Solved Pop Up Hell Continues

Chelsey Zero · Oct 1, 2015

So, I've been having insanely awful pop ups, constantly.
I started a thread not too long ago, and recieved some great help. I purchased a years worth of ReImage PC repair, that is working right now.
I also have pop-up blocker on my google chrome, but it doesn't seem to always help.
I'm really hoping that the malware or virus's are removed, and I'm rather broke and can't afford more than what I have already invested in, being it was a link attatched to the last thread I started.
But I can't click anywhere on my laptop without a new window opening up and it's hard to close it without the sound of a "pop up detected" thing blasting on the speaker. It's extremely aggrivating, being that I use my laptop for multiple school uses.
More help would be really appreciated,
Cheers.

Chelsey Zero · Oct 1, 2015

Also, LOTS of words will be in large, blue, bold format, and god forbid if I accidentally click them. Constant adds popping up as well.

Broni · Oct 1, 2015

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================

I strongly suggest you uninstall Reimage, which is nothing but a scam and waste of your money.
On a top of it it may cause more problem for your computer than fix anything.

Chelsey Zero · Oct 1, 2015

How do I reinstall it and get my money back? I literally just bought it but now I'm getting worried...
I found the link of it on one of the recommended links on this site...

Broni · Oct 1, 2015

Uninstall it through Control Panel>Programs & Features.
As for money back, I'm not sure. You can try contact Reimage.
As for it being advertised here I'll contact this site owner.

Chelsey Zero · Oct 1, 2015

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-09-2015
Ran by Zee (administrator) on SIEGFRIED (01-10-2015 16:51:49)
Running from C:\Users\Zee\Downloads
Loaded Profiles: Zee (Available Profiles: Zee)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Kromtech) C:\Program Files\Kromtech\Common\AccountService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Kromtech) C:\Program Files\Kromtech\PCKeeper\OneClickFixService.exe
() C:\Windows\SysWOW64\PSIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Kromtech) C:\Program Files\Kromtech\PCKeeper\PCKeeperService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\Zee\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kromtech) C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe
(Spotify Ltd) C:\Users\Zee\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Zee\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
Apple

Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files Java

\Java Update\jusched.exe
(Spotify Ltd) C:\Users\Zee\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Zee\AppData\Roaming\Spotify\Spotify.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ASUSTeK Computer

Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer

Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype Phone

\Skype.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Kromtech) C:\Program Files\Kromtech\PCKeeper\PCKElevatedHost.exe
(Microsoft Corporation) C:\Users\Zee\AppData\Local\Temp\C65D3B7E-EC07-47A2-9746-18E216493CBC\DismHost.exe
(Microsoft Corporation) C:\Users\Zee\AppData\Local\Temp\2951A43F-82C0-4437-910E-3CF35233E96A\DismHost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
Reimage

®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
() C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
(reimage) C:\Program Files\Reimage Reimage Repair

\Reimage.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\DNS Unlocker\dnselsmore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [79376 2013-07-31] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files iTunes

\iTunesHelper.exe [170256 2015-09-15] Apple

Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-26] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-18] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: Adobe

ARM] => C:\Program Files (x86)\Common Files Adobe

\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Kufab] => C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Zee\AppData Local

\79ABD6~1\Gefok.dat"
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-219251710-3609435933-1062541636-1001\...\Run: Driver Support

] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false
HKU\S-1-5-21-219251710-3609435933-1062541636-1001\...\Run: [Spotify Web Helper] => C:\Users\Zee\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2025016 2015-09-19] (Spotify Ltd)
HKU\S-1-5-21-219251710-3609435933-1062541636-1001\...\Run: [GoogleChromeAutoLaunch_429EA7A6AFFDF60B477DCFBFAB034A53] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-07] (Google Inc.)
HKU\S-1-5-21-219251710-3609435933-1062541636-1001\...\Run: [PCKeeper2] => C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe [915888 2015-07-07] (Kromtech)
HKU\S-1-5-21-219251710-3609435933-1062541636-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype Phone

\Skype.exe [55358992 2015-09-04] (Skype Technologies S.A.)
HKU\S-1-5-21-219251710-3609435933-1062541636-1001\...\Run: [Spotify] => C:\Users\Zee\AppData\Roaming\Spotify\Spotify.exe [7571000 2015-09-19] (Spotify Ltd)
HKU\S-1-5-21-219251710-3609435933-1062541636-1001\Control Panel Desktop

\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [217088 2014-10-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-219251710-3609435933-1062541636-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 12.127.16.67 12.127.17.71
Tcpip\..\Interfaces\{517C7435-7394-4CC6-8FE0-CF55D21C445A}: [NameServer] 82.163.143.172,82.163.142.174
Tcpip\..\Interfaces\{517C7435-7394-4CC6-8FE0-CF55D21C445A}: [DhcpNameServer] 12.127.16.67 12.127.17.71

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-219251710-3609435933-1062541636-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130850026659167361&GUID=2110083A-08F2-4835-8264-2C2F9B6B5A02
HKU\S-1-5-21-219251710-3609435933-1062541636-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-219251710-3609435933-1062541636-1001 -> DefaultScope {15573B70-CEDB-46CA-BD97-1204A59CA0EA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-219251710-3609435933-1062541636-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333527&octid=EB_ORIGINAL_CTID&ISID=M28A9DCAE-80E4-4101-A319-3EE6422D513D&SearchSource=58&CUI=&UM=8&UP=SP2C45CFA0-8759-45E5-9B51-F5036DD4D3BB&D=063015&q={searchTerms}&SSPV=SP302TA_sp_ie
SearchScopes: HKU\S-1-5-21-219251710-3609435933-1062541636-1001 -> {15573B70-CEDB-46CA-BD97-1204A59CA0EA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-219251710-3609435933-1062541636-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-31] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-31] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2014-12-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-12-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.5\npGoogleUpdate3.dll [2015-08-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.5\npGoogleUpdate3.dll [2015-08-11] (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.4 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2010-06-20] (Wacom, Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/","hxxp://search.genieo.com/?v=genTugM","hxxp://maclab.academyart.edu/wiki/projects/maclab/blog","hxxps://wirelessauth1.academyart.edu/login.html?redirect=www.gstatic.com/generate_204","hxxp://www.academyart.edu/","hxxp://vosteran.com/?f=7&a=vst_ggbc_14_48_ch&cd=2XzuyEtN2Y1L1Qzu0EtDtA0FyEzy0D0Dzz0E0EyB0Bzy0DtBtN0D0Tzu0StCtDyCtDtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0EyE0B0D0E0DyCtG0FtBtA0BtGtD0AzzzztGzztDtBzztGtD0CtD0F0DtDyC0D0AyCyCyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtDyD0A0EyBzyzytG0BtByCtAtGyE0Bzy0EtG0AyByCzytGzy0F0EtB0DtAzztCzytAtD0B2Q&cr=1720223081&ir=","hxxp://www.trovi.com/?gd=&ctid=CT3333527&octid=EB_ORIGINAL_CTID&ISID=M28A9DCAE-80E4-4101-A319-3EE6422D513D&SearchSource=55&CUI=&UM=8&UP=SP2C45CFA0-8759-45E5-9B51-F5036DD4D3BB&D=063015&SSPV=SP302TA_sp_ch"
CHR Profile: C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-06-30]
CHR Extension: (Entanglement Web App) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2015-09-10]
CHR Extension: (Your Second Phone) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\afgcliennfocnaoenlkmlhoakpaflpgo [2015-09-10]
CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2015-09-10]
CHR Extension: (Google Drive) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-30]
CHR Extension: (AdBlock for Grooveshark) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfoohbomhfjbdpdipnenfaoandbhkbmg [2015-06-30]
CHR Extension: (Adblock Plus) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-08]
CHR Extension: (Learn Italian - Molto Bene) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadgddaepklpemjojmnhgdjmmkmefihe [2015-09-10]
CHR Extension: (Pixlr-o-matic) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj [2015-09-10]
CHR Extension: (AdBlock) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-06-30]
CHR Extension: (Cut the Rope) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2015-09-10]
CHR Extension: (ExhibitCore Floor Planner) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkppejbflghogimlfghbaigiekmjpalf [2015-09-10]
CHR Extension: (Skyrama) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlehaidnnmjjkhgbbiombcdifogolhap [2015-09-10]
CHR Extension: (Wave Accounting) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\knpkfcpnjfbniadmfchjpcigfhookhaa [2015-09-10]
CHR Extension: (Evernote Web) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-09-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-17]
CHR Extension: (Skype Click to Call) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-08]
CHR Extension: (TumTaster) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nanfbkacbckngfcklahdgfagjlghfbgm [2015-06-30]
CHR Extension: (GW2TP) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchjpcdehbipdfjapdmgnoljndealpbd [2015-06-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-08]
CHR Extension: (Tumblr Savior) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip [2015-06-30]
CHR Extension: (My Chrome Theme) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2015-06-30]
CHR Extension: (Instagram for Chrome) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2015-06-30]
CHR Extension: (Gir Theme) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pifnaclcibjejklkfjegfcbagcdkidim [2015-06-30]
CHR Extension: (BodBot Personal Fit Trainer) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppnkdiaelidjhcebhmgemlpnghbdgjhk [2015-09-10]
CHR Extension: (Extutil) - C:\Users\Zee\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B [2015-06-30]
CHR Extension: (Managera) - C:\Users\Zee\AppData\Local\Temp\39fdaae5-8e0e-493c-88ec-e05c3be06e42 [2015-06-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 5965d732; c:\Program Files (x86)\ProcessProc\ProcessProc.dll [2662912 2015-06-30] () [File not signed]
R2 AccountService; C:\Program Files\Kromtech\Common\AccountService.exe [211248 2015-02-04] (Kromtech) <==== ATTENTION
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-07-23] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-18] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83032 2013-07-31] (Intel Corporation)
R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [100032 2013-07-31] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [84568 2013-07-31] (Intel Corporation)
R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [92864 2013-07-31] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-31] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-31] (Intel Corporation)
R2 PCKeeper2Service; C:\Program Files\Kromtech\PCKeeper\PCKeeperService.exe [191792 2015-07-07] (Kromtech) <==== ATTENTION
R2 PCKeeperOcfService; C:\Program Files\Kromtech\PCKeeper\OneClickFixService.exe [1136856 2015-07-07] (Kromtech) <==== ATTENTION
U2 ProtexisLicensing; C:\WINDOWS\SysWOW64\PSIService.exe [177704 2007-06-05] ()
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7743472 2015-08-19] (Reimage®)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70416 2013-09-23] (ASUS Corporation)
R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [57216 2013-07-31] (Intel Corporation)
R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [120256 2013-07-31] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [200808 2013-07-31] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 fileHiders; C:\Windows\System32\DRIVERS\fileHiders.sys [32696 2015-07-07] () <==== ATTENTION
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-31] (Intel Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-07-23] (Windows (R) Win 7 DDK provider)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [460872 2013-03-08] (RTS Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]
S1 {91975f83-f39c-43cf-aad4-0b3396b0f6db}Gw64; system32\drivers\{91975f83-f39c-43cf-aad4-0b3396b0f6db}Gw64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-01 16:51 - 2015-10-01 16:53 - 00025588 _____ C:\Users\Zee\Downloads\FRST.txt
2015-10-01 16:51 - 2015-10-01 16:51 - 00000000 ____D C:\FRST
2015-10-01 16:50 - 2015-10-01 16:50 - 02192384 _____ (Farbar) C:\Users\Zee\Downloads\FRST64.exe
2015-10-01 16:48 - 2015-10-01 16:48 - 00002259 _____ C:\WINDOWS\epplauncher.mif
2015-10-01 16:48 - 2015-10-01 16:48 - 00000000 ____D C:\151a20f458a77dea01ad33b5a9c5
2015-10-01 16:47 - 2015-10-01 16:47 - 00000000 ____D C:\Users\Zee\Desktop\Surrealism
2015-10-01 16:46 - 2015-10-01 16:48 - 14243008 _____ (Microsoft Corporation) C:\Users\Zee\Downloads\mseinstall64.exe
2015-10-01 16:22 - 2015-10-01 16:26 - 00000000 ____D C:\ReimageUndo
2015-10-01 16:04 - 2015-10-01 16:04 - 00004272 _____ C:\WINDOWS\System32\Tasks\ReimageUpdater
2015-10-01 16:03 - 2015-10-01 16:21 - 00000000 ____D C:\rei
2015-10-01 16:03 - 2015-10-01 16:04 - 00000000 ____D C:\ProgramData\Reimage Protector
2015-10-01 16:03 - 2015-10-01 16:04 - 00000000 ____D C:\Program Files\Reimage
2015-10-01 16:03 - 2015-10-01 16:03 - 00001919 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2015-10-01 16:03 - 2015-10-01 16:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
2015-10-01 16:00 - 2015-10-01 16:05 - 00000139 _____ C:\WINDOWS\Reimage.ini
2015-10-01 15:57 - 2015-10-01 16:06 - 00772016 _____ (Reimage®) C:\Users\Zee\Downloads\reimagerepair.exe
2015-09-30 14:53 - 2015-09-30 21:41 - 00000000 ____D C:\Users\Zee\Desktop\School
2015-09-28 17:24 - 2015-09-28 18:52 - 37822087 _____ C:\Users\Zee\Desktop\Death Acolyte.psd
2015-09-24 16:50 - 2015-09-24 16:50 - 00001767 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-09-24 16:50 - 2015-09-24 16:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-09-24 16:49 - 2015-09-24 16:50 - 00000000 ____D C:\Program Files\iTunes
2015-09-24 16:49 - 2015-09-24 16:49 - 00000000 ____D C:\Program Files\iPod
2015-09-24 16:49 - 2015-09-24 16:49 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-09-24 16:45 - 2015-09-24 16:45 - 00000000 ____D C:\Program Files\Bonjour
2015-09-24 16:45 - 2015-09-24 16:45 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-09-24 16:44 - 2015-09-24 16:44 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2015-09-24 16:44 - 2015-09-24 16:44 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-09-19 22:58 - 2015-09-19 22:58 - 00484118 _____ C:\Users\Zee\Downloads\ROTTEN LOUSY KID (1).wmv
2015-09-19 22:53 - 2015-09-19 22:53 - 00484118 _____ C:\Users\Zee\Downloads\ROTTEN LOUSY KID.wmv
2015-09-19 22:44 - 2015-09-19 22:44 - 02579068 _____ C:\Users\Zee\Downloads\Starboard.wmv
2015-09-19 22:44 - 2015-09-19 22:44 - 01575776 _____ C:\Users\Zee\Downloads\GROSSEST.wmv
2015-09-19 22:43 - 2015-09-19 22:44 - 01897812 _____ C:\Users\Zee\Downloads\TRASHY HALLOWEEN.wmv
2015-09-19 22:43 - 2015-09-19 22:44 - 01359536 _____ C:\Users\Zee\Downloads\HOLIDAY SHAYE.wmv
2015-09-19 22:43 - 2015-09-19 22:43 - 02410506 _____ C:\Users\Zee\Downloads\Thrift Store.wmv
2015-09-19 22:43 - 2015-09-19 22:43 - 01738540 _____ C:\Users\Zee\Downloads\OUT FOR A PUSH.wmv
2015-09-19 22:43 - 2015-09-19 22:43 - 01721926 _____ C:\Users\Zee\Downloads\Happy-Turkey-Day-excerpt.wmv
2015-09-19 22:42 - 2015-09-19 22:42 - 02572102 _____ C:\Users\Zee\Downloads\WIRE THERAPY.wmv
2015-09-19 22:42 - 2015-09-19 22:42 - 00541092 _____ C:\Users\Zee\Downloads\WASHROOM1.wmv
2015-09-19 22:28 - 2015-09-19 22:28 - 00456208 _____ C:\Users\Zee\Downloads\hollywood-hello.wmv
2015-09-16 20:35 - 2015-09-16 20:37 - 00000000 ____D C:\Users\Zee\Downloads\twins
2015-09-16 20:34 - 2015-09-16 20:34 - 06951980 _____ C:\Users\Zee\Downloads\twins.zip
2015-09-14 21:24 - 2015-09-20 00:06 - 00000000 ____D C:\Users\Zee\Desktop\10 artists
2015-09-14 11:04 - 2015-09-14 21:46 - 00000000 ____D C:\Users\Zee\Desktop\illustration 3
2015-09-13 23:37 - 2015-09-13 23:37 - 00026352 _____ C:\WINDOWS\System32\Tasks\DNSELSMORE
2015-09-13 23:37 - 2015-09-13 23:37 - 00000000 ____D C:\Program Files (x86)\DNS Unlocker
2015-09-10 22:48 - 2015-09-10 22:49 - 00384435 _____ C:\Users\Zee\Downloads\MtOXgOVF.htm
2015-09-09 19:30 - 2015-09-09 19:43 - 00000000 ____D C:\Users\Zee\Desktop\horror movie bruhs
2015-09-09 10:02 - 2015-07-22 07:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-09-09 10:02 - 2015-07-22 06:52 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-09-09 10:02 - 2015-07-17 07:15 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-09-09 10:02 - 2015-07-17 07:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-09-09 10:02 - 2015-07-09 09:14 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-09-09 10:02 - 2015-07-03 14:51 - 01380056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-09-09 10:02 - 2015-07-03 07:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-09-09 10:02 - 2015-06-27 04:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-09-09 10:02 - 2015-06-19 10:07 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-09-09 10:01 - 2015-09-02 19:18 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-09-09 10:01 - 2015-09-02 19:17 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-09-09 10:01 - 2015-09-02 11:48 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-09-09 10:01 - 2015-09-02 10:09 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-09-09 10:00 - 2015-07-13 12:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-09-08 21:52 - 2015-08-26 19:48 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-09-08 21:52 - 2015-08-26 11:00 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-09-08 21:52 - 2015-08-26 11:00 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-09-08 21:52 - 2015-08-26 11:00 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-09-08 21:52 - 2015-08-26 11:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-09-08 21:52 - 2015-08-26 07:46 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-08 21:52 - 2015-08-26 07:29 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-09-08 21:52 - 2015-08-26 07:27 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-09-08 21:52 - 2015-08-26 07:27 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-09-08 21:52 - 2015-08-26 07:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-09-08 21:52 - 2015-08-26 07:26 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-09-08 21:52 - 2015-08-26 07:26 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-09-08 21:52 - 2015-08-22 11:19 - 25188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-08 21:52 - 2015-08-22 10:22 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-08 21:52 - 2015-07-30 10:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-09-08 21:52 - 2015-07-30 09:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2015-09-08 21:51 - 2015-09-01 19:56 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-09-08 21:51 - 2015-09-01 19:55 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-08 21:51 - 2015-09-01 19:50 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-08 21:51 - 2015-09-01 19:17 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-08 21:51 - 2015-09-01 19:13 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-08 21:51 - 2015-08-22 10:35 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-08 21:51 - 2015-08-22 10:34 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-08 21:51 - 2015-08-22 10:21 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-08 21:51 - 2015-08-22 10:20 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-08 21:51 - 2015-08-22 09:55 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-08 21:51 - 2015-08-22 09:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-08 21:51 - 2015-08-22 09:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-09-08 21:51 - 2015-08-22 09:45 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-08 21:51 - 2015-08-22 09:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-09-08 21:51 - 2015-08-22 09:41 - 14451712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-08 21:51 - 2015-08-22 09:41 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-09-08 21:51 - 2015-08-22 09:41 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-09-08 21:51 - 2015-08-22 09:41 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-09-08 21:51 - 2015-08-22 09:39 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-09-08 21:51 - 2015-08-22 09:28 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-09-08 21:51 - 2015-08-22 09:26 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-08 21:51 - 2015-08-22 09:23 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-09-08 21:51 - 2015-08-22 09:22 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-08 21:51 - 2015-08-22 09:20 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-09-08 21:51 - 2015-08-22 09:18 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-09-08 21:51 - 2015-08-22 09:18 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-09-08 21:51 - 2015-08-22 09:18 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-09-08 21:51 - 2015-08-22 09:14 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-08 21:51 - 2015-08-22 09:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-09-08 21:51 - 2015-08-22 09:00 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-09-08 21:51 - 2015-08-22 08:56 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-09-08 21:51 - 2015-08-22 08:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-09-08 21:51 - 2015-08-03 14:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-09-08 21:51 - 2015-08-03 14:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2015-09-08 21:51 - 2015-08-01 07:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-09-08 21:51 - 2015-07-31 20:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2015-09-08 21:51 - 2015-07-31 20:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2015-09-08 21:51 - 2015-07-31 20:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-08 21:51 - 2015-07-31 20:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2015-09-08 21:51 - 2015-07-31 20:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2015-09-08 21:51 - 2015-07-22 07:34 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-08 21:51 - 2015-07-22 07:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-08 21:51 - 2015-07-22 07:25 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-08 21:51 - 2015-07-22 07:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-08 21:51 - 2015-07-18 11:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-08 21:51 - 2015-07-18 11:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-08 21:51 - 2015-07-18 11:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-08 21:51 - 2015-07-18 11:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-08 21:50 - 2015-07-13 20:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2015-09-05 18:46 - 2015-09-05 19:34 - 00000000 ____D C:\Users\Zee\Desktop\Modeling!

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-01 16:53 - 2014-11-27 14:58 - 00000000 ____D C:\Users\Zee\AppData\Roaming\Skype
2015-10-01 16:50 - 2014-11-27 17:13 - 00000000 ____D C:\Users\Zee\AppData\Roaming\Spotify
2015-10-01 16:16 - 2015-01-04 01:09 - 01109883 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-01 16:10 - 2014-11-28 11:57 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-219251710-3609435933-1062541636-1001
2015-10-01 16:00 - 2015-02-17 23:52 - 00370176 ___SH C:\Users\Zee\Downloads\Thumbs.db
2015-10-01 16:00 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-01 15:59 - 2014-11-27 06:45 - 00000062 _____ C:\Users\Zee\AppData\Roaming\sp_data.sys
2015-10-01 15:53 - 2014-11-27 14:58 - 00000000 ____D C:\ProgramData\Skype
2015-10-01 15:49 - 2015-01-04 00:55 - 00000000 ____D C:\Users\Zee
2015-10-01 15:49 - 2014-11-27 17:13 - 00000000 ____D C:\Users\Zee\AppData\Local\Spotify
2015-10-01 15:48 - 2013-08-22 07:46 - 00309754 _____ C:\WINDOWS\setupact.log
2015-10-01 15:48 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-01 11:37 - 2015-08-21 23:37 - 00000356 _____ C:\WINDOWS\Tasks\Superclean.job
2015-10-01 11:07 - 2015-01-14 16:41 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{02322EC3-D53D-42A4-A9E7-58E4F825D3A4}
2015-10-01 11:06 - 2015-08-12 00:10 - 00000000 ____D C:\ProgramData\Kromtech
2015-09-30 14:41 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-29 20:58 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-28 17:10 - 2015-01-22 18:25 - 00523264 ___SH C:\Users\Zee\Desktop\Thumbs.db
2015-09-27 19:15 - 2014-12-16 20:17 - 00000000 ____D C:\Users\Zee\AppData\Local\CrashDumps
2015-09-27 13:12 - 2014-09-24 00:15 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-25 23:25 - 2015-08-11 23:51 - 00000000 ____D C:\Program Files (x86)\HaapPy2SAve
2015-09-25 15:28 - 2014-11-28 13:00 - 00003474 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2015-09-25 15:28 - 2014-02-05 15:50 - 00003464 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2015-09-24 16:49 - 2015-02-12 16:11 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-09-24 16:44 - 2015-02-12 16:12 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-09-24 14:34 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-09-21 10:39 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-14 18:18 - 2015-03-13 21:58 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-09-14 18:18 - 2015-03-13 21:58 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-14 11:40 - 2015-04-29 16:43 - 00000000 ____D C:\Users\Zee\Desktop\patches
2015-09-12 11:41 - 2014-11-30 19:40 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-11 11:19 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\rescache
2015-09-10 19:41 - 2013-08-22 07:44 - 00346784 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-10 19:39 - 2014-12-13 15:50 - 00000000 ____D C:\ProgramData\Norton
2015-09-10 19:39 - 2014-09-24 00:03 - 00824762 _____ C:\WINDOWS\PFRO.log
2015-09-10 19:34 - 2014-09-23 23:53 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-10 19:34 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-09-10 11:20 - 2012-08-01 18:36 - 00000000 ____D C:\WINDOWS\Log
2015-09-10 11:18 - 2014-11-27 17:05 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-09-09 19:39 - 2014-11-27 06:50 - 00000000 ____D C:\Users\Zee\AppData\Local\Google
2015-09-01 13:41 - 2015-01-04 00:44 - 00000000 ___DC C:\WINDOWS\Panther
2015-09-01 13:31 - 2015-08-11 23:50 - 00000000 ____D C:\Program Files (x86)\Haappiy2Save
2015-09-01 13:31 - 2015-07-10 06:39 - 00000000 ___HD C:\$Windows.~BT
2015-09-01 13:30 - 2015-08-11 23:51 - 00000000 ____D C:\Program Files (x86)\Mahjong
2015-09-01 13:30 - 2015-07-07 14:54 - 00000000 ____D C:\Program Files (x86)\RAndoMPrice
2015-09-01 13:26 - 2015-06-30 13:11 - 00000000 ____D C:\Program Files (x86)\CUtThePricce

==================== Files in the root of some directories =======

2015-07-05 18:43 - 2015-08-17 13:17 - 0000024 _____ () C:\Users\Zee\AppData\Roaming\appdataFr25.bin
2014-11-27 06:45 - 2015-10-01 15:59 - 0000062 _____ () C:\Users\Zee\AppData\Roaming\sp_data.sys
2014-11-27 17:17 - 2015-05-07 15:17 - 0000198 _____ () C:\Users\Zee\AppData\Roaming\WB.CFG
2014-11-29 12:17 - 2014-12-16 20:17 - 0000001 _____ () C:\Users\Zee\AppData\Local\DSI.DAT
2014-12-16 20:17 - 2014-12-16 20:17 - 0022528 _____ () C:\Users\Zee\AppData\Local\dsisetup1758372652.exe
2014-12-01 17:17 - 2014-12-01 17:17 - 0022528 _____ () C:\Users\Zee\AppData\Local\dsisetup3652680462.exe
2014-11-29 12:17 - 2014-11-29 12:17 - 0022528 _____ () C:\Users\Zee\AppData\Local\dsisetup880681402.exe
2015-01-04 00:48 - 2015-01-04 00:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-04-26 05:42 - 2012-09-07 04:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-04-26 05:42 - 2009-07-22 03:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-04-26 05:42 - 2012-09-07 04:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

Files to move or delete:
====================
C:\ProgramData\SetStretch.VBS

Some files in TEMP:
====================
C:\Users\Zee\AppData\Local\Temp\aff_setup0.exe
C:\Users\Zee\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Zee\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Zee\AppData\Local\Temp\Quarantine.exe
C:\Users\Zee\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Zee\AppData\Local\Temp\Setup.exe
C:\Users\Zee\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Zee\AppData\Local\Temp\sqlite3.dll
C:\Users\Zee\AppData\Local\Temp\supoptsetup.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-10-01 16:10

==================== End of FRST.txt ============================

Chelsey Zero · Oct 1, 2015

Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-09-2015
Ran by Zee (2015-10-01 16:53:45)
Running from C:\Users\Zee\Downloads
Windows 8.1 (X64) (2015-01-04 08:34:19)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-219251710-3609435933-1062541636-500 - Administrator - Disabled)
Guest (S-1-5-21-219251710-3609435933-1062541636-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-219251710-3609435933-1062541636-1005 - Limited - Enabled)
Zee (S-1-5-21-219251710-3609435933-1062541636-1001 - Administrator - Enabled) => C:\Users\Zee

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AccountService (Version: 1.1.66 - Kromtech) Hidden <==== ATTENTION
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.04 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.4 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.5 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0018 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.7 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5710.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.5710.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.310 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0030 - ASUS)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bamboo (HKLM\...\Pen Tablet Driver) (Version: - Wacom Technology Corp.)
Bamboo (HKLM-x32\...\Pen Tablet Driver) (Version: - )
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Corel Painter Essentials 4 (HKLM-x32\...\_{53A908D4-99C6-469B-BC13-F4189F260742}) (Version: - Corel Corporation)
Corel Painter Essentials 4 (x32 Version: 4.0 - Corel Corporation) Hidden
Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
CutterProc (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{285bff21}) (Version: - Software Publisher) <==== ATTENTION
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DNS Unlocker version 1.4 (HKLM-x32\...\{E1527582-8509-4011-B922-29E3FB548882}_is1) (Version: 1.4 - www.dnsunlocker.com) <==== ATTENTION
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.5 - Google Inc.) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.0.0.2023 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.10.1550 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
KeysScript (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{5965d732}) (Version: - KeysScript) <==== ATTENTION
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mischief-Free (HKLM-x32\...\Mischief-Free) (Version: - )
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
PCKeeper (Version: 2.2.1198 - Kromtech) Hidden <==== ATTENTION
Peggle (x32 Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.2.2 - Reimage) <==== ATTENTION
SectionDouble (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{bfd46d07}) (Version: - Software Publisher) <==== ATTENTION
SeekerInstance (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{442b8ad0}) (Version: - Software Publisher) <==== ATTENTION
SegmentAssister (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{4aad814a}) (Version: - Software Publisher) <==== ATTENTION
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-219251710-3609435933-1062541636-1001\...\Spotify) (Version: 1.0.14.124.g4dfabc51 - Spotify AB)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
UMPlayer (HKLM-x32\...\{F7A991BC-C432-4CE6-836A-E81A09708A72}) (Version: 0.98.0 - InstallX, LLC) <==== ATTENTION
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.5 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.4 - Wacom Technology Corp.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Driver Package - ASUS (ATP) Mouse (09/17/2013 1.0.0.186) (HKLM\...\D9E691DCEE7D3B9B7C62A7F5C2EAABBB9335DC9A) (Version: 09/17/2013 1.0.0.186 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

12-09-2015 11:28:56 Windows Update
19-09-2015 14:11:37 Scheduled Checkpoint
26-09-2015 20:07:31 Scheduled Checkpoint
01-10-2015 16:28:01 Reimage Repair Restore Point

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 22:26 - 2015-05-07 22:59 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F9E3D5E-CAE3-4717-99F6-C99D307875D3} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-08-19] (ASUS)
Task: {1072C687-680A-43AF-BB0A-62EC5EBF22AA} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-07-01] (ASUSTeK Computer Inc.)
Task: {143714DD-E834-4367-87AC-B3F5293E506E} - System32\Tasks\PCKeeper updater => C:\ProgramData\Kromtech\installer.exe [2015-08-12] () <==== ATTENTION
Task: {1BAE2485-5CF5-4DDF-B046-33C0609851E5} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {2488AD7E-6C56-40DD-8D65-458EAB9059DC} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-07-01] (ASUSTeK Computer Inc.)
Task: {2D3E8533-2D08-4AFF-A434-8094A2312967} - \Optimizer Pro Schedule -> No File <==== ATTENTION
Task: {598E7255-4798-4426-B4AE-C28479F47217} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-07-09] ()
Task: {626E0AF7-A6FA-4795-8DC5-1D5E684D3D7D} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {790FEB5B-6A9C-4CA9-9199-8D2A5E214C3A} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-08-19] (Reimage®) <==== ATTENTION
Task: {7CC57533-9D97-44A1-B152-F6E3A5E6651B} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-07-23] (ASUS)
Task: {8EA1ABF3-53B0-419A-963B-A66BEFC0059D} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-08-16] (ASUSTeK Computer Inc.)
Task: {9BF44206-88DA-4F3C-9124-80B1CBB3ACC8} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe [2015-08-11] () <==== ATTENTION
Task: {A5A96FEA-5CCA-432E-9AAE-AEEE080EC12F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {AEF96A65-EDE6-4957-96ED-100E893BDE18} - System32\Tasks\DNSELSMORE => C:\Program Files (x86)\DNS Unlocker\dnselsmore.exe [2015-09-10] ()
Task: {BAEFFCC5-DB8E-4E39-9CC4-5DAE481D3688} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {DFE18502-F82F-406D-A8DB-2726801F03BB} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-09-23] (AsusTek)
Task: {EF300D23-BAC7-4055-9D85-18E41BB175E9} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {FEB8FE1D-F8D2-4793-B3FC-4069ACABE950} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2013-08-29] (ASUSTek Computer Inc.)
Task: {FFAA63C6-EC79-47F4-A9C1-5CFDCBAC64D5} - System32\Tasks\Superclean => c:\programdata\{79f8ffd1-2cde-2270-79f8-8ffd12cdff44}\hqghumeaylnlf.exe [2014-08-21] (Super PC Tools Ltd) <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Superclean.job => c:\programdata\{79f8ffd1-2cde-2270-79f8-8ffd12cdff44}\hqghumeaylnlf.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-15 14:25 - 2015-09-15 14:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-18 23:10 - 2012-12-18 23:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2015-07-07 08:12 - 2015-07-07 08:12 - 00102104 _____ () C:\Program Files\Kromtech\PCKeeper\OneClickFixServicePS.dll
2015-07-07 08:12 - 2015-07-07 08:12 - 00091864 _____ () C:\Program Files\Kromtech\PCKeeper\RegistryCleanerComponentPS.dll
2007-06-05 14:20 - 2007-06-05 14:20 - 00177704 _____ () C:\WINDOWS\SysWOW64\PSIService.exe
2013-07-23 10:54 - 2013-07-23 10:54 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2015-07-07 08:12 - 2015-07-07 08:12 - 00104664 _____ () C:\Program Files\Kromtech\PCKeeper\ZBAnalyticsCore.dll
2015-07-07 08:12 - 2015-07-07 08:12 - 00092888 _____ () C:\Program Files\Kromtech\PCKeeper\SharedNativeLibraryPS.dll
2015-07-07 08:12 - 2015-07-07 08:12 - 00060632 _____ () C:\Program Files\Kromtech\PCKeeper\ZBAnalytics.dll
2015-07-07 08:12 - 2015-07-07 08:12 - 00092888 _____ () C:\Program Files\Kromtech\PCKeeper\DiskCleanerComponentPS.dll
2015-08-19 01:56 - 2015-08-19 01:56 - 06908904 _____ () C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
2015-09-13 23:37 - 2015-09-10 00:45 - 00537088 _____ () C:\Program Files (x86)\DNS Unlocker\dnselsmore.exe
2013-08-16 11:03 - 2013-08-16 11:03 - 00023040 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2013-08-19 18:16 - 2013-08-19 18:16 - 00015440 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-03-13 22:02 - 2015-09-19 13:29 - 45067320 _____ () C:\Users\Zee\AppData\Roaming\Spotify\libcef.dll
2015-08-11 23:57 - 2015-08-07 17:13 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libglesv2.dll
2015-08-11 23:57 - 2015-08-07 17:13 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libegl.dll
2015-03-13 22:02 - 2015-09-19 13:29 - 01649208 _____ () C:\Users\Zee\AppData\Roaming\Spotify\libglesv2.dll
2015-03-13 22:02 - 2015-09-19 13:29 - 00080952 _____ () C:\Users\Zee\AppData\Roaming\Spotify\libegl.dll
2014-02-05 15:35 - 2013-05-31 14:30 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-08-11 23:57 - 2015-08-07 17:13 - 16393032 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-219251710-3609435933-1062541636-1001\...\genieo.com -> hxxp://search.genieo.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-219251710-3609435933-1062541636-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Zee\Pictures\kyo__dir_en_grey_6_by_b_d_m-d4pc1yf.jpg
DNS Servers: 82.163.143.172 - 82.163.142.174
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{24A3CFC7-DC3A-41AC-8FCC-FBD3E2436175}] => (Allow) LPort=1886
FirewallRules: [UDP Query User{12624CEA-9999-455F-8369-EDBC3A72F3BD}C:\users\zee\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\zee\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{074D0EA3-7AD4-4FA0-8CB8-04816893677C}C:\users\zee\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\zee\appdata\roaming\spotify\spotify.exe
FirewallRules: [{F0CB8D95-464E-4A72-9A8A-A916BF410B58}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{85A01085-837A-468E-A685-76754D560FEF}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{120D943B-D0E8-4584-A88F-6293FCE84FF3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{49E3C26E-B00C-4DAD-A72A-32C95B879E69}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{EC0905EE-F270-4C3F-836F-B46229F1208B}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{E6D5A438-3BBD-44DB-BD0C-545AE350CCD5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{9E835905-E224-44C0-A818-B972D817FB78}] => (Allow) LPort=1900
FirewallRules: [{DB976C7D-0F91-4268-89D9-93C9888B22BF}] => (Allow) LPort=2869
FirewallRules: [{7DDB678C-AD17-4EE6-8C24-64C1BF85C773}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [TCP Query User{60DFB641-F121-4DE6-B9A3-40BFEA3BC39E}C:\users\zee\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\zee\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{5216045F-D8C8-4456-B1A3-42FF71F14E09}C:\users\zee\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\zee\appdata\roaming\spotify\spotify.exe
FirewallRules: [{4815EBCF-7CF8-47FC-B6DF-6A04BD3B981A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F262BE96-5486-4B03-A9D9-823777E2B6B0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7804B62C-ABED-4E69-8FF9-3C709B0BB145}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5933F2EC-E4EE-40C6-B905-13C989057203}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{627DCA8E-451F-4E27-8AF6-A1707768893F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6448602B-44F9-4AEA-B4D5-B2A173BF99AE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E50DC0C1-7B40-4A21-98E0-A52B894F5447}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D7FFD41F-6F8D-4A12-A72E-44E4F956857F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1806AEA5-551A-492E-B9E5-24B2E4560894}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9A87C24A-1C90-4632-92A3-1BE49649F0E0}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/01/2015 04:48:46 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: Siegfried)
Description: HRESULT:0x8004FF6F
Description:You don’t need to install Microsoft Security Essentials. Your version of Windows includes an updated version of Windows Defender that provides the same level of protection as Microsoft Security Essentials, along with other significant improvements. <a>For more information on the differences and improvements, see online Help</a>. Error code:0x8004FF6F.

Error: (10/01/2015 04:48:35 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: Siegfried)
Description: HRESULT:0x8004FF6F
Description:You don’t need to install Microsoft Security Essentials. Your version of Windows includes an updated version of Windows Defender that provides the same level of protection as Microsoft Security Essentials, along with other significant improvements. <a>For more information on the differences and improvements, see online Help</a>. Error code:0x8004FF6F.

Error: (10/01/2015 04:27:57 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {fd8c7195-6730-4e1b-86f7-f0f2f4acf7f7}

Error: (10/01/2015 03:51:58 PM) (Source: MsiInstaller) (EventID: 1002) (User: Siegfried)
Description: Unexpected or missing value (name: 'PackageCode', value: 'GUID') in key 'HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219'

Error: (10/01/2015 12:12:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1250

Error: (10/01/2015 12:12:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1250

Error: (10/01/2015 12:12:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/30/2015 11:18:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 486891

Error: (09/30/2015 11:18:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 486891

Error: (09/30/2015 11:18:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (10/01/2015 04:11:03 PM) (Source: DCOM) (EventID: 10010) (User: Siegfried)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (10/01/2015 03:55:51 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Security Center service hung on starting.

Error: (10/01/2015 03:51:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (10/01/2015 03:48:37 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:46:21 AM on ‎10/‎1/‎2015 was unexpected.

Error: (09/30/2015 03:03:34 PM) (Source: Win32k) (EventID: 253) (User: )
Description: A pointer device does not have a mandatory coordinate property.

Error: (09/30/2015 03:02:36 PM) (Source: Win32k) (EventID: 253) (User: )
Description: A pointer device does not have a mandatory coordinate property.

Error: (09/30/2015 02:32:51 PM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network. The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.

Error: (09/30/2015 11:35:14 AM) (Source: DCOM) (EventID: 10010) (User: Siegfried)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (09/30/2015 11:34:44 AM) (Source: DCOM) (EventID: 10010) (User: Siegfried)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (09/30/2015 11:02:54 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 10.31.31.115.
The computer with the IP address 10.31.31.9 did not allow the name to be claimed by
this computer.

CodeIntegrity:
===================================
Date: 2015-10-01 16:23:25.810
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-10-01 16:23:25.608
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-10-01 16:02:19.163
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-10-01 16:02:18.917
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-24 19:55:14.212
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-24 19:55:14.057
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-21 15:47:00.785
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-21 15:47:00.581
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-19 22:55:29.016
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-19 22:55:28.846
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 86%
Total physical RAM: 3979.84 MB
Available physical RAM: 543.69 MB
Total Virtual: 7051.84 MB
Available Virtual: 2039.34 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:444.21 GB) (Free:312.83 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 95DBDAD9)

Partition: GPT.

==================== End of Addition.txt ============================

Broni · Oct 1, 2015

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Uninstall following unwanted programs:

AccountService
CutterProc
DNS Unlocker
KeysScript
PCKeeper
Reimage Repair
SectionDouble
SeekerInstance
SegmentAssister
UMPlayer

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Chelsey Zero · Oct 1, 2015

Where is the fixlist file located? When I hit fix, it says it's in the same file as

Chelsey Zero · Oct 1, 2015

Fix result of Farbar Recovery Scan Tool (x64) Version:30-09-2015
Ran by Zee (2015-10-01 17:23:45) Run:1
Running from C:\Users\Zee\Desktop
Loaded Profiles: Zee (Available Profiles: Zee)
Boot Mode: Normal
==============================================

fixlist content:
*****************
AccountService (Version: 1.1.66 - Kromtech) Hidden <==== ATTENTION

*****************

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D759D18-9594-430B-BA12-1C3C7975DBD5}\\SystemComponent => value removed successfully

==== End of Fixlog 17:23:45 ====

Broni · Oct 1, 2015

Good

Go on...

Chelsey Zero · Oct 1, 2015

Pc keeper, cutter proc, section double, seeker instance, and segment assister refuses to be uninstalled. But pc keeper isn't even found on the control panel

Chelsey Zero · Oct 1, 2015

I just tried locating pc keeper, but it won't be found

Chelsey Zero · Oct 1, 2015

It says "could not be found" with the other items

Broni · Oct 1, 2015

Uninstall all you can and then proceed with other steps.

Chelsey Zero · Oct 1, 2015

The roguekiller is stuck on 78% and it hasn't moved much

Chelsey Zero · Oct 1, 2015

Now it's messing up because it's trying to close when I didn't want it to

Chelsey Zero · Oct 1, 2015

"Closing, please wait" is what it says even though I didn't close it

Broni · Oct 1, 2015

Restart computer and try again.

Chelsey Zero · Oct 1, 2015

Thank you so, so very much for your help and patience

Chelsey Zero · Oct 1, 2015

For some reason it is stuck on 78% again?

Broni · Oct 1, 2015

Skip it and go ahead with next steps.

Chelsey Zero · Oct 1, 2015

Alright

Chelsey Zero · Oct 1, 2015

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/1/2015
Scan Time: 7:45 PM
Logfile: text files.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.10.02.01
Rootkit Database: v2015.09.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Zee

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 371099
Time Elapsed: 38 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 3
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\OneClickFixService.exe, 1324, Delete-on-Reboot, [5dccaea4c3c8fa3c9e3940a0d031ad53]
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\PCKeeperService.exe, 2104, Delete-on-Reboot, [0920331ffb90e94db2256f71c23f38c8]
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe, 1144, Delete-on-Reboot, [78b1cd85a2e9ef4706d1568ae51cd32d]

Modules: 0
(No malicious items detected)

Registry Keys: 56
PUP.Optional.PCKeeper, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PCKeeperOcfService, Quarantined, [5dccaea4c3c8fa3c9e3940a0d031ad53],
PUP.Optional.PCKeeper, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PCKeeper2Service, Quarantined, [0920331ffb90e94db2256f71c23f38c8],
PUP.Optional.Vosteran, HKLM\SOFTWARE\CLASSES\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, Quarantined, [e7426de5d9b27eb88388f2c4c63ca957],
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, Quarantined, [e7426de5d9b27eb88388f2c4c63ca957],
PUP.Optional.Vosteran, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, Quarantined, [e7426de5d9b27eb88388f2c4c63ca957],
PUP.Optional.MultiPlug.BHO64, HKLM\SOFTWARE\CLASSES\CLSID\{671AC5BA-E4C2-4E26-A4D9-0CB74E13806D}, Quarantined, [a68379d95c2f81b53811596725dce61a],
PUP.Optional.MultiPlug.BHO64, HKLM\SOFTWARE\CLASSES\P671AC5BA_E4C2_4E26_A4D9_0CB74E13806D_.P671AC5BA_E4C2_4E26_A4D9_0CB74E13806D_, Quarantined, [a68379d95c2f81b53811596725dce61a],
PUP.Optional.MultiPlug.BHO64, HKLM\SOFTWARE\CLASSES\P671AC5BA_E4C2_4E26_A4D9_0CB74E13806D_.P671AC5BA_E4C2_4E26_A4D9_0CB74E13806D_.9, Quarantined, [a68379d95c2f81b53811596725dce61a],
PUP.Optional.MultiPlug.BHO64, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P671AC5BA_E4C2_4E26_A4D9_0CB74E13806D_.P671AC5BA_E4C2_4E26_A4D9_0CB74E13806D_, Quarantined, [a68379d95c2f81b53811596725dce61a],
PUP.Optional.MultiPlug.BHO64, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P671AC5BA_E4C2_4E26_A4D9_0CB74E13806D_.P671AC5BA_E4C2_4E26_A4D9_0CB74E13806D_.9, Quarantined, [a68379d95c2f81b53811596725dce61a],
PUP.Optional.MultiPlug.BHO64, HKLM\SOFTWARE\CLASSES\WOW6432NODE\P671AC5BA_E4C2_4E26_A4D9_0CB74E13806D_.P671AC5BA_E4C2_4E26_A4D9_0CB74E13806D_, Quarantined, [a68379d95c2f81b53811596725dce61a],
PUP.Optional.MultiPlug.BHO64, HKLM\SOFTWARE\CLASSES\WOW6432NODE\P671AC5BA_E4C2_4E26_A4D9_0CB74E13806D_.P671AC5BA_E4C2_4E26_A4D9_0CB74E13806D_.9, Quarantined, [a68379d95c2f81b53811596725dce61a],
PUP.Optional.PCKeeper, HKLM\SOFTWARE\KROMTECH\PCKeeper, Quarantined, [af7aaca62368989e0d0cc0fc11f38080],
PUP.Optional.PCKeeper, HKLM\SOFTWARE\MICROSOFT\TRACING\PCKeeper_RASAPI32, Quarantined, [aa7f153d86052e08c951566658ac60a0],
PUP.Optional.PCKeeper, HKLM\SOFTWARE\MICROSOFT\TRACING\PCKeeper_RASMANCS, Quarantined, [ff2ae46ee4a711250515219bf41016ea],
PUP.Optional.MyPCBackup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\LaunchPreSignup, Delete-on-Reboot, [3aef00529deefe38c1e63682d82ce31d],
PUP.Optional.Superclean, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Superclean, Delete-on-Reboot, [dd4c79d9008bf046e7cd913908fc3cc4],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, Quarantined, [8c9d361cbad175c1d05d285f5aaa36ca],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{285bff21}, Quarantined, [ce5b98bad7b45adc72b8c1f730d4c040],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{442b8ad0}, Quarantined, [78b1f260870472c4c466d6e2689c08f8],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{4aad814a}, Quarantined, [57d21a38711a63d3a5857741dc28f60a],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{bfd46d07}, Quarantined, [7bae153d8902b18571b99f1958ac1fe1],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, Quarantined, [b9708ec46625a29482abb8cf05ff649c],
PUP.Optional.SectionDouble, HKLM\SOFTWARE\WOW6432NODE\{12A61307-94CD-4F8E-94BC-918E511FAA81}, Quarantined, [cb5e1939b2d9e94dfc9812b241c3956b],
PUP.Optional.Sanbreel, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{91975f83-f39c-43cf-aad4-0b3396b0f6db}Gw64, Quarantined, [67c231211a710333223908bab05401ff],
PUP.Optional.PCKeeper, HKU\S-1-5-21-219251710-3609435933-1062541636-1001\SOFTWARE\KROMTECH\PCKeeper, Quarantined, [80a984cef29947ef53c47844d43001ff],
PUP.Optional.Trovi, HKU\S-1-5-21-219251710-3609435933-1062541636-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [5acfd37ff497a690256c6d61d62e649c],
PUP.Optional.SuperOptimizer, HKU\S-1-5-21-219251710-3609435933-1062541636-1001\SOFTWARE\SUPER OPTIMIZER, Quarantined, [b376bc96038893a37d5c7951956fd030],
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{9443C19D-B318-4EBD-8A7F-6A50D0472FB4}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{95CAD169-7912-410E-8C8A-7BA1729BD8F7}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{F6649783-7559-4772-96C7-02D33BEACD8C}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\INTERFACE\{F6649783-7559-4772-96C7-02D33BEACD8C}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{206E5E13-3B8F-4146-9C21-F18A63A9689B}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\INTERFACE\{206E5E13-3B8F-4146-9C21-F18A63A9689B}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{D8F2F7F9-F8F3-4562-9FDA-C1E2DAE60A30}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\INTERFACE\{D8F2F7F9-F8F3-4562-9FDA-C1E2DAE60A30}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{05562BE7-0EFC-4BD2-BD8F-FAA363E68410}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{05562BE7-0EFC-4BD2-BD8F-FAA363E68410}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\TYPELIB\{D3F79FC5-65FE-4650-8979-3BF0CCF02C1A}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D3F79FC5-65FE-4650-8979-3BF0CCF02C1A}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{D3F79FC5-65FE-4650-8979-3BF0CCF02C1A}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{828FB706-5749-4255-862F-3D30FCF017E1}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{817BF5D8-380E-44F4-8E61-43E7ECF74B53}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{0319DE47-F039-45DC-A213-DBB61C6AE509}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\INTERFACE\{0319DE47-F039-45DC-A213-DBB61C6AE509}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{33B2A2E0-18F6-45CB-8080-04320066A4A1}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{CCF68051-721D-40C7-812D-86ED0FDE7411}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{6F09F687-2C4C-4A37-8D7A-2CB76D2B3F71}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\INTERFACE\{6F09F687-2C4C-4A37-8D7A-2CB76D2B3F71}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{503F82AB-1549-4B08-AF10-289CCCF3BE4B}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{7944171A-50CC-479E-A6FC-B1E25E665C25}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{074BFF31-CA38-43C4-8F25-79213AD708EF}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\INTERFACE\{074BFF31-CA38-43C4-8F25-79213AD708EF}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{2F8F99FD-7C0E-4150-8DFD-13B1F4FBD916}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{0D838143-D511-4555-8B97-16C3CF5A780D}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\INTERFACE\{0D838143-D511-4555-8B97-16C3CF5A780D}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],

Registry Values: 12
PUP.Optional.PCKeeper, HKU\S-1-5-21-219251710-3609435933-1062541636-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|PCKeeper2, "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun, Quarantined, [78b1cd85a2e9ef4706d1568ae51cd32d]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [8c9d361cbad175c1d05d285f5aaa36ca]
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Vosteran\\, Quarantined, [36f3d77bbfcc45f1f60d8cf5f212e11f]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [b9708ec46625a29482abb8cf05ff649c]
PUP.Optional.SectionDouble, HKLM\SOFTWARE\WOW6432NODE\{12A61307-94CD-4F8E-94BC-918E511FAA81}|bfd46d07, C:\Program Files (x86)\SectionDouble\SectionDouble.dll, Quarantined, [cb5e1939b2d9e94dfc9812b241c3956b]
PUP.Optional.Trovi, HKU\S-1-5-21-219251710-3609435933-1062541636-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|URL, http://www.trovi.com/Results.aspx?g...B&D=063015&q={searchTerms}&SSPV=SP302TA_sp_ie, Quarantined, [0f1a7ad8f89363d34947527cae56b050]
PUP.Optional.Conduit, HKU\S-1-5-21-219251710-3609435933-1062541636-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|SuggestionsURL_JSON, http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}, Quarantined, [e8418ac89bf0ec4abc9e05964fb5b34d]
PUP.Optional.Trovi, HKU\S-1-5-21-219251710-3609435933-1062541636-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|DisplayName, Trovi, Quarantined, [4adff75b7f0c0a2c6d23e7e72bd91be5]
PUP.Optional.SuperOptimizer, HKU\S-1-5-21-219251710-3609435933-1062541636-1001\SOFTWARE\SUPER OPTIMIZER|SetupName, C:\Users\Zee\AppData\Local\Temp\3d05719a\311868.ftf, Quarantined, [b376bc96038893a37d5c7951956fd030]
PUP.Optional.SuperOptimizer, HKU\S-1-5-21-219251710-3609435933-1062541636-1001\SOFTWARE\SUPER OPTIMIZER|AdsBuyNowURL, http://supc.superpctools.revenuewire.net/spu/register?221002333_1A2BF85E-C1DC-45E6-AA63-3150485558DE, Quarantined, [8a9ff65c3e4dfd39b62220aad72d0ef2]
PUP.Optional.PCKeeper, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED|{05562BE7-0EFC-4BD2-BD8F-FAA363E68410}, PCKeeper shell extension, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c]
PUP.Optional.PCKeeper, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED|{828FB706-5749-4255-862F-3D30FCF017E1}, PCKeeper shell extension, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c]

Registry Data: 0
(No malicious items detected)

Folders: 15
PUP.Optional.MultiPlug, C:\ProgramData\ihofpddlonjdejobgdlmbliclkmhpjag, Quarantined, [f73293bf35567abc6375dfa5fa0a8080],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
PUP.Optional.Happy2Save, C:\Program Files (x86)\HaapPy2SAve, Quarantined, [c564163c6a218aac142c1496e024946c],
PUP.Optional.SuperOptimizer, C:\ProgramData\{79f8ffd1-2cde-2270-79f8-8ffd12cdff44}, Quarantined, [70b963efbdcecf67309f3b8fa85cd828],
PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper, Delete-on-Reboot, [ff2aaca68b00b680eb9b5dcf4ab946ba],
PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\Minidumps, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\ProblemFinder, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.RandomPrice, C:\Program Files (x86)\RAndoMPrice, Quarantined, [23067fd38dfe9b9bcde0a688b053a060],
PUP.Optional.SearchProtect, C:\Users\Zee\AppData\Local\avabvdxvy, Quarantined, [85a4de74a4e714228839d060c3402cd4],
PUP.Optional.SearchProtect, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect, Quarantined, [bf6a6ce6acdf92a4fdcb84ac9d66bc44],
PUP.Optional.SearchProtect, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect\SearchProtect, Quarantined, [bf6a6ce6acdf92a4fdcb84ac9d66bc44],
PUP.Optional.SearchProtect, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect\SearchProtect\rep, Quarantined, [bf6a6ce6acdf92a4fdcb84ac9d66bc44],
PUP.Optional.Managera, C:\Users\Zee\AppData\Local\Temp\39fdaae5-8e0e-493c-88ec-e05c3be06e42, Quarantined, [d35664eee1aaa591f77b0e2dce35ca36],
PUP.Optional.ExTutil, C:\Users\Zee\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B, Quarantined, [9c8d6ae8a1eaca6cf695c27936cdb64a],

Files: 153
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\OneClickFixService.exe, Delete-on-Reboot, [5dccaea4c3c8fa3c9e3940a0d031ad53],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\PCKeeperService.exe, Delete-on-Reboot, [0920331ffb90e94db2256f71c23f38c8],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe, Delete-on-Reboot, [78b1cd85a2e9ef4706d1568ae51cd32d],
PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\installer.exe, Quarantined, [c16867eba1ea072ff9de1cc436cb738d],
PUP.Optional.SuperOptimizer, C:\ProgramData\{79f8ffd1-2cde-2270-79f8-8ffd12cdff44}\hqghumeaylnlf.exe, Quarantined, [03266be7503ba1953400319103fe2cd4],
PUP.Optional.MultiPlug.BHO64, C:\Program Files (x86)\HaapPy2SAve\Ql94jBJunmEHPP.x64.dll, Quarantined, [a68379d95c2f81b53811596725dce61a],
PUP.Optional.SearchProtect, C:\Users\Zee\AppData\Local\Temp\Setup.exe, Quarantined, [76b3fb577d0eea4c5842dbe65ca57f81],
PUP.Optional.SuperOptimizer, C:\Users\Zee\AppData\Local\Temp\supoptsetup.exe, Quarantined, [f534ef6357348babf83b1ca6659ca55b],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Users\Zee\AppData\Local\Temp\13dc441f\168223.ftf, Quarantined, [c960282ae4a7c670ede582d258a87b85],
PUP.Optional.SuperOptimizer, C:\Users\Zee\AppData\Local\Temp\18577f88\90924.ftf, Quarantined, [f237d280b0db78be56deb80aaa57ce32],
PUP.Optional.SearchProtect, C:\Users\Zee\AppData\Local\Temp\9C00\temp\embededstub.exe, Quarantined, [e34655fd2b60eb4b900b18a9ef12c53b],
PUP.Optional.LightningDownloader, C:\Users\Zee\AppData\Local\Temp\9C00\temp\lightningdownloader.exe, Quarantined, [e742c9892f5cc76f4da31d3a867afd03],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Users\Zee\AppData\Local\Temp\1ca28d6b\477303.ftf, Quarantined, [151465ed0d7ec96db81a97bd9868f010],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Users\Zee\AppData\Local\Temp\248b74c2\299618.ftf, Quarantined, [c069025091fada5c4d85054ff20eb44c],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Users\Zee\AppData\Local\Temp\303cdbf9\344572.ftf, Quarantined, [40e9d77babe092a4d3ff23317f81df21],
PUP.Optional.SuperOptimizer, C:\Users\Zee\AppData\Local\Temp\3d05719a\311868.ftf, Quarantined, [ae7b6ee4fa918caa270ddbe724ddfa06],
PUP.Optional.MultiPlug, C:\Windows\Temp\tmpu8yedn\dnXmWK0aMhBbgNN.exe, Quarantined, [56d3242ee7a4c472998b4e722bd6b947],
PUP.Optional.SearchProtect, C:\Windows\Temp\8515.tmp\avabvdxvy.exe, Quarantined, [5ccdb1a12a61f83e98f70e441fe2ea16],
PUP.Optional.SearchProtect, C:\Windows\Temp\8515.tmp\pbqrmvbub, Quarantined, [51d85df5e0ab84b20f8bffc2847da35d],
PUP.Optional.MultiPlug.BHO, C:\Windows\Temp\tmpwdwcvj\3Pe3oe7SWUZxRl.dll, Quarantined, [b079d47e5d2e1224b1e1f1c702ffff01],
PUP.Optional.MultiPlug.BHO64, C:\Windows\Temp\tmpwdwcvj\3Pe3oe7SWUZxRl.x64.dll, Quarantined, [f8314a08800b34021534e9d76998d729],
PUP.Optional.MultiPlug, C:\Windows\Temp\tmpwdwcvj\4ZNH3pu8DZMYRFX.exe, Quarantined, [0b1e5df59eedcc6ae83cd8e899686b95],
PUP.Optional.InstallCore, C:\Users\Zee\Downloads\SpotifySetup.exe, Quarantined, [cd5caca6d9b279bda6fd26910bfaa858],
PUP.Optional.DsiLoad, C:\Users\Zee\AppData\Local\dsisetup1758372652.exe, Quarantined, [2cfd88cab7d437ff88e8cebdcd34e11f],
PUP.Optional.DsiLoad, C:\Users\Zee\AppData\Local\dsisetup3652680462.exe, Quarantined, [ae7b83cfb1da93a3a6caeba0748d04fc],
PUP.Optional.DsiLoad, C:\Users\Zee\AppData\Local\dsisetup880681402.exe, Quarantined, [a980d37f8704191d67091a71fd04a55b],
PUP.Optional.MultiPlug, C:\ProgramData\ihofpddlonjdejobgdlmbliclkmhpjag\lsdb.js, Quarantined, [f73293bf35567abc6375dfa5fa0a8080],
PUP.Optional.MultiPlug, C:\ProgramData\ihofpddlonjdejobgdlmbliclkmhpjag\A7SnB67SZJ.js, Quarantined, [f73293bf35567abc6375dfa5fa0a8080],
PUP.Optional.MultiPlug, C:\ProgramData\ihofpddlonjdejobgdlmbliclkmhpjag\background.html, Quarantined, [f73293bf35567abc6375dfa5fa0a8080],
PUP.Optional.MultiPlug, C:\ProgramData\ihofpddlonjdejobgdlmbliclkmhpjag\content.js, Quarantined, [f73293bf35567abc6375dfa5fa0a8080],
PUP.Optional.MultiPlug, C:\ProgramData\ihofpddlonjdejobgdlmbliclkmhpjag\manifest.json, Quarantined, [f73293bf35567abc6375dfa5fa0a8080],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\01d803de0eaab875daeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\92d7c5fd76e0c5a5daeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\11dc18ba63700df9daeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\1451e0aa2bc0e546daeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\166d7a9c75fa11cbdaeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\1a23e23590c1fbf4daeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\29ec9b72a15a8627daeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\2c8582ccba4cc27ddaeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\3b666fd215f9c6e1daeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\4775d99c57b1799edaeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\7b454519bbfb9c52daeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\819693f039685626daeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\94ed4de9ca3f8249daeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\954accd1ef18255bdaeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\9809bbaa207c3dbddaeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\9937b805c8966bb4daeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\bed232c5fa70e024daeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\c55315d06955828adaeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\c5dda88116364677daeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\d1b823d8a4cc4149daeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
PUP.Optional.Happy2Save, C:\Program Files (x86)\HaapPy2SAve\Ql94jBJunmEHPP.tlb, Quarantined, [c564163c6a218aac142c1496e024946c],
PUP.Optional.Happy2Save, C:\Program Files (x86)\HaapPy2SAve\Ql94jBJunmEHPP.dat, Quarantined, [c564163c6a218aac142c1496e024946c],
PUP.Optional.MyPCBackup, C:\Windows\System32\Tasks\LaunchPreSignup, Quarantined, [0d1cc38f078411254b5a15a37a8a738d],
PUP.Optional.PastaLeads, C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage, Quarantined, [59d06ae89cef5adcfac9ad0ebc48b34d],
PUP.Optional.PastaLeads, C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage-journal, Quarantined, [111850022d5e84b2a1225863f60ee719],
PUP.Optional.PCKeeper, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kromtech\PCKeeper.lnk, Quarantined, [cd5c242eacdff24446ce922a50b456aa],
PUP.Optional.PCKeeper, C:\Windows\System32\Tasks\PCKeeper updater, Quarantined, [42e78bc7d6b5a78f41d4d5e75ba9cc34],
PUP.Optional.PricePeep, C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage, Delete-on-Reboot, [bc6d1c36e8a30432942fc9f5c63efb05],
PUP.Optional.PricePeep, C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal, Quarantined, [65c454fe90fb39fd4281883618ec60a0],
PUP.Optional.ReMarkable, C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, Delete-on-Reboot, [eb3e9bb78ffc2f078d584878d52fe818],
PUP.Optional.ReMarkable, C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, Delete-on-Reboot, [b77232206c1fbf77588dd6eaa262966a],
PUP.Optional.SelectNGo, C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage, Quarantined, [d356b69cccbf52e44d1a0fb6798b38c8],
PUP.Optional.SelectNGo, C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage-journal, Quarantined, [f8319eb4c7c4d5611c4bc8fdfa0ad12f],
PUP.Optional.ShoppingGate, C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage, Quarantined, [ff2a0b474e3d6ec83522ebdbc3419d63],
PUP.Optional.ShoppingGate, C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage-journal, Quarantined, [c267f35f8ffc3bfbb3a4f7cf12f20ff1],
PUP.Optional.Superclean, C:\Windows\System32\Tasks\Superclean, Quarantined, [67c29bb76c1f75c17c363d8da55feb15],
PUP.Optional.Superclean, C:\Windows\Tasks\Superclean.job, Quarantined, [4adff16125669d994a698f3b3ec6bd43],
PUP.Optional.SuperOptimizer, C:\ProgramData\{79f8ffd1-2cde-2270-79f8-8ffd12cdff44}\hqghumeaylnlf.dat, Quarantined, [70b963efbdcecf67309f3b8fa85cd828],
PUP.Optional.SuperOptimizer, C:\ProgramData\{79f8ffd1-2cde-2270-79f8-8ffd12cdff44}\3a6da7a248e4c787, Quarantined, [70b963efbdcecf67309f3b8fa85cd828],
PUP.Optional.SuperOptimizer, C:\ProgramData\{79f8ffd1-2cde-2270-79f8-8ffd12cdff44}\dcd715bb194ccd7, Quarantined, [70b963efbdcecf67309f3b8fa85cd828],
PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\CrashReportSender.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\OneClickFixService.exe0.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\OneClickFixService.exe1.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\OneClickFixService.exe2.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\OneClickFixService.exe3.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\OneClickFixService.exe4.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\PCKeeper.exe0.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\PCKeeper.exe1.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\PCKeeper.exe2.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\PCKeeper.exe3.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\PCKeeper.exe4.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\PCKeeper.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\PCKeeperService.exe0.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\PCKeeperService.exe1.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\PCKeeperService.exe2.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\PCKeeperService.exe3.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\PCKeeperService.exe4.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\PCKeeperService.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\RegistryCleanerComponent.dll0.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\RegistryCleanerComponent.dll1.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\ProblemFinder\RegistryScan.xml, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\ProblemFinder\ScanReport.xml, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\ProblemFinder\SystemScan.xml, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\PCKeeper.Shared.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\AntiTheftServiceLibrary.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\AppRemFolder.exe, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\Contracts.Account.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\Contracts.PCKeeper.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\Controls.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\CrashReportSender.exe, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\DiskCleanerComponent.dll, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\DiskCleanerComponentPS.dll, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\DrvInstaller.exe, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\Elevator.exe, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\fileHiders.inf, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\fileHiders.sys, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\Ionic.Zip.dll, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\LocalizationHelpers.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\ManagedWifi.dll, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\Microsoft.Expression.Drawing.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\Microsoft.Expression.Interactions.dll, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\NativeMethods.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\Newtonsoft.Json.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\Ninject.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\NLog.config, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\NLog.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\OcfElevator.exe, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\OneClickFixServiceLibrary.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\OneClickFixServicePS.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\PCKeeperCore.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\PCKeeperServiceCore.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\PCKeeperServicePS.dll, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\PCKeeperShellExt32.dll, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\PCKeeperShellExt64.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\PCKElevatedHost.exe, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\PCKObjFactory.dll, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\PCKObjFactoryPS.dll, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\RegistryCleanerComponent.dll, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\RegistryCleanerComponentPS.dll, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\ServiceInfrastructure.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\SharedLibrary.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\SharedNativeLibrary.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\SharedNativeLibraryPS.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\SQLite.Interop.dll, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\System.Data.SQLite.dll, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\System.Windows.Interactivity.dll, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\SystemContextMenu.dll, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\TokenPrivileges.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\UtilitiesServiceLibrary.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\WebCamFrameCaptureComponent.dll, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\WebCamFrameCaptureComponentPS.dll, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\ZBAnalytics.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\ZBAnalyticsCore.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
PUP.Optional.RandomPrice, C:\Program Files (x86)\RAndoMPrice\RAndoMPrice.dat, Quarantined, [23067fd38dfe9b9bcde0a688b053a060],
PUP.Optional.SearchProtect, C:\Users\Zee\AppData\Local\avabvdxvy\mkfvxfk, Quarantined, [85a4de74a4e714228839d060c3402cd4],
PUP.Optional.SearchProtect, C:\Users\Zee\AppData\Local\avabvdxvy\qokvxfk, Quarantined, [85a4de74a4e714228839d060c3402cd4],
PUP.Optional.SearchProtect, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, Quarantined, [bf6a6ce6acdf92a4fdcb84ac9d66bc44],
PUP.Optional.Managera, C:\Users\Zee\AppData\Local\Temp\39fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, Quarantined, [d35664eee1aaa591f77b0e2dce35ca36],
PUP.Optional.Managera, C:\Users\Zee\AppData\Local\Temp\39fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, Quarantined, [d35664eee1aaa591f77b0e2dce35ca36],
PUP.Optional.ExTutil, C:\Users\Zee\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, Quarantined, [9c8d6ae8a1eaca6cf695c27936cdb64a],
PUP.Optional.ExTutil, C:\Users\Zee\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, Quarantined, [9c8d6ae8a1eaca6cf695c27936cdb64a],
PUP.Optional.ExTutil, C:\Users\Zee\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, Quarantined, [9c8d6ae8a1eaca6cf695c27936cdb64a],

Physical Sectors: 0
(No malicious items detected)

(end)

Chelsey Zero · Oct 1, 2015

# AdwCleaner v5.009 - Logfile created 01/10/2015 at 20:52:05
# Updated 27/09/2015 by Xplode
# Database : 2015-09-30.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Zee - SIEGFRIED
# Running from : C:\Users\Zee\Desktop\adwcleaner_5.009.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : fileHiders

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\Kromtech
[-] Folder Deleted : C:\Program Files (x86)\OLBPre
[-] Folder Deleted : C:\Program Files (x86)\bestadblocker
[!] Folder Not Deleted : C:\Program Files (x86)\bestadblocker
[-] Folder Deleted : C:\Program Files (x86)\CUtThePricce
[-] Folder Deleted : C:\Program Files (x86)\Haappiy2Save
[-] Folder Deleted : C:\Program Files (x86)\RandOOmPrice
[-] Folder Deleted : C:\Program Files (x86)\RRanidomPurICCe
[-] Folder Deleted : C:\Program Files (x86)\FindMeFreebies
[-] Folder Deleted : C:\ProgramData\Kromtech
[-] Folder Deleted : C:\ProgramData\b274f2400000337d
[-] Folder Deleted : C:\ProgramData\{172bd555-2ca7-dbaf-172b-bd5552ca5554}
[-] Folder Deleted : C:\ProgramData\{74406929-64d1-9d72-7440-0692964da4a5}
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kromtech
[-] Folder Deleted : C:\Users\Zee\AppData\Local\Kromtech

***** [ Files ] *****

[-] File Deleted : C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_secure.reimageplus.com_0.localstorage
[-] File Deleted : C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_secure.reimageplus.com_0.localstorage-journal
[-] File Deleted : C:\WINDOWS\Reimage.ini
[-] File Deleted : C:\WINDOWS\Sysnative\drivers\fileHiders.sys

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

[-] Task Deleted : PCKeeper updater
[-] Task Deleted : ASUS Splendid ColorU

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
[-] Key Deleted : HKLM\SOFTWARE\Classes\P00F1293C_CC93_4BDD_A199_2E5C4E64FFC7_.P00F1293C_CC93_4BDD_A199_2E5C4E64FFC7_
[-] Key Deleted : HKLM\SOFTWARE\Classes\P00F1293C_CC93_4BDD_A199_2E5C4E64FFC7_.P00F1293C_CC93_4BDD_A199_2E5C4E64FFC7_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\P1DACA1FC_42D3_42A6_8749_7A28F848A3C8_.P1DACA1FC_42D3_42A6_8749_7A28F848A3C8_
[-] Key Deleted : HKLM\SOFTWARE\Classes\P1DACA1FC_42D3_42A6_8749_7A28F848A3C8_.P1DACA1FC_42D3_42A6_8749_7A28F848A3C8_.9
[-] Key Deleted : HKLM\SOFTWARE\Classes\P70EB1D5C_41C1_464F_8964_D55680261267_.P70EB1D5C_41C1_464F_8964_D55680261267_
[-] Key Deleted : HKLM\SOFTWARE\Classes\P70EB1D5C_41C1_464F_8964_D55680261267_.P70EB1D5C_41C1_464F_8964_D55680261267_.9
[-] Key Deleted : HKLM\SOFTWARE\10d5dd8d-f0d9-ec22-6741-3aa59e4ee8e1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00F1293C-CC93-4BDD-A199-2E5C4E64FFC7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1DACA1FC-42D3-42A6-8749-7A28F848A3C8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70EB1D5C-41C1-464F-8964-D55680261267}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{330ED369-73D2-49BC-AC43-1E21602F742D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BB1C0445-8E37-4D66-B4E4-947E53F654A8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FDA3E1DF-B9C8-4A1A-A646-58E5E01520E4}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00F1293C-CC93-4BDD-A199-2E5C4E64FFC7}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1DACA1FC-42D3-42A6-8749-7A28F848A3C8}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00F1293C-CC93-4BDD-A199-2E5C4E64FFC7}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1DACA1FC-42D3-42A6-8749-7A28F848A3C8}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{00F1293C-CC93-4BDD-A199-2E5C4E64FFC7}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1DACA1FC-42D3-42A6-8749-7A28F848A3C8}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{70EB1D5C-41C1-464F-8964-D55680261267}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{00F1293C-CC93-4BDD-A199-2E5C4E64FFC7}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{1DACA1FC-42D3-42A6-8749-7A28F848A3C8}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{70EB1D5C-41C1-464F-8964-D55680261267}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{00F1293C-CC93-4BDD-A199-2E5C4E64FFC7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{1DACA1FC-42D3-42A6-8749-7A28F848A3C8}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{70EB1D5C-41C1-464F-8964-D55680261267}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKCU\Software\Reimage
[-] Key Deleted : HKCU\Software\Kromtech
[-] Key Deleted : HKCU\Software\WEBAPP
[-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E957849A-94AC-6F46-4623-C31474E3C170}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
[!] Key Not Deleted : [x64] HKCU\Software\Reimage
[!] Key Not Deleted : [x64] HKCU\Software\Kromtech
[!] Key Not Deleted : [x64] HKCU\Software\WEBAPP
[-] Key Deleted : [x64] HKLM\SOFTWARE\Reimage
[-] Key Deleted : [x64] HKLM\SOFTWARE\Kromtech

***** [ Web browsers ] *****

[-] [C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://vosteran.com/?f=7&a=vst_ggbc_14_48_ch&cd=2XzuyEtN2Y1L1Qzu0EtDtA0FyEzy0D0Dzz0E0EyB0Bzy0DtBtN0D0Tzu0StCtDyCtDtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0EyE0B0D0E0DyCtG0FtBtA0BtGtD0AzzzztGzztDtBzztGtD0CtD0F0DtDyC0D0AyCyCyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtDyD0A0EyBzyzytG0BtByCtAtGyE0Bzy0EtG0AyByCzytGzy0F0EtB0DtAzztCzytAtD0B2Q&cr=1720223081&ir=
[-] [C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.trovi.com/?gd=&ctid=CT3333527&octid=EB_ORIGINAL_CTID&ISID=M28A9DCAE-80E4-4101-A319-3EE6422D513D&SearchSource=55&CUI=&UM=8&UP=SP2C45CFA0-8759-45E5-9B51-F5036DD4D3BB&D=063015&SSPV=SP302TA_sp_ch
[-] [C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : dlnembnfbcpjnepmfjmngjenhhajpdfd
[-] [C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [9095 bytes] ##########

Solved Pop Up Hell Continues

Posts: 32 +0

Posts: 32 +0

Posts: 56,041 +516

Posts: 32 +0

Posts: 56,041 +516

Posts: 32 +0

Posts: 32 +0

Posts: 56,041 +516

Attachments

Posts: 32 +0

Posts: 32 +0

Posts: 56,041 +516

Posts: 32 +0

Posts: 32 +0

Posts: 32 +0

Posts: 56,041 +516

Posts: 32 +0

Posts: 32 +0

Posts: 32 +0

Posts: 56,041 +516

Posts: 32 +0

Posts: 32 +0

Posts: 56,041 +516

Posts: 32 +0

Posts: 32 +0

Posts: 32 +0

Similar threads