Sfc /scannow repeatedly shows corrupted files repaired successfully

LiquidTension · Jun 6, 2016

Hello,

Please press the Windows Key + x on your keyboard at the same time. Click Command Prompt (Admin).

Please copy the following text: wevtutil sl Security /ms:100032000
Right-click the Command Prompt window and click Paste. Press Enter on your keyboard.

Please let me know if the command is successful, or if there are any errors.

Leyx3 · Jun 7, 2016

After entering, there was no error shown, but no visible changes either!

LiquidTension · Jun 8, 2016

Hello,

If you select the Security Event Log once more, and click Actions followed by Properties, what is the Maximum log size reported as?

Leyx3 · Jun 9, 2016

97687

LiquidTension · Jun 10, 2016

Excellent, thank you.

Let's go ahead and place the missing file back once more. Now that we have resolved the issue with your Security Event Log, we should hopefully be able to glean some additional information once the audit is configured again.

Please carry out the instructions below. Provide the two logs generated, and confirmation the audit was successfully configured.

SFCFix Script (.zip)

Warning: This fix is intended for use on this particular machine. Do not use this fix on any other machine; doing so may cause damage to your Operating System. If you are not the original poster and require assistance, please start your own topic.

Please download View attachment SFCFix.zip and save the file to your Desktop.
Note: Ensure this file is named SFCFix.zip. Do not rename the file.
Close all open windows.
SFCFix.exe

and SFCFix.zip

should both be present on your Desktop.
Drag the file SFCFix.zip onto the file SFCFix.exe and release it.
SFCFix will now process the script. Upon completion, a file (SFCFix.txt) will be created on your Desktop.
Copy the contents of the file and paste in your next reply.

Designate File/Folder to Audit

Press the Windows Key

+ r on your keyboard at the same time. Type C:\Windows\WinSxS and click OK.
Locate the following folder: x86_microsoft-windows-w..sition-uicomponents_31bf3856ad364e35_6.3.9600.17415_none_63e0deb8a0ab97da
Right-click the folder and click Properties.
Click the Security tab.
Click Advanced.
Click Auditing.
Click Continue.
Click Add... followed by Select a principal.
Type Everyone into the text field.
Click OK.
Click Show advanced permissions.
Place a checkmark next to Delete subfolders and files and Delete.
Click OK, followed by OK, followed by OK, followed by OK.

SFCFix Script (.txt)

Warning: This fix is intended for use on this particular machine. Do not use this fix on any other machine; doing so may cause damage to your Operating System. If you are not the original poster and require assistance, please start your own topic.

Please download View attachment SFCScript.txt and save the file to your Desktop.
Close all open windows.
SFCFix.exe

and SFCScript.txt

should both be present on your Desktop.
Drag the file SFCScript.txt onto the file SFCFix.exe and release it.
SFCFix will now process the script. Upon completion, a file (SFCFix.txt) will be created on your Desktop.
Copy the contents of the file and paste in your next reply.

Leyx3 · Jun 10, 2016

SFCFix version 3.0.0.0 by niemiro.
Start time: 2016-06-10 20:49:13.836
Microsoft Windows 8.1 Update 3 - amd64
Using .zip script file at C:\Users\ng\Desktop\SFCFix.zip [0]

PowerCopy::
Successfully took permissions for file or folder C:\Windows\winsxs\x86_microsoft-windows-w..sition-uicomponents_31bf3856ad364e35_6.3.9600.17415_none_63e0deb8a0ab97da\wiashext.dll

WARNING: File C:\Windows\winsxs\x86_microsoft-windows-w..sition-uicomponents_31bf3856ad364e35_6.3.9600.17415_none_63e0deb8a0ab97da\wiashext.dll was not backed up as that would replace the current backup.
Successfully copied file C:\Users\ng\AppData\Local\niemiro\Archive\x86_microsoft-windows-w..sition-uicomponents_31bf3856ad364e35_6.3.9600.17415_none_63e0deb8a0ab97da\wiashext.dll to C:\Windows\winsxs\x86_microsoft-windows-w..sition-uicomponents_31bf3856ad364e35_6.3.9600.17415_none_63e0deb8a0ab97da\wiashext.dll.

Successfully restored ownership for C:\Windows\winsxs\x86_microsoft-windows-w..sition-uicomponents_31bf3856ad364e35_6.3.9600.17415_none_63e0deb8a0ab97da\wiashext.dll
Successfully restored permissions on C:\Windows\winsxs\x86_microsoft-windows-w..sition-uicomponents_31bf3856ad364e35_6.3.9600.17415_none_63e0deb8a0ab97da\wiashext.dll
PowerCopy:: directive completed successfully.

Successfully processed all directives.
SFCFix version 3.0.0.0 by niemiro has completed.
Currently storing 3 datablocks.
Finish time: 2016-06-10 20:49:14.837
Script hash: q24V+aN/Wb8PoJ9eWg5OZAnLQhenVXyCUwzoQxFLHN8=
----------------------EOF-----------------------

SFCFix version 3.0.0.0 by niemiro.
Start time: 2016-06-10 20:54:08.881
Microsoft Windows 8.1 Update 3 - amd64
Using .txt script file at C:\Users\ng\Desktop\SFCScript.txt [3]

FileScan::
[0: 2] C:\Windows\SysWOW64\wiashext.dll
File is untraceable.
Found: +32hVgh6noo3sYJbCuRd27lzrYRZAxW8lScjhx1uqUU=
Found: 6.3.9600.17415
Trace not available.

[C:\Windows\WinSxS\x86_microsoft-windows-w..sition-uicomponents_31bf3856ad364e35_6.3.9600.17415_none_63e0deb8a0ab97da\wiashext.dll]

[1: 1] C:\Windows\WinSxS\amd64_microsoft-windows-w..sition-uicomponents_31bf3856ad364e35_6.3.9600.17415_none_bfff7a3c59090910\wiashext.dll
File is untraceable.
Found: zmOIsVVra06kzgDpRXEhPgvhDSXE+d9YQbHIIeFQATI=
Found: 6.3.9600.17415
Trace not available.

[2: 1] C:\$Recycle.Bin\S-1-5-21-467215432-3201027063-894571888-1001\$RHAKQKS\x86_microsoft-windows-w..sition-uicomponents_31bf3856ad364e35_6.3.9600.17415_none_63e0deb8a0ab97da\wiashext.dll
File is untraceable.
Found: +32hVgh6noo3sYJbCuRd27lzrYRZAxW8lScjhx1uqUU=
Found: 6.3.9600.17415
Trace not available.

[3: 1] C:\Windows\SoftwareDistribution\Download\ee444b9ad71e2e80e58407f65b6f4f0a\amd64_microsoft-windows-w..sition-uicomponents_31bf3856ad364e35_6.3.9600.17415_none_bfff7a3c59090910\wiashext.dll
File is untraceable.
Found: zmOIsVVra06kzgDpRXEhPgvhDSXE+d9YQbHIIeFQATI=
Found: 6.3.9600.17415
Trace not available.

[4: 1] C:\$Recycle.Bin\S-1-5-21-467215432-3201027063-894571888-1001\$R2ZT4GK\x86_microsoft-windows-w..sition-uicomponents_31bf3856ad364e35_6.3.9600.17415_none_63e0deb8a0ab97da\wiashext.dll
File is untraceable.
Found: +32hVgh6noo3sYJbCuRd27lzrYRZAxW8lScjhx1uqUU=
Found: 6.3.9600.17415
Trace not available.

[5: 1] C:\SFCFix\Backups\C\Windows\winsxs\x86_microsoft-windows-w..sition-uicomponents_31bf3856ad364e35_6.3.9600.17415_none_63e0deb8a0ab97da\wiashext.dll
File is untraceable.
Found: +32hVgh6noo3sYJbCuRd27lzrYRZAxW8lScjhx1uqUU=
Found: 6.3.9600.17415
Trace not available.
FileScan:: directive completed successfully.

Successfully processed all directives.
SFCFix version 3.0.0.0 by niemiro has completed.
Currently storing 3 datablocks.
Finish time: 2016-06-10 20:54:12.887
Script hash: tFVkPIwvzCc8pk4G2fvmYTjDGib9KCfyqDxG/L1Hm5c=
----------------------EOF-----------------------

LiquidTension · Jun 12, 2016

Thank you! Please go ahead and run a fresh scan with SFC, and provide the generated log.

SFC /Scannow

Press the Windows Key

+ r on your keyboard at the same time. Type Notepad and click OK.
Copy the bold lines below and paste into the Notepad document:

sfc /scannow
timeout /t 120 /nobreak
copy %windir%\logs\cbs\cbs.log "%userprofile%\Desktop\CBS.txt"
del %0
Click Format. Ensure Wordwrap is unchecked.
Click File, Save As and name the file sfcscannow.bat.
Select All Files as the Save as type. Save the file to your Desktop.
Locate sfcscannow.bat

on your Desktop. Right-click the file and click

Run as administrator.
Upon completion, a file (CBS.txt) will be created on your Desktop. Attach this file in your next reply.
Note: If the file is too large to attach, upload to a service such as Dropbox, One Drive or SendSpace and provide a direct download link in your next reply.

Leyx3 · Jun 13, 2016

Attached!

LiquidTension · Jun 14, 2016

Hello,

The SFC scan confirms the last missing file was successfully placed in the correct folder. At this moment in time, do you have any remaining issues?

Leyx3 · Jun 15, 2016

Oh! So for my window tiles I just need to install again the applications?

I just ran sfc /scannow again, it is still telling me corrupted files found and unable to fix some though

LiquidTension · Jun 16, 2016

Hello,

Oh! So for my window tiles I just need to install again the applications?

We can address your Windows 8.1 apps shortly.

Let's take another look at the log given SFC continues to report an issue.

Please navigate to the following folder: C:\Windows\Logs

Copy the CBS folder to your Desktop. Right-click the CBS folder on your Desktop and click Send to, followed by Compressed (zipped) folder. Please provide the .zip file in your next reply.

In addition, please provide your Security Event Log using the instructions in Post #17.

Leyx3 · Jun 18, 2016

Dropbox - CBS.zip

Eventvwr cannot see? Like after I opened the it, I couldn't find the windows log..?

LiquidTension · Jun 19, 2016

Hello,

Please press the Windows Key + x on your keyboard at the same time, and click Command Prompt (Admin).

Copy sc query eventlog > "%userprofile%\desktop\query.txt" and paste (right-click + paste) into the Command Prompt. Press Enter on your keyboard.

A file named query.txt will be created on your Desktop. Please copy the contents of the file and paste in your next reply.

Leyx3 · Jun 21, 2016

SERVICE_NAME: eventlog
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 5 (0x5)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

Leyx3 · Jun 25, 2016

Hi! Are there any problems?

BrianDrab · Jun 25, 2016

Sorry for the delay. Please reboot your computer and then attempt the steps again from Post#17.
https://www.sysnative.com/forums/wi...d-files-repaired-successfully.html#post157825

Leyx3 · Jun 25, 2016

Nope, still telling event service log not available. Same result from post #32

BrianDrab · Jun 25, 2016

OK, please do the following.

FRST Scan

1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.

Leyx3 · Jun 25, 2016

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2016 01
Ran by ng (administrator) on SHIRLEY (26-06-2016 11:41:54)
Running from C:\Users\ng\Downloads
Loaded Profiles: ng (Available Profiles: ng)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\AP\WavesSysSvc64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD2Srv.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel) C:\Program Files (x86)\Intel\Intel(R) Wake on Voice Setup\Intel(R)WakeonVoiceService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\IIS\RtkI2SAudioService64.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\IIS\RtI2SBgProc64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD2.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGui64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtI2SBgProc64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\AP\WavesSvc64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320360 2014-06-26] (Intel Corporation)
HKLM\...\Run: [RtkNGui] => C:\Program Files\Realtek\Audio\AP\RtkNGui64.exe [8651480 2014-12-19] (Realtek Semiconductor)
HKLM\...\Run: [RtI2SBgProc] => C:\Program Files\Realtek\Audio\AP\RtI2SBgProc64.exe [2707672 2014-12-17] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\AP\WavesSvc64.exe [562264 2014-04-11] (Waves Audio Ltd.)
HKLM\...\Run: [CxAgent] => C:\Program Files\Realtek\Audio\AP\CXAPOAgent64.exe [742592 2014-09-19] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-03] ()
HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8721624 2016-05-14] (Piriform Ltd)
HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2917456 2016-06-15] (Valve Corporation)
HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\Run: [CloudSystemBooster] => C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe [577296 2015-04-27] (Anvisoft)
HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4289728 2016-04-12] (Disc Soft Ltd)
HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\Policies\Explorer: [NoInternetIcon] 0
HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\MountPoints2: {54105b60-8ebf-11e5-82a2-c01cf121be12} - "H:\Setup.exe"
HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\MountPoints2: {c8928b52-76d2-11e5-8295-83db8a8d2222} - "D:\EMP_UDSe.exe" /autorun
HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\MountPoints2: {fbde5521-ee21-11e4-826f-a52b3b4cb9e5} - "E:\PSETUP.exe"
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2015-04-06] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-31] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2015-04-06] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-31] (Softthinks SAS)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-03-01]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{437E9B53-B987-4E12-8B06-28BDC2B94B3A}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-467215432-3201027063-894571888-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-467215432-3201027063-894571888-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Blank
HKU\S-1-5-21-467215432-3201027063-894571888-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-467215432-3201027063-894571888-1001 -> DefaultScope {ABE64800-E89B-4CB9-8D2D-97A44AD46364} URL =
SearchScopes: HKU\S-1-5-21-467215432-3201027063-894571888-1001 -> {ABE64800-E89B-4CB9-8D2D-97A44AD46364} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-19] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-19] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-04-20] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-04-20] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-03-23] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-04-20] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-04-20] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\ng\AppData\Roaming\Mozilla\Firefox\Profiles\v8btd1k1.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-15] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-01] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-23] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-467215432-3201027063-894571888-1001: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll [2014-04-30] (Anvisoft)
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-05-30]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi

Chrome:
=======
CHR HomePage: Profile 2 -> hxxps://www.google.com.sg/
CHR StartupUrls: Profile 2 -> "hxxps://www.google.com.sg/","hxxp://mysearch.avg.com?cid={47B64362-53B2-4DE5-A583-8D164F7FDA99}&mid=88f64aaca83f47d28c8cf123ccd582de-8dd5d6bc2b0ea6746e1516270818b07c69363ebc&lang=en&ds=gm011&coid=avgtbdisgm&cmpid=&pr=sa&d=2014-01-06 00:14:20&v=17.2.0.38&pid=safeguard&sg=&sap=hp","hxxp://mysearch.avg.com?cid={47B64362-53B2-4DE5-A583-8D164F7FDA99}&mid=88f64aaca83f47d28c8cf123ccd582de-8dd5d6bc2b0ea6746e1516270818b07c69363ebc&lang=en&ds=gm011&coid=avgtbdisgm&cmpid=&pr=sa&d=2014-02-08 09:47:29&v=17.3.1.204&pid=safeguard&sg=&sap=hp","hxxp://www.google.com","www.google.com"
CHR Session Restore: Profile 2 -> is enabled.
CHR Profile: C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-06]
CHR Extension: (Docs) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-06]
CHR Extension: (Google Drive) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-06]
CHR Extension: (YouTube) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-06]
CHR Extension: (Google Search) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-06]
CHR Extension: (Google Sheets) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-06]
CHR Extension: (SiteAdvisor) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-04-06]
CHR Extension: (Gmail) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-06]
CHR Profile: C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Read it later!) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aaocbkeamabaniccpnbapflopmcnpjbg [2015-04-17]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-04-17]
CHR Extension: (Google Docs) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-17]
CHR Extension: (Google Drive) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Read Later Fast) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\decdfngdidijkdjgbknlnepdljfaepji [2015-05-14]
CHR Extension: (The Economist) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gebjgjhbjedcomcajgpodjgfjgkepgpl [2015-04-17]
CHR Extension: (Chrome Web Store Launcher (by Google)) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gecgipfabdickgidpmbicneamekgbaej [2015-04-17]
CHR Extension: (Google Docs Offline) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (AdBlock) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-12]
CHR Extension: (Avast Online Security) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-05-22]
CHR Extension: (Kuroko no Basket Theme) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hcidcgpjleidbpkamembdjflkdlfggok [2015-10-23]
CHR Extension: (Dropbox) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-07-10]
CHR Extension: (Clearly) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2015-07-10]
CHR Extension: (rikaikun) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jipdnfibhldikgcjhfnomkfpcebammhp [2016-04-24]
CHR Extension: (Google Play) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-04-17]
CHR Extension: (Evernote Web) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-04-17]
CHR Extension: (Pocket) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2015-07-10]
CHR Extension: (Save to Pocket) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-06-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Click&Clean App) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2016-06-12]
CHR Extension: (Outlook.com) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2015-04-17]
CHR Extension: (Evernote Web Clipper) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2016-05-13]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-29]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-29]
CHR HKLM-x32\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx [2014-04-30]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AnviCsbSvc; C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe [42768 2015-04-27] (Anvisoft)
R2 ASD2Svc; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD2Srv.exe [1187840 2014-11-24] (Anvisoft) [File not signed]
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-03-01] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2829552 2016-03-08] (Microsoft Corporation)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [153960 2016-04-29] (Dell)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-11] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-11] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-02] (Aviata, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2016-01-19] (Digital Wave Ltd.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1443520 2016-04-12] (Disc Soft Ltd)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1037568 2014-09-19] (Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-06-26] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-11-24] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-14] (Intel(R) Corporation)
R2 Intel(R) Wake on Voice Setup; C:\Program Files (x86)\Intel\Intel(R) Wake on Voice Setup\Intel(R)WakeonVoiceService.exe [17920 2014-09-24] (Intel) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-10-01] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-04-20] (McAfee, Inc.)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 RtkI2SCodec; C:\Program Files\Realtek\Audio\IIS\RtkI2SAudioService64.exe [149720 2015-01-15] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2005392 2015-02-12] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc.)
R2 WavesSysSvc; C:\Program Files\Realtek\Audio\AP\WavesSysSvc64.exe [497664 2014-04-07] (Waves Audio Ltd.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 MBAMService; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" [X]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 asd2fsm; C:\Windows\System32\DRIVERS\asd2fsm.sys [51608 2014-11-24] (Anvisoft)
R1 Asdids; C:\Windows\system32\DRIVERS\asdids.sys [50584 2014-11-24] (Anvisoft)
R3 bbwfp; C:\Program Files (x86)\Anvisoft\Cloud System Booster\wfp\x64\BBWFP.sys [40720 2015-03-24] (Anvisoft)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2015-03-01] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-02] (Broadcom Corporation)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-27] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-23] (Dell Computer Corporation)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [41824 2014-09-19] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [38720 2014-09-19] (Intel Corporation)
R3 dptf_pch; C:\Windows\System32\drivers\dptf_pch.sys [38208 2014-09-19] (Intel Corporation)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-05-22] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-05-22] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [216360 2014-09-19] (Intel Corporation)
S3 facap; C:\Windows\system32\DRIVERS\facap.sys [37888 2012-09-03] (Windows (R) Win 7 DDK provider)
R3 HidEventFilter; C:\Windows\System32\drivers\HidEventFilter.sys [52240 2015-06-06] (Intel Corporation)
S3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [35832 2014-06-11] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2014-06-11] (Intel Corporation)
S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-11] (Intel Corporation)
S3 iaLPSS_UART2; C:\Windows\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-11] (Intel Corporation)
R3 IntcADSP; C:\Windows\system32\DRIVERS\IntcADSP.sys [725232 2015-01-07] (Intel(R) Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [79016 2014-08-26] (Intel Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-01] (Intel Corporation)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [45728 2016-03-15] (McAfee, Inc.)
R3 RTKI2SAC; C:\Windows\system32\DRIVERS\RTKI2SAC.sys [216280 2015-01-15] (Realtek Semiconductor Corp.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [827096 2015-02-06] (Realsil Semiconductor Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [X]
S3 MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [X]
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-26 11:41 - 2016-06-26 11:42 - 00029840 _____ C:\Users\ng\Downloads\FRST.txt
2016-06-26 11:35 - 2016-06-26 11:41 - 00000000 ____D C:\FRST
2016-06-26 11:34 - 2016-06-26 11:34 - 02387456 _____ (Farbar) C:\Users\ng\Downloads\FRST64.exe
2016-06-15 19:23 - 2016-05-10 05:35 - 07075328 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-06-15 19:23 - 2016-05-10 04:56 - 05270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-06-15 19:23 - 2016-05-10 04:45 - 07793152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-06-15 19:23 - 2016-05-10 04:23 - 05265920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-06-15 19:22 - 2016-05-19 07:15 - 01379040 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 19:22 - 2016-05-19 04:35 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-15 19:22 - 2016-05-15 04:01 - 00363104 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 19:22 - 2016-05-15 04:01 - 00320720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-15 19:22 - 2016-05-14 07:07 - 00281088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-15 19:22 - 2016-05-14 05:58 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 19:22 - 2016-05-14 05:45 - 00802816 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 19:22 - 2016-05-14 05:35 - 00286208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-15 19:22 - 2016-05-14 05:26 - 00631808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-26 11:32 - 2015-03-01 04:36 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-06-26 11:27 - 2015-11-26 09:43 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-26 11:27 - 2015-08-18 10:40 - 00508872 _____ C:\Windows\system32\perfh011.dat
2016-06-26 11:27 - 2015-08-18 10:40 - 00136620 _____ C:\Windows\system32\perfc011.dat
2016-06-26 11:27 - 2015-04-17 06:19 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-26 11:27 - 2015-03-20 17:43 - 00437980 _____ C:\Windows\system32\prfh0804.dat
2016-06-26 11:27 - 2015-03-20 17:43 - 00136486 _____ C:\Windows\system32\prfc0804.dat
2016-06-26 11:27 - 2015-03-20 16:42 - 00000000 ___DO C:\Users\ng\OneDrive
2016-06-26 11:27 - 2014-11-21 12:42 - 02072896 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-26 11:27 - 2013-08-22 23:20 - 00000000 ____D C:\Windows\CbsTemp
2016-06-26 11:27 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\Inf
2016-06-25 22:43 - 2015-04-06 17:23 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-06-25 22:43 - 2013-08-22 22:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-25 22:42 - 2016-02-27 13:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-25 22:42 - 2013-08-22 23:36 - 00000000 ___RD C:\Windows\ToastData
2016-06-25 22:42 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2016-06-25 22:42 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\en-GB
2016-06-25 21:52 - 2015-03-20 16:43 - 00003766 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2ED96396-F93E-45C2-A75C-9F1106C0B686}
2016-06-25 21:43 - 2013-08-22 22:44 - 00476056 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-23 21:34 - 2013-08-22 21:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-06-23 21:24 - 2015-03-27 09:03 - 00000000 ____D C:\Windows\system32\MRT
2016-06-23 21:16 - 2015-03-27 09:02 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-23 19:21 - 2015-09-19 23:42 - 00000000 ____D C:\Users\ng\Documents\Dep Fin Sec
2016-06-23 19:14 - 2015-03-20 16:46 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-467215432-3201027063-894571888-1001
2016-06-21 20:15 - 2015-03-20 16:41 - 00000000 ____D C:\Users\ng\AppData\Local\Packages
2016-06-18 15:23 - 2013-08-22 23:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-18 15:23 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\AppReadiness
2016-06-18 15:14 - 2015-03-01 04:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-06-18 15:14 - 2015-03-01 04:35 - 00000000 ____D C:\Program Files\Dell
2016-06-18 14:11 - 2015-04-17 06:19 - 00002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-18 14:11 - 2015-04-17 06:19 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-18 14:03 - 2015-04-11 20:23 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-06-18 14:03 - 2015-04-11 20:23 - 00000000 ___SD C:\Windows\system32\GWX
2016-06-16 04:40 - 2015-07-12 02:54 - 00484008 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-10 20:54 - 2016-05-21 22:25 - 00000000 ____D C:\SFCFix
2016-06-10 20:54 - 2016-05-19 07:02 - 00000000 ____D C:\Users\ng\AppData\Local\niemiro
2016-06-10 20:49 - 2014-11-21 13:15 - 00446976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiashext.dll
2016-05-30 09:37 - 2015-03-01 04:38 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-05-27 01:04 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\rescache

==================== Files in the root of some directories =======

2015-04-10 08:11 - 2015-04-10 08:11 - 0000000 _____ () C:\Users\ng\AppData\Local\{52659686-A409-4B55-8152-0483B1685CA6}

Files to move or delete:
====================
C:\Users\Public\GROUP.dat

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-06-10 20:31

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01
Ran by ng (2016-06-26 11:43:07)
Running from C:\Users\ng\Downloads
Windows 8.1 (Update) (X64) (2015-03-20 08:40:57)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-467215432-3201027063-894571888-500 - Administrator - Disabled)
Guest (S-1-5-21-467215432-3201027063-894571888-501 - Limited - Disabled)
ng (S-1-5-21-467215432-3201027063-894571888-1001 - Administrator - Enabled) => C:\Users\ng

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Amnesia™: Memories (HKLM-x32\...\Steam App 359390) (Version: - Idea Factory)
Anvi Browser Repair Tool (HKLM-x32\...\Anvi Browser Repair Tool) (Version: 2.0 - Anvisoft)
Anvi Smart Defender 2.4 (HKLM-x32\...\Anvi Smart Defender) (Version: 2.4 - Anvisoft)
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Cloud System Booster (HKLM-x32\...\Cloud System Booster) (Version: 3.6 - Anvisoft)
Cook, Serve, Delicious! (HKLM-x32\...\Steam App 247020) (Version: - Vertigo Gaming Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0156 - Disc Soft Ltd)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.1.70 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{C1C53DA1-9497-4ABB-A3D6-A63039820B37}) (Version: 3.3.7200.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{17FFE63C-6734-4950-B488-134B5A2505F7}) (Version: 2.04.0280 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{3ED468C2-2235-4747-90AD-A7A34F0FE70A}) (Version: 1.2.2.8 - Dell)
Dell System Detect (HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\58d94f3ce2c27db0) (Version: 7.4.0.3 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Deponia (HKLM-x32\...\Steam App 214340) (Version: - Daedalic Entertainment)
Detective Grimoire (HKLM-x32\...\Steam App 272600) (Version: - SFB Games)
Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.)
DYNAMIC CHORD feat.KYOHSO (HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\{8417CCA6-8224-44F6-B0B1-1518B850C4AE}) (Version: 1.00.0000 - ASGARD)
DYNAMIC CHORD feat.KYOHSO (x32 Version: 1.00.0000 - ASGARD) Hidden
DYNAMIC CHORD feat.Lair-S (HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\{45CF70C4-4DD8-44BA-9BD7-8D76C3A740B1}) (Version: 1.00.0000 - ASGARD)
DYNAMIC CHORD feat.Lair-S (x32 Version: 1.00.0000 - ASGARD) Hidden
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Free YouTube Download Classic (HKLM-x32\...\Free YouTube Download Classic_is1) (Version: 3.2.67.1029 - DVDVideoSoft Ltd.)
Free YouTube To MP3 Converter (HKLM-x32\...\Free YouTube To MP3 Converter_is1) (Version: 4.1.1.119 - DVDVideoSoft Ltd.)
FreeFixer (HKLM-x32\...\FreeFixer1.12) (Version: 1.12 - Kephyr)
Ghost Master (HKLM-x32\...\Steam App 6200) (Version: - Sick Puppies)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1017 - Intel Corporation)
Intel(R) Chipset Device Software (x32 Version: 10.0.22 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.0.10100.71 - Intel Corporation)
Intel(R) HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 1.0.0.243 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1060 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4013 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.0.1016 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.226.0 - Intel Corporation)
Intel® Wake on Voice (HKLM-x32\...\{A61059F4-F902-4417-8ED2-20A29972EC40}) (Version: 1.0.6 - Intel Corporation)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.309.1 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.189 - McAfee, Inc.)
Memoria (HKLM-x32\...\Steam App 243200) (Version: - Daedalic Entertainment)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4815.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Monkey Island 2: Special Edition (HKLM-x32\...\Steam App 32460) (Version: - LucasArts)
Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
Nitro Reader 3 (HKLM\...\{9EA981E5-EE67-4662-86F1-58937D31FE07}) (Version: 3.5.6.5 - Nitro)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
Photograph Journey~·&~ (x32 Version: 1.00.0000 - ASGARD) Hidden
Photograph Journey~·&~ (x32 Version: 1.00.0000 - ASGARD) Hidden
Photograph Journey～恋する旅行・新潟編＆北海道編～ (HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\{087ADE04-5C77-4933-9743-4196DADF7AE2}) (Version: 1.00.0000 - ASGARD)
Photograph Journey～恋する旅行・静岡編＆長崎編～ (HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\{F552E9E7-E91C-40E3-86B3-D8A6AEF20958}) (Version: 1.00.0000 - ASGARD)
Photograph Journey～恋する旅行・香川編＆宮崎編～ (HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\{BC24F1E8-A381-4A79-99A0-6CA64103D84E}) (Version: 1.00.0000 - ASGARD)
Re:BIRTHDAY SONG~~ (x32 Version: 1.00.0000 - ASGARD) Hidden
Re：BIRTHDAY SONG～恋を唄う死神～ (HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\{3360B249-0D9E-4ECA-8C7A-C2784F4E963F}) (Version: 1.00.0000 - ASGARD)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21268 - Realtek Semiconductor Corp.)
Realtek I2S Audio (HKLM-x32\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.3.9600.118 - Realtek Semiconductor Corp.)
Realtek USB Audio (HKLM-x32\...\{0A46A65D-89AC-464C-8026-3CD44960BD04}) (Version: 6.3.9600.41 - Realtek Semiconductor Corp.)
Realtek USB Gigabit Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 8.17.812.2014 - Realtek)
Seduce Me the Otome (HKLM-x32\...\Steam App 367120) (Version: - Michaela Laws)
Serena (HKLM-x32\...\Steam App 272060) (Version: - Senscape)
Skype™ 7.23 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.23.105 - Skype Technologies S.A.)
Splashtop Personal (HKLM-x32\...\{E7CF0F14-8C1D-41F3-85ED-579C108262C7}) (Version: 2.6.2.2 - Splashtop Inc.)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.6.5.3 - Splashtop Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Night of the Rabbit (HKLM-x32\...\Steam App 230820) (Version: - Daedalic Entertainment)
The Secret of Monkey Island: Special Edition (HKLM-x32\...\Steam App 32360) (Version: - LucasArts)
the static speaks my name (HKLM-x32\...\Steam App 387860) (Version: - Jesse Barksdale)
Un:BIRTHDAY SONG~~ (x32 Version: 1.00.0000 - ASGARD) Hidden
Un：BIRTHDAY SONG～愛を唄う死神～ (HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\{102B2E71-E44B-48CF-AB34-75185CE45101}) (Version: 1.00.0000 - ASGARD)
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{15015752-9990-4516-A2B1-93823281FB8E}) (Version: 15.0.1759 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{E75B82FD-B6FD-4653-8685-F3A97BDFEA6E}) (Version: 15.0.2013 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{01E87699-A49D-413A-B75B-7C434FEF979C}) (Version: 15.0.2013 - Microsoft Corporation)
Who Is Mike (HKLM-x32\...\Steam App 377430) (Version: - Fervent)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9850 - Broadcom Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
μTorrent (HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
オルフレール (HKLM-x32\...\{8997BF23-1DCD-485C-A637-273BD8E94C94}) (Version: - )
初彼エッチ (HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\{1536FC9B-773F-4E66-AA0D-0F16F81F831A}) (Version: - ステラワース)
剣が君 (HKLM-x32\...\{D2DA9CDE-1359-4CA3-BA1C-58EEC85B051C}) (Version: 1.00.0000 - Rejet)
大正×対称アリス episode1 (HKLM-x32\...\{2757CB74-0BE2-4351-AEAD-51B50E48BB17}) (Version: - Primula)
大正×対称アリス episode2 (HKLM-x32\...\{820E8EE1-BBC1-4e5f-A1F4-D017E3F2EB12}) (Version: - Primula)
大正×対称アリス episode3 (HKLM-x32\...\{17A7FC80-921F-45eb-9D5A-66A3DCD3F45E}) (Version: - Primula)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {024070FA-3BEB-4312-BE68-E3A026A02786} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-17] (Google Inc.)
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {1E774467-9AE8-4889-B618-E45A1C235B8A} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-02] (Aviata Inc)
Task: {1F1C6DE4-9864-4C89-9A12-09CA175D69AE} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-04-22] (Dell Inc.)
Task: {2143E8A2-B474-488B-8699-0A9DF727DA98} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {385DCBBC-CF76-42E1-AC3A-141B902506C4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {4198DE5C-DC0A-420B-B4FB-A45B7EE283F4} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe <==== ATTENTION
Task: {52406AB9-1EFC-4154-B9AA-47B959D037CE} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {60F7E9C1-A97F-4351-B1D7-2581B03799FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-17] (Google Inc.)
Task: {64A9A9EC-4503-478A-9A9B-861661C97C8C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {673C14D8-3A20-43C8-8DBF-CF6F436B4F01} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-15] (Adobe Systems Incorporated)
Task: {6A1BE11E-427C-4028-859B-92EEDA781A7C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {6F0C2A62-FD7F-4BE1-9644-4DC97758DD4A} - System32\Tasks\ASD_Main => C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD2.exe [2014-11-24] (Anvisoft)
Task: {7E6B00FA-FEC0-4A01-8A7C-309D4F80C8F2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {82FE968D-6350-49E6-985C-A66572380491} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-05-14] (Piriform Ltd)
Task: {87C81608-D1E8-40E5-AC77-7E4D0FEABBF4} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-03-25] (PC-Doctor, Inc.)
Task: {93D4AC86-005F-45C1-A637-09E3D335258E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-06-23] (Microsoft Corporation)
Task: {972C7887-763A-47A9-8256-320BE2D0A442} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {D2BCC86B-87D2-44ED-89DF-8B4730A4FC3E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-15] (Microsoft Corporation)
Task: {D3562732-C1C2-4A38-B44E-7EF97868B479} - System32\Tasks\{FC7CD053-1AB4-422C-806F-4351F4C8E5B6} => pcalua.exe -a H:\PSetup.exe -d H:\
Task: {E93AAAB7-CD64-44C2-BC90-8C58051AA9F6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {F5221ACB-0F51-470E-BD02-028A3AD66852} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-02] (Aviata Inc)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\ng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk
ShortcutWithArgument: C:\Users\ng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\The Economist.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=gebjgjhbjedcomcajgpodjgfjgkepgpl
ShortcutWithArgument: C:\Users\ng\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"

==================== Loaded Modules (Whitelisted) ==============

2014-07-16 09:11 - 2014-07-16 09:11 - 00049408 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2015-03-20 19:26 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-10-28 08:50 - 2015-09-02 00:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-03-01 04:17 - 2014-11-24 14:24 - 00456808 _____ () C:\Windows\system32\igfxTray.exe
2014-11-18 15:15 - 2014-11-18 15:15 - 00493568 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\http_hook.dll
2014-04-30 10:04 - 2014-04-30 10:04 - 00088080 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\libglog.dll
2014-11-20 16:17 - 2014-11-20 16:17 - 01026560 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD2Engine.dll
2014-11-18 15:14 - 2014-11-18 15:14 - 00032768 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\fsmlib.dll
2014-04-30 09:27 - 2014-04-30 09:27 - 00649744 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\sqlite3.dll
2014-04-30 10:04 - 2014-04-30 10:04 - 00038928 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\fuzzy.dll
2014-04-30 10:04 - 2014-04-30 10:04 - 00093712 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\zlibwapi.dll
2014-11-18 15:15 - 2014-11-18 15:15 - 00125952 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ExtractImpl.dll
2014-11-18 15:15 - 2014-11-18 15:15 - 00021504 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\UnpackImpl.dll
2014-11-18 15:14 - 2014-11-18 15:14 - 00252928 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\pyunpacker.dll
2015-04-01 22:08 - 2016-01-19 04:02 - 00110952 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2015-04-01 22:08 - 2016-01-19 04:02 - 00253800 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\collector.dll
2015-04-01 22:08 - 2016-01-19 04:02 - 00295272 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\stat.dll
2015-04-01 22:08 - 2016-01-19 04:02 - 00104296 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2015-04-01 22:08 - 2016-01-19 04:02 - 00020328 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2015-04-01 22:08 - 2016-01-19 04:02 - 00044392 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2014-09-23 17:07 - 2014-09-23 17:07 - 00030720 _____ () C:\Program Files (x86)\Intel\Intel(R) Wake on Voice Setup\IntcWovLogDll.dll
2014-09-24 11:07 - 2014-09-24 11:07 - 00181248 _____ () C:\Program Files (x86)\Intel\Intel(R) Wake on Voice Setup\IntcWoVDriverDll.dll
2014-09-23 17:08 - 2014-09-23 17:08 - 00047616 _____ () C:\Program Files (x86)\Intel\Intel(R) Wake on Voice Setup\IntcWoVRegistryDll.dll
2014-09-24 11:07 - 2014-09-24 11:07 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) Wake on Voice Setup\IntcWoVAudioDeviceDll.dll
2015-03-16 11:28 - 2015-03-16 11:28 - 00155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2014-10-01 05:56 - 2014-10-01 05:56 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-11-20 16:17 - 2014-11-20 16:17 - 00300032 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\UserProfile.dll
2014-11-20 16:18 - 2014-11-20 16:18 - 00773632 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\CoreScan.dll
2014-11-18 15:15 - 2014-11-18 15:15 - 00117760 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\FileSearcher.dll
2015-10-28 08:50 - 2015-09-01 20:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-11-26 09:48 - 2016-04-30 04:10 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-11-26 09:47 - 2015-07-04 00:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-11-26 09:48 - 2016-06-15 08:47 - 02387024 _____ () C:\Program Files (x86)\Steam\video.dll
2015-11-26 09:47 - 2015-07-04 00:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-11-26 09:47 - 2015-07-04 00:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-11-26 09:47 - 2016-02-09 07:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-11-26 09:47 - 2016-02-09 07:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-11-26 09:47 - 2016-02-09 07:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-11-26 09:47 - 2016-02-09 07:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-11-26 09:47 - 2016-02-09 07:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-11-26 09:47 - 2016-06-15 08:47 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 12:03 - 2016-02-18 06:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2015-04-27 17:12 - 2015-04-27 17:12 - 00018704 _____ () C:\Program Files (x86)\Anvisoft\Cloud System Booster\Public.dll
2015-04-27 17:12 - 2015-04-27 17:12 - 00156432 _____ () C:\Program Files (x86)\Anvisoft\Cloud System Booster\ui.dll
2015-04-27 17:12 - 2015-04-27 17:12 - 00090896 _____ () C:\Program Files (x86)\Anvisoft\Cloud System Booster\libglognc.dll
2015-04-27 17:12 - 2015-04-27 17:12 - 00559888 _____ () C:\Program Files (x86)\Anvisoft\Cloud System Booster\extentions\RBtnCleaner.dll
2015-04-27 17:12 - 2015-04-27 17:12 - 00209168 _____ () C:\Program Files (x86)\Anvisoft\Cloud System Booster\RbtnCleanerCore.dll
2015-11-26 09:47 - 2016-06-15 03:14 - 49826080 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-06-18 14:10 - 2016-06-15 17:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-18 14:10 - 2016-06-15 17:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
2015-03-01 04:37 - 2015-04-06 16:10 - 01905904 ____N () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2015-03-01 04:37 - 2012-11-26 15:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2015-04-06 16:10 - 2015-04-06 16:10 - 00117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SplashtopRemoteService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\dell.com -> dell.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 21:25 - 2016-05-15 23:16 - 00000836 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-467215432-3201027063-894571888-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ng\Pictures\Wallpaper worthy + random pics\Kyoukai-no-Kanata-image-kyoukai-no-kanata-36228551-1920-1080.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKLM\...\StartupApproved\Run32: => "DropboxOEM"
HKLM\...\StartupApproved\Run32: => "mcpltui_exe"
HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{096F431C-A2E3-4C55-B0C0-C01931AFD437}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{C820CDE7-6A31-4FD8-A0E8-1639834A8D77}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{08E5A6B8-ACEC-4171-BC20-FC5B3826D9B3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8F6722DB-71CF-4FC3-BA75-EE2767BBD721}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EA52F8FF-DE1E-412B-B197-61B84B1892C5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{34E0AB3C-7574-46C3-AF37-F90042021412}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Who Is Mike\WhoisMike.exe
FirewallRules: [{B7EDD941-8E42-4150-AC98-76BAAC2E20F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Who Is Mike\WhoisMike.exe
FirewallRules: [{34D6E2F1-9BC2-40AE-BC4E-1C0B246928AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Seduce Me the Otome\Seduce Me Official.exe
FirewallRules: [{2B170AC9-5720-4A1C-A01D-B6879F386BAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Seduce Me the Otome\Seduce Me Official.exe
FirewallRules: [{1D85C6B2-67CB-499E-BABE-BDB2DABBE9D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia\amnesia.exe
FirewallRules: [{B2E94C6C-CBAE-4D8E-BF1F-3EBBD01AD730}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia\amnesia.exe
FirewallRules: [{398ED262-5CB6-48A1-8FF8-B946C681B154}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Detective Grimoire\Detective Grimoire.exe
FirewallRules: [{0AEC0683-15FA-467B-AF9B-A1DA3DF9458B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Detective Grimoire\Detective Grimoire.exe
FirewallRules: [{5F4A9127-3B51-42F9-8D35-CE633CD6AE76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CookServeDelicious\CSDSteamBuild.exe
FirewallRules: [{5044BAB0-C166-4B90-A222-4E02FB89008D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CookServeDelicious\CSDSteamBuild.exe
FirewallRules: [{A02A2CEB-E1FB-43DE-9769-187D251F093D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ghost Master\ghost.exe
FirewallRules: [{B8D6CFE4-7D11-4E78-A2B5-159261CE88FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ghost Master\ghost.exe
FirewallRules: [{F0F02167-4807-4B97-891F-689536C9DE6A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the static speaks my name\thestatic_win.exe
FirewallRules: [{20C6D512-D85D-4DDF-85BA-27E9504BE92D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the static speaks my name\thestatic_win.exe
FirewallRules: [{824267F5-1280-4E53-A6E4-2FEACDC97826}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serena\Dagon64.exe
FirewallRules: [{19BC2C1C-2747-4F48-8FFB-F74CF9D9EF20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serena\Dagon64.exe
FirewallRules: [{4D3A1DC9-7107-41AD-BA66-7EE51BE04FE8}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{8CF739CF-3B77-462C-A067-A13BD5308BA1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{80121B4B-875D-45C4-8054-23189C0AE452}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{9F387183-BAD3-4FA8-8F72-6A7C863ACC77}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{2758B45A-3115-4D78-AA2E-2AA018292FA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Night of the Rabbit\rabbit.exe
FirewallRules: [{A0551E61-0D07-4D48-8D68-DA9E109CF8EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Night of the Rabbit\rabbit.exe
FirewallRules: [{B194E202-637E-481A-9A68-6B2E030040D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Night of the Rabbit\VisionaireConfigurationTool.exe
FirewallRules: [{F818C7E8-73F4-48EE-9A6C-8624D3FAF394}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Night of the Rabbit\VisionaireConfigurationTool.exe
FirewallRules: [{9DE2BF75-C9A3-42E1-BE96-84CE437C046F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Monkey2\Monkey2.exe
FirewallRules: [{A11F9262-DCFD-4BF2-81FB-3100A2DD63E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Monkey2\Monkey2.exe
FirewallRules: [{90EC493F-31ED-4CF8-99D0-DA3A5567DEE5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Memoria\memoria.exe
FirewallRules: [{9CF27871-3417-4580-948A-13F8AE0240AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Memoria\memoria.exe
FirewallRules: [{FF7E99D6-C6EE-4C90-9311-85175086894E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Memoria\VisionaireConfigurationTool.exe
FirewallRules: [{7E662D24-6ADB-4D91-BD18-CB5A0F1489BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Memoria\VisionaireConfigurationTool.exe
FirewallRules: [{DE52E3E9-C724-4B24-A33B-5D65483DD237}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deponia\deponia.exe
FirewallRules: [{1A1CA52F-422D-426E-93D9-6091DDDCE655}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deponia\deponia.exe
FirewallRules: [{D2D0C175-79DD-4949-AC6C-9D9E3B5E6975}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deponia\VisionaireConfigurationTool.exe
FirewallRules: [{059BE91C-24EF-4784-AFF3-5AF14F6D999E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deponia\VisionaireConfigurationTool.exe
FirewallRules: [{4A9162E1-528A-4DE6-AB82-4ED76EDB218C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Secret of Monkey Island Special Edition\MISE.exe
FirewallRules: [{A5C4C1A8-4CB8-4374-AF1B-D5BDACE49601}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Secret of Monkey Island Special Edition\MISE.exe
FirewallRules: [{05C1D406-FD8A-4741-A383-42740B86E20C}] => (Allow) C:\Users\ng\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B70A55A3-81E4-4EFE-946E-0522892EE5AD}] => (Allow) C:\Users\ng\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2DFCF8AD-F849-4F3E-91F3-DB65AAAD3357}] => (Allow) C:\Users\ng\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A68A7C46-B1F7-4DFB-8C02-964123235773}] => (Allow) C:\Users\ng\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{06714127-F2C4-43B0-8A49-D320AEE6593E}] => (Allow) C:\Users\ng\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8AC8EF24-64D6-4135-8542-AC6A35C2B542}] => (Allow) C:\Users\ng\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6337F72C-5F09-4A58-AA7D-00426DFF481C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{88111569-2300-4D46-8780-A57FD46EAC96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{3C990F6A-4421-49B5-A24B-B519F8052411}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E9969750-C7CF-4F4C-A619-3C87341445C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{2FBA64B4-C767-45B4-B14F-BF59130873BE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{CF28BC9D-DB52-47CB-A41C-E22F4DFD5816}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{E72F300F-9661-4E32-A7AA-CFBC6FD178FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{80F24A23-ADD5-47D8-80B7-88878A00723F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{17503E36-64FD-4C73-BC48-47CAFB73535C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3C7FF9B9-E36D-454A-BCE1-FB5A342396A5}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
FirewallRules: [{B80582FA-70FC-4543-9679-08CE2519710E}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
FirewallRules: [{1FE0A0BE-634F-4018-9DED-9FC76A826362}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe

==================== Restore Points =========================

24-05-2016 23:26:51 Windows Update
18-06-2016 13:58:15 Windows Update
23-06-2016 21:16:31 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Could not start eventlog service, could not read events.

The Windows Event Log service is starting.
The Windows Event Log service could not be started.

A system error has occurred.

System error 5 has occurred.

Access is denied.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 39%
Total physical RAM: 8096.7 MB
Available physical RAM: 4905.95 MB
Total Virtual: 11040.7 MB
Available Virtual: 6919.1 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:229.86 GB) (Free:32.84 GB) NTFS
Drive w: (PBR Image) (Fixed) (Total:6.78 GB) (Free:0.75 GB) NTFS
Drive x: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 38F54131)

Partition: GPT.

==================== End of Addition.txt ============================

Leyx3 · Jun 25, 2016

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2016 01
Ran by ng (administrator) on SHIRLEY (26-06-2016 11:41:54)
Running from C:\Users\ng\Downloads
Loaded Profiles: ng (Available Profiles: ng)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\AP\WavesSysSvc64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD2Srv.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel) C:\Program Files (x86)\Intel\Intel(R) Wake on Voice Setup\Intel(R)WakeonVoiceService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\IIS\RtkI2SAudioService64.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\IIS\RtI2SBgProc64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD2.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGui64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtI2SBgProc64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\AP\WavesSvc64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320360 2014-06-26] (Intel Corporation)
HKLM\...\Run: [RtkNGui] => C:\Program Files\Realtek\Audio\AP\RtkNGui64.exe [8651480 2014-12-19] (Realtek Semiconductor)
HKLM\...\Run: [RtI2SBgProc] => C:\Program Files\Realtek\Audio\AP\RtI2SBgProc64.exe [2707672 2014-12-17] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\AP\WavesSvc64.exe [562264 2014-04-11] (Waves Audio Ltd.)
HKLM\...\Run: [CxAgent] => C:\Program Files\Realtek\Audio\AP\CXAPOAgent64.exe [742592 2014-09-19] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [DropboxOEM] => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [462160 2014-09-03] ()
HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8721624 2016-05-14] (Piriform Ltd)
HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2917456 2016-06-15] (Valve Corporation)
HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\Run: [CloudSystemBooster] => C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe [577296 2015-04-27] (Anvisoft)
HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4289728 2016-04-12] (Disc Soft Ltd)
HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\Policies\Explorer: [NoInternetIcon] 0
HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\MountPoints2: {54105b60-8ebf-11e5-82a2-c01cf121be12} - "H:\Setup.exe"
HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\MountPoints2: {c8928b52-76d2-11e5-8295-83db8a8d2222} - "D:\EMP_UDSe.exe" /autorun
HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\MountPoints2: {fbde5521-ee21-11e4-826f-a52b3b4cb9e5} - "E:\PSETUP.exe"
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2015-04-06] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-31] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2015-04-06] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-31] (Softthinks SAS)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-03-01]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{437E9B53-B987-4E12-8B06-28BDC2B94B3A}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-467215432-3201027063-894571888-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-467215432-3201027063-894571888-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Blank
HKU\S-1-5-21-467215432-3201027063-894571888-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-467215432-3201027063-894571888-1001 -> DefaultScope {ABE64800-E89B-4CB9-8D2D-97A44AD46364} URL =
SearchScopes: HKU\S-1-5-21-467215432-3201027063-894571888-1001 -> {ABE64800-E89B-4CB9-8D2D-97A44AD46364} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-19] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-19] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-04-20] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-04-20] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-03-23] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-04-20] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-04-20] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\ng\AppData\Roaming\Mozilla\Firefox\Profiles\v8btd1k1.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-15] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-01] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-23] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-467215432-3201027063-894571888-1001: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll [2014-04-30] (Anvisoft)
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-05-30]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi

Chrome:
=======
CHR HomePage: Profile 2 -> hxxps://www.google.com.sg/
CHR StartupUrls: Profile 2 -> "hxxps://www.google.com.sg/","hxxp://mysearch.avg.com?cid={47B64362-53B2-4DE5-A583-8D164F7FDA99}&mid=88f64aaca83f47d28c8cf123ccd582de-8dd5d6bc2b0ea6746e1516270818b07c69363ebc&lang=en&ds=gm011&coid=avgtbdisgm&cmpid=&pr=sa&d=2014-01-06 00:14:20&v=17.2.0.38&pid=safeguard&sg=&sap=hp","hxxp://mysearch.avg.com?cid={47B64362-53B2-4DE5-A583-8D164F7FDA99}&mid=88f64aaca83f47d28c8cf123ccd582de-8dd5d6bc2b0ea6746e1516270818b07c69363ebc&lang=en&ds=gm011&coid=avgtbdisgm&cmpid=&pr=sa&d=2014-02-08 09:47:29&v=17.3.1.204&pid=safeguard&sg=&sap=hp","hxxp://www.google.com","www.google.com"
CHR Session Restore: Profile 2 -> is enabled.
CHR Profile: C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-06]
CHR Extension: (Docs) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-06]
CHR Extension: (Google Drive) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-06]
CHR Extension: (YouTube) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-06]
CHR Extension: (Google Search) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-06]
CHR Extension: (Google Sheets) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-06]
CHR Extension: (SiteAdvisor) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-04-06]
CHR Extension: (Gmail) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-06]
CHR Profile: C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Extension: (Read it later!) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aaocbkeamabaniccpnbapflopmcnpjbg [2015-04-17]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-04-17]
CHR Extension: (Google Docs) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-17]
CHR Extension: (Google Drive) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Read Later Fast) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\decdfngdidijkdjgbknlnepdljfaepji [2015-05-14]
CHR Extension: (The Economist) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gebjgjhbjedcomcajgpodjgfjgkepgpl [2015-04-17]
CHR Extension: (Chrome Web Store Launcher (by Google)) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gecgipfabdickgidpmbicneamekgbaej [2015-04-17]
CHR Extension: (Google Docs Offline) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (AdBlock) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-12]
CHR Extension: (Avast Online Security) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-05-22]
CHR Extension: (Kuroko no Basket Theme) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hcidcgpjleidbpkamembdjflkdlfggok [2015-10-23]
CHR Extension: (Dropbox) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-07-10]
CHR Extension: (Clearly) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2015-07-10]
CHR Extension: (rikaikun) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\jipdnfibhldikgcjhfnomkfpcebammhp [2016-04-24]
CHR Extension: (Google Play) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-04-17]
CHR Extension: (Evernote Web) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-04-17]
CHR Extension: (Pocket) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2015-07-10]
CHR Extension: (Save to Pocket) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-06-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Click&Clean App) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2016-06-12]
CHR Extension: (Outlook.com) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2015-04-17]
CHR Extension: (Evernote Web Clipper) - C:\Users\ng\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2016-05-13]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-29]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-29]
CHR HKLM-x32\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx [2014-04-30]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AnviCsbSvc; C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe [42768 2015-04-27] (Anvisoft)
R2 ASD2Svc; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD2Srv.exe [1187840 2014-11-24] (Anvisoft) [File not signed]
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-03-01] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2829552 2016-03-08] (Microsoft Corporation)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [153960 2016-04-29] (Dell)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-11] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-11] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-02] (Aviata, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2016-01-19] (Digital Wave Ltd.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1443520 2016-04-12] (Disc Soft Ltd)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1037568 2014-09-19] (Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-06-26] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-11-24] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-14] (Intel(R) Corporation)
R2 Intel(R) Wake on Voice Setup; C:\Program Files (x86)\Intel\Intel(R) Wake on Voice Setup\Intel(R)WakeonVoiceService.exe [17920 2014-09-24] (Intel) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-10-01] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-04-20] (McAfee, Inc.)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
R2 RtkI2SCodec; C:\Program Files\Realtek\Audio\IIS\RtkI2SAudioService64.exe [149720 2015-01-15] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2005392 2015-02-12] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc.)
R2 WavesSysSvc; C:\Program Files\Realtek\Audio\AP\WavesSysSvc64.exe [497664 2014-04-07] (Waves Audio Ltd.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 MBAMService; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" [X]
S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 asd2fsm; C:\Windows\System32\DRIVERS\asd2fsm.sys [51608 2014-11-24] (Anvisoft)
R1 Asdids; C:\Windows\system32\DRIVERS\asdids.sys [50584 2014-11-24] (Anvisoft)
R3 bbwfp; C:\Program Files (x86)\Anvisoft\Cloud System Booster\wfp\x64\BBWFP.sys [40720 2015-03-24] (Anvisoft)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2015-03-01] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-02] (Broadcom Corporation)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-27] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-23] (Dell Computer Corporation)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [41824 2014-09-19] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [38720 2014-09-19] (Intel Corporation)
R3 dptf_pch; C:\Windows\System32\drivers\dptf_pch.sys [38208 2014-09-19] (Intel Corporation)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-05-22] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-05-22] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [216360 2014-09-19] (Intel Corporation)
S3 facap; C:\Windows\system32\DRIVERS\facap.sys [37888 2012-09-03] (Windows (R) Win 7 DDK provider)
R3 HidEventFilter; C:\Windows\System32\drivers\HidEventFilter.sys [52240 2015-06-06] (Intel Corporation)
S3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [35832 2014-06-11] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2014-06-11] (Intel Corporation)
S3 iaLPSS_SPI; C:\Windows\System32\drivers\iaLPSS_SPI.sys [100856 2014-06-11] (Intel Corporation)
S3 iaLPSS_UART2; C:\Windows\System32\drivers\iaLPSS_UART2.sys [143864 2014-06-11] (Intel Corporation)
R3 IntcADSP; C:\Windows\system32\DRIVERS\IntcADSP.sys [725232 2015-01-07] (Intel(R) Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [79016 2014-08-26] (Intel Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-01] (Intel Corporation)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [45728 2016-03-15] (McAfee, Inc.)
R3 RTKI2SAC; C:\Windows\system32\DRIVERS\RTKI2SAC.sys [216280 2015-01-15] (Realtek Semiconductor Corp.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [827096 2015-02-06] (Realsil Semiconductor Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [X]
S3 MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [X]
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-26 11:41 - 2016-06-26 11:42 - 00029840 _____ C:\Users\ng\Downloads\FRST.txt
2016-06-26 11:35 - 2016-06-26 11:41 - 00000000 ____D C:\FRST
2016-06-26 11:34 - 2016-06-26 11:34 - 02387456 _____ (Farbar) C:\Users\ng\Downloads\FRST64.exe
2016-06-15 19:23 - 2016-05-10 05:35 - 07075328 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-06-15 19:23 - 2016-05-10 04:56 - 05270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-06-15 19:23 - 2016-05-10 04:45 - 07793152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-06-15 19:23 - 2016-05-10 04:23 - 05265920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-06-15 19:22 - 2016-05-19 07:15 - 01379040 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 19:22 - 2016-05-19 04:35 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-15 19:22 - 2016-05-15 04:01 - 00363104 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 19:22 - 2016-05-15 04:01 - 00320720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-15 19:22 - 2016-05-14 07:07 - 00281088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-15 19:22 - 2016-05-14 05:58 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 19:22 - 2016-05-14 05:45 - 00802816 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 19:22 - 2016-05-14 05:35 - 00286208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-15 19:22 - 2016-05-14 05:26 - 00631808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-26 11:32 - 2015-03-01 04:36 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-06-26 11:27 - 2015-11-26 09:43 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-26 11:27 - 2015-08-18 10:40 - 00508872 _____ C:\Windows\system32\perfh011.dat
2016-06-26 11:27 - 2015-08-18 10:40 - 00136620 _____ C:\Windows\system32\perfc011.dat
2016-06-26 11:27 - 2015-04-17 06:19 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-26 11:27 - 2015-03-20 17:43 - 00437980 _____ C:\Windows\system32\prfh0804.dat
2016-06-26 11:27 - 2015-03-20 17:43 - 00136486 _____ C:\Windows\system32\prfc0804.dat
2016-06-26 11:27 - 2015-03-20 16:42 - 00000000 ___DO C:\Users\ng\OneDrive
2016-06-26 11:27 - 2014-11-21 12:42 - 02072896 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-26 11:27 - 2013-08-22 23:20 - 00000000 ____D C:\Windows\CbsTemp
2016-06-26 11:27 - 2013-08-22 21:36 - 00000000 ____D C:\Windows\Inf
2016-06-25 22:43 - 2015-04-06 17:23 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-06-25 22:43 - 2013-08-22 22:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-25 22:42 - 2016-02-27 13:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-25 22:42 - 2013-08-22 23:36 - 00000000 ___RD C:\Windows\ToastData
2016-06-25 22:42 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2016-06-25 22:42 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\system32\en-GB
2016-06-25 21:52 - 2015-03-20 16:43 - 00003766 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2ED96396-F93E-45C2-A75C-9F1106C0B686}
2016-06-25 21:43 - 2013-08-22 22:44 - 00476056 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-23 21:34 - 2013-08-22 21:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-06-23 21:24 - 2015-03-27 09:03 - 00000000 ____D C:\Windows\system32\MRT
2016-06-23 21:16 - 2015-03-27 09:02 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-23 19:21 - 2015-09-19 23:42 - 00000000 ____D C:\Users\ng\Documents\Dep Fin Sec
2016-06-23 19:14 - 2015-03-20 16:46 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-467215432-3201027063-894571888-1001
2016-06-21 20:15 - 2015-03-20 16:41 - 00000000 ____D C:\Users\ng\AppData\Local\Packages
2016-06-18 15:23 - 2013-08-22 23:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-18 15:23 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\AppReadiness
2016-06-18 15:14 - 2015-03-01 04:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-06-18 15:14 - 2015-03-01 04:35 - 00000000 ____D C:\Program Files\Dell
2016-06-18 14:11 - 2015-04-17 06:19 - 00002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-18 14:11 - 2015-04-17 06:19 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-18 14:03 - 2015-04-11 20:23 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-06-18 14:03 - 2015-04-11 20:23 - 00000000 ___SD C:\Windows\system32\GWX
2016-06-16 04:40 - 2015-07-12 02:54 - 00484008 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-10 20:54 - 2016-05-21 22:25 - 00000000 ____D C:\SFCFix
2016-06-10 20:54 - 2016-05-19 07:02 - 00000000 ____D C:\Users\ng\AppData\Local\niemiro
2016-06-10 20:49 - 2014-11-21 13:15 - 00446976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wiashext.dll
2016-05-30 09:37 - 2015-03-01 04:38 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-05-27 01:04 - 2013-08-22 23:36 - 00000000 ____D C:\Windows\rescache

==================== Files in the root of some directories =======

2015-04-10 08:11 - 2015-04-10 08:11 - 0000000 _____ () C:\Users\ng\AppData\Local\{52659686-A409-4B55-8152-0483B1685CA6}

Files to move or delete:
====================
C:\Users\Public\GROUP.dat

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-06-10 20:31

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01
Ran by ng (2016-06-26 11:43:07)
Running from C:\Users\ng\Downloads
Windows 8.1 (Update) (X64) (2015-03-20 08:40:57)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-467215432-3201027063-894571888-500 - Administrator - Disabled)
Guest (S-1-5-21-467215432-3201027063-894571888-501 - Limited - Disabled)
ng (S-1-5-21-467215432-3201027063-894571888-1001 - Administrator - Enabled) => C:\Users\ng

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Amnesia™: Memories (HKLM-x32\...\Steam App 359390) (Version: - Idea Factory)
Anvi Browser Repair Tool (HKLM-x32\...\Anvi Browser Repair Tool) (Version: 2.0 - Anvisoft)
Anvi Smart Defender 2.4 (HKLM-x32\...\Anvi Smart Defender) (Version: 2.4 - Anvisoft)
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Cloud System Booster (HKLM-x32\...\Cloud System Booster) (Version: 3.6 - Anvisoft)
Cook, Serve, Delicious! (HKLM-x32\...\Steam App 247020) (Version: - Vertigo Gaming Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0156 - Disc Soft Ltd)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.1.70 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{C1C53DA1-9497-4ABB-A3D6-A63039820B37}) (Version: 3.3.7200.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{17FFE63C-6734-4950-B488-134B5A2505F7}) (Version: 2.04.0280 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{3ED468C2-2235-4747-90AD-A7A34F0FE70A}) (Version: 1.2.2.8 - Dell)
Dell System Detect (HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\58d94f3ce2c27db0) (Version: 7.4.0.3 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Deponia (HKLM-x32\...\Steam App 214340) (Version: - Daedalic Entertainment)
Detective Grimoire (HKLM-x32\...\Steam App 272600) (Version: - SFB Games)
Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 0.9.0 - Dropbox, Inc.)
DYNAMIC CHORD feat.KYOHSO (HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\{8417CCA6-8224-44F6-B0B1-1518B850C4AE}) (Version: 1.00.0000 - ASGARD)
DYNAMIC CHORD feat.KYOHSO (x32 Version: 1.00.0000 - ASGARD) Hidden
DYNAMIC CHORD feat.Lair-S (HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\{45CF70C4-4DD8-44BA-9BD7-8D76C3A740B1}) (Version: 1.00.0000 - ASGARD)
DYNAMIC CHORD feat.Lair-S (x32 Version: 1.00.0000 - ASGARD) Hidden
Extended Asian Language font pack for Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Free YouTube Download Classic (HKLM-x32\...\Free YouTube Download Classic_is1) (Version: 3.2.67.1029 - DVDVideoSoft Ltd.)
Free YouTube To MP3 Converter (HKLM-x32\...\Free YouTube To MP3 Converter_is1) (Version: 4.1.1.119 - DVDVideoSoft Ltd.)
FreeFixer (HKLM-x32\...\FreeFixer1.12) (Version: 1.12 - Kephyr)
Ghost Master (HKLM-x32\...\Steam App 6200) (Version: - Sick Puppies)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1017 - Intel Corporation)
Intel(R) Chipset Device Software (x32 Version: 10.0.22 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.0.10100.71 - Intel Corporation)
Intel(R) HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 1.0.0.243 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1060 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4013 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.0.1016 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.226.0 - Intel Corporation)
Intel® Wake on Voice (HKLM-x32\...\{A61059F4-F902-4417-8ED2-20A29972EC40}) (Version: 1.0.6 - Intel Corporation)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.309.1 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.189 - McAfee, Inc.)
Memoria (HKLM-x32\...\Steam App 243200) (Version: - Daedalic Entertainment)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4815.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Monkey Island 2: Special Edition (HKLM-x32\...\Steam App 32460) (Version: - LucasArts)
Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
Nitro Reader 3 (HKLM\...\{9EA981E5-EE67-4662-86F1-58937D31FE07}) (Version: 3.5.6.5 - Nitro)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
Photograph Journey~·&~ (x32 Version: 1.00.0000 - ASGARD) Hidden
Photograph Journey~·&~ (x32 Version: 1.00.0000 - ASGARD) Hidden
Photograph Journey～恋する旅行・新潟編＆北海道編～ (HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\{087ADE04-5C77-4933-9743-4196DADF7AE2}) (Version: 1.00.0000 - ASGARD)
Photograph Journey～恋する旅行・静岡編＆長崎編～ (HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\{F552E9E7-E91C-40E3-86B3-D8A6AEF20958}) (Version: 1.00.0000 - ASGARD)
Photograph Journey～恋する旅行・香川編＆宮崎編～ (HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\{BC24F1E8-A381-4A79-99A0-6CA64103D84E}) (Version: 1.00.0000 - ASGARD)
Re:BIRTHDAY SONG~~ (x32 Version: 1.00.0000 - ASGARD) Hidden
Re：BIRTHDAY SONG～恋を唄う死神～ (HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\{3360B249-0D9E-4ECA-8C7A-C2784F4E963F}) (Version: 1.00.0000 - ASGARD)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21268 - Realtek Semiconductor Corp.)
Realtek I2S Audio (HKLM-x32\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.3.9600.118 - Realtek Semiconductor Corp.)
Realtek USB Audio (HKLM-x32\...\{0A46A65D-89AC-464C-8026-3CD44960BD04}) (Version: 6.3.9600.41 - Realtek Semiconductor Corp.)
Realtek USB Gigabit Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 8.17.812.2014 - Realtek)
Seduce Me the Otome (HKLM-x32\...\Steam App 367120) (Version: - Michaela Laws)
Serena (HKLM-x32\...\Steam App 272060) (Version: - Senscape)
Skype™ 7.23 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.23.105 - Skype Technologies S.A.)
Splashtop Personal (HKLM-x32\...\{E7CF0F14-8C1D-41F3-85ED-579C108262C7}) (Version: 2.6.2.2 - Splashtop Inc.)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.6.5.3 - Splashtop Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Night of the Rabbit (HKLM-x32\...\Steam App 230820) (Version: - Daedalic Entertainment)
The Secret of Monkey Island: Special Edition (HKLM-x32\...\Steam App 32360) (Version: - LucasArts)
the static speaks my name (HKLM-x32\...\Steam App 387860) (Version: - Jesse Barksdale)
Un:BIRTHDAY SONG~~ (x32 Version: 1.00.0000 - ASGARD) Hidden
Un：BIRTHDAY SONG～愛を唄う死神～ (HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\{102B2E71-E44B-48CF-AB34-75185CE45101}) (Version: 1.00.0000 - ASGARD)
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{15015752-9990-4516-A2B1-93823281FB8E}) (Version: 15.0.1759 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{E75B82FD-B6FD-4653-8685-F3A97BDFEA6E}) (Version: 15.0.2013 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{01E87699-A49D-413A-B75B-7C434FEF979C}) (Version: 15.0.2013 - Microsoft Corporation)
Who Is Mike (HKLM-x32\...\Steam App 377430) (Version: - Fervent)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.9850 - Broadcom Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
μTorrent (HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
オルフレール (HKLM-x32\...\{8997BF23-1DCD-485C-A637-273BD8E94C94}) (Version: - )
初彼エッチ (HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\{1536FC9B-773F-4E66-AA0D-0F16F81F831A}) (Version: - ステラワース)
剣が君 (HKLM-x32\...\{D2DA9CDE-1359-4CA3-BA1C-58EEC85B051C}) (Version: 1.00.0000 - Rejet)
大正×対称アリス episode1 (HKLM-x32\...\{2757CB74-0BE2-4351-AEAD-51B50E48BB17}) (Version: - Primula)
大正×対称アリス episode2 (HKLM-x32\...\{820E8EE1-BBC1-4e5f-A1F4-D017E3F2EB12}) (Version: - Primula)
大正×対称アリス episode3 (HKLM-x32\...\{17A7FC80-921F-45eb-9D5A-66A3DCD3F45E}) (Version: - Primula)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {024070FA-3BEB-4312-BE68-E3A026A02786} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-17] (Google Inc.)
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {1E774467-9AE8-4889-B618-E45A1C235B8A} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-02] (Aviata Inc)
Task: {1F1C6DE4-9864-4C89-9A12-09CA175D69AE} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-04-22] (Dell Inc.)
Task: {2143E8A2-B474-488B-8699-0A9DF727DA98} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {385DCBBC-CF76-42E1-AC3A-141B902506C4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {4198DE5C-DC0A-420B-B4FB-A45B7EE283F4} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe <==== ATTENTION
Task: {52406AB9-1EFC-4154-B9AA-47B959D037CE} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {60F7E9C1-A97F-4351-B1D7-2581B03799FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-17] (Google Inc.)
Task: {64A9A9EC-4503-478A-9A9B-861661C97C8C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {673C14D8-3A20-43C8-8DBF-CF6F436B4F01} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-15] (Adobe Systems Incorporated)
Task: {6A1BE11E-427C-4028-859B-92EEDA781A7C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {6F0C2A62-FD7F-4BE1-9644-4DC97758DD4A} - System32\Tasks\ASD_Main => C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD2.exe [2014-11-24] (Anvisoft)
Task: {7E6B00FA-FEC0-4A01-8A7C-309D4F80C8F2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {82FE968D-6350-49E6-985C-A66572380491} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-05-14] (Piriform Ltd)
Task: {87C81608-D1E8-40E5-AC77-7E4D0FEABBF4} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-03-25] (PC-Doctor, Inc.)
Task: {93D4AC86-005F-45C1-A637-09E3D335258E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-06-23] (Microsoft Corporation)
Task: {972C7887-763A-47A9-8256-320BE2D0A442} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe <==== ATTENTION
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {D2BCC86B-87D2-44ED-89DF-8B4730A4FC3E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-15] (Microsoft Corporation)
Task: {D3562732-C1C2-4A38-B44E-7EF97868B479} - System32\Tasks\{FC7CD053-1AB4-422C-806F-4351F4C8E5B6} => pcalua.exe -a H:\PSetup.exe -d H:\
Task: {E93AAAB7-CD64-44C2-BC90-8C58051AA9F6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {F5221ACB-0F51-470E-BD02-028A3AD66852} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-02] (Aviata Inc)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\ng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk
ShortcutWithArgument: C:\Users\ng\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\The Economist.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=gebjgjhbjedcomcajgpodjgfjgkepgpl
ShortcutWithArgument: C:\Users\ng\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"

==================== Loaded Modules (Whitelisted) ==============

2014-07-16 09:11 - 2014-07-16 09:11 - 00049408 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2015-03-20 19:26 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-10-28 08:50 - 2015-09-02 00:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-03-01 04:17 - 2014-11-24 14:24 - 00456808 _____ () C:\Windows\system32\igfxTray.exe
2014-11-18 15:15 - 2014-11-18 15:15 - 00493568 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\http_hook.dll
2014-04-30 10:04 - 2014-04-30 10:04 - 00088080 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\libglog.dll
2014-11-20 16:17 - 2014-11-20 16:17 - 01026560 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD2Engine.dll
2014-11-18 15:14 - 2014-11-18 15:14 - 00032768 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\fsmlib.dll
2014-04-30 09:27 - 2014-04-30 09:27 - 00649744 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\sqlite3.dll
2014-04-30 10:04 - 2014-04-30 10:04 - 00038928 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\fuzzy.dll
2014-04-30 10:04 - 2014-04-30 10:04 - 00093712 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\zlibwapi.dll
2014-11-18 15:15 - 2014-11-18 15:15 - 00125952 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ExtractImpl.dll
2014-11-18 15:15 - 2014-11-18 15:15 - 00021504 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\UnpackImpl.dll
2014-11-18 15:14 - 2014-11-18 15:14 - 00252928 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\pyunpacker.dll
2015-04-01 22:08 - 2016-01-19 04:02 - 00110952 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2015-04-01 22:08 - 2016-01-19 04:02 - 00253800 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\collector.dll
2015-04-01 22:08 - 2016-01-19 04:02 - 00295272 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\stat.dll
2015-04-01 22:08 - 2016-01-19 04:02 - 00104296 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2015-04-01 22:08 - 2016-01-19 04:02 - 00020328 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2015-04-01 22:08 - 2016-01-19 04:02 - 00044392 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2014-09-23 17:07 - 2014-09-23 17:07 - 00030720 _____ () C:\Program Files (x86)\Intel\Intel(R) Wake on Voice Setup\IntcWovLogDll.dll
2014-09-24 11:07 - 2014-09-24 11:07 - 00181248 _____ () C:\Program Files (x86)\Intel\Intel(R) Wake on Voice Setup\IntcWoVDriverDll.dll
2014-09-23 17:08 - 2014-09-23 17:08 - 00047616 _____ () C:\Program Files (x86)\Intel\Intel(R) Wake on Voice Setup\IntcWoVRegistryDll.dll
2014-09-24 11:07 - 2014-09-24 11:07 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) Wake on Voice Setup\IntcWoVAudioDeviceDll.dll
2015-03-16 11:28 - 2015-03-16 11:28 - 00155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2014-10-01 05:56 - 2014-10-01 05:56 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-11-20 16:17 - 2014-11-20 16:17 - 00300032 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\UserProfile.dll
2014-11-20 16:18 - 2014-11-20 16:18 - 00773632 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\CoreScan.dll
2014-11-18 15:15 - 2014-11-18 15:15 - 00117760 _____ () C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\FileSearcher.dll
2015-10-28 08:50 - 2015-09-01 20:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-11-26 09:48 - 2016-04-30 04:10 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-11-26 09:47 - 2015-07-04 00:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-11-26 09:48 - 2016-06-15 08:47 - 02387024 _____ () C:\Program Files (x86)\Steam\video.dll
2015-11-26 09:47 - 2015-07-04 00:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-11-26 09:47 - 2015-07-04 00:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-11-26 09:47 - 2016-02-09 07:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-11-26 09:47 - 2016-02-09 07:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-11-26 09:47 - 2016-02-09 07:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-11-26 09:47 - 2016-02-09 07:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-11-26 09:47 - 2016-02-09 07:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-11-26 09:47 - 2016-06-15 08:47 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 12:03 - 2016-02-18 06:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2015-04-27 17:12 - 2015-04-27 17:12 - 00018704 _____ () C:\Program Files (x86)\Anvisoft\Cloud System Booster\Public.dll
2015-04-27 17:12 - 2015-04-27 17:12 - 00156432 _____ () C:\Program Files (x86)\Anvisoft\Cloud System Booster\ui.dll
2015-04-27 17:12 - 2015-04-27 17:12 - 00090896 _____ () C:\Program Files (x86)\Anvisoft\Cloud System Booster\libglognc.dll
2015-04-27 17:12 - 2015-04-27 17:12 - 00559888 _____ () C:\Program Files (x86)\Anvisoft\Cloud System Booster\extentions\RBtnCleaner.dll
2015-04-27 17:12 - 2015-04-27 17:12 - 00209168 _____ () C:\Program Files (x86)\Anvisoft\Cloud System Booster\RbtnCleanerCore.dll
2015-11-26 09:47 - 2016-06-15 03:14 - 49826080 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-06-18 14:10 - 2016-06-15 17:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-18 14:10 - 2016-06-15 17:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
2015-03-01 04:37 - 2015-04-06 16:10 - 01905904 ____N () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2015-03-01 04:37 - 2012-11-26 15:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2015-04-06 16:10 - 2015-04-06 16:10 - 00117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SplashtopRemoteService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\dell.com -> dell.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 21:25 - 2016-05-15 23:16 - 00000836 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-467215432-3201027063-894571888-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\ng\Pictures\Wallpaper worthy + random pics\Kyoukai-no-Kanata-image-kyoukai-no-kanata-36228551-1920-1080.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKLM\...\StartupApproved\Run32: => "DropboxOEM"
HKLM\...\StartupApproved\Run32: => "mcpltui_exe"
HKU\S-1-5-21-467215432-3201027063-894571888-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{096F431C-A2E3-4C55-B0C0-C01931AFD437}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{C820CDE7-6A31-4FD8-A0E8-1639834A8D77}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{08E5A6B8-ACEC-4171-BC20-FC5B3826D9B3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8F6722DB-71CF-4FC3-BA75-EE2767BBD721}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EA52F8FF-DE1E-412B-B197-61B84B1892C5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{34E0AB3C-7574-46C3-AF37-F90042021412}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Who Is Mike\WhoisMike.exe
FirewallRules: [{B7EDD941-8E42-4150-AC98-76BAAC2E20F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Who Is Mike\WhoisMike.exe
FirewallRules: [{34D6E2F1-9BC2-40AE-BC4E-1C0B246928AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Seduce Me the Otome\Seduce Me Official.exe
FirewallRules: [{2B170AC9-5720-4A1C-A01D-B6879F386BAD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Seduce Me the Otome\Seduce Me Official.exe
FirewallRules: [{1D85C6B2-67CB-499E-BABE-BDB2DABBE9D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia\amnesia.exe
FirewallRules: [{B2E94C6C-CBAE-4D8E-BF1F-3EBBD01AD730}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia\amnesia.exe
FirewallRules: [{398ED262-5CB6-48A1-8FF8-B946C681B154}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Detective Grimoire\Detective Grimoire.exe
FirewallRules: [{0AEC0683-15FA-467B-AF9B-A1DA3DF9458B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Detective Grimoire\Detective Grimoire.exe
FirewallRules: [{5F4A9127-3B51-42F9-8D35-CE633CD6AE76}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CookServeDelicious\CSDSteamBuild.exe
FirewallRules: [{5044BAB0-C166-4B90-A222-4E02FB89008D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CookServeDelicious\CSDSteamBuild.exe
FirewallRules: [{A02A2CEB-E1FB-43DE-9769-187D251F093D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ghost Master\ghost.exe
FirewallRules: [{B8D6CFE4-7D11-4E78-A2B5-159261CE88FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ghost Master\ghost.exe
FirewallRules: [{F0F02167-4807-4B97-891F-689536C9DE6A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the static speaks my name\thestatic_win.exe
FirewallRules: [{20C6D512-D85D-4DDF-85BA-27E9504BE92D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\the static speaks my name\thestatic_win.exe
FirewallRules: [{824267F5-1280-4E53-A6E4-2FEACDC97826}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serena\Dagon64.exe
FirewallRules: [{19BC2C1C-2747-4F48-8FFB-F74CF9D9EF20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Serena\Dagon64.exe
FirewallRules: [{4D3A1DC9-7107-41AD-BA66-7EE51BE04FE8}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{8CF739CF-3B77-462C-A067-A13BD5308BA1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{80121B4B-875D-45C4-8054-23189C0AE452}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{9F387183-BAD3-4FA8-8F72-6A7C863ACC77}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{2758B45A-3115-4D78-AA2E-2AA018292FA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Night of the Rabbit\rabbit.exe
FirewallRules: [{A0551E61-0D07-4D48-8D68-DA9E109CF8EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Night of the Rabbit\rabbit.exe
FirewallRules: [{B194E202-637E-481A-9A68-6B2E030040D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Night of the Rabbit\VisionaireConfigurationTool.exe
FirewallRules: [{F818C7E8-73F4-48EE-9A6C-8624D3FAF394}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Night of the Rabbit\VisionaireConfigurationTool.exe
FirewallRules: [{9DE2BF75-C9A3-42E1-BE96-84CE437C046F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Monkey2\Monkey2.exe
FirewallRules: [{A11F9262-DCFD-4BF2-81FB-3100A2DD63E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Monkey2\Monkey2.exe
FirewallRules: [{90EC493F-31ED-4CF8-99D0-DA3A5567DEE5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Memoria\memoria.exe
FirewallRules: [{9CF27871-3417-4580-948A-13F8AE0240AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Memoria\memoria.exe
FirewallRules: [{FF7E99D6-C6EE-4C90-9311-85175086894E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Memoria\VisionaireConfigurationTool.exe
FirewallRules: [{7E662D24-6ADB-4D91-BD18-CB5A0F1489BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Memoria\VisionaireConfigurationTool.exe
FirewallRules: [{DE52E3E9-C724-4B24-A33B-5D65483DD237}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deponia\deponia.exe
FirewallRules: [{1A1CA52F-422D-426E-93D9-6091DDDCE655}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deponia\deponia.exe
FirewallRules: [{D2D0C175-79DD-4949-AC6C-9D9E3B5E6975}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deponia\VisionaireConfigurationTool.exe
FirewallRules: [{059BE91C-24EF-4784-AFF3-5AF14F6D999E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deponia\VisionaireConfigurationTool.exe
FirewallRules: [{4A9162E1-528A-4DE6-AB82-4ED76EDB218C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Secret of Monkey Island Special Edition\MISE.exe
FirewallRules: [{A5C4C1A8-4CB8-4374-AF1B-D5BDACE49601}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Secret of Monkey Island Special Edition\MISE.exe
FirewallRules: [{05C1D406-FD8A-4741-A383-42740B86E20C}] => (Allow) C:\Users\ng\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B70A55A3-81E4-4EFE-946E-0522892EE5AD}] => (Allow) C:\Users\ng\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2DFCF8AD-F849-4F3E-91F3-DB65AAAD3357}] => (Allow) C:\Users\ng\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A68A7C46-B1F7-4DFB-8C02-964123235773}] => (Allow) C:\Users\ng\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{06714127-F2C4-43B0-8A49-D320AEE6593E}] => (Allow) C:\Users\ng\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8AC8EF24-64D6-4135-8542-AC6A35C2B542}] => (Allow) C:\Users\ng\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6337F72C-5F09-4A58-AA7D-00426DFF481C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{88111569-2300-4D46-8780-A57FD46EAC96}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{3C990F6A-4421-49B5-A24B-B519F8052411}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E9969750-C7CF-4F4C-A619-3C87341445C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{2FBA64B4-C767-45B4-B14F-BF59130873BE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{CF28BC9D-DB52-47CB-A41C-E22F4DFD5816}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{E72F300F-9661-4E32-A7AA-CFBC6FD178FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{80F24A23-ADD5-47D8-80B7-88878A00723F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{17503E36-64FD-4C73-BC48-47CAFB73535C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3C7FF9B9-E36D-454A-BCE1-FB5A342396A5}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
FirewallRules: [{B80582FA-70FC-4543-9679-08CE2519710E}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
FirewallRules: [{1FE0A0BE-634F-4018-9DED-9FC76A826362}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\DataProxy.exe

==================== Restore Points =========================

24-05-2016 23:26:51 Windows Update
18-06-2016 13:58:15 Windows Update
23-06-2016 21:16:31 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Could not start eventlog service, could not read events.

The Windows Event Log service is starting.
The Windows Event Log service could not be started.

A system error has occurred.

System error 5 has occurred.

Access is denied.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 39%
Total physical RAM: 8096.7 MB
Available physical RAM: 4905.95 MB
Total Virtual: 11040.7 MB
Available Virtual: 6919.1 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:229.86 GB) (Free:32.84 GB) NTFS
Drive w: (PBR Image) (Fixed) (Total:6.78 GB) (Free:0.75 GB) NTFS
Drive x: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 38F54131)

Partition: GPT.

==================== End of Addition.txt ============================

Sfc /scannow repeatedly shows corrupted files repaired successfully

Windows Update Analyst, Security Analyst

Active member

Windows Update Analyst, Security Analyst

Active member

Windows Update Analyst, Security Analyst

Active member

Windows Update Analyst, Security Analyst

Active member

Attachments

Windows Update Analyst, Security Analyst

Active member

Windows Update Analyst, Security Analyst

Active member

Attachments

Windows Update Analyst, Security Analyst

Active member

Active member

Emeritus

Active member

Emeritus

Active member

Active member