32\Tasks\{01DF6E9A-3A46-4383-AEC0-1067CB61D7E0}
==================== One Month Modified Files and Folders =======
2014-07-20 01:16 - 2014-07-20 01:16 - 00025168 _____ () C:\Users\Lawrence\Desktop\FRST.txt
2014-07-20 01:16 - 2014-07-20 01:16 - 00000000 ____D () C:\FRST
2014-07-20 01:15 - 2014-07-20 01:15 - 02089984 _____ (Farbar) C:\Users\Lawrence\Desktop\FRST64.exe
2014-07-20 01:00 - 2013-08-23 01:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-19 22:21 - 2013-11-01 17:38 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-450748458-2682401420-2043914554-1002
2014-07-19 20:02 - 2014-07-19 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-07-19 18:46 - 2014-07-19 18:46 - 00003023 _____ () C:\Users\Lawrence\Desktop\HiJackThis.lnk
2014-07-19 18:46 - 2014-07-19 18:46 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-07-19 18:46 - 2014-07-19 18:46 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-07-19 18:46 - 2013-11-01 17:24 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\VirtualStore
2014-07-19 18:14 - 2014-07-19 18:14 - 01402880 _____ () C:\Users\Lawrence\Desktop\HijackThis.msi
2014-07-19 15:57 - 2013-12-31 20:07 - 00014377 _____ () C:\Users\Lawrence\Desktop\Expenditure.xlsx
2014-07-19 15:15 - 2014-06-15 22:55 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\PMB Files
2014-07-19 14:51 - 2014-06-25 17:19 - 00003496 _____ () C:\WINDOWS\System32\Tasks\gg_uac_daemon_Lawry Lsw
2014-07-19 14:43 - 2013-11-03 03:39 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\GarenaPlus
2014-07-19 14:43 - 2013-11-03 03:38 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2014-07-19 14:42 - 2014-07-19 14:42 - 00000003 _____ () C:\WINDOWS\system32\HRUPPROG.EXIT
2014-07-19 14:42 - 2014-07-19 14:42 - 00000002 _____ () C:\WINDOWS\system32\HRUPPROG.TXT
2014-07-19 01:08 - 2013-10-12 12:37 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-07-19 01:08 - 2012-07-26 18:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-07-19 01:07 - 2013-11-25 10:18 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-07-18 18:06 - 2013-11-27 08:11 - 01304478 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-17 19:14 - 2014-07-17 19:14 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-17 18:44 - 2014-07-17 18:44 - 00688992 _____ (Swearware) C:\Users\Lawrence\Desktop\dds.com
2014-07-17 18:04 - 2014-07-17 17:51 - 00000000 _____ () C:\WINDOWS\system32\1
2014-07-17 16:57 - 2013-08-22 23:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-17 00:47 - 2014-07-16 23:54 - 00004978 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ROYAL-Lawry Lsw Royal
2014-07-17 00:47 - 2013-11-01 17:23 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Packages
2014-07-16 23:32 - 2014-07-16 23:34 - 04605016 _____ () C:\Users\Lawrence\Desktop\cbs.txt
2014-07-16 23:14 - 2014-07-16 23:14 - 00002464 _____ () C:\Users\Lawrence\Desktop\SFCFix.txt
2014-07-16 23:14 - 2014-07-16 01:42 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\niemiro
2014-07-16 23:14 - 2014-07-16 01:42 - 00000000 ____D () C:\SFCFix
2014-07-16 23:13 - 2014-07-16 23:13 - 01296920 _____ () C:\Users\Lawrence\Desktop\SFCFix.zip
2014-07-16 23:12 - 2014-07-16 01:49 - 00566784 _____ (niemiro) C:\Users\Lawrence\Desktop\SFCFix.exe
2014-07-16 16:05 - 2013-09-30 14:10 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-16 16:05 - 2013-08-23 00:46 - 00339975 _____ () C:\WINDOWS\setupact.log
2014-07-16 02:28 - 2012-07-26 17:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-14 06:08 - 2014-07-11 16:02 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-14 05:48 - 2013-11-02 13:09 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-13 11:48 - 2013-11-02 13:09 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-13 01:18 - 2014-07-13 01:18 - 00001052 _____ () C:\Users\Public\Desktop\Path of Exile.lnk
2014-07-13 01:18 - 2014-07-13 01:13 - 00000000 ____D () C:\Program Files (x86)\GarenaPoE
2014-07-13 01:18 - 2013-11-03 03:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
2014-07-12 16:17 - 2014-04-28 01:53 - 00000000 ____D () C:\Users\Lawrence\Desktop\Books!
2014-07-12 16:15 - 2014-07-12 16:15 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Aeria Games
2014-07-12 16:14 - 2014-07-12 16:14 - 00000000 ____D () C:\ProgramData\Aeria Games
2014-07-12 16:13 - 2014-07-12 16:12 - 00000000 ___HD () C:\WINDOWS\msdownld.tmp
2014-07-12 16:13 - 2014-07-12 16:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2014-07-12 16:12 - 2014-07-12 16:12 - 00001701 _____ () C:\Users\Lawrence\Desktop\Aura Kingdom.lnk
2014-07-12 16:00 - 2014-07-12 16:00 - 00002055 _____ () C:\Users\Public\Desktop\Aeria Ignite.lnk
2014-07-12 16:00 - 2014-07-12 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
2014-07-12 16:00 - 2014-07-12 16:00 - 00000000 ____D () C:\Program Files (x86)\Aeria Games
2014-07-12 16:00 - 2014-07-12 12:58 - 00000000 ____D () C:\AeriaGames
2014-07-12 16:00 - 2014-06-15 22:57 - 00000000 __SHD () C:\WINDOWS\SysWOW64\AI_RecycleBin
2014-07-12 15:05 - 2014-07-12 15:03 - 00000000 ____D () C:\Users\Lawrence\Documents\InfiniteCrisis
2014-07-12 15:03 - 2014-07-12 15:03 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\InfiniteCrisis
2014-07-12 15:00 - 2014-07-12 13:59 - 00000000 ____D () C:\Program Files (x86)\InfiniteCrisis
2014-07-12 14:01 - 2014-07-12 14:01 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Turbine
2014-07-12 14:00 - 2014-06-30 02:00 - 00028116 _____ () C:\WINDOWS\DirectX.log
2014-07-12 13:59 - 2014-07-12 13:59 - 00001107 _____ () C:\Users\Public\Desktop\InfiniteCrisis.lnk
2014-07-12 13:59 - 2014-07-12 13:59 - 00000000 ____D () C:\ProgramData\Turbine
2014-07-12 13:59 - 2014-07-12 13:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infinite Crisis
2014-07-12 13:53 - 2014-07-12 13:49 - 140770440 _____ () C:\Users\Lawrence\Downloads\InfiniteCrisis-GLOBAL_Setup.exe
2014-07-12 13:47 - 2014-07-12 13:47 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Akamai
2014-07-12 12:57 - 2014-07-12 12:57 - 00581656 _____ (Aeria Games & Entertainment) C:\Users\Lawrence\Downloads\aurakingdom_us_downloader.exe
2014-07-12 02:25 - 2014-06-25 01:16 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Battle.net
2014-07-12 02:24 - 2014-06-25 01:15 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-11 16:09 - 2014-07-11 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-11 16:09 - 2014-07-11 16:09 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-11 16:09 - 2014-07-11 16:09 - 00000000 ____D () C:\Program Files\iTunes
2014-07-11 16:09 - 2014-07-11 16:09 - 00000000 ____D () C:\Program Files\iPod
2014-07-11 16:09 - 2014-07-11 16:09 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-11 16:06 - 2013-11-09 16:39 - 00000000 ____D () C:\ProgramData\Apple
2014-07-11 16:05 - 2014-07-11 16:03 - 113509200 _____ (Apple Inc.) C:\Users\Lawrence\Downloads\iTunes64Setup.exe
2014-07-11 16:02 - 2014-07-11 16:02 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-07-11 00:29 - 2013-11-04 09:34 - 00000000 __SHD () C:\Users\Lawrence\wc
2014-07-10 17:27 - 2013-08-23 01:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-10 16:51 - 2013-11-02 20:32 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-10 16:33 - 2013-11-27 08:16 - 00000000 ____D () C:\Users\Lawrence
2014-07-10 10:28 - 2013-08-23 01:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-10 09:56 - 2013-08-23 00:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-10 09:56 - 2013-08-23 00:44 - 00474072 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-10 09:54 - 2013-10-12 12:39 - 00006656 _____ () C:\WINDOWS\system32\VfService.trf
2014-07-10 09:54 - 2013-08-23 01:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 09:54 - 2013-08-23 01:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 09:53 - 2014-07-10 09:53 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-10 09:52 - 2013-08-23 01:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-10 09:52 - 2013-08-23 01:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-10 09:48 - 2014-07-10 09:48 - 939619854 _____ () C:\WINDOWS\MEMORY.DMP
2014-07-10 05:07 - 2013-11-04 05:56 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-10 05:06 - 2013-11-04 05:56 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-10 05:01 - 2013-08-23 00:46 - 00000440 _____ () C:\WINDOWS\setuperr.log
2014-07-10 05:00 - 2013-09-30 13:58 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 00:29 - 2014-07-10 00:29 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-09 17:14 - 2014-06-15 22:55 - 00000000 ____D () C:\ProgramData\PMB Files
2014-07-09 15:44 - 2013-11-03 03:38 - 00000000 ____D () C:\Program Files (x86)\Garena Plus
2014-07-08 23:16 - 2014-07-08 23:16 - 00001625 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-07-08 23:15 - 2013-11-01 18:08 - 00000000 ___RD () C:\Users\Lawrence\Desktop\Dekstop
2014-07-08 22:57 - 2013-09-30 14:02 - 00017148 _____ () C:\WINDOWS\PFRO.log
2014-07-04 02:23 - 2014-04-23 15:32 - 00000000 ____D () C:\Users\Lawrence\Desktop\4th Year
2014-07-04 02:23 - 2014-01-31 14:22 - 00000000 ____D () C:\Users\Lawrence\Desktop\Documents Electivws
2014-07-02 18:58 - 2014-01-12 13:44 - 00000000 ____D () C:\Users\Lawrence\Desktop\BZSKUGEL.p_elec_app_mnu_files
2014-07-02 12:42 - 2013-08-23 01:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-02 12:39 - 2014-07-01 00:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2014-07-01 08:45 - 2014-07-10 00:40 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-01 00:44 - 2014-07-01 00:44 - 00000000 ____D () C:\Users\Lawrence\Downloads\Gameforge Live
2014-07-01 00:43 - 2014-07-01 00:42 - 20097456 _____ (Gameforge ) C:\Users\Lawrence\Downloads\AION_GameforgeLiveSetup_EN.exe
2014-06-30 02:01 - 2014-06-30 02:01 - 00000000 ____D () C:\Users\Lawrence\Documents\My Games
2014-06-29 23:28 - 2014-06-29 23:28 - 00000000 ___HD () C:\ArcTemp
2014-06-29 23:28 - 2014-06-29 23:26 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\Arc
2014-06-29 23:28 - 2014-06-29 23:23 - 00000000 ____D () C:\Program Files (x86)\Perfect World Entertainment
2014-06-29 23:23 - 2014-06-29 23:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2014-06-29 23:23 - 2013-10-12 12:07 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-29 23:22 - 2014-06-29 23:22 - 09686144 _____ (Perfect World Entertainment) C:\Users\Lawrence\Downloads\ArcInstall_v20140527a.exe
2014-06-29 19:28 - 2014-06-29 19:28 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\Awesomium
2014-06-29 19:27 - 2014-06-29 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2014-06-29 19:27 - 2014-06-29 19:27 - 00000000 ____D () C:\ProgramData\Hi-Rez Studios
2014-06-29 19:27 - 2014-06-29 19:27 - 00000000 ____D () C:\Program Files (x86)\Hi-Rez Studios
2014-06-29 19:25 - 2014-06-29 19:24 - 39967251 _____ (Hi-Rez Studios) C:\Users\Lawrence\Downloads\InstallHiRezGamesEnglish.exe
2014-06-28 17:48 - 2014-07-10 00:40 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-06-28 17:07 - 2014-07-10 00:40 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-06-28 12:41 - 2014-06-27 22:14 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-06-27 22:15 - 2014-06-27 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2014-06-27 06:55 - 2013-08-23 01:38 - 00703968 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-06-27 06:55 - 2013-08-23 01:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-25 18:22 - 2014-06-25 18:22 - 32259000 _____ (Riot Games) C:\Users\Lawrence\Downloads\LeagueofLegends_OC1_Installer_06_11_13 (1).exe
2014-06-25 17:17 - 2013-08-22 23:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-06-25 01:34 - 2014-06-25 01:34 - 01455528 _____ () C:\Users\Lawrence\Downloads\SystemCheck_enUS.exe
2014-06-25 01:16 - 2014-06-25 01:16 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\Battle.net
2014-06-25 01:15 - 2014-06-25 01:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2014-06-25 01:14 - 2014-06-25 01:14 - 02907552 _____ (Blizzard Entertainment) C:\Users\Lawrence\Downloads\Battle.net-Setup-enGB.exe
2014-06-25 01:12 - 2014-06-25 01:12 - 00003194 _____ () C:\WINDOWS\System32\Tasks\{DABFB4C8-5212-4BE8-9512-BCC811A32D4D}
2014-06-25 01:11 - 2014-06-25 01:11 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Blizzard Entertainment
2014-06-24 22:08 - 2013-11-05 15:11 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-06-21 14:31 - 2014-06-21 14:31 - 00003172 _____ () C:\WINDOWS\System32\Tasks\{01DF6E9A-3A46-4383-AEC0-1067CB61D7E0}
2014-06-21 11:43 - 2013-11-02 13:09 - 00003900 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-21 11:43 - 2013-11-02 13:09 - 00003664 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 10:38 - 2013-11-04 18:51 - 00072128 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\cfwids.sys
2014-06-20 10:31 - 2013-11-04 18:46 - 00348552 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mfewfpk.sys
2014-06-20 10:30 - 2013-11-25 10:09 - 00189912 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
2014-06-20 10:26 - 2013-09-24 22:22 - 00786296 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mfehidk.sys
2014-06-20 10:23 - 2013-11-04 18:41 - 00523792 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mfefirek.sys
2014-06-20 10:21 - 2013-11-04 18:40 - 00313544 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mfeavfk.sys
2014-06-20 10:20 - 2013-09-24 22:19 - 00181704 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mfeapfk.sys
2014-06-20 10:09 - 2013-11-04 18:28 - 00070600 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mfeelamk.sys
Some content of TEMP:
====================
C:\Users\Lawrence\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_131114to131127v3.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_131127to131217v2.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_131217to140110.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_140110to140121v2.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_140121to140212v2.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_140212to140214.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_140214to140220.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_140220to140306.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_140306to140307.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_140307to140325.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_140325to140401v2.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_140401to140409.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_140409to140410.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_140410to140429.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_140429to140430.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_140430to140513.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_140513to140529.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_140529to140610v2.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_140610to140624.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_140624to140708v2.exe
C:\Users\Lawrence\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Lawrence\AppData\Local\Temp\Setup.x86.en-US_HomeStudentRetail_CNFY9-CRP43-TF6PQ-76VYF-BY2XR_TX_SG_.exe
C:\Users\Lawrence\AppData\Local\Temp\setup32.exe
C:\Users\Lawrence\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Lawrence\AppData\Local\Temp\Tsu301FFA7E.dll
C:\Users\Lawrence\AppData\Local\Temp\Tsu30F4D4DA.dll
C:\Users\Lawrence\AppData\Local\Temp\Tsu322EB8E2.dll
C:\Users\Lawrence\AppData\Local\Temp\vcredist_x86.exe

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-19 22:21
==================== End Of Log ============================

And the next one is the Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-07-2014
Ran by Lawry Lsw at 2014-07-20 01:17:28
Running from C:\Users\Lawrence\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Aeria Ignite (HKLM-x32\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM-x32\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version:  - Gameforge)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Aura Kingdom (HKLM-x32\...\Aura Kingdom) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Duel of Champions (HKLM-x32\...\MMDoC-PDCLive) (Version:  - Ubisoft)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.11 - Lenovo)
Energy Management (x32 Version: 8.0.2.11 - Lenovo) Hidden
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
EZDownloader (HKLM-x32\...\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1) (Version: 1.0 - EZDownloader)
Garena - League of Legends (HKLM-x32\...\LoL) (Version:  - Garena Online Pte Ltd.)
Garena - Path of Exile (HKLM-x32\...\PoE) (Version:  - Garena Online Pte Ltd.)
Garena Plus (HKLM-x32\...\im) (Version: 2011 - Garena Online Pte Ltd.)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.3 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
InfiniteCrisis_410193F41CAE (HKLM-x32\...\InfiniteCrisis_410193F41CAE) (Version:  - Turbine, Inc)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36943 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.6.0.1033 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10223 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.19.2 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5219.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5219.52 - CyberLink Corp.) Hidden
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4631.1002 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4631.1002 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
NVIDIA Control Panel 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.22 (Version: 1.2.22 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.0 - Lenovo)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.229 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.12 - Qualcomm Atheros Communications Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6923 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 1.8.323 - NVIDIA Corporation) Hidden
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2215.10 - Hi-Rez Studios)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
==================== Restore Points  =========================
11-07-2014 06:07:29 Installed iTunes
19-07-2014 08:45:48 Installed HiJackThis
==================== Hosts content: ==========================
2013-08-22 23:25 - 2013-08-22 23:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0EA2F156-CC98-4490-85E7-BB9D1E5C788A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-10] (Microsoft Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3BC89618-D0F2-4AF4-AB50-861939D4AEDC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation)
Task: {3D50C1EF-6106-4E02-8BE3-7CB952488231} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-08] (Intel Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4CA6088A-3A8E-4DCF-BEA8-DF9341B99DCE} - System32\Tasks\gg_uac_daemon_Lawry Lsw => C:\Program Files (x86)\Garena Plus\ggdllhost.exe [2013-10-24] ()
Task: {51FD80C9-C391-4318-8E4C-2523AF1A213E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-02] (Google Inc.)
Task: {59E0FEF2-C4C8-4F33-A35A-CE261DAE6464} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {7492F5A3-417F-4C3C-839A-48D7BF3D15F5} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-10] (Microsoft Corporation)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {84844A8D-0DE3-4F21-97C7-5EEBE9503577} - System32\Tasks\UMonitor Task => C:\windows\system32\UMonit64.exe
Task: {86D91C87-A24E-4211-B7B3-FF692006E8C8} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {89BD2E94-CA92-48E4-8366-6EF43C3F8FEE} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ROYAL-Lawry Lsw Royal => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-06-03] (Microsoft Corporation)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8D777A65-983F-4B89-B3F2-1237A53DABFA} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {9A9091A5-C3AC-491F-8514-F5E8B2E59A40} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-08] (Intel Corporation)
Task: {9AF9845F-C241-472D-B0A2-9EF34B2748D4} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {AA4C4BC0-E040-4026-9436-DF0372A05E46} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-11] (Adobe Systems Incorporated)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DC2C63EA-6315-4422-BDAB-11E6355A44DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-02] (Google Inc.)
Task: {DF3C0D6A-6D0C-41B3-811B-30E36308310A} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {E39BDDE4-CAE4-46CD-AE30-D2E623AE469F} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-10-12 12:39 - 2013-10-12 12:39 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2013-10-12 12:39 - 2013-10-12 12:39 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2014-03-16 07:55 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-09-05 04:36 - 2013-12-20 06:33 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-10-12 12:01 - 2013-12-20 04:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-07-10 16:49 - 2014-05-21 02:19 - 08892072 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-10-24 12:16 - 2013-10-24 12:16 - 00049456 _____ () C:\Program Files (x86)\Garena Plus\ggdllhost.exe
2013-06-14 05:44 - 2013-06-14 05:44 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-06-14 05:40 - 2013-06-14 05:40 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-06-14 05:47 - 2013-06-14 05:47 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-10-12 12:25 - 2013-04-09 16:39 - 00040960 _____ () C:\Windows\SysWOW64\UMonit64.exe
2013-10-24 12:16 - 2014-06-25 19:04 - 09935152 _____ () C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
2013-10-12 12:10 - 2013-05-16 12:08 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-24 12:17 - 2013-10-24 12:17 - 00553776 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
2013-10-24 12:16 - 2013-10-24 12:16 - 00104752 _____ () C:\Program Files (x86)\Garena Plus\CommonLib.dll
2013-10-24 12:16 - 2013-10-24 12:16 - 00033584 _____ () C:\Program Files (x86)\Garena Plus\DibModule.dll
2013-10-24 13:30 - 2014-07-07 19:07 - 00027952 _____ () C:\Program Files (x86)\Garena Plus\VersionModule.dll
2013-10-24 12:16 - 2013-10-24 12:16 - 00051504 _____ () C:\Program Files (x86)\Garena Plus\FileLoader.dll
2013-10-24 12:17 - 2013-10-24 12:17 - 00087344 _____ () C:\Program Files (x86)\Garena Plus\PluginKernel.dll
2013-10-24 12:16 - 2013-10-24 12:16 - 00487216 _____ () C:\Program Files (x86)\Garena Plus\CxImage.dll
2013-10-24 12:17 - 2013-10-24 12:17 - 00025392 _____ () C:\Program Files (x86)\Garena Plus\PluginModule.dll
2013-10-24 12:17 - 2013-10-24 12:17 - 00170800 _____ () C:\Program Files (x86)\Garena Plus\lib\fs\YYFileSystem.dll
2013-10-24 12:17 - 2013-10-24 12:17 - 00374064 _____ () C:\Program Files (x86)\Garena Plus\lib\Http.dll
2013-10-24 12:17 - 2013-10-24 12:17 - 00184624 _____ () C:\Program Files (x86)\Garena Plus\lib\MP3Module.dll
2012-02-22 18:52 - 2012-02-22 18:52 - 00162304 _____ () C:\Program Files (x86)\Garena Plus\lame_enc.DLL
2013-10-24 12:17 - 2013-10-24 12:17 - 00219952 _____ () C:\Program Files (x86)\Garena Plus\lib\TaskManagerLib.dll
2013-10-24 12:17 - 2013-10-24 12:17 - 00106288 _____ () C:\Program Files (x86)\Garena Plus\lib\UILayout.dll
2013-10-24 12:17 - 2014-02-21 18:41 - 00958256 _____ () C:\Program Files (x86)\Garena Plus\lib\XLL.dll
2013-10-24 12:17 - 2013-10-24 12:17 - 00055088 _____ () C:\Program Files (x86)\Garena Plus\lib\XmlUIModule.dll
2012-02-22 18:52 - 2012-02-22 18:52 - 00573100 _____ () C:\Program Files (x86)\Garena Plus\sqlite3.dll
2013-10-24 12:17 - 2013-10-24 12:17 - 00224560 _____ () C:\Program Files (x86)\Garena Plus\Plugins\StatsPlugin.dll
2013-10-24 12:17 - 2014-05-27 17:23 - 00919856 _____ () C:\Program Files (x86)\Garena Plus\Plugins\ggplugin.dll
2013-10-24 12:17 - 2014-06-11 23:45 - 00192816 _____ () C:\Program Files (x86)\Garena Plus\ImageModule.dll
2013-10-24 12:17 - 2013-10-24 12:17 - 00155440 _____ () C:\Program Files (x86)\Garena Plus\libmpg123.dll
2013-10-24 12:16 - 2013-10-24 12:16 - 02941232 _____ () C:\Program Files (x86)\Garena Plus\ggdownloader.dll
2013-10-24 12:17 - 2013-10-24 12:17 - 00065840 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\AudioMixerLib.dll
2013-10-24 12:17 - 2013-10-24 12:17 - 00016688 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\ClientTcp.dll
2013-10-24 12:17 - 2013-10-24 12:17 - 01545520 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\FileSender.dll
2013-02-01 15:42 - 2013-02-01 15:42 - 00153088 _____ () C:\Program Files (x86)\Garena Plus\libzmq.dll
2013-10-24 12:17 - 2013-10-24 12:17 - 00956208 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\GaFileTransfer.dll
2013-10-24 12:17 - 2013-10-24 12:17 - 00245040 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\MediaEngine.dll
2013-10-24 12:17 - 2013-10-24 12:17 - 00026416 _____ () C:\Program Files (x86)\Garena Plus\ServerMemAlloc.dll
2013-10-24 12:17 - 2013-10-24 12:17 - 00516912 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\RSALib.dll
2013-10-24 12:17 - 2013-10-24 12:17 - 00068400 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\UdtLib.dll
2013-10-24 12:17 - 2013-10-24 12:17 - 00147248 _____ () C:\Program Files (x86)\Garena Plus\xIM.dll
2013-10-24 12:17 - 2013-10-24 12:17 - 00590128 _____ () C:\Program Files (x86)\Garena Plus\xim\plugin_msn.dll
2013-10-24 12:17 - 2013-10-24 12:17 - 00460592 _____ () C:\Program Files (x86)\Garena Plus\xim\plugin_xmpp.dll
2013-10-24 12:18 - 2014-03-17 14:57 - 00194864 _____ () C:\Program Files (x86)\Garena Plus\xim\plugin_yahoo.dll
2013-10-24 12:17 - 2014-05-29 18:32 - 00101168 _____ () C:\Program Files (x86)\Garena Plus\Plugins\PlatformPlugin.dll
2013-10-24 12:17 - 2013-10-24 12:17 - 00236848 _____ () C:\Program Files (x86)\Garena Plus\Plugins\PluginNews.dll
2013-10-24 12:17 - 2013-10-24 12:17 - 00397104 _____ () C:\Program Files (x86)\Garena Plus\Plugins\GarenaTalkPlugin.dll
2013-10-24 12:17 - 2013-10-24 12:17 - 00287024 _____ () C:\Program Files (x86)\Garena Plus\Plugins\DailyTaskPlugin.dll
2013-10-24 12:17 - 2013-10-24 12:17 - 00133936 _____ () C:\Program Files (x86)\Garena Plus\Plugins\ClanBoxPlugin.dll
2013-10-24 12:17 - 2013-10-24 12:17 - 00215856 _____ () C:\Program Files (x86)\Garena Plus\Plugins\GameSalePlugin.dll
2014-06-15 20:41 - 2014-06-05 23:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-15 20:41 - 2014-06-05 23:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2013-12-04 03:21 - 2013-12-20 06:33 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-06-15 20:41 - 2014-06-05 23:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-15 20:41 - 2014-06-05 23:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-15 20:41 - 2014-06-05 23:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-06-15 20:41 - 2014-06-05 23:58 - 14612296 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Lawrence\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========
HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
==================== Faulty Device Manager Devices =============
Name: Intel(R) Display Audio
Description: Intel(R) Display Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel(R) Corporation
Service: IntcDAud
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================
Application errors:
==================
Error: (07/20/2014 01:15:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mcuicnt.exe version 5.9.2.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 118c
Start Time: 01cfa33834be575c
Termination Time: 4
Application Path: C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
Report Id: 70d1c27f-0f57-11e4-bea8-28d2442d96e3
Faulting package full name: 
Faulting package-relative application ID:
Error: (07/19/2014 01:08:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 35.0.1916.153 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 48d0
Start Time: 01cfa25bcb421ddc
Termination Time: 4294967295
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Report Id: 513ed959-0e8d-11e4-bea8-28d2442d96e3
Faulting package full name: 
Faulting package-relative application ID:
Error: (07/17/2014 04:57:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 2.6.195.0, time stamp: 0x4face9fb
Faulting module name: saupkeep.dll_unloaded, version: 3.7.0.193, time stamp: 0x53ac3765
Exception code: 0xc0000005
Fault offset: 0x000000000005d9b5
Faulting process id: 0x129c
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3
Faulting package full name: McSvHost.exe4
Faulting package-relative application ID: McSvHost.exe5
Error: (07/17/2014 00:52:08 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (07/16/2014 06:55:18 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (07/16/2014 01:22:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14563
Error: (07/16/2014 01:22:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14563
Error: (07/16/2014 01:22:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/16/2014 01:04:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Taskmgr.exe version 6.3.9600.17031 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 4164
Start Time: 01cfa00e88ac0aa0
Termination Time: 5
Application Path: C:\WINDOWS\System32\Taskmgr.exe
Report Id: 353571ba-0c31-11e4-bea8-28d2442d96e3
Faulting package full name: 
Faulting package-relative application ID:
Error: (07/15/2014 07:23:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 3.8.703.0, time stamp: 0x51f7deae
Faulting module name: ntdll.dll, version: 6.3.9600.17031, time stamp: 0x530895af
Exception code: 0xc0000005
Fault offset: 0x0000000000065e8e
Faulting process id: 0x5a20
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3
Faulting package full name: McSvHost.exe4
Faulting package-relative application ID: McSvHost.exe5

System errors:
=============
Error: (07/20/2014 01:17:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error: 
%%1053
Error: (07/20/2014 01:17:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error: 
%%1053
Error: (07/20/2014 01:17:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error: 
%%1053
Error: (07/20/2014 01:17:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error: 
%%1053
Error: (07/20/2014 01:17:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error: 
%%1053
Error: (07/20/2014 01:17:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error: 
%%1053
Error: (07/20/2014 01:17:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error: 
%%1053
Error: (07/20/2014 01:17:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error: 
%%1053
Error: (07/20/2014 01:17:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error: 
%%1053
Error: (07/20/2014 01:17:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Multimedia Class Scheduler service failed to start due to the following error: 
%%1053

Microsoft Office Sessions:
=========================
Error: (07/20/2014 01:15:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mcuicnt.exe5.9.2.0118c01cfa33834be575c4C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe70d1c27f-0f57-11e4-bea8-28d2442d96e3
Error: (07/19/2014 01:08:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe35.0.1916.15348d001cfa25bcb421ddc4294967295C:\Program Files (x86)\Google\Chrome\Application\chrome.exe513ed959-0e8d-11e4-bea8-28d2442d96e3
Error: (07/17/2014 04:57:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: McSvHost.exe2.6.195.04face9fbsaupkeep.dll_unloaded3.7.0.19353ac3765c0000005000000000005d9b5129c01cfa00a36a499dcC:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exesaupkeep.dll98d24d05-0d7f-11e4-bea8-28d2442d96e3
Error: (07/17/2014 00:52:08 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (07/16/2014 06:55:18 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (07/16/2014 01:22:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14563
Error: (07/16/2014 01:22:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14563
Error: (07/16/2014 01:22:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/16/2014 01:04:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Taskmgr.exe6.3.9600.17031416401cfa00e88ac0aa05C:\WINDOWS\System32\Taskmgr.exe353571ba-0c31-11e4-bea8-28d2442d96e3
Error: (07/15/2014 07:23:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: McSvHost.exe3.8.703.051f7deaentdll.dll6.3.9600.17031530895afc00000050000000000065e8e5a2001cfa00a24aa50ddC:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exeC:\WINDOWS\SYSTEM32\ntdll.dlla1f446c3-0c01-11e4-bea8-28d2442d96e3

CodeIntegrity Errors:
===================================
  Date: 2014-06-30 00:48:00.247
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
  Date: 2014-06-30 00:47:29.906
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
  Date: 2013-12-06 04:10:33.144
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
  Date: 2013-11-30 04:26:01.149
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
  Date: 2013-11-30 04:19:56.250
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
  Date: 2013-11-22 16:03:46.867
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
  Date: 2013-11-22 15:51:12.492
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
  Date: 2013-11-17 23:37:06.861
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info =========================== 
Percentage of memory in use: 41%
Total physical RAM: 7912.27 MB
Available physical RAM: 4652.97 MB
Total Pagefile: 15848.27 MB
Available Pagefile: 12387.08 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:890.17 GB) (Free:747.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.14 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 7623E5AD)
Partition: GPT Partition Type.
==================== End Of Log ============================

I hope I have done it correctly and it will be helpful to you to search the source of malware.

 

[Law]

Hi guys, newest update, I have tried reinstalling McAfee Antivirus and also disabled my AdBlock, Google Chrome seems to be running smoother now but it still has the occasional moments where it takes ages to startup. And after restarting my laptop with the new McAfee Antivirus, I happened to notice the Group Policy Client to be running. I guess in some ways, Corrine's advice worked?

Nevertheless, you guys are the expert, please let me know if my logs reveal no faults or malware.

Once again thanks a lot guys!

 

[Machiavelli]

Hi,
looks quite good. But, we will check for Adware.

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1

1. Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
2. Click Scan and let the scan run.
3. When it finishes, click Clean, following the on screen prompts
4. After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.

Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

Go back to the Dashboard and select Scan Now

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

*Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Step 4: FRST Scan

1. Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
2. Click Scan to start FRST.
3. When FRST finishes scanning, a log, FRST.txt, will open.
4. Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

 

[Machiavelli]

Still with me?

 

[Law]

Hi sorry to keep you waiting. I had some commitment issues going on at the moment. Anyway, I am still with you.

 

[Law]

1. The first log from the AdwCleaner is

# AdwCleaner v3.302 - Report created 06/08/2014 at 00:54:10
# Updated 30/07/2014 by Xplode
# Operating System : Windows 8.1 Single Language  (64 bits)
# Username : Lawry Lsw - ROYAL
# Running from : C:\Users\Lawrence\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
Folder Deleted : C:\Program Files (x86)\EZDownloader
Folder Deleted : C:\Program Files (x86)\Free Ride Games
Folder Deleted : C:\Program Files (x86)\PremierOpinion
File Deleted : C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
File Deleted : C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage-journal
***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Safer-surf]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17126
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
-\\ Google Chrome v36.0.1985.125
[ File : C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************
AdwCleaner[R0].txt - [11728 octets] - [06/08/2014 00:50:33]
AdwCleaner[R1].txt - [11789 octets] - [06/08/2014 00:52:39]
AdwCleaner[S0].txt - [4078 octets] - [06/08/2014 00:54:10]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4138 octets] ##########

2. Second log is the Malwarebyte log:

Malwarebytes Anti-Malware
[URL="http://www.malwarebytes.org"]www.malwarebytes.org[/URL]
Scan Date: 06-Aug-14
Scan Time: 1:03:37 AM
Logfile: Scan.log (Malwarebytes).txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.08.05.05
Rootkit Database: v2014.08.04.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Lawry Lsw
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 300076
Time Elapsed: 14 min, 8 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 1
PUP.Optional.FindWide, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, [url=http://search.findwide.com/?guid={310C0A6B-B0D4-40AD-A231-1435A9325B38}&action=homepage_search]Internet Search[/url], Quarantined, [dbbd6161265559ddac40eb3a80846e92]
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 8
PUP.Optional.AppsInstaller, C:\$Recycle.Bin\S-1-5-21-450748458-2682401420-2043914554-1002\$RWISYI4.exe, Quarantined, [e7b11da5d9a254e2af237135a65e19e7], 
PUP.Optional.4Shared, C:\$Recycle.Bin\S-1-5-21-450748458-2682401420-2043914554-1002\$R9P8QYJ.exe, Quarantined, [5b3d9e24b5c641f59972881e9869629e], 
PUP.Optional.Downloader, C:\Users\Lawrence\AppData\Local\Temp\UNT43F1.tmp.exe, Quarantined, [0e8a863c671489ad35abbae542bf5ea2], 
PUP.Optional.EZDownloader.A, C:\Users\Lawrence\AppData\Local\Temp\{AB43AE24-D4B3-494F-ABA4-9C9170A08CD2}\Addons\EzDownloader_setup.exe, Quarantined, [0d8bccf6e49736008521ce517888b44c], 
PUP.Optional.MultiPlug.A, C:\Users\Lawrence\AppData\Local\Temp\{AB43AE24-D4B3-494F-ABA4-9C9170A08CD2}\Addons\search_installer.exe, Quarantined, [7e1a16acaecd0b2be1d2f0bae21fbc44], 
PUP.Optional.Somoto, C:\Users\Lawrence\AppData\Local\Temp\is-HRIJC.tmp\bi.exe, Quarantined, [5b3d556ddba040f684a7a5ff26dbe917], 
PUP.Optional.BetterDeals.A, C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage, Quarantined, [c7d10eb44437ce6880e100e1897945bb], 
PUP.Optional.BetterDeals.A, C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage-journal, Quarantined, [08903e84ef8c1323560b15cc738f11ef], 
Physical Sectors: 0
(No malicious items detected)

(end)

3. Third log is from the JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 Single Language x64
Ran by Lawry Lsw on 06-Aug-14 at  1:10:11.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

~~~ Services
 
~~~ Registry Values
 
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DolphinDeals_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DolphinDeals_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateDolphinDeals_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateDolphinDeals_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DolphinDeals_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\DolphinDeals_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateDolphinDeals_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateDolphinDeals_RASMANCS
 
~~~ Files
 
~~~ Folders
Successfully deleted: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"
 
~~~ Event Viewer Logs were cleared
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06-Aug-14 at  1:16:33.26
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

4. The last log is the FRST log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Lawry Lsw (administrator) on ROYAL on 06-08-2014 01:22:38
Running from C:\Users\Lawrence\Desktop
Platform: Windows 8.1 Single Language (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: [url=http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/]Downloading Farbar Recovery Scan Tool[/url] 
Download link for 64-Bit Version: [url=http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/]Downloading Farbar Recovery Scan Tool[/url] 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [url=http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/]FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/url]
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17200_none_fa7026dd9b04586e\TiWorker.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
() C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
(Akamai Technologies, Inc.) C:\Users\Lawrence\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Lawrence\AppData\Local\Akamai\netsession_win.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6346312 2013-03-15] (Realtek semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2891592 2013-05-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13545032 2013-05-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-05-01] (Intel Corporation)
HKLM\...\Run: [UMonit64] => C:\windows\SysWOW64\UMonit64.exe [40960 2013-04-09] ()
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-15] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-10-12] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-10-12] (Lenovo(beijing) Limited)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-31] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-09] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-07] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-06-14] ( (Qualcomm®Atheros®))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-450748458-2682401420-2043914554-1002\...\Run: [GarenaPlus] => C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9940272 2014-07-24] ()
HKU\S-1-5-21-450748458-2682401420-2043914554-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Lawrence\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [166568 2014-07-03] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [166568 2014-07-03] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [146480 2014-07-03] (NVIDIA Corporation)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [url=http://www.lenovo.com]Buy Computers Laptops & Tablets | For Those Who Do | Lenovo US[/url]
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [url=http://www.lenovo.com]Buy Computers Laptops & Tablets | For Those Who Do | Lenovo US[/url]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {F5FFD1E6-0FCD-4151-BFDF-6614F1963A57} URL = [url=http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB]{searchTerms} - Bing[/url]
SearchScopes: HKLM-x32 - {F5FFD1E6-0FCD-4151-BFDF-6614F1963A57} URL = [url=http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=LCJB]{searchTerms} - Bing[/url]
SearchScopes: HKCU - DefaultScope {309451D7-0DA0-4ECE-88EF-91992B0EA7DE} URL = [url=http://search.findwide.com/serp?guid={310C0A6B-B0D4-40AD-A231-1435A9325B38}&action=default_search&k={searchTerms]{searchTerms - Search Results[/url]}
SearchScopes: HKCU - {309451D7-0DA0-4ECE-88EF-91992B0EA7DE} URL = [url=http://search.findwide.com/serp?guid={310C0A6B-B0D4-40AD-A231-1435A9325B38}&action=default_search&k={searchTerms]{searchTerms - Search Results[/url]}
SearchScopes: HKCU - {7C0CC4AC-40DF-4CFC-BBED-5DE5FBC4BF27} URL = [url=http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10953]{searchTerms} - Yahoo Search Results[/url]
SearchScopes: HKCU - {F5FFD1E6-0FCD-4151-BFDF-6614F1963A57} URL = 
SearchScopes: HKCU - {FCEAC75E-3562-4E41-88A1-6E2A5FB49358} URL = [url=http://search.yahoo.com/search?fr=mcafee&type=A011US714&p={SearchTerms]{SearchTerms - Yahoo Search Results[/url]}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - FindWide Toolbar - {1F7C99AC-F766-4BA8-96DB-380BD5DE6A65} - C:\Program Files (x86)\TNT2\Profiles\10953\passport64.dll No File
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - FindWide Toolbar - {1F7C99AC-F766-4BA8-96DB-380BD5DE6A65} - C:\Program Files (x86)\TNT2\Profiles\10953\passport64.dll No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: [URL="http://www.exent.com/GameTreatWidget"]www.exent.com/GameTreatWidget[/URL] - C:\Program Files (x86)\Free Ride Games\npGameTreatWidget.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-07-20]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-07-20]
Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google Docs) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-02]
CHR Extension: (Google Drive) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-02]
CHR Extension: (YouTube) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-02]
CHR Extension: (Google Search) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-02]
CHR Extension: (Peter Bjorn and John) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmemmjoiahegfgfcenggecfhoedchfdl [2014-05-08]
CHR Extension: (SiteAdvisor) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-11-27]
CHR Extension: (AdBlock) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-02]
CHR Extension: (Google Wallet) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-02]
CHR Extension: (Gmail) - C:\Users\Lawrence\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-02]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-06-12] (Perfect World Entertainment Inc)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-06-14] (Windows (R) Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356912 2014-07-19] (Microsoft Corporation)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-07-19] (Hi-Rez Studios) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-05-01] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-14] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-14] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-16] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-06-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-10-12] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-06-14] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-06-14] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-05] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22280 2013-05-16] (ELAN Microelectronic Corp.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [444720 2014-06-18] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-06-18] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-04-01] (NVIDIA Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8243272 2013-03-15] (Realtek Semiconductor Corp.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-06 01:22 - 2014-08-06 01:22 - 00000000 ____D () C:\Users\Lawrence\Desktop\FRST-OlderVersion
2014-08-06 01:16 - 2014-08-06 01:16 - 00001624 _____ () C:\Users\Lawrence\Desktop\JRT.txt
2014-08-06 01:11 - 2014-08-06 01:11 - 00004222 _____ () C:\Users\Lawrence\Desktop\AdwCleaner[S0].txt
2014-08-06 01:10 - 2014-08-06 01:10 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-06 01:08 - 2014-08-06 01:08 - 01016261 _____ (Thisisu) C:\Users\Lawrence\Desktop\JRT.exe
2014-08-06 01:02 - 2014-08-06 01:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-06 01:01 - 2014-08-06 01:21 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-06 01:00 - 2014-08-06 01:00 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-06 01:00 - 2014-08-06 01:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-06 01:00 - 2014-08-06 01:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-06 01:00 - 2014-08-06 01:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-06 01:00 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-06 01:00 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-08-06 01:00 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-06 00:51 - 2014-08-06 00:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lawrence\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-06 00:51 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-08-06 00:50 - 2014-08-06 00:55 - 00000000 ____D () C:\AdwCleaner
2014-08-06 00:49 - 2014-08-06 00:50 - 01361309 _____ () C:\Users\Lawrence\Desktop\AdwCleaner.exe
2014-08-05 22:35 - 2014-08-05 22:35 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Blizzard
2014-08-05 22:19 - 2014-08-05 22:19 - 00000000 ____D () C:\Users\Lawrence\Documents\Downloaded Videos Movie
2014-08-05 22:10 - 2014-08-05 22:21 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Maxiget
2014-08-05 22:10 - 2014-08-05 22:14 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-08-05 22:10 - 2014-08-05 22:10 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\MaxiGet Download Manager
2014-08-05 22:02 - 2014-08-05 23:45 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-08-05 22:02 - 2014-08-05 22:02 - 00001218 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HearthstoneHearthstone.lnk
2014-08-05 22:02 - 2014-08-05 22:02 - 00001172 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-08-05 22:02 - 2014-08-05 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-08-05 19:23 - 2014-08-05 19:23 - 00000000 ____D () C:\ProgramData\HipSoft
2014-08-05 19:19 - 2014-08-05 19:19 - 00000064 _____ () C:\WINDOWS\GPlrLanc.dat
2014-08-05 19:17 - 2014-08-05 22:15 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\StormAlerts
2014-07-31 01:08 - 2014-07-31 01:08 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2014-07-31 01:08 - 2014-07-31 01:08 - 00000000 ____D () C:\WINDOWS\system32\NV
2014-07-30 17:11 - 2014-07-30 17:11 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-07-30 17:08 - 2014-07-03 06:48 - 31512520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2014-07-30 17:08 - 2014-07-03 06:48 - 24196896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2014-07-30 17:08 - 2014-07-03 06:48 - 22994208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2014-07-30 17:08 - 2014-07-03 06:48 - 18626304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2014-07-30 17:08 - 2014-07-03 06:48 - 17555104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2014-07-30 17:08 - 2014-07-03 06:48 - 16122344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2014-07-30 17:08 - 2014-07-03 06:48 - 15294296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2014-07-30 17:08 - 2014-07-03 06:48 - 13922752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2014-07-30 17:08 - 2014-07-03 06:48 - 13835208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2014-07-30 17:08 - 2014-07-03 06:48 - 12866008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2014-07-30 17:08 - 2014-07-03 06:48 - 11283344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2014-07-30 17:08 - 2014-07-03 06:48 - 11222048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2014-07-30 17:08 - 2014-07-03 06:48 - 04247000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2014-07-30 17:08 - 2014-07-03 06:48 - 03989960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2014-07-30 17:08 - 2014-07-03 06:48 - 01890080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434052.dll
2014-07-30 17:08 - 2014-07-03 06:48 - 01539928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434052.dll
2014-07-30 17:08 - 2014-07-03 06:48 - 00944928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2014-07-30 17:08 - 2014-07-03 06:48 - 00907096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2014-07-30 17:08 - 2014-07-03 06:48 - 00903624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2014-07-30 17:08 - 2014-07-03 06:48 - 00869152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2014-07-30 17:08 - 2014-07-03 06:48 - 00502232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2014-07-30 17:08 - 2014-07-03 06:48 - 00418760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2014-07-30 17:08 - 2014-07-03 06:48 - 00391640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2014-07-30 17:08 - 2014-07-03 06:48 - 00354016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2014-07-30 17:08 - 2014-07-03 06:48 - 00348120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2014-07-30 17:08 - 2014-07-03 06:48 - 00305600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2014-07-30 17:08 - 2014-07-03 06:48 - 00032544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2014-07-30 16:15 - 2014-07-30 17:09 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-07-30 16:15 - 2014-07-25 23:50 - 01715224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2014-07-30 16:15 - 2014-07-25 23:50 - 01291280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2014-07-30 16:15 - 2014-04-01 02:42 - 00040392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2014-07-30 16:15 - 2014-04-01 02:42 - 00034760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2014-07-20 11:42 - 2014-08-06 01:02 - 00001871 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk
2014-07-20 11:41 - 2014-07-20 11:41 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2014-07-20 11:41 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2014-07-20 11:40 - 2014-08-06 00:58 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-07-20 11:40 - 2014-07-20 11:40 - 00000000 ____D () C:\Program Files\McAfee.com
2014-07-20 11:35 - 2014-06-20 10:30 - 00189912 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
2014-07-20 11:07 - 2014-07-20 11:08 - 00000000 ____D () C:\ccbcdf3a6d8c10b8004fd3c5c5
2014-07-20 01:17 - 2014-07-20 01:18 - 00037817 _____ () C:\Users\Lawrence\Desktop\Addition.txt
2014-07-20 01:16 - 2014-08-06 01:22 - 00026138 _____ () C:\Users\Lawrence\Desktop\FRST.txt
2014-07-20 01:16 - 2014-08-06 01:22 - 00000000 ____D () C:\FRST
2014-07-20 01:15 - 2014-08-06 01:22 - 02094080 _____ (Farbar) C:\Users\Lawrence\Desktop\FRST64.exe
2014-07-19 18:46 - 2014-07-19 18:46 - 00003023 _____ () C:\Users\Lawrence\Desktop\HiJackThis.lnk
2014-07-19 18:46 - 2014-07-19 18:46 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-07-19 18:46 - 2014-07-19 18:46 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-07-19 18:14 - 2014-07-19 18:14 - 01402880 _____ () C:\Users\Lawrence\Desktop\HijackThis.msi
2014-07-19 14:42 - 2014-07-19 14:42 - 00000003 _____ () C:\WINDOWS\system32\HRUPPROG.EXIT
2014-07-19 14:42 - 2014-07-19 14:42 - 00000002 _____ () C:\WINDOWS\system32\HRUPPROG.TXT
2014-07-17 19:14 - 2014-07-17 19:14 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-17 18:44 - 2014-07-17 18:44 - 00688992 _____ (Swearware) C:\Users\Lawrence\Desktop\dds.com
2014-07-17 17:51 - 2014-07-17 18:04 - 00000000 _____ () C:\WINDOWS\system32\1
2014-07-16 23:54 - 2014-08-06 01:21 - 00004978 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ROYAL-Lawry Lsw Royal
2014-07-16 23:34 - 2014-07-16 23:32 - 04605016 _____ () C:\Users\Lawrence\Desktop\cbs.txt
2014-07-16 23:14 - 2014-07-16 23:14 - 00002464 _____ () C:\Users\Lawrence\Desktop\SFCFix.txt
2014-07-16 23:13 - 2014-07-16 23:13 - 01296920 _____ () C:\Users\Lawrence\Desktop\SFCFix.zip
2014-07-16 01:49 - 2014-07-16 23:12 - 00566784 _____ (niemiro) C:\Users\Lawrence\Desktop\SFCFix.exe
2014-07-16 01:42 - 2014-07-16 23:14 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\niemiro
2014-07-16 01:42 - 2014-07-16 23:14 - 00000000 ____D () C:\SFCFix
2014-07-13 01:18 - 2014-07-13 01:18 - 00001052 _____ () C:\Users\Public\Desktop\Path of Exile.lnk
2014-07-13 01:13 - 2014-07-13 01:18 - 00000000 ____D () C:\Program Files (x86)\GarenaPoE
2014-07-12 16:15 - 2014-07-12 16:15 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Aeria Games
2014-07-12 16:14 - 2014-07-12 16:14 - 00000000 ____D () C:\ProgramData\Aeria Games
2014-07-12 16:12 - 2014-07-12 16:13 - 00000000 ___HD () C:\WINDOWS\msdownld.tmp
2014-07-12 16:12 - 2014-07-12 16:13 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2014-07-12 16:12 - 2014-07-12 16:12 - 00001701 _____ () C:\Users\Lawrence\Desktop\Aura Kingdom.lnk
2014-07-12 16:00 - 2014-07-12 16:00 - 00002055 _____ () C:\Users\Public\Desktop\Aeria Ignite.lnk
2014-07-12 16:00 - 2014-07-12 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
2014-07-12 16:00 - 2014-07-12 16:00 - 00000000 ____D () C:\Program Files (x86)\Aeria Games
2014-07-12 15:03 - 2014-07-12 15:05 - 00000000 ____D () C:\Users\Lawrence\Documents\InfiniteCrisis
2014-07-12 15:03 - 2014-07-12 15:03 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\InfiniteCrisis
2014-07-12 14:01 - 2014-07-12 14:01 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Turbine
2014-07-12 13:59 - 2014-07-12 15:00 - 00000000 ____D () C:\Program Files (x86)\InfiniteCrisis
2014-07-12 13:59 - 2014-07-12 13:59 - 00001107 _____ () C:\Users\Public\Desktop\InfiniteCrisis.lnk
2014-07-12 13:59 - 2014-07-12 13:59 - 00000000 ____D () C:\ProgramData\Turbine
2014-07-12 13:59 - 2014-07-12 13:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infinite Crisis
2014-07-12 13:49 - 2014-07-12 13:53 - 140770440 _____ () C:\Users\Lawrence\Downloads\InfiniteCrisis-GLOBAL_Setup.exe
2014-07-12 13:47 - 2014-07-12 13:47 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Akamai
2014-07-12 12:58 - 2014-07-12 16:00 - 00000000 ____D () C:\AeriaGames
2014-07-12 12:57 - 2014-07-12 12:57 - 00581656 _____ (Aeria Games & Entertainment) C:\Users\Lawrence\Downloads\aurakingdom_us_downloader.exe
2014-07-11 16:09 - 2014-07-11 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-11 16:09 - 2014-07-11 16:09 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-11 16:09 - 2014-07-11 16:09 - 00000000 ____D () C:\Program Files\iTunes
2014-07-11 16:09 - 2014-07-11 16:09 - 00000000 ____D () C:\Program Files\iPod
2014-07-11 16:09 - 2014-07-11 16:09 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-11 16:03 - 2014-07-11 16:05 - 113509200 _____ (Apple Inc.) C:\Users\Lawrence\Downloads\iTunes64Setup.exe
2014-07-11 16:02 - 2014-08-06 01:08 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-11 16:02 - 2014-07-11 16:02 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-07-10 09:53 - 2014-07-10 09:53 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-10 09:48 - 2014-07-10 09:48 - 939619854 _____ () C:\WINDOWS\MEMORY.DMP
2014-07-10 05:01 - 2014-04-14 13:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-10 00:42 - 2014-06-17 08:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-10 00:42 - 2014-06-17 08:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-10 00:42 - 2014-06-07 00:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-10 00:42 - 2014-05-30 13:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-10 00:42 - 2014-05-29 22:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-10 00:42 - 2014-05-29 17:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-10 00:42 - 2014-05-29 16:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-10 00:42 - 2014-05-29 16:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-10 00:42 - 2014-05-29 15:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-10 00:42 - 2014-05-29 15:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-10 00:41 - 2014-06-19 11:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-10 00:41 - 2014-06-19 10:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-10 00:41 - 2014-06-19 09:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-10 00:41 - 2014-06-19 08:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-10 00:40 - 2014-07-01 08:45 - 00688128 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-07-10 00:40 - 2014-06-28 17:48 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-07-10 00:40 - 2014-06-28 17:07 - 00385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-07-10 00:40 - 2014-06-19 10:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-10 00:40 - 2014-06-19 10:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-10 00:40 - 2014-06-19 09:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-10 00:40 - 2014-06-19 09:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-10 00:40 - 2014-06-19 09:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-10 00:40 - 2014-06-19 09:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-10 00:40 - 2014-06-19 09:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-10 00:40 - 2014-06-19 09:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-10 00:40 - 2014-06-19 09:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-10 00:40 - 2014-06-19 09:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-10 00:40 - 2014-06-19 08:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-10 00:40 - 2014-06-19 08:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-10 00:40 - 2014-06-19 08:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-10 00:40 - 2014-06-19 08:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-10 00:40 - 2014-06-19 08:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-10 00:40 - 2014-06-19 08:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-10 00:40 - 2014-06-19 08:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-10 00:40 - 2014-06-19 08:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-10 00:40 - 2014-06-19 08:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-10 00:40 - 2014-06-19 08:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-10 00:40 - 2014-06-19 08:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-10 00:40 - 2014-06-19 08:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-10 00:40 - 2014-06-19 08:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-10 00:40 - 2014-06-06 23:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-10 00:40 - 2014-06-06 22:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-10 00:40 - 2014-05-31 20:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-10 00:40 - 2014-05-31 20:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-10 00:40 - 2014-05-31 13:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-10 00:40 - 2014-05-31 13:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-10 00:40 - 2014-05-31 13:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 00:40 - 2014-05-31 13:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-10 00:40 - 2014-05-31 13:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-10 00:40 - 2014-05-31 13:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 00:40 - 2014-05-31 12:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-10 00:40 - 2014-05-31 12:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-10 00:40 - 2014-05-31 12:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-10 00:40 - 2014-05-31 12:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-10 00:40 - 2014-05-31 12:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-10 00:40 - 2014-05-31 12:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-10 00:40 - 2014-05-31 12:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-10 00:29 - 2014-07-10 00:29 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-08 23:16 - 2014-07-08 23:16 - 00001625 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-06 01:23 - 2014-07-20 01:16 - 00026138 _____ () C:\Users\Lawrence\Desktop\FRST.txt
2014-08-06 01:22 - 2014-08-06 01:22 - 00000000 ____D () C:\Users\Lawrence\Desktop\FRST-OlderVersion
2014-08-06 01:22 - 2014-07-20 01:16 - 00000000 ____D () C:\FRST
2014-08-06 01:22 - 2014-07-20 01:15 - 02094080 _____ (Farbar) C:\Users\Lawrence\Desktop\FRST64.exe
2014-08-06 01:21 - 2014-08-06 01:01 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-06 01:21 - 2014-07-16 23:54 - 00004978 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ROYAL-Lawry Lsw Royal
2014-08-06 01:21 - 2013-11-02 13:09 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-06 01:20 - 2014-06-25 17:19 - 00003496 _____ () C:\WINDOWS\System32\Tasks\gg_uac_daemon_Lawry Lsw
2014-08-06 01:20 - 2013-08-23 00:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-06 01:19 - 2013-10-12 12:39 - 00006656 _____ () C:\WINDOWS\system32\VfService.trf
2014-08-06 01:19 - 2013-09-30 14:02 - 00037136 _____ () C:\WINDOWS\PFRO.log
2014-08-06 01:19 - 2013-08-23 01:36 - 00000000 ____D () C:\WINDOWS\Registration
2014-08-06 01:19 - 2013-08-22 23:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-06 01:17 - 2013-11-01 17:38 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-450748458-2682401420-2043914554-1002
2014-08-06 01:16 - 2014-08-06 01:16 - 00001624 _____ () C:\Users\Lawrence\Desktop\JRT.txt
2014-08-06 01:11 - 2014-08-06 01:11 - 00004222 _____ () C:\Users\Lawrence\Desktop\AdwCleaner[S0].txt
2014-08-06 01:10 - 2014-08-06 01:10 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-06 01:08 - 2014-08-06 01:08 - 01016261 _____ (Thisisu) C:\Users\Lawrence\Desktop\JRT.exe
2014-08-06 01:08 - 2014-07-11 16:02 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-08-06 01:02 - 2014-08-06 01:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-08-06 01:02 - 2014-07-20 11:42 - 00001871 _____ () C:\Users\Public\Desktop\McAfee Internet Security.lnk
2014-08-06 01:02 - 2013-11-03 03:39 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\GarenaPlus
2014-08-06 01:02 - 2013-11-03 03:38 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2014-08-06 01:00 - 2014-08-06 01:00 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-06 01:00 - 2014-08-06 01:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-06 01:00 - 2014-08-06 01:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-06 01:00 - 2014-08-06 01:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-06 01:00 - 2013-08-23 01:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-06 00:58 - 2014-07-20 11:40 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-08-06 00:57 - 2013-08-22 23:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-08-06 00:56 - 2013-10-12 12:07 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-06 00:55 - 2014-08-06 00:50 - 00000000 ____D () C:\AdwCleaner
2014-08-06 00:52 - 2014-08-06 00:51 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Lawrence\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-06 00:50 - 2014-08-06 00:49 - 01361309 _____ () C:\Users\Lawrence\Desktop\AdwCleaner.exe
2014-08-06 00:48 - 2013-11-02 13:09 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-05 23:45 - 2014-08-05 22:02 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-08-05 23:45 - 2014-06-25 01:16 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Battle.net
2014-08-05 22:35 - 2014-08-05 22:35 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Blizzard
2014-08-05 22:21 - 2014-08-05 22:10 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Maxiget
2014-08-05 22:19 - 2014-08-05 22:19 - 00000000 ____D () C:\Users\Lawrence\Documents\Downloaded Videos Movie
2014-08-05 22:15 - 2014-08-05 19:17 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\StormAlerts
2014-08-05 22:14 - 2014-08-05 22:10 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-08-05 22:10 - 2014-08-05 22:10 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\MaxiGet Download Manager
2014-08-05 22:10 - 2013-08-23 01:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-08-05 22:10 - 2013-08-23 01:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2014-08-05 22:07 - 2013-12-31 20:07 - 00016553 _____ () C:\Users\Lawrence\Desktop\Expenditure.xlsx
2014-08-05 22:02 - 2014-08-05 22:02 - 00001218 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HearthstoneHearthstone.lnk
2014-08-05 22:02 - 2014-08-05 22:02 - 00001172 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-08-05 22:02 - 2014-08-05 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-08-05 22:00 - 2013-11-04 09:34 - 00000000 __SHD () C:\Users\Lawrence\wc
2014-08-05 21:32 - 2013-11-27 08:11 - 01508813 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-05 21:14 - 2013-08-23 01:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-08-05 19:23 - 2014-08-05 19:23 - 00000000 ____D () C:\ProgramData\HipSoft
2014-08-05 19:19 - 2014-08-05 19:19 - 00000064 _____ () C:\WINDOWS\GPlrLanc.dat
2014-08-05 19:15 - 2013-08-23 01:36 - 00000000 ____D () C:\WINDOWS\Resources
2014-08-05 13:06 - 2013-11-02 20:32 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-04 00:34 - 2013-11-01 17:23 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Packages
2014-08-02 11:21 - 2014-06-15 22:55 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\PMB Files
2014-08-02 11:21 - 2014-06-15 22:55 - 00000000 ____D () C:\ProgramData\PMB Files
2014-08-02 11:20 - 2013-11-03 03:38 - 00000000 ____D () C:\Program Files (x86)\Garena Plus
2014-07-31 18:10 - 2014-06-25 01:15 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-31 01:08 - 2014-07-31 01:08 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2014-07-31 01:08 - 2014-07-31 01:08 - 00000000 ____D () C:\WINDOWS\system32\NV
2014-07-30 17:11 - 2014-07-30 17:11 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-07-30 17:11 - 2013-11-27 08:11 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-07-30 17:10 - 2013-10-12 12:01 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-30 17:09 - 2014-07-30 16:15 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-07-30 17:09 - 2013-11-27 08:11 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-30 16:16 - 2013-12-04 02:48 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\NVIDIA Corporation
2014-07-30 16:15 - 2013-08-23 00:46 - 00340131 _____ () C:\WINDOWS\setupact.log
2014-07-25 23:50 - 2014-07-30 16:15 - 01715224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2014-07-25 23:50 - 2014-07-30 16:15 - 01291280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2014-07-25 23:50 - 2013-12-02 00:48 - 01283136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2014-07-25 23:50 - 2013-12-02 00:48 - 01126480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2014-07-23 19:55 - 2013-10-12 12:37 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-07-23 19:55 - 2012-07-26 18:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-07-22 23:56 - 2013-11-27 08:16 - 00000000 ____D () C:\Users\Lawrence
2014-07-20 14:41 - 2013-10-12 12:37 - 00000000 ____D () C:\ProgramData\McAfee
2014-07-20 11:41 - 2014-07-20 11:41 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2014-07-20 11:41 - 2013-10-12 12:37 - 00000000 ____D () C:\Program Files\mcafee
2014-07-20 11:40 - 2014-07-20 11:40 - 00000000 ____D () C:\Program Files\McAfee.com
2014-07-20 11:33 - 2013-08-23 00:44 - 00474072 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-20 11:08 - 2014-07-20 11:07 - 00000000 ____D () C:\ccbcdf3a6d8c10b8004fd3c5c5
2014-07-20 11:05 - 2012-07-26 15:37 - 00000000 ____D () C:\Users\Default.migrated
2014-07-20 11:04 - 2013-11-25 10:01 - 00000000 ____D () C:\Program Files\stinger
2014-07-20 01:18 - 2014-07-20 01:17 - 00037817 _____ () C:\Users\Lawrence\Desktop\Addition.txt
2014-07-19 18:46 - 2014-07-19 18:46 - 00003023 _____ () C:\Users\Lawrence\Desktop\HiJackThis.lnk
2014-07-19 18:46 - 2014-07-19 18:46 - 00000000 ____D () C:\Users\Lawrence\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-07-19 18:46 - 2014-07-19 18:46 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-07-19 18:46 - 2013-11-01 17:24 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\VirtualStore
2014-07-19 18:14 - 2014-07-19 18:14 - 01402880 _____ () C:\Users\Lawrence\Desktop\HijackThis.msi
2014-07-19 14:42 - 2014-07-19 14:42 - 00000003 _____ () C:\WINDOWS\system32\HRUPPROG.EXIT
2014-07-19 14:42 - 2014-07-19 14:42 - 00000002 _____ () C:\WINDOWS\system32\HRUPPROG.TXT
2014-07-17 19:14 - 2014-07-17 19:14 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-17 18:44 - 2014-07-17 18:44 - 00688992 _____ (Swearware) C:\Users\Lawrence\Desktop\dds.com
2014-07-17 18:04 - 2014-07-17 17:51 - 00000000 _____ () C:\WINDOWS\system32\1
2014-07-16 23:32 - 2014-07-16 23:34 - 04605016 _____ () C:\Users\Lawrence\Desktop\cbs.txt
2014-07-16 23:14 - 2014-07-16 23:14 - 00002464 _____ () C:\Users\Lawrence\Desktop\SFCFix.txt
2014-07-16 23:14 - 2014-07-16 01:42 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\niemiro
2014-07-16 23:14 - 2014-07-16 01:42 - 00000000 ____D () C:\SFCFix
2014-07-16 23:13 - 2014-07-16 23:13 - 01296920 _____ () C:\Users\Lawrence\Desktop\SFCFix.zip
2014-07-16 23:12 - 2014-07-16 01:49 - 00566784 _____ (niemiro) C:\Users\Lawrence\Desktop\SFCFix.exe
2014-07-16 16:05 - 2013-09-30 14:10 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-16 02:28 - 2012-07-26 17:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-13 01:18 - 2014-07-13 01:18 - 00001052 _____ () C:\Users\Public\Desktop\Path of Exile.lnk
2014-07-13 01:18 - 2014-07-13 01:13 - 00000000 ____D () C:\Program Files (x86)\GarenaPoE
2014-07-13 01:18 - 2013-11-03 03:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
2014-07-12 16:17 - 2014-04-28 01:53 - 00000000 ____D () C:\Users\Lawrence\Desktop\Books!
2014-07-12 16:15 - 2014-07-12 16:15 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Aeria Games
2014-07-12 16:14 - 2014-07-12 16:14 - 00000000 ____D () C:\ProgramData\Aeria Games
2014-07-12 16:13 - 2014-07-12 16:12 - 00000000 ___HD () C:\WINDOWS\msdownld.tmp
2014-07-12 16:13 - 2014-07-12 16:12 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2014-07-12 16:12 - 2014-07-12 16:12 - 00001701 _____ () C:\Users\Lawrence\Desktop\Aura Kingdom.lnk
2014-07-12 16:00 - 2014-07-12 16:00 - 00002055 _____ () C:\Users\Public\Desktop\Aeria Ignite.lnk
2014-07-12 16:00 - 2014-07-12 16:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
2014-07-12 16:00 - 2014-07-12 16:00 - 00000000 ____D () C:\Program Files (x86)\Aeria Games
2014-07-12 16:00 - 2014-07-12 12:58 - 00000000 ____D () C:\AeriaGames
2014-07-12 15:05 - 2014-07-12 15:03 - 00000000 ____D () C:\Users\Lawrence\Documents\InfiniteCrisis
2014-07-12 15:03 - 2014-07-12 15:03 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\InfiniteCrisis
2014-07-12 15:00 - 2014-07-12 13:59 - 00000000 ____D () C:\Program Files (x86)\InfiniteCrisis
2014-07-12 14:01 - 2014-07-12 14:01 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Turbine
2014-07-12 14:00 - 2014-06-30 02:00 - 00028116 _____ () C:\WINDOWS\DirectX.log
2014-07-12 13:59 - 2014-07-12 13:59 - 00001107 _____ () C:\Users\Public\Desktop\InfiniteCrisis.lnk
2014-07-12 13:59 - 2014-07-12 13:59 - 00000000 ____D () C:\ProgramData\Turbine
2014-07-12 13:59 - 2014-07-12 13:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infinite Crisis
2014-07-12 13:53 - 2014-07-12 13:49 - 140770440 _____ () C:\Users\Lawrence\Downloads\InfiniteCrisis-GLOBAL_Setup.exe
2014-07-12 13:47 - 2014-07-12 13:47 - 00000000 ____D () C:\Users\Lawrence\AppData\Local\Akamai
2014-07-12 12:57 - 2014-07-12 12:57 - 00581656 _____ (Aeria Games & Entertainment) C:\Users\Lawrence\Downloads\aurakingdom_us_downloader.exe
2014-07-11 16:09 - 2014-07-11 16:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-11 16:09 - 2014-07-11 16:09 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-11 16:09 - 2014-07-11 16:09 - 00000000 ____D () C:\Program Files\iTunes
2014-07-11 16:09 - 2014-07-11 16:09 - 00000000 ____D () C:\Program Files\iPod
2014-07-11 16:09 - 2014-07-11 16:09 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-11 16:06 - 2013-11-09 16:39 - 00000000 ____D () C:\ProgramData\Apple
2014-07-11 16:05 - 2014-07-11 16:03 - 113509200 _____ (Apple Inc.) C:\Users\Lawrence\Downloads\iTunes64Setup.exe
2014-07-11 16:02 - 2014-07-11 16:02 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-07-10 10:28 - 2013-08-23 01:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-10 09:54 - 2013-08-23 01:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 09:54 - 2013-08-23 01:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 09:53 - 2014-07-10 09:53 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-07-10 09:52 - 2013-08-23 01:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-10 09:52 - 2013-08-23 01:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-10 09:48 - 2014-07-10 09:48 - 939619854 _____ () C:\WINDOWS\MEMORY.DMP
2014-07-10 05:07 - 2013-11-04 05:56 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-10 05:06 - 2013-11-04 05:56 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-10 05:01 - 2013-08-23 00:46 - 00000440 _____ () C:\WINDOWS\setuperr.log
2014-07-10 05:00 - 2013-09-30 13:58 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 00:29 - 2014-07-10 00:29 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-08 23:16 - 2014-07-08 23:16 - 00001625 _____ () C:\Users\Public\Desktop\Play League of Legends.lnk
2014-07-08 23:15 - 2013-11-01 18:08 - 00000000 ___RD () C:\Users\Lawrence\Desktop\Dekstop
Some content of TEMP:
====================
C:\Users\Lawrence\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_131114to131127v3.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_131127to131217v2.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_131217to140110.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_140110to140121v2.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_140121to140212v2.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_140212to140214.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_140214to140220.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_140220to140306.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_140306to140307.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_140307to140325.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_140325to140401v2.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_140401to140409.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_140409to140410.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_140410to140429.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_140429to140430.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_140430to140513.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_140513to140529.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_140529to140610v2.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_140610to140624.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_140624to140708v2.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_140708to140722.exe
C:\Users\Lawrence\AppData\Local\Temp\lol_patch_140722to140805.exe
C:\Users\Lawrence\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Lawrence\AppData\Local\Temp\Quarantine.exe
C:\Users\Lawrence\AppData\Local\Temp\Setup.x86.en-US_HomeStudentRetail_CNFY9-CRP43-TF6PQ-76VYF-BY2XR_TX_SG_.exe
C:\Users\Lawrence\AppData\Local\Temp\setup32.exe
C:\Users\Lawrence\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Lawrence\AppData\Local\Temp\Tsu301FFA7E.dll
C:\Users\Lawrence\AppData\Local\Temp\Tsu30F4D4DA.dll
C:\Users\Lawrence\AppData\Local\Temp\Tsu322EB8E2.dll
C:\Users\Lawrence\AppData\Local\Temp\UNT3DBF.tmp.exe
C:\Users\Lawrence\AppData\Local\Temp\UNT3DEF.tmp.exe
C:\Users\Lawrence\AppData\Local\Temp\UNT3DFE.tmp.exe
C:\Users\Lawrence\AppData\Local\Temp\UNT3DFF.tmp.exe
C:\Users\Lawrence\AppData\Local\Temp\UNT3E2E.tmp.exe
C:\Users\Lawrence\AppData\Local\Temp\UNT3E2F.tmp.exe
C:\Users\Lawrence\AppData\Local\Temp\UNT3E5E.tmp.exe
C:\Users\Lawrence\AppData\Local\Temp\UNT3E6E.tmp.exe
C:\Users\Lawrence\AppData\Local\Temp\UNT3E8E.tmp.exe
C:\Users\Lawrence\AppData\Local\Temp\UNT3EAE.tmp.exe
C:\Users\Lawrence\AppData\Local\Temp\UNT3EDD.tmp.exe
C:\Users\Lawrence\AppData\Local\Temp\UNT3F0D.tmp.exe
C:\Users\Lawrence\AppData\Local\Temp\UNT3F3D.tmp.exe
C:\Users\Lawrence\AppData\Local\Temp\UNT3F6A.tmp.exe
C:\Users\Lawrence\AppData\Local\Temp\UNT4065.tmp.exe
C:\Users\Lawrence\AppData\Local\Temp\UNT43B0.tmp.exe
C:\Users\Lawrence\AppData\Local\Temp\UNT43E0.tmp.exe
C:\Users\Lawrence\AppData\Local\Temp\UNT43F3.tmp.exe
C:\Users\Lawrence\AppData\Local\Temp\UNT4423.tmp.exe
C:\Users\Lawrence\AppData\Local\Temp\UNT4452.tmp.exe
C:\Users\Lawrence\AppData\Local\Temp\UNT4482.tmp.exe
C:\Users\Lawrence\AppData\Local\Temp\UNT44B2.tmp.exe
C:\Users\Lawrence\AppData\Local\Temp\UNT44E2.tmp.exe
C:\Users\Lawrence\AppData\Local\Temp\UNT4502.tmp.exe
C:\Users\Lawrence\AppData\Local\Temp\vcredist_x86.exe

==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-29 19:34
==================== End Of Log ============================

 

[Law]

I think those are the things you needed. If there is anything else, please do let me know.

And once again, thank you for being very patient with me. I really appreciate your help as I know nothing about computers.

 

[Machiavelli]

Hi,

Step 1: FRST Fix

• Please download the attached fixlist.txt file and save it to the same location as FRST
  
  Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
  NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system​

• Run FRST.exe/FRST64.exe and press the Fix button just once and wait
• If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
• When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

Step 2: FRST Scan

• Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
• Click Scan to start FRST.
• When FRST finishes scanning, a log, FRST.txt, will open.
• Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!

• Visit the ESET Online Scanner Web Page
• Select the blue Run ESET Online Scanner button:
  
  
• Tick the box next to YES, I accept the Terms of Use and click Start
  
  
• When asked, allow the ActiveX control to install.
• Select Enable detection of potentially unwanted applications and select Advanced Settings:
  
  
• Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
  
  
• Click Start. (This scan can take several hours, so please be patient):
  
  
• Once the scan is completed, select List of found threats:
  
  
• Select Export to text file... and save the file as ESETlog.txt on your Desktop:
  
  
• Click the Back button.
• Click the Finish button:
  
  
• Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
• Copy and paste that log as a reply to this topic.

Step 4: Question

How is your PC running?