Page 3 of 3 FirstFirst 123
  1.    11 Mar 2017 #21
    Join Date : Aug 2015
    Posts : 611
    W10 Home 1703

    Quick opinion on PC backups:

    I keep my disk image backups in 2 places. One is in a special partition on my PC hard drive(s), and a copy is on an external drive.
    The reason for this strategy is that there are 2 major reasons why you need to use a backup image.

    The first is when your PC is infected by a virus, malware, or user error. In these cases the PC runs fine, just your files are trashed. Restoring a backup directly from the PC in these cases just goes faster.

    The second is a hard drive failure or ransomware attack. In these cases you can't access any files on the PC and you can't run backup software normally. In these cases you must have a backup image on an external drive, a way to load the backup software from a boot drive device, and the knowledge of how to do this.

    I would guess that kittenwoman has a program on her laptop that is doing backups automatically (and seemingly without your knowledge). This can be better than nothing since so many folks can never find the time to do this chore. But it would be a fine strategy to just copy the most recent backup file to an external drive from time to time and delete all older backup files on a daily, weekly, or monthly basis - whatever works for you. The more frequent the better of course.
      My ComputerSystem Spec
  2.    11 Mar 2017 #22
    Join Date : Aug 2015
    Posts : 22
    windows.8.1
    Thread Starter

    Strange , I logged off last night with plug. forgot about battery being out. Logged on this morning, put battery in and it was still full , weird as if its put off with it in its drained. Have been searching to day for a new battery
    Quote Originally Posted by TV2 View Post
    Yes, you are correct. Any laptop will start and run without the battery just fine. But that was not the purpose of the test.

    What we discovered is that the problem seems to be isolated to the battery. The battery is not holding a charge, and the PC is acting strange when it is only on the battery.
    So yes, I think we have justified the cost of a new battery.

    If the symptoms you were having were due to the hard drive being full you would see these when starting up without the battery.

    The advice above about cleaning up your backups is a good one.
    Just by doing that you should reclaim about 50% or more of your hard drive real estate. You only need to keep the most recent backup.
      My ComputerSystem Spec
  3.    11 Mar 2017 #23
    Join Date : Aug 2015
    Posts : 22
    windows.8.1
    Thread Starter

    Ran tree again today after disk clean up and looks like its all back again I must be doing something wrong . what do you think ? TaClick image for larger version. 

Name:	HELP8.jpg 
Views:	3 
Size:	175.4 KB 
ID:	124635
    Quote Originally Posted by Kyhi View Post
    right click on C:\ > select Properties > select Disk Clean Up > when that windows pops-up
    select Clean up System files

    Check mark every box and click OK
      My ComputerSystem Spec
  4.    12 Mar 2017 #24
    Join Date : Aug 2015
    Posts : 611
    W10 Home 1703

    Can you look on your hard disk (Windows Explorer File Manager) and see if there is a folder named "Backups"?
    Can you tell us what is in that folder (if you find it)?

    When you say "it is all back again", does that mean that you ran Treesize one time and it (The large backup folder) was all gone?
      My ComputerSystem Spec
  5.    12 Mar 2017 #25
    Join Date : Jul 2016
    Crewe Cheshire
    Posts : 1,451
    windows 10

    Run this see if it tells us whats doing this
    Please download and save FRST 64bit or FRST 32 bit to your Desktop.

    http://download.bleepingcomputer.com/farbar/FRST.exe
    http://download.bleepingcomputer.com/farbar/FRST64.exe

    Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    Make sure that Addition option is checked.
    Press Scan button.
    It will produce a log called FRST.txt in the same directory the tool is run from.
    Please copy and paste log back here.
    The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
      My ComputerSystem Spec
  6.    13 Mar 2017 #26
    Join Date : Aug 2015
    Posts : 22
    windows.8.1
    Thread Starter

    This is what I have left now. I cant see a backup folder on hard disk . I will run what you suggest today and paste it back here..thanksClick image for larger version. 

Name:	help9.jpg 
Views:	21 
Size:	91.9 KB 
ID:	124897Click image for larger version. 

Name:	help10.jpg 
Views:	21 
Size:	34.7 KB 
ID:	124898
    Quote Originally Posted by TV2 View Post
    Can you look on your hard disk (Windows Explorer File Manager) and see if there is a folder named "Backups"?
    Can you tell us what is in that folder (if you find it)?

    When you say "it is all back again", does that mean that you ran Treesize one time and it (The large backup folder) was all gone?
      My ComputerSystem Spec
  7.    13 Mar 2017 #27
    Join Date : Aug 2015
    Posts : 22
    windows.8.1
    Thread Starter

    sorry posted x 2
    Attached Thumbnails Attached Thumbnails 2017_03_13_09_07_011.png   1.jpg  
    Last edited by kittenwoman; 13 Mar 2017 at 04:36. Reason: posted x 2
      My ComputerSystem Spec
  8.    13 Mar 2017 #28
    Join Date : Aug 2015
    Posts : 22
    windows.8.1
    Thread Starter

    QUOTE=Samuria;958614]Run this see if it tells us whats doing this
    Please download and save FRST 64bit or FRST 32 bit to your Desktop.

    http://download.bleepingcomputer.com/farbar/FRST.exe
    http://download.bleepingcomputer.com/farbar/FRST64.exe
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-03-2017Ran by kittenwoman (administrator) on PRECIOUSMOTHER (13-03-2017 08:49:55)Running from C:\Users\kittenwoman\DownloadsLoaded Profiles: kittenwoman & _ashbackup_ (Available Profiles: kittenwoman & _ashbackup_)Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe(Intel Corporation) C:\Windows\System32\igfxCUIService.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe() C:\Windows\System32\spool\drivers\x64\3\dlebserv.exe( ) C:\Windows\System32\dlebcoms.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe(Tenorshare.com) C:\Program Files (x86)\Windows Care Genius\BootTime.exe() C:\Program Files\Ashampoo\Ashampoo Backup 2016\bin\backupService-ab.exe() C:\Program Files\Ashampoo\Ashampoo Backup 2016\bin\oxHelper.exe(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Tenorshare.com) C:\Program Files (x86)\Windows Care Genius\WCGTray.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(IObit) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Intel Corporation) C:\Windows\System32\igfxEM.exe(Intel Corporation) C:\Windows\System32\igfxHK.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Corel, Inc.) C:\Program Files\Corel\Corel PaintShop Pro X8 (64-bit)\Corel PaintShop Pro.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exeFailed to access process -> WindowsCareGenius.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\smartscreen.exe==================== Registry (Whitelisted) ====================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-17] (Microsoft Corporation)HKLM-x32\...\Run: [] => [X]HKU\S-1-5-21-968228177-1483763967-3137165155-1001\...\Run: [DellSystemDetect] => C:\Users\kittenwoman\AppData\Local\Apps\2.0\31PX596T.MK3\NJP5V7PD.WWZ\dell..tion_831211ca63b981c5_00 08.0003_e23fe183534fdbc1\DellSystemDetect.exe [311216 2017-03-06] (Dell)HKU\S-1-5-21-968228177-1483763967-3137165155-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1HKU\S-1-5-21-968228177-1483763967-3137165155-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\SysWoW64\GPhotos.scr [4587520 2015-10-13] (Google Inc.)ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-06] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No FileShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => -> No FileShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-06] (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)Startup: C:\Users\kittenwoman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-03-04]ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE (Microsoft Corporation)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)Tcpip\Parameters: [DhcpNameServer] 192.168.0.1Tcpip\..\Interfaces\{33a8e2eb-389d-4acf-9a54-eb7dd29f428b}: [DhcpNameServer] 192.168.0.1ManualProxies: Internet Explorer:==================HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTIONHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = SearchScopes: HKU\S-1-5-21-968228177-1483763967-3137165155-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={85E8E97F-D0CB-4F68-9A68-547D0740A22A}&mid=caf45064e47647cf9811a5afa4c1d2a4-35395af97e5e214c99322b2fd8765d40949fa7ac&lang=en&ds=AVG&coid=avgtbavg&cmpid=0117avi&pr=fr&d=2017-01-20 14:07:30&v=4.3.6.255&pid=wtu&sg=&sap=dsp&q={searchTerms}BHO: No Name -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> No FileBHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No FileBHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll => No FileBHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-12-17] (Adobe Systems Incorporated)BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-10] (Oracle Corporation)BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-12-17] (Adobe Systems Incorporated)BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2016-08-03] (IObit)BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-10] (Oracle Corporation)BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-12-17] (Adobe Systems Incorporated)Toolbar: HKLM - No Name - {553891B7-A0D5-4526-BE18-D3CE461D6310} - No FileToolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-12-17] (Adobe Systems Incorporated)Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-12-17] (Adobe Systems Incorporated)Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)FireFox:========FF DefaultProfile: 3ll2qat5.default-1478767258293FF ProfilePath: C:\Users\kittenwoman\AppData\Roaming\TomTom\HOME\Profiles\tq1340yi.default [2016-10-05]FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom2\xul\extensions\MapShare-status@tomtom.com [2016-10-05] [not signed]FF ProfilePath: C:\Users\kittenwoman\AppData\Roaming\Mozilla\Firefox\Profiles\c9luaqys.default-1477298626347 [2017-03-11]FF Session Restore: Mozilla\Firefox\Profiles\c9luaqys.default-1477298626347 -> is enabled.FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\kittenwoman\AppData\Roaming\Mozilla\Firefox\Profiles\c9luaqys.default-1477298626347\Extensions\ascsurfingprotectionnew@iobit.com.xpi [2016-10-18]FF Extension: (Fat-Free Fox) - C:\Users\kittenwoman\AppData\Roaming\Mozilla\Firefox\Profiles\c9luaqys.default-1477298626347\Extensions\fat-free-firefox@oyenamit.xpi [2016-10-26]FF Extension: (Awesome Screenshot - Capture, Annotate & More) - C:\Users\kittenwoman\AppData\Roaming\Mozilla\Firefox\Profiles\c9luaqys.default-1477298626347\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2016-11-07]FF Extension: (AdBlocker for YouTube™) - C:\Users\kittenwoman\AppData\Roaming\Mozilla\Firefox\Profiles\c9luaqys.default-1477298626347\Extensions\jid1-q4sG8pYhq8KGHs@jetpack.xpi [2016-10-31]FF Extension: (British English Dictionary (Marco Pinto)) - C:\Users\kittenwoman\AppData\Roaming\Mozilla\Firefox\Profiles\c9luaqys.default-1477298626347\Extensions\marcoagpinto@mail.telepac.pt [2016-11-02]FF Extension: (ColorfulTabs) - C:\Users\kittenwoman\AppData\Roaming\Mozilla\Firefox\Profiles\c9luaqys.default-1477298626347\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2016-10-27]FF Extension: (eBay for Firefox) - C:\Users\kittenwoman\AppData\Roaming\Mozilla\Firefox\Profiles\c9luaqys.default-1477298626347\Extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi [2016-10-31]FF Extension: (Block site) - C:\Users\kittenwoman\AppData\Roaming\Mozilla\Firefox\Profiles\c9luaqys.default-1477298626347\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2016-10-26]FF Extension: (No Name) - C:\Users\kittenwoman\AppData\Roaming\Mozilla\Firefox\Profiles\c9luaqys.default-1477298626347\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [not found]FF ProfilePath: C:\Users\kittenwoman\AppData\Roaming\Mozilla\Firefox\Profiles\3ll2qat5.default-1478767258293 [2017-03-11]FF Homepage: Mozilla\Firefox\Profiles\3ll2qat5.default-1478767258293 -> about:homeFF Session Restore: Mozilla\Firefox\Profiles\3ll2qat5.default-1478767258293 -> is enabled.FF Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\kittenwoman\AppData\Roaming\Mozilla\Firefox\Profiles\3ll2qat5.default-1478767258293\Extensions\ascsurfingprotectionnew@iobit.com.xpi [2016-10-18]FF Extension: (Fat-Free Fox) - C:\Users\kittenwoman\AppData\Roaming\Mozilla\Firefox\Profiles\3ll2qat5.default-1478767258293\Extensions\fat-free-firefox@oyenamit.xpi [2016-11-12]FF Extension: (Awesome Screenshot - Capture, Annotate & More) - C:\Users\kittenwoman\AppData\Roaming\Mozilla\Firefox\Profiles\3ll2qat5.default-1478767258293\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2016-11-11]FF Extension: (Google™ Translator) - C:\Users\kittenwoman\AppData\Roaming\Mozilla\Firefox\Profiles\3ll2qat5.default-1478767258293\Extensions\jid1-dgnIBwQga0SIBw@jetpack.xpi [2016-12-17]FF Extension: (AdBlocker for YouTube™) - C:\Users\kittenwoman\AppData\Roaming\Mozilla\Firefox\Profiles\3ll2qat5.default-1478767258293\Extensions\jid1-q4sG8pYhq8KGHs@jetpack.xpi [2016-12-06]FF Extension: (British English Dictionary (Marco Pinto)) - C:\Users\kittenwoman\AppData\Roaming\Mozilla\Firefox\Profiles\3ll2qat5.default-1478767258293\Extensions\marcoagpinto@mail.telepac.pt [2016-11-29]FF Extension: (Video WithOut Flash) - C:\Users\kittenwoman\AppData\Roaming\Mozilla\Firefox\Profiles\3ll2qat5.default-1478767258293\Extensions\vwof@drev.com.xpi [2016-12-12]FF Extension: (ColorfulTabs) - C:\Users\kittenwoman\AppData\Roaming\Mozilla\Firefox\Profiles\3ll2qat5.default-1478767258293\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2016-11-12]FF Extension: (eBay for Firefox) - C:\Users\kittenwoman\AppData\Roaming\Mozilla\Firefox\Profiles\3ll2qat5.default-1478767258293\Extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi [2016-12-02]FF Extension: (Block site) - C:\Users\kittenwoman\AppData\Roaming\Mozilla\Firefox\Profiles\3ll2qat5.default-1478767258293\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2016-11-12]FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtnFF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2017-03-05]FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)FF Plugin: @Microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)FF Plugin-x32: @Google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-10] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-10] (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)FF Plugin-x32: @Microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-12-17] (Adobe Systems Inc.)FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)Chrome: =======CHR HomePage: Default -> file:///C:/Users/kittenwoman/PicturesCHR StartupUrls: Default -> "hxxp://www.hotukdeals.com/","hxxps://mail.google.com/mail/u/0/#inbox/p2","hxxp://www.ebay.co.uk/","hxxp://www.tspc.co.uk/","hxxp://www.catchat.org/shelter_centre/admin/index.php?route=common/login"CHR DefaultSearchURL: Default -> hxxps://pandasecurity.mystart.com/results.php?pr=vmn&id=pandasafeweb&v=1_0_chromeextension_unknown__&searchfeed=web&hsimp=yhs-panda1&ent=ch_ss&q={searchTerms}CHR DefaultSearchKeyword: Default -> safeWebCHR Session Restore: Default -> is enabled.CHR Profile: C:\Users\kittenwoman\AppData\Local\Google\Chrome\User Data\Default [2017-03-13]CHR Extension: (Google Slides) - C:\Users\kittenwoman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-28]CHR Extension: (Torrent Search) - C:\Users\kittenwoman\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbpdhiclgghnffhkinjikglgmolhpee [2016-08-28]CHR Extension: (Google Docs) - C:\Users\kittenwoman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-28]CHR Extension: (Google Drive) - C:\Users\kittenwoman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-28]CHR Extension: (YouTube) - C:\Users\kittenwoman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-28]CHR Extension: (Facebook) - C:\Users\kittenwoman\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2016-08-28]CHR Extension: (Teo the Cat) - C:\Users\kittenwoman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehckjfoeencjpfnaephddebndiefncf [2016-08-28]CHR Extension: (Cat licking screen clean) - C:\Users\kittenwoman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfjkinddmakibphhcbmfmebbdgpabcib [2016-08-28]CHR Extension: (Social Video Chat MashMeTV) - C:\Users\kittenwoman\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgimnkkcekilmeifblloakploakdjcdm [2016-08-28]CHR Extension: (Torrent Turbo Search App) - C:\Users\kittenwoman\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegbffmjdkflkcfncpfjjbggbdlnbdif [2016-08-28]CHR Extension: (Google Calendar) - C:\Users\kittenwoman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-01-07]CHR Extension: (Quidco Cashback Reminder) - C:\Users\kittenwoman\AppData\Local\Google\Chrome\User Data\Default\Extensions\elfdpdgmnodokhbiabbcjabmhpdajcog [2016-08-28]CHR Extension: (Google Sheets) - C:\Users\kittenwoman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-28]CHR Extension: (Sticky Notes) - C:\Users\kittenwoman\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpgihpombekglbnddmdamimnepihcbfh [2016-08-28]CHR Extension: (Voice Recognition) - C:\Users\kittenwoman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikjmfindklfaonkodbnidahohdfbdhkn [2016-10-14]CHR Extension: (Dropbox) - C:\Users\kittenwoman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2016-08-28]CHR Extension: (eBay Search Alert) - C:\Users\kittenwoman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmgddmdmhifhklhbhconpaehgbkaphcd [2016-08-28]CHR Extension: (eBay for Chrome) - C:\Users\kittenwoman\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck [2016-12-04]CHR Extension: (Google Play) - C:\Users\kittenwoman\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2016-08-28]CHR Extension: (Fat Cat Workout - 7 minute) - C:\Users\kittenwoman\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkllacgldnpbfigpdekbjppdfifidbj [2016-08-28]CHR Extension: (PDFConverterHQ) - C:\Users\kittenwoman\AppData\Local\Google\Chrome\User Data\Default\Extensions\llbicmcgddpamkmkadinicbjanioaiha [2017-02-18]CHR Extension: (Google Maps) - C:\Users\kittenwoman\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-08-28]CHR Extension: (Cloud9) - C:\Users\kittenwoman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbdmccoknlfggadpfkmcpnamfnbkmkcp [2016-08-28]CHR Extension: (Chrome Web Store Payments) - C:\Users\kittenwoman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]CHR Extension: (Picasa) - C:\Users\kittenwoman\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2016-08-28]CHR Extension: (Sky+) - C:\Users\kittenwoman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookngkjbobceimcicokadhjonlejhobj [2016-08-28]CHR Extension: (Gmail) - C:\Users\kittenwoman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-28]CHR Extension: (Chrome Media Router) - C:\Users\kittenwoman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]CHR HKLM\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2016-12-17]CHR HKLM-x32\...\Chrome\Extension: [fagakgcelolinfnkfgekcnedpaklfcok] - hxxps://clients2.google.com/service/update2/crx==================== Services (Whitelisted) ====================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 AdvancedSystemCareService10; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [462624 2016-12-12] (IObit)S3 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)R2 ashbackup; c:\Program Files\Ashampoo\Ashampoo Backup 2016\bin\backupService-ab.exe [32064 2016-04-21] ()S3 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-22] (Dropbox, Inc.)S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-22] (Dropbox, Inc.)R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46408 2017-01-21] (Dropbox, Inc.)S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)R2 dlebCATSCustConnectService; C:\WINDOWS\system32\spool\DRIVERS\x64\3\\dlebserv.exe [45224 2010-05-21] ()R2 dleb_device; C:\WINDOWS\system32\dlebcoms.exe [1052328 2010-05-21] ( )R2 dleb_device; C:\WINDOWS\SysWOW64\dlebcoms.exe [1052328 2010-05-21] ( )R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382456 2017-02-16] (Intel Corporation)S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)S3 PSI_SVC_2_x64; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-11-25] (Realtek Semiconductor)S3 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-07-22] (DEVGURU Co., LTD.)R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-16] (Synaptics Incorporated)S3 TomTomHOMEService; C:\Program Files (x86)\TomTom2\TomTomHOMEService.exe [100088 2016-07-14] (TomTom)S2 WCGBootAssistant; C:\Program Files (x86)\Windows Care Genius\BootTime.exe [576512 2017-02-20] (Tenorshare.com) [File not signed]R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)U2 WiseBootAssistant; C:\Program Files (x86)\Windows Care Genius\BootTime.exe [576512 2017-02-20] (Tenorshare.com) [File not signed]===================== Drivers (Whitelisted) ======================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R3 athr; C:\WINDOWS\System32\drivers\athw10x.sys [4318648 2016-12-29] (Qualcomm Atheros Communications, Inc.)S3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [24240 2016-01-05] (Dell Computer Corporation)R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.)S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2016-12-29] (REALiX(tm))R3 iaLPSS_GPIO; C:\WINDOWS\System32\drivers\iaLPSS_GPIO.sys [46856 2016-12-29] (Intel Corporation)S3 iaLPSS_I2C; C:\WINDOWS\System32\drivers\iaLPSS_I2C.sys [120312 2014-06-02] (Intel Corporation)S3 iaLPSS_SPI; C:\WINDOWS\System32\drivers\iaLPSS_SPI.sys [83960 2013-10-02] (Intel Corporation)S3 iaLPSS_UART2; C:\WINDOWS\System32\drivers\iaLPSS_UART2.sys [128504 2013-10-02] (Intel Corporation)R1 MpKsl1a026f91; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{55E158F6-E556-415F-993C-455D8EBA1984}\MpKsl1a026f91.sys [44928 2017-03-11] (Microsoft Corporation)S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e86\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [946696 2016-12-29] (Realtek )R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-12-29] (Realsil Semiconductor Corporation)R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [21360 2016-03-22] (IObit)S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)R3 SynRMIHID; C:\WINDOWS\system32\DRIVERS\SynRMIHID.sys [57032 2015-07-16] (Synaptics Incorporated)S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)R3 WiseHDInfo; C:\WINDOWS\WiseHDInfo64.dll [14800 2017-03-12] (wisecleaner.com)R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-12-21] (Zemana Ltd.)U0 aswVmm; no ImagePathS3 dbx; system32\DRIVERS\dbx.sys [X]U0 Partizan; system32\drivers\Partizan.sys [X]==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2017-03-13 08:49 - 2017-03-13 08:56 - 00032945 _____ C:\Users\kittenwoman\Downloads\FRST.txt2017-03-13 08:49 - 2017-03-13 08:49 - 00000000 ____D C:\FRST2017-03-13 08:45 - 2017-03-13 08:49 - 02424832 _____ (Farbar) C:\Users\kittenwoman\Downloads\FRST64.exe2017-03-13 07:43 - 2017-03-13 07:43 - 00380912 _____ C:\WINDOWS\system32\FNTCACHE.DAT2017-03-12 17:55 - 2017-03-12 17:55 - 00004072 _____ C:\WINDOWS\System32\Tasks\Wise Turbo Checker.job2017-03-12 17:55 - 2017-03-12 17:55 - 00003672 _____ C:\WINDOWS\System32\Tasks\Windows Care Genius.job2017-03-12 17:08 - 2017-03-12 17:08 - 03232312 _____ C:\Users\kittenwoman\Downloads\120892 (3).pdf2017-03-12 14:34 - 2017-03-12 14:34 - 00004206 _____ C:\WINDOWS\System32\Tasks\Windows Care Genius PC Checkup Task2017-03-12 14:19 - 2017-03-13 07:46 - 00000000 ____D C:\Users\kittenwoman\AppData\Roaming\Windows Care Genius2017-03-12 14:19 - 2017-03-12 14:19 - 00014800 _____ (wisecleaner.com) C:\WINDOWS\WiseHDInfo64.dll2017-03-12 14:19 - 2017-03-12 14:19 - 00001200 _____ C:\Users\Public\Desktop\Windows Care Genius.lnk2017-03-12 14:19 - 2017-03-12 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Care Genius2017-03-12 14:18 - 2017-03-12 14:19 - 00000000 ____D C:\Program Files (x86)\Windows Care Genius2017-03-12 14:15 - 2017-03-12 14:16 - 02255912 _____ C:\Users\kittenwoman\Downloads\SharewareOnSale_Giveaway_Windows_Care_Genius_PRO_hub.exe2017-03-12 13:42 - 2017-03-12 13:43 - 00000000 ____D C:\ProgramData\Skype2017-03-12 11:05 - 2017-03-12 11:05 - 00575408 _____ () C:\Users\kittenwoman\Downloads\DellSystemDetectLauncher.exe2017-03-12 10:08 - 2017-03-12 10:08 - 00150856 _____ C:\Users\kittenwoman\Downloads\55 Greenlaw Place, Carnoustie, DD7 7NG - Single survey.pdf2017-03-12 10:07 - 2017-03-12 10:07 - 02400365 _____ C:\Users\kittenwoman\Downloads\55 Greenlaw Place, Carnoustie, DD7 7NG - Questionnaire.pdf2017-03-12 10:05 - 2017-03-12 10:05 - 01029979 _____ C:\Users\kittenwoman\Downloads\117771.pdf2017-03-11 16:53 - 2017-03-11 16:53 - 02890662 _____ C:\Users\kittenwoman\Downloads\MissingPosterA4.pdf2017-03-11 13:58 - 2017-03-11 13:58 - 03232312 _____ C:\Users\kittenwoman\Downloads\120892 (2).pdf2017-03-11 13:45 - 2017-03-11 13:45 - 00273828 _____ C:\Users\kittenwoman\Downloads\120504.pdf2017-03-11 13:42 - 2017-03-11 13:42 - 00320881 _____ C:\Users\kittenwoman\Downloads\120820.pdf2017-03-11 13:32 - 2017-03-11 13:32 - 01088019 _____ C:\Users\kittenwoman\Downloads\120864.pdf2017-03-11 13:23 - 2017-03-11 13:23 - 00852801 _____ C:\Users\kittenwoman\Downloads\120840.pdf2017-03-11 13:20 - 2017-03-11 13:20 - 01192368 _____ C:\Users\kittenwoman\Downloads\119860 (1).pdf2017-03-11 13:08 - 2017-03-11 13:08 - 01157059 _____ C:\Users\kittenwoman\Downloads\119715.pdf2017-03-11 13:06 - 2017-03-11 13:06 - 01192368 _____ C:\Users\kittenwoman\Downloads\119860.pdf2017-03-11 12:45 - 2017-03-11 12:45 - 10991860 _____ C:\Users\kittenwoman\Downloads\858.pdf2017-03-11 10:27 - 2017-03-11 10:28 - 03232312 _____ C:\Users\kittenwoman\Downloads\120892 (1).pdf2017-03-10 17:59 - 2017-03-10 17:59 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll2017-03-10 17:59 - 2017-03-10 17:59 - 00000000 ____D C:\Users\kittenwoman\AppData\Roaming\Sun2017-03-10 17:59 - 2017-03-10 17:59 - 00000000 ____D C:\Users\kittenwoman\AppData\LocalLow\Sun2017-03-10 17:59 - 2017-03-10 17:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2017-03-10 17:58 - 2017-03-10 17:59 - 00000000 ____D C:\ProgramData\Oracle2017-03-10 17:58 - 2017-03-10 17:58 - 00000000 ____D C:\Program Files (x86)\Java2017-03-10 17:57 - 2017-03-12 08:52 - 00000000 ____D C:\Program Files (x86)\WINnerTweak32017-03-10 17:57 - 2007-08-15 12:09 - 00115920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSINET.OCX2017-03-10 17:57 - 2005-04-15 19:58 - 01351392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.ocx2017-03-10 17:57 - 2003-01-26 13:41 - 00040960 _____ (vbAccelerator) C:\WINDOWS\SysWOW64\SSubTmr6.dll2017-03-10 17:57 - 1998-06-24 00:00 - 00167683 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COMCT232.OCX2017-03-10 17:56 - 2017-03-11 08:31 - 02885190 _____ (WINner Tweak Software Development Team ) C:\Users\kittenwoman\Downloads\WINner Tweak 3 Pro.exe2017-03-10 17:55 - 2017-03-10 17:56 - 02245360 _____ C:\Users\kittenwoman\Downloads\SharewareOnSale_Giveaway_WINner_Tweak_3_Pro_hub.exe2017-03-10 07:50 - 2017-03-10 07:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox2017-03-09 17:44 - 2017-03-09 17:44 - 03232312 _____ C:\Users\kittenwoman\Downloads\120892.pdf2017-03-09 08:14 - 2017-03-09 08:14 - 00000000 ____D C:\Users\kittenwoman\AppData\Roaming\JAM Software2017-03-09 08:14 - 2017-03-09 08:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free2017-03-09 08:14 - 2017-03-09 08:14 - 00000000 ____D C:\Program Files (x86)\JAM Software2017-03-08 14:15 - 2017-03-08 14:15 - 00003286 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_AutoAnalyze2017-03-08 14:15 - 2017-03-08 14:15 - 00003126 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Startup2017-03-08 14:15 - 2017-03-08 14:15 - 00003126 _____ C:\WINDOWS\System32\Tasks\IObitSelfCheckTask2017-03-08 14:15 - 2017-03-08 14:15 - 00003122 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Update2017-03-08 14:15 - 2017-03-08 14:15 - 00001231 _____ C:\Users\Public\Desktop\Smart Defrag 5.lnk2017-03-08 14:15 - 2017-03-08 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag2017-03-08 14:15 - 2016-03-25 14:33 - 00128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll2017-03-08 14:15 - 2016-03-22 11:02 - 00036824 _____ (IObit) C:\WINDOWS\system32\SmartDefragBootTime.exe2017-03-08 14:15 - 2016-03-22 11:02 - 00021360 _____ (IObit) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys2017-03-07 09:54 - 2017-03-07 09:54 - 00000000 ____D C:\ProgramData\Macrium2017-03-06 20:50 - 2017-03-06 20:50 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys2017-03-06 12:35 - 2017-03-06 12:35 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job2017-03-06 11:25 - 2017-03-06 11:25 - 00003560 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask2017-03-06 11:24 - 2017-03-06 11:25 - 00000000 ____D C:\ProgramData\PCDr2017-03-06 11:24 - 2017-03-06 11:24 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows2017-03-06 11:24 - 2017-03-06 11:24 - 00000000 ____D C:\Program Files\Dell Support Center2017-03-06 11:20 - 2017-03-06 11:44 - 00000000 ____D C:\temp2017-03-06 11:20 - 2017-03-06 11:20 - 00000000 ____D C:\Users\kittenwoman\AppData\Roaming\PCDr2017-03-06 11:18 - 2017-03-06 11:18 - 00000000 ____D C:\Users\kittenwoman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell2017-03-06 11:17 - 2017-03-12 11:06 - 00000000 ____D C:\Users\kittenwoman\AppData\Local\Deployment2017-03-06 09:38 - 2017-03-07 14:31 - 00000000 ____D C:\Users\kittenwoman\Documents\Missing Posters2017-03-06 09:00 - 2017-03-13 08:54 - 00041320 _____ C:\WINDOWS\ZAM_Guard.krnl.trace2017-03-05 09:10 - 2017-03-05 09:23 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk2017-03-05 09:10 - 2017-03-05 09:23 - 00002289 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk2017-03-05 09:10 - 2017-03-05 09:23 - 00002128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk2017-03-05 09:10 - 2017-03-05 09:10 - 00002219 _____ C:\Users\Public\Desktop\Adobe FormsCentral.lnk2017-03-05 09:10 - 2017-03-05 09:10 - 00002105 _____ C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk2017-03-04 08:52 - 2017-03-04 08:53 - 00000000 ____D C:\Users\kittenwoman\AppData\LocalLow\uTorrent2017-03-03 08:29 - 2017-03-05 17:40 - 00000000 ____D C:\Program Files\Common Files\AV2017-03-03 08:04 - 2017-03-03 08:04 - 00000000 ____D C:\Users\kittenwoman\Desktop\samsung2017-03-03 08:00 - 2017-03-03 08:04 - 00000000 ____D C:\Users\kittenwoman\Desktop\Google2017-02-28 07:52 - 2017-03-03 07:48 - 00000000 ___RD C:\Users\kittenwoman\Dropbox2017-02-26 08:13 - 2017-02-28 08:45 - 00000162 _____ C:\WINDOWS\discription.db2017-02-19 10:40 - 2013-05-08 07:23 - 00114280 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\acaptuser32.dll2017-02-18 10:55 - 2017-02-18 10:55 - 00000000 ____D C:\ProgramData\FLEXnet2017-02-18 10:35 - 2017-02-18 14:52 - 00000000 ____D C:\Intel2017-02-17 17:30 - 2017-02-18 10:08 - 00000000 ____D C:\Users\kittenwoman\AppData\Roaming\PDFescape Desktop2017-02-17 17:28 - 2017-02-17 17:28 - 00000000 ____D C:\ProgramData\PDFescape Desktop2017-02-16 00:23 - 2017-02-16 00:23 - 15630696 _____ (Intel Corporation) C:\WINDOWS\system32\igc64.dll2017-02-16 00:23 - 2017-02-16 00:23 - 13607808 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igc32.dll2017-02-16 00:23 - 2017-02-16 00:23 - 04316136 _____ (Intel Corporation) C:\WINDOWS\system32\igd12umd64.dll2017-02-16 00:23 - 2017-02-16 00:23 - 04284872 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd12umd32.dll2017-02-16 00:23 - 2017-02-16 00:23 - 02422512 _____ (Intel Corporation) C:\WINDOWS\system32\igdmd64.dll2017-02-16 00:23 - 2017-02-16 00:23 - 01883368 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdmd32.dll2017-02-16 00:23 - 2017-02-16 00:23 - 01841096 _____ (Intel Corporation) C:\WINDOWS\system32\iglhsip64.dll2017-02-16 00:23 - 2017-02-16 00:23 - 01838400 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhsip32.dll2017-02-16 00:23 - 2017-02-16 00:23 - 00323744 _____ (Intel Corporation) C:\WINDOWS\system32\igd10idpp64.dll2017-02-16 00:23 - 2017-02-16 00:23 - 00308504 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10idpp32.dll2017-02-16 00:23 - 2017-02-16 00:23 - 00253024 _____ (Intel Corporation) C:\WINDOWS\system32\iglhcp64.dll2017-02-16 00:23 - 2017-02-16 00:23 - 00233928 _____ (Intel Corporation) C:\WINDOWS\system32\igdde64.dll2017-02-16 00:23 - 2017-02-16 00:23 - 00215864 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhcp32.dll2017-02-16 00:23 - 2017-02-16 00:23 - 00194336 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmrt64.dll2017-02-16 00:23 - 2017-02-16 00:23 - 00193312 _____ (Intel Corporation) C:\WINDOWS\system32\igfx11cmrt64.dll2017-02-16 00:23 - 2017-02-16 00:23 - 00192160 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdde32.dll2017-02-16 00:23 - 2017-02-16 00:23 - 00170376 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmrt32.dll2017-02-16 00:23 - 2017-02-16 00:23 - 00170376 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfx11cmrt32.dll2017-02-16 00:23 - 2017-02-16 00:23 - 00064560 _____ (Intel Corporation) C:\WINDOWS\system32\igfxexps.dll2017-02-16 00:21 - 2017-02-16 00:21 - 29110296 _____ (Intel Corporation) C:\WINDOWS\system32\common_clang64.dll2017-02-16 00:21 - 2017-02-16 00:21 - 19870224 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\common_clang32.dll2017-02-16 00:21 - 2017-02-16 00:21 - 11750928 _____ (Intel Corporation) C:\WINDOWS\system32\ig75icd64.dll2017-02-16 00:21 - 2017-02-16 00:21 - 08740880 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ig75icd32.dll2017-02-16 00:21 - 2017-02-16 00:21 - 05697552 _____ (Intel Corporation) C:\WINDOWS\system32\igdmcl64.dll2017-02-16 00:21 - 2017-02-16 00:21 - 05271568 _____ (Intel Corporation) C:\WINDOWS\system32\GfxResources.dll2017-02-16 00:21 - 2017-02-16 00:21 - 04937240 _____ (Intel Corporation) C:\WINDOWS\system32\igdrcl64.dll2017-02-16 00:21 - 2017-02-16 00:21 - 04372504 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdrcl32.dll2017-02-16 00:21 - 2017-02-16 00:21 - 03980304 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdmcl32.dll2017-02-16 00:21 - 2017-02-16 00:21 - 01599504 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmjit64.dll2017-02-16 00:21 - 2017-02-16 00:21 - 01187344 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmjit32.dll2017-02-16 00:21 - 2017-02-16 00:21 - 01035768 _____ C:\WINDOWS\system32\igfxSDK.exe2017-02-16 00:21 - 2017-02-16 00:21 - 00976888 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv4_0.exe2017-02-16 00:21 - 2017-02-16 00:21 - 00973296 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv2_0.exe2017-02-16 00:21 - 2017-02-16 00:21 - 00713744 _____ (Intel Corporation) C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll2017-02-16 00:21 - 2017-02-16 00:21 - 00545272 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUMS64.exe2017-02-16 00:21 - 2017-02-16 00:21 - 00475640 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUIEx.exe2017-02-16 00:21 - 2017-02-16 00:21 - 00457208 _____ (Intel Corporation) C:\WINDOWS\system32\IntelCpHDCPSvc.exe2017-02-16 00:21 - 2017-02-16 00:21 - 00448016 _____ (Intel Corporation) C:\WINDOWS\system32\igdbcl64.dll2017-02-16 00:21 - 2017-02-16 00:21 - 00424984 _____ (Intel Corporation) C:\WINDOWS\system32\IntelOpenCL64.dll2017-02-16 00:21 - 2017-02-16 00:21 - 00410616 _____ C:\WINDOWS\system32\igfxTray.exe2017-02-16 00:21 - 2017-02-16 00:21 - 00398864 _____ (Intel Corporation) C:\WINDOWS\system32\igfxOSP.dll2017-02-16 00:21 - 2017-02-16 00:21 - 00397328 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdbcl32.dll2017-02-16 00:21 - 2017-02-16 00:21 - 00358896 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMCComp64.dll2017-02-16 00:21 - 2017-02-16 00:21 - 00327184 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelOpenCL32.dll2017-02-16 00:21 - 2017-02-16 00:21 - 00310264 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe2017-02-16 00:21 - 2017-02-16 00:21 - 00282128 _____ C:\WINDOWS\system32\igfxCPL.cpl2017-02-16 00:21 - 2017-02-16 00:21 - 00274960 _____ (Intel Corporation) C:\WINDOWS\system32\igdfcl64.dll2017-02-16 00:21 - 2017-02-16 00:21 - 00263696 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDTCM.dll2017-02-16 00:21 - 2017-02-16 00:21 - 00245752 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe2017-02-16 00:21 - 2017-02-16 00:21 - 00241144 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyApp.exe2017-02-16 00:21 - 2017-02-16 00:21 - 00240632 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyAppv2_0.exe2017-02-16 00:21 - 2017-02-16 00:21 - 00234008 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdfcl32.dll2017-02-16 00:21 - 2017-02-16 00:21 - 00221200 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v4531.dll2017-02-16 00:21 - 2017-02-16 00:21 - 00201744 _____ (Intel Corporation) C:\WINDOWS\system32\igdail64.dll2017-02-16 00:21 - 2017-02-16 00:21 - 00183800 _____ (Intel Corporation) C:\WINDOWS\system32\difx64.exe2017-02-16 00:21 - 2017-02-16 00:21 - 00182800 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdail32.dll2017-02-16 00:21 - 2017-02-16 00:21 - 00120336 _____ ( ) C:\WINDOWS\system32\igfxSDKLibv2_0.dll2017-02-16 00:21 - 2017-02-16 00:21 - 00112656 _____ (Khronos Group) C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll2017-02-16 00:21 - 2017-02-16 00:21 - 00112144 _____ C:\WINDOWS\system32\igfxCUIServicePS.dll2017-02-16 00:21 - 2017-02-16 00:21 - 00109584 _____ ( ) C:\WINDOWS\system32\igfxSDKLib.dll2017-02-16 00:21 - 2017-02-16 00:21 - 00108560 _____ (Khronos Group) C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll2017-02-16 00:21 - 2017-02-16 00:21 - 00103952 _____ ( ) C:\WINDOWS\system32\igfxDHLibv2_0.dll2017-02-16 00:21 - 2017-02-16 00:21 - 00093200 _____ ( ) C:\WINDOWS\system32\igfxDHLib.dll2017-02-16 00:21 - 2017-02-16 00:21 - 00061456 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxexps32.dll2017-02-16 00:21 - 2017-02-16 00:21 - 00037904 _____ ( ) C:\WINDOWS\system32\igfxDILibv2_0.dll2017-02-16 00:21 - 2017-02-16 00:21 - 00037904 _____ ( ) C:\WINDOWS\system32\igfxDILib.dll2017-02-16 00:21 - 2017-02-16 00:21 - 00036368 _____ ( ) C:\WINDOWS\system32\igfxEMLibv2_0.dll2017-02-16 00:21 - 2017-02-16 00:21 - 00036368 _____ ( ) C:\WINDOWS\system32\igfxEMLib.dll2017-02-16 00:21 - 2017-02-16 00:21 - 00031248 _____ ( ) C:\WINDOWS\system32\igfxLHMLibv2_0.dll2017-02-16 00:21 - 2017-02-16 00:21 - 00031248 _____ ( ) C:\WINDOWS\system32\igfxLHMLib.dll2017-02-13 16:08 - 2017-03-07 08:02 - 00000046 _____ C:\WINDOWS\main.ini==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2017-03-13 08:48 - 2016-10-31 18:07 - 00000000 ____D C:\Users\kittenwoman\AppData\Local\ClassicShell2017-03-13 08:26 - 2016-09-17 06:33 - 00000000 ____D C:\WINDOWS\system32\SleepStudy2017-03-13 07:52 - 2016-11-24 18:13 - 00000000 ____D C:\BackUps2017-03-13 07:46 - 2016-11-27 10:24 - 00000000 ____D C:\ProgramData\ProductData2017-03-13 07:45 - 2016-09-17 06:39 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat2017-03-13 07:45 - 2015-01-01 11:26 - 00000000 __SHD C:\Users\kittenwoman\IntelGraphicsProfiles2017-03-13 07:43 - 2016-09-17 07:07 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2017-03-12 17:56 - 2016-07-16 06:04 - 11796480 _____ C:\WINDOWS\system32\config\BBI2017-03-12 14:27 - 2016-08-28 17:48 - 00000000 ____D C:\Users\kittenwoman\AppData\Roaming\uTorrent2017-03-12 14:26 - 2015-01-02 12:51 - 00000000 __RHD C:\MSOCache2017-03-12 14:25 - 2017-01-22 11:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack2017-03-12 14:25 - 2016-08-29 08:33 - 00000000 ____D C:\Users\kittenwoman\AppData\Local\CrashDumps2017-03-12 14:25 - 2016-07-16 11:47 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files2017-03-12 13:51 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\AppReadiness2017-03-12 13:50 - 2016-08-28 16:57 - 00000000 ____D C:\Users\kittenwoman\AppData\Local\Packages2017-03-12 13:47 - 2016-07-16 11:47 - 00000000 ___HD C:\Program Files\WindowsApps2017-03-12 09:06 - 2017-01-31 10:29 - 00000000 ____D C:\Users\kittenwoman\Desktop\Missing Posters2017-03-12 09:05 - 2016-08-30 06:30 - 00000000 ____D C:\ProgramData\TEMP2017-03-12 09:00 - 2017-01-21 14:36 - 00000000 ____D C:\Users\kittenwoman\Documents\Corel PaintShop Pro2017-03-12 09:00 - 2017-01-21 12:07 - 00000000 ____D C:\Users\kittenwoman\AppData\Local\Corel PaintShop Pro2017-03-12 09:00 - 2016-08-28 17:41 - 00000000 ____D C:\ProgramData\Corel2017-03-12 08:59 - 2016-08-28 17:41 - 00000000 ____D C:\Program Files\Corel2017-03-12 08:59 - 2016-08-28 17:40 - 00000000 ____D C:\Program Files (x86)\Corel2017-03-11 14:24 - 2015-01-02 18:55 - 00000000 ____D C:\Users\kittenwoman\Documents\samsung2017-03-11 11:57 - 2016-07-16 11:45 - 00000000 ____D C:\WINDOWS\INF2017-03-11 08:02 - 2016-11-24 18:07 - 00000000 ____D C:\Users\_ashbackup_2017-03-11 07:49 - 2017-01-22 11:02 - 00000948 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job2017-03-11 07:49 - 2017-01-22 11:02 - 00000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job2017-03-10 09:34 - 2017-01-22 11:02 - 00003992 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA2017-03-10 09:34 - 2017-01-22 11:02 - 00003760 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore2017-03-10 09:34 - 2016-09-17 07:07 - 00003214 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_PushButton2017-03-10 09:33 - 2016-09-17 07:07 - 00003672 _____ C:\WINDOWS\System32\Tasks\WinZipBackGroundToolsTask2017-03-10 07:52 - 2017-01-22 11:02 - 00000000 ____D C:\Program Files (x86)\Dropbox2017-03-10 07:43 - 2016-09-17 06:44 - 00000000 ____D C:\Users\kittenwoman2017-03-09 11:27 - 2015-01-01 12:40 - 00000000 ____D C:\2-click run2017-03-09 10:56 - 2016-08-28 18:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Expression2017-03-09 10:46 - 2016-09-27 11:46 - 00000000 ____D C:\WINDOWS\Minidump2017-03-09 10:45 - 2015-04-24 10:43 - 00000000 ____D C:\Users\kittenwoman\Documents\lindadad2017-03-09 09:24 - 2016-10-20 16:31 - 00000000 ____D C:\Users\kittenwoman\Documents\PowerPoint2017-03-09 09:24 - 2015-08-12 08:55 - 00000000 ____D C:\Users\kittenwoman\Documents\Profile12017-03-09 09:24 - 2015-01-18 08:46 - 00000000 ____D C:\Users\kittenwoman\Documents\How to Create a Virtual Hard Drive in Windows 7_files2017-03-09 09:21 - 2016-05-27 16:34 - 00000000 ____D C:\Users\kittenwoman\Documents\houehunting2017-03-08 14:15 - 2016-10-23 17:13 - 00000000 ____D C:\Program Files (x86)\IObit2017-03-08 14:14 - 2016-10-23 17:13 - 00000000 ____D C:\Users\kittenwoman\AppData\Roaming\IObit2017-03-08 09:49 - 2016-11-14 14:24 - 00000000 ____D C:\Program Files (x86)\Wondershare2017-03-08 09:49 - 2016-08-29 07:43 - 00000000 ____D C:\Program Files (x86)\UltraISO2017-03-08 09:47 - 2017-01-20 14:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2017-03-07 14:07 - 2016-08-28 16:57 - 00000000 ____D C:\Users\kittenwoman\AppData\Roaming\Adobe2017-03-07 08:14 - 2016-08-28 15:38 - 00000167 _____ C:\WINDOWS\win.ini2017-03-06 11:24 - 2016-09-12 07:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell2017-03-06 11:24 - 2016-09-12 07:30 - 00000000 ____D C:\Program Files\Dell2017-03-06 11:20 - 2016-09-12 07:35 - 00000000 ____D C:\ProgramData\Dell2017-03-05 17:40 - 2016-07-16 11:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP2017-03-05 17:40 - 2016-07-16 06:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM2017-03-05 09:12 - 2016-09-29 08:40 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe2017-03-05 09:05 - 2016-09-29 08:36 - 00000000 ____D C:\Program Files (x86)\Adobe2017-03-05 09:05 - 2016-09-28 08:00 - 00000000 ____D C:\ProgramData\Adobe2017-03-05 07:56 - 2016-12-29 15:08 - 00002240 _____ C:\Users\Public\Desktop\Advanced SystemCare 10.lnk2017-03-04 12:16 - 2016-09-28 07:59 - 00000000 ____D C:\Users\kittenwoman\AppData\Local\Adobe2017-03-04 09:17 - 2017-01-15 10:10 - 00000000 ____D C:\Users\kittenwoman\AppData\Roaming\Wondershare2017-03-03 09:50 - 2016-09-12 07:27 - 00000000 ____D C:\ProgramData\DL_cats2017-03-03 08:29 - 2016-10-31 17:40 - 00000000 ____D C:\Program Files\Classic Shell2017-02-28 09:04 - 2016-09-01 06:15 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe2017-02-28 07:53 - 2017-01-22 11:02 - 00000000 ____D C:\Users\kittenwoman\AppData\Local\Dropbox2017-02-24 12:46 - 2016-07-16 11:36 - 00000000 ____D C:\WINDOWS\CbsTemp2017-02-24 10:35 - 2016-08-29 08:49 - 00000000 ____D C:\WINDOWS\system32\MRT2017-02-24 10:25 - 2016-08-29 08:48 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2017-02-18 13:42 - 2016-09-29 07:06 - 00000000 ____D C:\Users\kittenwoman\Documents\Outlook Files2017-02-18 10:35 - 2016-09-17 06:39 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat2017-02-17 14:10 - 2017-01-15 10:10 - 00000000 ____D C:\Users\kittenwoman\.android2017-02-17 09:24 - 2016-10-05 09:31 - 00000000 ____D C:\Users\kittenwoman\AppData\Local\Downloaded Installations2017-02-17 09:07 - 2017-01-22 10:57 - 00000000 ____D C:\Users\kittenwoman\AppData\Roaming\TeamViewer2017-02-16 00:24 - 2016-06-07 17:35 - 40213960 _____ (Intel Corporation) C:\WINDOWS\system32\igdumdim64.dll2017-02-16 00:24 - 2016-06-07 17:34 - 39246776 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdumdim32.dll2017-02-16 00:23 - 2016-06-07 17:35 - 06763136 _____ (Intel Corporation) C:\WINDOWS\system32\igdusc64.dll2017-02-16 00:23 - 2016-06-07 17:35 - 05193384 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdusc32.dll2017-02-16 00:23 - 2016-06-07 17:32 - 35131648 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd11dxva32.dll2017-02-16 00:23 - 2016-06-07 17:32 - 33775616 _____ (Intel Corporation) C:\WINDOWS\system32\igd11dxva64.dll2017-02-16 00:23 - 2016-06-07 17:31 - 15982784 _____ (Intel Corporation) C:\WINDOWS\system32\igd10iumd64.dll2017-02-16 00:23 - 2016-06-07 17:31 - 12798456 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10iumd32.dll2017-02-16 00:21 - 2016-09-17 06:39 - 00112656 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL2017-02-16 00:21 - 2016-09-17 06:39 - 00108560 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL2017-02-16 00:21 - 2016-06-07 17:24 - 00765456 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDH.dll2017-02-16 00:21 - 2016-06-07 17:24 - 00382456 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCUIService.exe2017-02-16 00:21 - 2016-06-07 17:24 - 00277496 _____ (Intel Corporation) C:\WINDOWS\system32\igfxHK.exe2017-02-16 00:21 - 2016-06-07 17:17 - 07974904 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd64.sys2017-02-16 00:21 - 2016-06-07 17:17 - 02150936 _____ (Intel Corporation) C:\WINDOWS\system32\igfxLHM.dll2017-02-16 00:21 - 2016-06-07 17:17 - 00407568 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDI.dll2017-02-16 00:21 - 2016-06-07 17:17 - 00363512 _____ (Intel Corporation) C:\WINDOWS\system32\igfxEM.exe==================== Files in the root of some directories =======2016-10-11 09:59 - 2016-10-11 09:59 - 0000000 _____ () C:\ProgramData\cmn_upld.log2016-09-12 07:31 - 2017-03-13 07:54 - 0056860 _____ () C:\ProgramData\Coinstaller.log2016-09-12 07:25 - 2016-09-28 08:34 - 0002095 _____ () C:\ProgramData\dleb.log2016-10-09 10:03 - 2016-10-11 11:36 - 0000492 _____ () C:\ProgramData\dlebDiagnostics.log2016-09-12 13:41 - 2017-03-03 09:49 - 0013210 _____ () C:\ProgramData\dlebJSW.log2016-09-12 07:28 - 2016-10-11 09:52 - 0008412 _____ () C:\ProgramData\dlebscan.log2016-09-17 06:40 - 2016-09-17 06:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl2016-09-12 07:28 - 2016-09-12 07:28 - 0000252 _____ () C:\ProgramData\FastPics.log2016-10-11 09:59 - 2016-10-11 09:59 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log2016-09-12 07:24 - 2016-09-12 07:24 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt==================== Bamital & volsnap ======================(There is no automatic fix for files that do not pass verification.)C:\WINDOWS\system32\winlogon.exe => File is digitally signedC:\WINDOWS\system32\wininit.exe => File is digitally signedC:\WINDOWS\explorer.exe => File is digitally signedC:\WINDOWS\SysWOW64\explorer.exe => File is digitally signedC:\WINDOWS\system32\svchost.exe => File is digitally signedC:\WINDOWS\SysWOW64\svchost.exe => File is digitally signedC:\WINDOWS\system32\services.exe => File is digitally signedC:\WINDOWS\system32\User32.dll => File is digitally signedC:\WINDOWS\SysWOW64\User32.dll => File is digitally signedC:\WINDOWS\system32\userinit.exe => File is digitally signedC:\WINDOWS\SysWOW64\userinit.exe => File is digitally signedC:\WINDOWS\system32\rpcss.dll => File is digitally signedC:\WINDOWS\system32\dnsapi.dll => File is digitally signedC:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signedC:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2017-03-04 15:40==================== End of FRST.txt ============================
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-03-2017Ran by kittenwoman (13-03-2017 08:57:14)Running from C:\Users\kittenwoman\DownloadsWindows 10 Home Version 1607 (X64) (2016-09-17 07:11:06)Boot Mode: Normal============================================================================== Accounts: =============================Administrator (S-1-5-21-968228177-1483763967-3137165155-500 - Administrator - Disabled)DefaultAccount (S-1-5-21-968228177-1483763967-3137165155-503 - Limited - Disabled)Guest (S-1-5-21-968228177-1483763967-3137165155-501 - Limited - Disabled)kittenwoman (S-1-5-21-968228177-1483763967-3137165155-1001 - Administrator - Enabled) => C:\Users\kittenwoman_ashbackup_ (S-1-5-21-968228177-1483763967-3137165155-1003 - Administrator - Enabled) => C:\Users\_ashbackup_==================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ======================(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)µTorrent (HKU\S-1-5-21-968228177-1483763967-3137165155-1001\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)Active@ ISO Burner 3.0 (HKLM-x32\...\{3B756F35-2504-429A-B36C-EA0961B6A2C0}_is1) (Version: 3.0 - LSoft Technologies Inc)Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.19 - Adobe Systems)Advanced SystemCare 10 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 10.1.0 - IObit)Ashampoo Backup 2016 (HKLM\...\{FDAE1FAD-57F8-6DCD-940E-885B7FB1CE43}_is1) (Version: 10.01 - Ashampoo GmbH & Co. KG)CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)Contents64 (Version: 19.1.0.12 - Corel Corporation) HiddenCorel PaintShop Pro X8 (HKLM-x32\...\_{85C69B9B-F9BD-4A60-BD83-F2B7E081ED39}) (Version: 18.2.0.61 - Corel Corporation)Corel VideoStudio Ultimate X9 (HKLM-x32\...\_{EE80DAA0-0071-475C-A222-F1782888FC55}) (Version: 19.3.0.18 - Corel Corporation)Dell P513w (HKLM\...\Dell P513w) (Version: - Dell, Inc.)Dell P513w (HKLM-x32\...\Dell P513w) (Version: - Dell, Inc.)Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.72 - Dell)Dell System Detect (HKU\S-1-5-21-968228177-1483763967-3137165155-1001\...\d24084d039586cae) (Version: 8.3.0.8 - Dell)Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.2 - Synaptics Incorporated)Dell Update - SupportAssist Update Plugin (HKLM\...\{92F651D9-4431-469E-9B11-299D007AF656}) (Version: 2.0.2.1835 - Dell Inc.)Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)Dropbox (HKLM-x32\...\Dropbox) (Version: 21.4.25 - Dropbox, Inc.)Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) HiddenHaali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )Herramientas de corrección de Microsoft Office 2016: español (Version: 16.0.4266.1001 - Microsoft Corporation) HiddenICA (x32 Version: 18.0.0.124 - Corel Corporation) HiddenICA (x32 Version: 19.1.0.12 - Corel Corporation) HiddenIntel(R) Chipset Device Software (x32 Version: 10.1.1.7 - Intel(R) Corporation) HiddenIntel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)IPM_PSP_COM64 (Version: 18.0.0.124 - Corel Corporation) HiddenIPM_VS_Pro64 (Version: 19.0 - Corel Corporation) HiddenJava 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)Microsoft Expression Web (HKLM-x32\...\WebDesigner) (Version: 12.0.6215.1000 - Microsoft Corporation)Microsoft Expression Web Service Pack 1 (SP1) (HKLM-x32\...\{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}) (Version: - Microsoft)Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)Microsoft OneDrive (HKU\S-1-5-21-968228177-1483763967-3137165155-1001\...\OneDriveSetup.exe) (Version: 17.3.6764.0111 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)Outils de vérification linguistique 2016 de Microsoft Office - Français (Version: 16.0.4266.1001 - Microsoft Corporation) HiddenPicasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)PSPPContent (x32 Version: 18.0.0.124 - Corel Corporation) HiddenPSPPHelp (x32 Version: 18.0.0.124 - Corel Corporation) HiddenPSPPro64 (Version: 18.0.0.124 - Corel Corporation) HiddenRealtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.)Samsung Kies3 (x32 Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.) HiddenSamsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)Setup (x32 Version: 18.0.0.124 - Corel Corporation) HiddenSetup (x32 Version: 19.1.0.12 - Corel Corporation) HiddenShare64 (Version: 19.1.0.12 - Corel Corporation) HiddenSharewareOnSale Notifier (HKU\S-1-5-21-968228177-1483763967-3137165155-1001\...\SharewareOnSale Notifier) (Version: 20 - SharewareOnSale)Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.5.0 - IObit)Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16121.3 - Samsung Electronics Co., Ltd.)Smart Switch (x32 Version: 4.1.16121.3 - Samsung Electronics Co., Ltd.) HiddenTomTom HOME (HKLM-x32\...\{B581E191-A2C1-4CE3-907E-9FE3C728750C}) (Version: 2.9.91 - TomTom)TreeSize Free V3.4.5 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software)Ultimate Creative Collection (X8) (HKLM-x32\...\_{556CA4DC-9EFC-4763-B78D-D40A92059AC6}) (Version: 1.0.0.121 - Corel Corporation)Ultimate Creative Collection (X8) (x32 Version: 1.0.0.121 - Corel Corporation) HiddenUpdate for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Update for Skype for Business 2016 (KB3141501) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{D7445990-15D2-466D-BA6D-588F28226F27}) (Version: - Microsoft)Update for Skype for Business 2016 (KB3141501) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{D7445990-15D2-466D-BA6D-588F28226F27}) (Version: - Microsoft)Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)VSClassic64 (Version: 19.1.0.12 - Corel Corporation) HiddenVSUltimate64 (Version: 19.1.0.12 - Corel Corporation) HiddenWinamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)Windows Care Genius 3.95 (HKLM-x32\...\Windows Care Genius_is1) (Version: 3.95 - tenorshare.com, Inc.)WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)WinZip 20.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24105}) (Version: 20.5.12118 - WinZip Computing, S.L. )Your Uninstaller! 7 (HKLM-x32\...\YU2010_is1) (Version: 7.5.2014.3 - URSoft, Inc.)==================== Custom CLSID (Whitelisted): ==========================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== Scheduled Tasks (Whitelisted) =============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)Task: {10898462-0438-4D02-AA61-9A397A68A1D1} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)Task: {22EC7EA7-A6E8-4E13-B83B-4C410FF45446} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-22] (Dropbox, Inc.)Task: {28604C2A-E261-43B2-8292-C647961AAB4A} - System32\Tasks\ASC10_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2016-12-05] (IObit)Task: {2BD479D0-8F20-43EE-B579-296465204691} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-11-25] (Realtek Semiconductor)Task: {4356F7C6-6D1A-4CB1-A5D4-A546416A96AD} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-02-17] (PC-Doctor, Inc.)Task: {4910B21E-41E7-4EFF-BCA8-430C69B0E89A} - System32\Tasks\Windows Care Genius PC Checkup Task => C:\Program Files (x86)\Windows Care Genius\WindowsCareGenius.exe [2017-03-07] (Tenorshare.com)Task: {4FDCF2EF-072E-447A-960D-CCA5D5A36384} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-22] (Dropbox, Inc.)Task: {5017CEB8-5D15-4624-9A87-FC18CC99556F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)Task: {5B9E8334-C21A-49AD-AAD1-0A66ECDAB405} - System32\Tasks\Windows Care Genius.job => C:\Program Files (x86)\Windows Care Genius\WCGTray.exe [2017-02-24] (Tenorshare.com)Task: {5DF940BC-D974-411D-A753-5D4F0F6D11B0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)Task: {79F52826-5453-4DCC-9F2E-9F34002BF0C8} - System32\Tasks\ASC10_SkipUac_kittenwoman => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2016-12-26] (IObit)Task: {88D65FB6-E0F4-4007-977A-D86A35D09E5C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-28] (Google Inc.)Task: {9713781C-2489-4A47-AC58-D38A1473B5DF} - System32\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Windows Care Genius\WCGTurbo.exe [2017-02-20] (Tenorshare.com)Task: {9CD5691B-AFB6-4D47-ACDB-CDA4CBB0CD79} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)Task: {A26E3282-76BF-4A19-BCD7-3071718F748A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-28] (Google Inc.)Task: {A3FAAF4F-A614-47BA-BBBA-494DEE357078} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)Task: {A6BA060B-58A3-4793-BD4B-106CDE609A48} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)Task: {BC966209-44E4-45E3-9551-87D8AF61D30C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)Task: {DEA516A2-8DE9-450B-9BEA-4DDF363A2A77} - System32\Tasks\IObitSelfCheckTask => C:\Program Files (x86)\IObit\Smart Defrag\IObitSelfCheck.exe [2016-10-18] (IObit)Task: {E89D5C61-1AF0-4A20-99B2-8BFDB4E13AD4} - System32\Tasks\WinZipBackGroundToolsTask => C:\Program Files\WinZip\WzBGTools.exe [2016-04-28] (WinZip Computing, S.L.)Task: {F7E7E26D-AF4C-4E55-897C-995F7811EAC0} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2017-02-17] (IObit)Task: {FFE30A86-9DA6-4B57-9818-399B0299F1DD} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2017-02-17] (IObit)(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exeTask: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exeTask: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe==================== Shortcuts =============================(The entries could be listed to be restored or removed.)==================== Loaded Modules (Whitelisted) ==============2016-07-16 11:42 - 2016-07-16 11:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll2016-12-16 13:03 - 2016-12-09 10:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll2016-09-17 06:39 - 2016-08-01 12:54 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2016-09-12 07:31 - 2009-11-04 07:17 - 00189440 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\dlebdrpp.dll2016-09-28 08:50 - 2010-05-21 14:03 - 00045224 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\dlebserv.exe2016-11-24 18:04 - 2016-04-21 08:43 - 00032064 _____ () c:\Program Files\Ashampoo\Ashampoo Backup 2016\bin\backupService-ab.exe2016-11-24 18:04 - 2016-04-21 08:43 - 00119104 _____ () c:\Program Files\Ashampoo\Ashampoo Backup 2016\bin\backupServiceLib.dll2016-11-24 18:04 - 2016-04-21 08:43 - 12083520 _____ () c:\Program Files\Ashampoo\Ashampoo Backup 2016\bin\backupCore.dll2016-11-24 18:04 - 2016-04-21 08:43 - 00174400 _____ () c:\Program Files\Ashampoo\Ashampoo Backup 2016\bin\deemon.dll2016-11-24 18:04 - 2016-04-21 08:43 - 00573760 _____ () c:\Program Files\Ashampoo\Ashampoo Backup 2016\bin\twirl.dll2016-11-24 18:04 - 2016-04-21 08:43 - 06356800 _____ () c:\Program Files\Ashampoo\Ashampoo Backup 2016\bin\ox.dll2016-11-24 18:04 - 2016-04-21 08:43 - 00388416 _____ () c:\Program Files\Ashampoo\Ashampoo Backup 2016\bin\tomb.dll2016-11-24 18:04 - 2016-03-02 11:59 - 01406464 _____ () c:\Program Files\Ashampoo\Ashampoo Backup 2016\bin\webdave.dll2016-11-24 18:04 - 2016-04-21 08:43 - 00388416 _____ () c:\Program Files\Ashampoo\Ashampoo Backup 2016\bin\crumb.dll2016-11-24 18:04 - 2016-03-02 11:59 - 00324096 _____ () c:\Program Files\Ashampoo\Ashampoo Backup 2016\bin\party.dll2016-11-24 18:04 - 2016-04-21 08:43 - 00589632 _____ () c:\Program Files\Ashampoo\Ashampoo Backup 2016\bin\veem.dll2016-11-24 18:04 - 2016-04-21 08:43 - 00068928 _____ () c:\Program Files\Ashampoo\Ashampoo Backup 2016\bin\minizutil.dll2016-11-24 18:04 - 2016-03-02 11:59 - 00220672 _____ () c:\Program Files\Ashampoo\Ashampoo Backup 2016\bin\jsoncpp.dll2016-11-24 18:04 - 2016-04-21 08:43 - 00061760 _____ () c:\Program Files\Ashampoo\Ashampoo Backup 2016\bin\lzmaUtil.dll2016-11-24 18:04 - 2016-04-21 08:43 - 00231744 _____ () c:\Program Files\Ashampoo\Ashampoo Backup 2016\bin\netutil.dll2016-11-24 18:04 - 2016-03-02 11:58 - 00091648 _____ () c:\Program Files\Ashampoo\Ashampoo Backup 2016\bin\ziputil.dll2016-11-24 18:04 - 2016-03-02 11:58 - 00022528 _____ () c:\Program Files\Ashampoo\Ashampoo Backup 2016\bin\zlibutil.dll2016-11-24 18:04 - 2016-04-21 08:43 - 00163136 _____ () c:\Program Files\Ashampoo\Ashampoo Backup 2016\bin\scoolite.dll2016-11-24 18:04 - 2016-03-02 11:58 - 00081920 _____ () c:\Program Files\Ashampoo\Ashampoo Backup 2016\bin\zdll.dll2016-11-24 18:04 - 2016-04-21 08:43 - 00031552 _____ () c:\Program Files\Ashampoo\Ashampoo Backup 2016\bin\lz4util.dll2016-11-24 18:04 - 2016-03-02 11:59 - 00049664 _____ () c:\Program Files\Ashampoo\Ashampoo Backup 2016\bin\lzma.dll2016-11-24 18:04 - 2016-03-02 11:59 - 00626688 _____ () c:\Program Files\Ashampoo\Ashampoo Backup 2016\bin\sqlite.dll2016-11-24 18:04 - 2016-03-02 11:58 - 00107008 _____ () c:\Program Files\Ashampoo\Ashampoo Backup 2016\bin\minizip.dll2016-11-24 18:04 - 2016-04-21 08:43 - 00049472 _____ () c:\Program Files\Ashampoo\Ashampoo Backup 2016\bin\lz4.dll2016-11-24 18:04 - 2016-04-21 08:43 - 00067904 _____ () c:\Program Files\Ashampoo\Ashampoo Backup 2016\bin\oxHelper.exe2016-12-16 13:03 - 2016-12-09 10:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll2016-09-17 15:23 - 2016-09-17 15:23 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll2017-01-12 16:18 - 2016-12-21 07:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll2017-01-12 16:16 - 2016-12-21 06:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll2017-01-12 16:16 - 2016-12-21 06:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll2017-01-12 16:16 - 2016-12-21 06:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll2017-01-12 16:16 - 2016-12-21 06:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll2017-01-12 16:16 - 2016-12-21 06:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll2017-01-12 16:16 - 2016-12-21 06:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll2016-06-14 05:25 - 2016-06-14 05:25 - 08911552 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll2017-02-07 10:12 - 2017-02-01 09:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll2017-02-07 10:12 - 2017-02-01 09:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll2015-03-25 02:18 - 2015-03-25 02:18 - 00798576 _____ () C:\Program Files\Corel\Corel PaintShop Pro X8 (64-bit)\PsiClient.dll2015-07-09 21:30 - 2016-04-16 03:05 - 06635456 _____ () C:\Program Files\Corel\Corel PaintShop Pro X8 (64-bit)\uipp.dll2017-02-14 17:07 - 2017-02-14 17:07 - 31178840 _____ () C:\Users\kittenwoman\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.221\pepflashplayer.dll2016-12-29 15:08 - 2016-08-18 18:43 - 00442144 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl2016-12-29 15:08 - 2016-08-18 18:43 - 00210720 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl2016-12-29 15:08 - 2016-08-18 18:43 - 00059680 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl2016-12-29 15:08 - 2016-11-01 10:11 - 00078624 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\GetProcessDLL.dll2017-03-08 14:15 - 2016-01-11 17:03 - 00899872 _____ () C:\Program Files (x86)\IObit\Smart Defrag\webres.dll2017-03-08 14:15 - 2016-01-11 17:02 - 00630048 _____ () C:\Program Files (x86)\IObit\Smart Defrag\ProductStatistics.dll2015-06-24 00:07 - 2015-06-24 00:07 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll==================== Alternate Data Streams (Whitelisted) =========(If an entry is included in the fixlist, only the ADS will be removed.)AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51 [152]==================== Safe Mode (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"==================== Association (Whitelisted) ===============(If an entry is included in the fixlist, the registry item will be restored to default or removed.)==================== Internet Explorer trusted/restricted ===============(If an entry is included in the fixlist, it will be removed from the registry.)==================== Hosts content: ===============================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2016-08-28 15:38 - 2016-11-20 12:15 - 00000826 ____A C:\WINDOWS\system32\Drivers\etc\hosts==================== Other Areas ============================(Currently there is no automatic fix for this section.)HKU\S-1-5-21-968228177-1483763967-3137165155-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\kittenwoman\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaperHKU\S-1-5-21-968228177-1483763967-3137165155-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpgDNS Servers: 192.168.0.1HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)Windows Firewall is enabled.==================== MSCONFIG/TASK MANAGER disabled items ==HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"HKLM\...\StartupApproved\StartupFolder: => "FAH.lnk"HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk"HKLM\...\StartupApproved\Run: => "RTHDVCPL"HKLM\...\StartupApproved\Run: => "RtHDVBg"HKLM\...\StartupApproved\Run: => "Corel Update Helper"HKLM\...\StartupApproved\Run: => "IAStorIcon"HKLM\...\StartupApproved\Run: => "WindowsDefender"HKLM\...\StartupApproved\Run32: => "PSUAMain"HKLM\...\StartupApproved\Run32: => "SynTPEnh"HKLM\...\StartupApproved\Run32: => "EzPrint"HKLM\...\StartupApproved\Run32: => "dlebmon.exe"HKLM\...\StartupApproved\Run32: => "IAStorIcon"HKLM\...\StartupApproved\Run32: => "AvgUi"HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"HKU\S-1-5-21-968228177-1483763967-3137165155-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"HKU\S-1-5-21-968228177-1483763967-3137165155-1001\...\StartupApproved\Run: => "uTorrent"HKU\S-1-5-21-968228177-1483763967-3137165155-1001\...\StartupApproved\Run: => "OneDrive"HKU\S-1-5-21-968228177-1483763967-3137165155-1001\...\StartupApproved\Run: => "CCleaner Monitoring"HKU\S-1-5-21-968228177-1483763967-3137165155-1001\...\StartupApproved\Run: => "StickyPassword"HKU\S-1-5-21-968228177-1483763967-3137165155-1001\...\StartupApproved\Run: => "DellSystemDetect"HKU\S-1-5-21-968228177-1483763967-3137165155-1001\...\StartupApproved\Run: => "TomTomHOME.exe"HKU\S-1-5-21-968228177-1483763967-3137165155-1001\...\StartupApproved\Run: => "SharewareOnSale Notifier"HKU\S-1-5-21-968228177-1483763967-3137165155-1001\...\StartupApproved\Run: => "Advanced SystemCare 10"==================== FirewallRules (Whitelisted) ===============(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139FirewallRules: [{8FEE68C6-AC58-437A-9E09-A11995C87698}] => (Allow) C:\WINDOWS\system32\DLEBcoms.exeFirewallRules: [{F4DE1C99-AD4F-4EB0-BCF5-DFF438FD0441}] => (Allow) C:\WINDOWS\system32\dlebcoms.exeFirewallRules: [{7145E270-6B27-491B-8A35-758B7C009E0F}] => (Allow) C:\Users\kittenwoman\AppData\Roaming\uTorrent\uTorrent.exeFirewallRules: [{B25FE1E6-AFF2-4AE5-9E13-04F3EE21B709}] => (Allow) C:\Users\kittenwoman\AppData\Roaming\uTorrent\uTorrent.exeFirewallRules: [TCP Query User{E8609CBD-B22C-4E8E-8928-4E88CE32DFFF}C:\windows\syswow64\dlebcoms.exe] => (Allow) C:\windows\syswow64\dlebcoms.exeFirewallRules: [UDP Query User{67F5D56D-B5A4-4A64-A881-045E52802DDE}C:\windows\syswow64\dlebcoms.exe] => (Allow) C:\windows\syswow64\dlebcoms.exeFirewallRules: [{5E4C7B32-D61C-4C8D-941B-5B79E5B94403}] => (Block) C:\windows\syswow64\dlebcoms.exeFirewallRules: [{972EC818-3CAA-4A53-9EF7-2482A066B5FA}] => (Block) C:\windows\syswow64\dlebcoms.exeFirewallRules: [{3E76AEAA-2414-4F96-9C33-CDB1FDE5DDEA}] => (Allow) C:\WINDOWS\system32\DLEBcoms.exeFirewallRules: [{3FB2877A-85C8-4821-9463-1E7399BC2EEC}] => (Allow) C:\WINDOWS\system32\DLEBcoms.exeFirewallRules: [{0786F14C-730F-48F6-A5D0-BA89930B86FA}] => (Allow) C:\WINDOWS\system32\DLEBcoms.exeFirewallRules: [TCP Query User{901CF356-CEDB-466A-BAED-77C053695414}C:\users\kittenwoman\appdata\roaming\utorrent\updates\3.4.9_42606.exe] => (Allow) C:\users\kittenwoman\appdata\roaming\utorrent\updates\3.4.9_42606.exeFirewallRules: [UDP Query User{2CD99993-F3B6-4404-BE36-B5D1378A12AF}C:\users\kittenwoman\appdata\roaming\utorrent\updates\3.4.9_42606.exe] => (Allow) C:\users\kittenwoman\appdata\roaming\utorrent\updates\3.4.9_42606.exeFirewallRules: [TCP Query User{64D9845E-B969-4840-8094-BF7893025FAE}C:\users\kittenwoman\appdata\roaming\utorrent\updates\3.4.9_42606.exe] => (Allow) C:\users\kittenwoman\appdata\roaming\utorrent\updates\3.4.9_42606.exeFirewallRules: [UDP Query User{50DC4C88-F821-475B-90DC-6A3DE1C171B5}C:\users\kittenwoman\appdata\roaming\utorrent\updates\3.4.9_42606.exe] => (Allow) C:\users\kittenwoman\appdata\roaming\utorrent\updates\3.4.9_42606.exeFirewallRules: [{A283CBFA-B83C-4862-B380-D4D44A87AD66}] => (Allow) C:\Users\kittenwoman\AppData\Roaming\uTorrent\uTorrent.exeFirewallRules: [{A3F0684D-6164-40E8-8F30-33D201877289}] => (Allow) C:\Users\kittenwoman\AppData\Roaming\uTorrent\uTorrent.exeFirewallRules: [{89F71FB1-718E-4C98-AC0A-82D0AE688245}] => (Allow) C:\Users\kittenwoman\AppData\Roaming\uTorrent\uTorrent.exeFirewallRules: [{F77B707E-15AE-496C-94E0-8DAC8F3FC604}] => (Allow) C:\Users\kittenwoman\AppData\Roaming\uTorrent\uTorrent.exeFirewallRules: [{D15964F1-6436-4208-B7E4-475E2C6D4B28}] => (Allow) C:\Users\kittenwoman\AppData\Roaming\uTorrent\uTorrent.exeFirewallRules: [{3BA6259B-6A85-4CA5-94B4-6EC170E7A427}] => (Allow) C:\Users\kittenwoman\AppData\Roaming\uTorrent\uTorrent.exeFirewallRules: [{DAB29D8E-39F2-4841-A0B6-E238ADF4D521}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exeFirewallRules: [{6FFE1C3F-FA01-4281-B716-4A82CF1074DB}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exeFirewallRules: [{88EC7B5B-F9CB-45F4-8424-4CD595DC1DA2}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exeFirewallRules: [{5A3A1C21-9ADC-42A6-A910-C1335857321F}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exeFirewallRules: [{B601494B-C172-4FE8-BC79-D9D124A93DE4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exeFirewallRules: [{3D7FBB5A-A860-4474-80D0-B13AC69A2333}] => (Block) C:\Program Files (x86)\AdobeFirewallRules: [{E96002D8-CD70-4CFF-8A1F-8D6F918B378F}] => (Block) C:\Program Files (x86)\Adobe\Acrobat 11.0FirewallRules: [{8197B931-40AB-416B-A468-60E68DED469D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe==================== Restore Points ============================================= Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (03/13/2017 07:51:04 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )Description: Event-ID 0Error: (03/13/2017 07:50:26 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.Details:AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.System Error:Access is denied..Error: (03/13/2017 07:45:43 AM) (Source: ESENT) (EventID: 455) (User: )Description: taskhostw (3568) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\kittenwoman\AppData\Local\Microsoft\Windows\WebCache\V0100049.log.Error: (03/12/2017 02:46:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.Details:AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.System Error:Access is denied..Error: (03/12/2017 02:31:24 PM) (Source: SideBySide) (EventID: 59) (User: )Description: Activation context generation failed for "C:\DELL\drivers\P513w\drivers\win_xp2k\x64\DLEBsm64.dll".Error in manifest or policy file "C:\DELL\drivers\P513w\drivers\win_xp2k\x64\DLEBsm64.dll" on line 9.Invalid Xml syntax.Error: (03/12/2017 02:31:23 PM) (Source: SideBySide) (EventID: 59) (User: )Description: Activation context generation failed for "C:\DELL\drivers\P513w\drivers\win_xp2k\i386\DLEBsm.dll".Error in manifest or policy file "C:\DELL\drivers\P513w\drivers\win_xp2k\i386\DLEBsm.dll" on line 9.Invalid Xml syntax.Error: (03/12/2017 02:31:20 PM) (Source: SideBySide) (EventID: 59) (User: )Description: Activation context generation failed for "C:\Windows\System32\dlebsm.dll".Error in manifest or policy file "C:\Windows\System32\dlebsm.dll" on line 9.Invalid Xml syntax.Error: (03/12/2017 02:31:18 PM) (Source: SideBySide) (EventID: 59) (User: )Description: Activation context generation failed for "C:\Windows\SysWOW64\DLEBsm.dll".Error in manifest or policy file "C:\Windows\SysWOW64\DLEBsm.dll" on line 9.Invalid Xml syntax.Error: (03/12/2017 01:41:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.Details:AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.System Error:Access is denied..Error: (03/12/2017 01:38:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.Details:AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.System Error:Access is denied..System errors:=============Error: (03/13/2017 08:27:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.Error: (03/13/2017 07:46:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Dell Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.Error: (03/13/2017 07:46:37 AM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Dell Update Service service to connect.Error: (03/12/2017 05:55:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.Error: (03/12/2017 03:08:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.Error: (03/12/2017 02:45:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.Error: (03/12/2017 02:19:28 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The WCG Boot Assistant service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.Error: (03/12/2017 02:19:19 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The Wise Boot Assistant service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.Error: (03/12/2017 12:57:01 PM) (Source: volsnap) (EventID: 36) (User: )Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.Error: (03/12/2017 11:37:30 AM) (Source: volsnap) (EventID: 36) (User: )Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.CodeIntegrity:=================================== Date: 2017-03-11 14:32:10.881 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e8 6\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-03-11 14:32:03.094 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-03-07 11:43:12.216 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e8 6\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-03-07 11:43:07.012 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-03-05 17:57:23.816 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e8 6\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-03-05 17:57:21.988 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-26 09:49:45.914 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e8 6\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-26 09:49:42.891 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-24 10:22:03.923 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvdmwu.inf_amd64_26aa6356770b2e8 6\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-02-24 10:21:57.015 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHzPercentage of memory in use: 41%Total physical RAM: 8095.81 MBAvailable physical RAM: 4763.93 MBTotal Virtual: 8607.81 MBAvailable Virtual: 4322.38 MB==================== Drives ================================Drive c: (OS) (Fixed) (Total:921.07 GB) (Free:38.94 GB) NTFSDrive z: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.7 GB) NTFS==================== MBR & Partition Table ====================================== End of Addition.txt ============================
    Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    Make sure that Addition option is checked.
    Press Scan button.
    It will produce a log called FRST.txt in the same directory the tool is run from.
    Please copy and paste log back here.
    The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.[/QUOTE]
      My ComputerSystem Spec
  9.    13 Mar 2017 #29
    Join Date : Aug 2015
    Posts : 611
    W10 Home 1703

    Lets try these 2 things if you could:

    Post a screen shot of your C: drive
    Click on the folder icon (Windows Explorer) to the left of the Task Bar > in the window that opens up, click to highlight Local Disk C: on the left > and screenshoot everything you see there.

    Post a screen shot of Disk Management
    Start > Windows Administrative Tools > Computer Management > Storage: Disk Management
    (If no Administrative Tools then just search for Computer Management)
    Expand the window so you can see everything (all columns and rows)
    Then screenshoot that.

    Let's see what we can see.
      My ComputerSystem Spec

 
Page 3 of 3 FirstFirst 123


Similar Threads
Thread Forum
Dell inspiron 3542
Hi, I have a Dell inspiron 3542 running Windows 8.1, and I want to upgrade it to Windows 10. Are there any model-specific problems I can expect, as in anything specific with this laptop type? If so, how can I avoid them before upgrading? Thanks
General Support
Solved Dell Inspiron 3543
Hi folks never had a BSOD in the last year and 4 months that ive had this lappy now ive had 2 in 12 hours what would the issue be ? i hope the tool got all the relevant stuff. thanks
BSOD Crashes and Debugging
Dell Inspiron 3542
Windows updates couldn't find them. Windows 10 Pro 64-bit (10.0, Build 10586) Screenshot of outdated drivers: 57483
Drivers and Hardware
How do I fix my Dell Inspiron laptop?
I feel frazzled and abandoned. Since downloading the Windows 10 update last week my laptop has been rendered completely useless. I can boot it up, sign into windows but in less than 3 minutes I receive the new equivalent of the blue screen of...
General Support
Solved Dell Inspiron
Hi I have been having trouble starting my dell Inspiron 6400 it was last running Windows 10 Build 9841. it was working fine with no problems at all until one morning when I tried to turn it on it was not showing Dell Logo just turning on and...
BSOD Crashes and Debugging
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 12:53.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums