TechSpot

Pop Up Hell Continues

By Chelsey Zero
Oct 1, 2015
  1. So, I've been having insanely awful pop ups, constantly.
    I started a thread not too long ago, and recieved some great help. I purchased a years worth of ReImage PC repair, that is working right now.
    I also have pop-up blocker on my google chrome, but it doesn't seem to always help.
    I'm really hoping that the malware or virus's are removed, and I'm rather broke and can't afford more than what I have already invested in, being it was a link attatched to the last thread I started.
    But I can't click anywhere on my laptop without a new window opening up and it's hard to close it without the sound of a "pop up detected" thing blasting on the speaker. It's extremely aggrivating, being that I use my laptop for multiple school uses.
    More help would be really appreciated,
    Cheers.
     
  2. Chelsey Zero

    Chelsey Zero TS Rookie Topic Starter Posts: 32

    Also, LOTS of words will be in large, blue, bold format, and god forbid if I accidentally click them. Constant adds popping up as well.
     
  3. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    [​IMG] I strongly suggest you uninstall Reimage, which is nothing but a scam and waste of your money.
    On a top of it it may cause more problem for your computer than fix anything.
     
  4. Chelsey Zero

    Chelsey Zero TS Rookie Topic Starter Posts: 32

    How do I reinstall it and get my money back? I literally just bought it but now I'm getting worried...
    I found the link of it on one of the recommended links on this site...
     
  5. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Uninstall it through Control Panel>Programs & Features.
    As for money back, I'm not sure. You can try contact Reimage.
    As for it being advertised here I'll contact this site owner.
     
  6. Chelsey Zero

    Chelsey Zero TS Rookie Topic Starter Posts: 32

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-09-2015
    Ran by Zee (administrator) on SIEGFRIED (01-10-2015 16:51:49)
    Running from C:\Users\Zee\Downloads
    Loaded Profiles: Zee (Available Profiles: Zee)
    Platform: Windows 8.1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (Kromtech) C:\Program Files\Kromtech\Common\AccountService.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
    () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Kromtech) C:\Program Files\Kromtech\PCKeeper\OneClickFixService.exe
    () C:\Windows\SysWOW64\PSIService.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    (ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
    (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    (Kromtech) C:\Program Files\Kromtech\PCKeeper\PCKeeperService.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Spotify Ltd) C:\Users\Zee\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Kromtech) C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe
    (Spotify Ltd) C:\Users\Zee\AppData\Roaming\Spotify\Spotify.exe
    (Spotify Ltd) C:\Users\Zee\AppData\Roaming\Spotify\SpotifyCrashService.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    Apple[​IMG] Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files Java[​IMG]\Java Update\jusched.exe
    (Spotify Ltd) C:\Users\Zee\AppData\Roaming\Spotify\Spotify.exe
    (Spotify Ltd) C:\Users\Zee\AppData\Roaming\Spotify\Spotify.exe
    (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (ASUSTeK Computer[​IMG] Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
    (ASUSTeK Computer[​IMG] Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype Phone[​IMG]\Skype.exe
    (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    (Kromtech) C:\Program Files\Kromtech\PCKeeper\PCKElevatedHost.exe
    (Microsoft Corporation) C:\Users\Zee\AppData\Local\Temp\C65D3B7E-EC07-47A2-9746-18E216493CBC\DismHost.exe
    (Microsoft Corporation) C:\Users\Zee\AppData\Local\Temp\2951A43F-82C0-4437-910E-3CF35233E96A\DismHost.exe
    (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
    Reimage[​IMG]®) C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
    () C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
    (reimage) C:\Program Files\Reimage Reimage Repair[​IMG]\Reimage.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    () C:\Program Files (x86)\DNS Unlocker\dnselsmore.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [79376 2013-07-31] (Intel Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files iTunes[​IMG]\iTunesHelper.exe [170256 2015-09-15] Apple[​IMG] Inc.)
    HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-26] (ASUSTek Computer Inc.)
    HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-18] (ASUS Cloud Corporation)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
    HKLM-x32\...\Run: Adobe[​IMG] ARM] => C:\Program Files (x86)\Common Files Adobe[​IMG]\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
    HKLM-x32\...\RunOnce: [Kufab] => C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Zee\AppData Local[​IMG]\79ABD6~1\Gefok.dat"
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    HKU\S-1-5-21-219251710-3609435933-1062541636-1001\...\Run: Driver Support[​IMG]] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe /applicationMode:systemTray /showWelcome:false
    HKU\S-1-5-21-219251710-3609435933-1062541636-1001\...\Run: [Spotify Web Helper] => C:\Users\Zee\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2025016 2015-09-19] (Spotify Ltd)
    HKU\S-1-5-21-219251710-3609435933-1062541636-1001\...\Run: [GoogleChromeAutoLaunch_429EA7A6AFFDF60B477DCFBFAB034A53] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-07] (Google Inc.)
    HKU\S-1-5-21-219251710-3609435933-1062541636-1001\...\Run: [PCKeeper2] => C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe [915888 2015-07-07] (Kromtech)
    HKU\S-1-5-21-219251710-3609435933-1062541636-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype Phone[​IMG]\Skype.exe [55358992 2015-09-04] (Skype Technologies S.A.)
    HKU\S-1-5-21-219251710-3609435933-1062541636-1001\...\Run: [Spotify] => C:\Users\Zee\AppData\Roaming\Spotify\Spotify.exe [7571000 2015-09-19] (Spotify Ltd)
    HKU\S-1-5-21-219251710-3609435933-1062541636-1001\Control Panel Desktop[​IMG]\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [217088 2014-10-28] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    CHR HKU\S-1-5-21-219251710-3609435933-1062541636-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 12.127.16.67 12.127.17.71
    Tcpip\..\Interfaces\{517C7435-7394-4CC6-8FE0-CF55D21C445A}: [NameServer] 82.163.143.172,82.163.142.174
    Tcpip\..\Interfaces\{517C7435-7394-4CC6-8FE0-CF55D21C445A}: [DhcpNameServer] 12.127.16.67 12.127.17.71

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-219251710-3609435933-1062541636-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130850026659167361&GUID=2110083A-08F2-4835-8264-2C2F9B6B5A02
    HKU\S-1-5-21-219251710-3609435933-1062541636-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-219251710-3609435933-1062541636-1001 -> DefaultScope {15573B70-CEDB-46CA-BD97-1204A59CA0EA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-219251710-3609435933-1062541636-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333527&octid=EB_ORIGINAL_CTID&ISID=M28A9DCAE-80E4-4101-A319-3EE6422D513D&SearchSource=58&CUI=&UM=8&UP=SP2C45CFA0-8759-45E5-9B51-F5036DD4D3BB&D=063015&q={searchTerms}&SSPV=SP302TA_sp_ie
    SearchScopes: HKU\S-1-5-21-219251710-3609435933-1062541636-1001 -> {15573B70-CEDB-46CA-BD97-1204A59CA0EA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKU\S-1-5-21-219251710-3609435933-1062541636-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

    FireFox:
    ========
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-31] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-31] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2014-12-13] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-12-13] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.5\npGoogleUpdate3.dll [2015-08-11] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.5\npGoogleUpdate3.dll [2015-08-11] (Google Inc.)
    FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.4 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2010-06-20] (Wacom, Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://google.com/
    CHR StartupUrls: Default -> "hxxp://google.com/","hxxp://search.genieo.com/?v=genTugM","hxxp://maclab.academyart.edu/wiki/projects/maclab/blog","hxxps://wirelessauth1.academyart.edu/login.html?redirect=www.gstatic.com/generate_204","hxxp://www.academyart.edu/","hxxp://vosteran.com/?f=7&a=vst_ggbc_14_48_ch&cd=2XzuyEtN2Y1L1Qzu0EtDtA0FyEzy0D0Dzz0E0EyB0Bzy0DtBtN0D0Tzu0StCtDyCtDtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0EyE0B0D0E0DyCtG0FtBtA0BtGtD0AzzzztGzztDtBzztGtD0CtD0F0DtDyC0D0AyCyCyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtDyD0A0EyBzyzytG0BtByCtAtGyE0Bzy0EtG0AyByCzytGzy0F0EtB0DtAzztCzytAtD0B2Q&cr=1720223081&ir=","hxxp://www.trovi.com/?gd=&ctid=CT3333527&octid=EB_ORIGINAL_CTID&ISID=M28A9DCAE-80E4-4101-A319-3EE6422D513D&SearchSource=55&CUI=&UM=8&UP=SP2C45CFA0-8759-45E5-9B51-F5036DD4D3BB&D=063015&SSPV=SP302TA_sp_ch"
    CHR Profile: C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Translate) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-06-30]
    CHR Extension: (Entanglement Web App) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2015-09-10]
    CHR Extension: (Your Second Phone) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\afgcliennfocnaoenlkmlhoakpaflpgo [2015-09-10]
    CHR Extension: (BIODIGITAL HUMAN) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak [2015-09-10]
    CHR Extension: (Google Drive) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-30]
    CHR Extension: (AdBlock for Grooveshark) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfoohbomhfjbdpdipnenfaoandbhkbmg [2015-06-30]
    CHR Extension: (Adblock Plus) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-08]
    CHR Extension: (Learn Italian - Molto Bene) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadgddaepklpemjojmnhgdjmmkmefihe [2015-09-10]
    CHR Extension: (Pixlr-o-matic) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj [2015-09-10]
    CHR Extension: (AdBlock) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-06-30]
    CHR Extension: (Cut the Rope) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2015-09-10]
    CHR Extension: (ExhibitCore Floor Planner) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkppejbflghogimlfghbaigiekmjpalf [2015-09-10]
    CHR Extension: (Skyrama) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlehaidnnmjjkhgbbiombcdifogolhap [2015-09-10]
    CHR Extension: (Wave Accounting) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\knpkfcpnjfbniadmfchjpcigfhookhaa [2015-09-10]
    CHR Extension: (Evernote Web) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-09-10]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-17]
    CHR Extension: (Skype Click to Call) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-08]
    CHR Extension: (TumTaster) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nanfbkacbckngfcklahdgfagjlghfbgm [2015-06-30]
    CHR Extension: (GW2TP) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchjpcdehbipdfjapdmgnoljndealpbd [2015-06-30]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-08]
    CHR Extension: (Tumblr Savior) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip [2015-06-30]
    CHR Extension: (My Chrome Theme) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2015-06-30]
    CHR Extension: (Instagram for Chrome) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2015-06-30]
    CHR Extension: (Gir Theme) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pifnaclcibjejklkfjegfcbagcdkidim [2015-06-30]
    CHR Extension: (BodBot Personal Fit Trainer) - C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppnkdiaelidjhcebhmgemlpnghbdgjhk [2015-09-10]
    CHR Extension: (Extutil) - C:\Users\Zee\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B [2015-06-30]
    CHR Extension: (Managera) - C:\Users\Zee\AppData\Local\Temp\39fdaae5-8e0e-493c-88ec-e05c3be06e42 [2015-06-30]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 5965d732; c:\Program Files (x86)\ProcessProc\ProcessProc.dll [2662912 2015-06-30] () [File not signed]
    R2 AccountService; C:\Program Files\Kromtech\Common\AccountService.exe [211248 2015-02-04] (Kromtech) <==== ATTENTION
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
    R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-07-23] (ASUS)
    R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-18] () [File not signed]
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
    R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [83032 2013-07-31] (Intel Corporation)
    R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [100032 2013-07-31] (Intel Corporation)
    R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [84568 2013-07-31] (Intel Corporation)
    R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [92864 2013-07-31] (Intel Corporation)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-31] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-31] (Intel Corporation)
    R2 PCKeeper2Service; C:\Program Files\Kromtech\PCKeeper\PCKeeperService.exe [191792 2015-07-07] (Kromtech) <==== ATTENTION
    R2 PCKeeperOcfService; C:\Program Files\Kromtech\PCKeeper\OneClickFixService.exe [1136856 2015-07-07] (Kromtech) <==== ATTENTION
    U2 ProtexisLicensing; C:\WINDOWS\SysWOW64\PSIService.exe [177704 2007-06-05] ()
    R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [7743472 2015-08-19] (Reimage®)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
    S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
    S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70416 2013-09-23] (ASUS Corporation)
    R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [57216 2013-07-31] (Intel Corporation)
    R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [120256 2013-07-31] (Intel Corporation)
    R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [200808 2013-07-31] (Intel Corporation)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    S3 fileHiders; C:\Windows\System32\DRIVERS\fileHiders.sys [32696 2015-07-07] () <==== ATTENTION
    R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-31] (Intel Corporation)
    R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-07-23] (Windows (R) Win 7 DDK provider)
    R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [460872 2013-03-08] (RTS Corporation)
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
    R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
    S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]
    S1 {91975f83-f39c-43cf-aad4-0b3396b0f6db}Gw64; system32\drivers\{91975f83-f39c-43cf-aad4-0b3396b0f6db}Gw64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-10-01 16:51 - 2015-10-01 16:53 - 00025588 _____ C:\Users\Zee\Downloads\FRST.txt
    2015-10-01 16:51 - 2015-10-01 16:51 - 00000000 ____D C:\FRST
    2015-10-01 16:50 - 2015-10-01 16:50 - 02192384 _____ (Farbar) C:\Users\Zee\Downloads\FRST64.exe
    2015-10-01 16:48 - 2015-10-01 16:48 - 00002259 _____ C:\WINDOWS\epplauncher.mif
    2015-10-01 16:48 - 2015-10-01 16:48 - 00000000 ____D C:\151a20f458a77dea01ad33b5a9c5
    2015-10-01 16:47 - 2015-10-01 16:47 - 00000000 ____D C:\Users\Zee\Desktop\Surrealism
    2015-10-01 16:46 - 2015-10-01 16:48 - 14243008 _____ (Microsoft Corporation) C:\Users\Zee\Downloads\mseinstall64.exe
    2015-10-01 16:22 - 2015-10-01 16:26 - 00000000 ____D C:\ReimageUndo
    2015-10-01 16:04 - 2015-10-01 16:04 - 00004272 _____ C:\WINDOWS\System32\Tasks\ReimageUpdater
    2015-10-01 16:03 - 2015-10-01 16:21 - 00000000 ____D C:\rei
    2015-10-01 16:03 - 2015-10-01 16:04 - 00000000 ____D C:\ProgramData\Reimage Protector
    2015-10-01 16:03 - 2015-10-01 16:04 - 00000000 ____D C:\Program Files\Reimage
    2015-10-01 16:03 - 2015-10-01 16:03 - 00001919 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
    2015-10-01 16:03 - 2015-10-01 16:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair
    2015-10-01 16:00 - 2015-10-01 16:05 - 00000139 _____ C:\WINDOWS\Reimage.ini
    2015-10-01 15:57 - 2015-10-01 16:06 - 00772016 _____ (Reimage®) C:\Users\Zee\Downloads\reimagerepair.exe
    2015-09-30 14:53 - 2015-09-30 21:41 - 00000000 ____D C:\Users\Zee\Desktop\School
    2015-09-28 17:24 - 2015-09-28 18:52 - 37822087 _____ C:\Users\Zee\Desktop\Death Acolyte.psd
    2015-09-24 16:50 - 2015-09-24 16:50 - 00001767 _____ C:\Users\Public\Desktop\iTunes.lnk
    2015-09-24 16:50 - 2015-09-24 16:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2015-09-24 16:49 - 2015-09-24 16:50 - 00000000 ____D C:\Program Files\iTunes
    2015-09-24 16:49 - 2015-09-24 16:49 - 00000000 ____D C:\Program Files\iPod
    2015-09-24 16:49 - 2015-09-24 16:49 - 00000000 ____D C:\Program Files (x86)\iTunes
    2015-09-24 16:45 - 2015-09-24 16:45 - 00000000 ____D C:\Program Files\Bonjour
    2015-09-24 16:45 - 2015-09-24 16:45 - 00000000 ____D C:\Program Files (x86)\Bonjour
    2015-09-24 16:44 - 2015-09-24 16:44 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
    2015-09-24 16:44 - 2015-09-24 16:44 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2015-09-19 22:58 - 2015-09-19 22:58 - 00484118 _____ C:\Users\Zee\Downloads\ROTTEN LOUSY KID (1).wmv
    2015-09-19 22:53 - 2015-09-19 22:53 - 00484118 _____ C:\Users\Zee\Downloads\ROTTEN LOUSY KID.wmv
    2015-09-19 22:44 - 2015-09-19 22:44 - 02579068 _____ C:\Users\Zee\Downloads\Starboard.wmv
    2015-09-19 22:44 - 2015-09-19 22:44 - 01575776 _____ C:\Users\Zee\Downloads\GROSSEST.wmv
    2015-09-19 22:43 - 2015-09-19 22:44 - 01897812 _____ C:\Users\Zee\Downloads\TRASHY HALLOWEEN.wmv
    2015-09-19 22:43 - 2015-09-19 22:44 - 01359536 _____ C:\Users\Zee\Downloads\HOLIDAY SHAYE.wmv
    2015-09-19 22:43 - 2015-09-19 22:43 - 02410506 _____ C:\Users\Zee\Downloads\Thrift Store.wmv
    2015-09-19 22:43 - 2015-09-19 22:43 - 01738540 _____ C:\Users\Zee\Downloads\OUT FOR A PUSH.wmv
    2015-09-19 22:43 - 2015-09-19 22:43 - 01721926 _____ C:\Users\Zee\Downloads\Happy-Turkey-Day-excerpt.wmv
    2015-09-19 22:42 - 2015-09-19 22:42 - 02572102 _____ C:\Users\Zee\Downloads\WIRE THERAPY.wmv
    2015-09-19 22:42 - 2015-09-19 22:42 - 00541092 _____ C:\Users\Zee\Downloads\WASHROOM1.wmv
    2015-09-19 22:28 - 2015-09-19 22:28 - 00456208 _____ C:\Users\Zee\Downloads\hollywood-hello.wmv
    2015-09-16 20:35 - 2015-09-16 20:37 - 00000000 ____D C:\Users\Zee\Downloads\twins
    2015-09-16 20:34 - 2015-09-16 20:34 - 06951980 _____ C:\Users\Zee\Downloads\twins.zip
    2015-09-14 21:24 - 2015-09-20 00:06 - 00000000 ____D C:\Users\Zee\Desktop\10 artists
    2015-09-14 11:04 - 2015-09-14 21:46 - 00000000 ____D C:\Users\Zee\Desktop\illustration 3
    2015-09-13 23:37 - 2015-09-13 23:37 - 00026352 _____ C:\WINDOWS\System32\Tasks\DNSELSMORE
    2015-09-13 23:37 - 2015-09-13 23:37 - 00000000 ____D C:\Program Files (x86)\DNS Unlocker
    2015-09-10 22:48 - 2015-09-10 22:49 - 00384435 _____ C:\Users\Zee\Downloads\MtOXgOVF.htm
    2015-09-09 19:30 - 2015-09-09 19:43 - 00000000 ____D C:\Users\Zee\Desktop\horror movie bruhs
    2015-09-09 10:02 - 2015-07-22 07:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
    2015-09-09 10:02 - 2015-07-22 06:52 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2015-09-09 10:02 - 2015-07-17 07:15 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
    2015-09-09 10:02 - 2015-07-17 07:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
    2015-09-09 10:02 - 2015-07-09 09:14 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
    2015-09-09 10:02 - 2015-07-03 14:51 - 01380056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
    2015-09-09 10:02 - 2015-07-03 07:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
    2015-09-09 10:02 - 2015-06-27 04:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
    2015-09-09 10:02 - 2015-06-19 10:07 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
    2015-09-09 10:01 - 2015-09-02 19:18 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2015-09-09 10:01 - 2015-09-02 19:17 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2015-09-09 10:01 - 2015-09-02 11:48 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2015-09-09 10:01 - 2015-09-02 10:09 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
    2015-09-09 10:00 - 2015-07-13 12:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
    2015-09-08 21:52 - 2015-08-26 19:48 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2015-09-08 21:52 - 2015-08-26 11:00 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2015-09-08 21:52 - 2015-08-26 11:00 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
    2015-09-08 21:52 - 2015-08-26 11:00 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
    2015-09-08 21:52 - 2015-08-26 11:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
    2015-09-08 21:52 - 2015-08-26 07:46 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2015-09-08 21:52 - 2015-08-26 07:29 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
    2015-09-08 21:52 - 2015-08-26 07:27 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2015-09-08 21:52 - 2015-08-26 07:27 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
    2015-09-08 21:52 - 2015-08-26 07:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
    2015-09-08 21:52 - 2015-08-26 07:26 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
    2015-09-08 21:52 - 2015-08-26 07:26 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
    2015-09-08 21:52 - 2015-08-22 11:19 - 25188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2015-09-08 21:52 - 2015-08-22 10:22 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2015-09-08 21:52 - 2015-07-30 10:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
    2015-09-08 21:52 - 2015-07-30 09:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
    2015-09-08 21:51 - 2015-09-01 19:56 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2015-09-08 21:51 - 2015-09-01 19:55 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2015-09-08 21:51 - 2015-09-01 19:50 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2015-09-08 21:51 - 2015-09-01 19:17 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
    2015-09-08 21:51 - 2015-09-01 19:13 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
    2015-09-08 21:51 - 2015-08-22 10:35 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2015-09-08 21:51 - 2015-08-22 10:34 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2015-09-08 21:51 - 2015-08-22 10:21 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2015-09-08 21:51 - 2015-08-22 10:20 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2015-09-08 21:51 - 2015-08-22 09:55 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2015-09-08 21:51 - 2015-08-22 09:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2015-09-08 21:51 - 2015-08-22 09:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2015-09-08 21:51 - 2015-08-22 09:45 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2015-09-08 21:51 - 2015-08-22 09:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
    2015-09-08 21:51 - 2015-08-22 09:41 - 14451712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2015-09-08 21:51 - 2015-08-22 09:41 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2015-09-08 21:51 - 2015-08-22 09:41 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2015-09-08 21:51 - 2015-08-22 09:41 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2015-09-08 21:51 - 2015-08-22 09:39 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2015-09-08 21:51 - 2015-08-22 09:28 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2015-09-08 21:51 - 2015-08-22 09:26 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2015-09-08 21:51 - 2015-08-22 09:23 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2015-09-08 21:51 - 2015-08-22 09:22 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2015-09-08 21:51 - 2015-08-22 09:20 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
    2015-09-08 21:51 - 2015-08-22 09:18 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2015-09-08 21:51 - 2015-08-22 09:18 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2015-09-08 21:51 - 2015-08-22 09:18 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2015-09-08 21:51 - 2015-08-22 09:14 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2015-09-08 21:51 - 2015-08-22 09:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2015-09-08 21:51 - 2015-08-22 09:00 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2015-09-08 21:51 - 2015-08-22 08:56 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2015-09-08 21:51 - 2015-08-22 08:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2015-09-08 21:51 - 2015-08-03 14:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
    2015-09-08 21:51 - 2015-08-03 14:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
    2015-09-08 21:51 - 2015-08-01 07:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
    2015-09-08 21:51 - 2015-07-31 20:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
    2015-09-08 21:51 - 2015-07-31 20:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
    2015-09-08 21:51 - 2015-07-31 20:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
    2015-09-08 21:51 - 2015-07-31 20:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
    2015-09-08 21:51 - 2015-07-31 20:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
    2015-09-08 21:51 - 2015-07-22 07:34 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
    2015-09-08 21:51 - 2015-07-22 07:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
    2015-09-08 21:51 - 2015-07-22 07:25 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
    2015-09-08 21:51 - 2015-07-22 07:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
    2015-09-08 21:51 - 2015-07-18 11:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
    2015-09-08 21:51 - 2015-07-18 11:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
    2015-09-08 21:51 - 2015-07-18 11:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
    2015-09-08 21:51 - 2015-07-18 11:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
    2015-09-08 21:50 - 2015-07-13 20:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
    2015-09-05 18:46 - 2015-09-05 19:34 - 00000000 ____D C:\Users\Zee\Desktop\Modeling!

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-10-01 16:53 - 2014-11-27 14:58 - 00000000 ____D C:\Users\Zee\AppData\Roaming\Skype
    2015-10-01 16:50 - 2014-11-27 17:13 - 00000000 ____D C:\Users\Zee\AppData\Roaming\Spotify
    2015-10-01 16:16 - 2015-01-04 01:09 - 01109883 _____ C:\WINDOWS\WindowsUpdate.log
    2015-10-01 16:10 - 2014-11-28 11:57 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-219251710-3609435933-1062541636-1001
    2015-10-01 16:00 - 2015-02-17 23:52 - 00370176 ___SH C:\Users\Zee\Downloads\Thumbs.db
    2015-10-01 16:00 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\sru
    2015-10-01 15:59 - 2014-11-27 06:45 - 00000062 _____ C:\Users\Zee\AppData\Roaming\sp_data.sys
    2015-10-01 15:53 - 2014-11-27 14:58 - 00000000 ____D C:\ProgramData\Skype
    2015-10-01 15:49 - 2015-01-04 00:55 - 00000000 ____D C:\Users\Zee
    2015-10-01 15:49 - 2014-11-27 17:13 - 00000000 ____D C:\Users\Zee\AppData\Local\Spotify
    2015-10-01 15:48 - 2013-08-22 07:46 - 00309754 _____ C:\WINDOWS\setupact.log
    2015-10-01 15:48 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2015-10-01 11:37 - 2015-08-21 23:37 - 00000356 _____ C:\WINDOWS\Tasks\Superclean.job
    2015-10-01 11:07 - 2015-01-14 16:41 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{02322EC3-D53D-42A4-A9E7-58E4F825D3A4}
    2015-10-01 11:06 - 2015-08-12 00:10 - 00000000 ____D C:\ProgramData\Kromtech
    2015-09-30 14:41 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\NDF
    2015-09-29 20:58 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\AppReadiness
    2015-09-28 17:10 - 2015-01-22 18:25 - 00523264 ___SH C:\Users\Zee\Desktop\Thumbs.db
    2015-09-27 19:15 - 2014-12-16 20:17 - 00000000 ____D C:\Users\Zee\AppData\Local\CrashDumps
    2015-09-27 13:12 - 2014-09-24 00:15 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2015-09-25 23:25 - 2015-08-11 23:51 - 00000000 ____D C:\Program Files (x86)\HaapPy2SAve
    2015-09-25 15:28 - 2014-11-28 13:00 - 00003474 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
    2015-09-25 15:28 - 2014-02-05 15:50 - 00003464 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
    2015-09-24 16:49 - 2015-02-12 16:11 - 00000000 ____D C:\Program Files\Common Files\Apple
    2015-09-24 16:44 - 2015-02-12 16:12 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2015-09-24 14:34 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
    2015-09-21 10:39 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp
    2015-09-14 18:18 - 2015-03-13 21:58 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2015-09-14 18:18 - 2015-03-13 21:58 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2015-09-14 11:40 - 2015-04-29 16:43 - 00000000 ____D C:\Users\Zee\Desktop\patches
    2015-09-12 11:41 - 2014-11-30 19:40 - 00000000 ____D C:\WINDOWS\system32\MRT
    2015-09-11 11:19 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\rescache
    2015-09-10 19:41 - 2013-08-22 07:44 - 00346784 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2015-09-10 19:39 - 2014-12-13 15:50 - 00000000 ____D C:\ProgramData\Norton
    2015-09-10 19:39 - 2014-09-24 00:03 - 00824762 _____ C:\WINDOWS\PFRO.log
    2015-09-10 19:34 - 2014-09-23 23:53 - 00000000 ____D C:\Program Files\Windows Journal
    2015-09-10 19:34 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
    2015-09-10 11:20 - 2012-08-01 18:36 - 00000000 ____D C:\WINDOWS\Log
    2015-09-10 11:18 - 2014-11-27 17:05 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2015-09-09 19:39 - 2014-11-27 06:50 - 00000000 ____D C:\Users\Zee\AppData\Local\Google
    2015-09-01 13:41 - 2015-01-04 00:44 - 00000000 ___DC C:\WINDOWS\Panther
    2015-09-01 13:31 - 2015-08-11 23:50 - 00000000 ____D C:\Program Files (x86)\Haappiy2Save
    2015-09-01 13:31 - 2015-07-10 06:39 - 00000000 ___HD C:\$Windows.~BT
    2015-09-01 13:30 - 2015-08-11 23:51 - 00000000 ____D C:\Program Files (x86)\Mahjong
    2015-09-01 13:30 - 2015-07-07 14:54 - 00000000 ____D C:\Program Files (x86)\RAndoMPrice
    2015-09-01 13:26 - 2015-06-30 13:11 - 00000000 ____D C:\Program Files (x86)\CUtThePricce

    ==================== Files in the root of some directories =======

    2015-07-05 18:43 - 2015-08-17 13:17 - 0000024 _____ () C:\Users\Zee\AppData\Roaming\appdataFr25.bin
    2014-11-27 06:45 - 2015-10-01 15:59 - 0000062 _____ () C:\Users\Zee\AppData\Roaming\sp_data.sys
    2014-11-27 17:17 - 2015-05-07 15:17 - 0000198 _____ () C:\Users\Zee\AppData\Roaming\WB.CFG
    2014-11-29 12:17 - 2014-12-16 20:17 - 0000001 _____ () C:\Users\Zee\AppData\Local\DSI.DAT
    2014-12-16 20:17 - 2014-12-16 20:17 - 0022528 _____ () C:\Users\Zee\AppData\Local\dsisetup1758372652.exe
    2014-12-01 17:17 - 2014-12-01 17:17 - 0022528 _____ () C:\Users\Zee\AppData\Local\dsisetup3652680462.exe
    2014-11-29 12:17 - 2014-11-29 12:17 - 0022528 _____ () C:\Users\Zee\AppData\Local\dsisetup880681402.exe
    2015-01-04 00:48 - 2015-01-04 00:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2013-04-26 05:42 - 2012-09-07 04:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
    2013-04-26 05:42 - 2009-07-22 03:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
    2013-04-26 05:42 - 2012-09-07 04:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

    Files to move or delete:
    ====================
    C:\ProgramData\SetStretch.VBS


    Some files in TEMP:
    ====================
    C:\Users\Zee\AppData\Local\Temp\aff_setup0.exe
    C:\Users\Zee\AppData\Local\Temp\drm_dyndata_7370014.dll
    C:\Users\Zee\AppData\Local\Temp\jre-8u45-windows-au.exe
    C:\Users\Zee\AppData\Local\Temp\Quarantine.exe
    C:\Users\Zee\AppData\Local\Temp\ReimagePackage.exe
    C:\Users\Zee\AppData\Local\Temp\Setup.exe
    C:\Users\Zee\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Zee\AppData\Local\Temp\sqlite3.dll
    C:\Users\Zee\AppData\Local\Temp\supoptsetup.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-10-01 16:10

    ==================== End of FRST.txt ============================
     
  7. Chelsey Zero

    Chelsey Zero TS Rookie Topic Starter Posts: 32

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-09-2015
    Ran by Zee (2015-10-01 16:53:45)
    Running from C:\Users\Zee\Downloads
    Windows 8.1 (X64) (2015-01-04 08:34:19)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-219251710-3609435933-1062541636-500 - Administrator - Disabled)
    Guest (S-1-5-21-219251710-3609435933-1062541636-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-219251710-3609435933-1062541636-1005 - Limited - Enabled)
    Zee (S-1-5-21-219251710-3609435933-1062541636-1001 - Administrator - Enabled) => C:\Users\Zee

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    AccountService (Version: 1.1.66 - Kromtech) Hidden <==== ATTENTION
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)
    Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
    Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.04 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
    Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.4 - ASUS)
    ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.5 - ASUS)
    ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
    ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.5 - ASUS)
    ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0018 - ASUS)
    ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.7 - ASUS)
    ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
    ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5710.52 - CyberLink Corp.)
    ASUSDVD (x32 Version: 10.0.5710.52 - CyberLink Corp.) Hidden
    AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.310 - ASUSTEK)
    ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0030 - ASUS)
    Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Bamboo (HKLM\...\Pen Tablet Driver) (Version: - Wacom Technology Corp.)
    Bamboo (HKLM-x32\...\Pen Tablet Driver) (Version: - )
    Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Corel Painter Essentials 4 (HKLM-x32\...\_{53A908D4-99C6-469B-BC13-F4189F260742}) (Version: - Corel Corporation)
    Corel Painter Essentials 4 (x32 Version: 4.0 - Corel Corporation) Hidden
    Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
    CutterProc (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{285bff21}) (Version: - Software Publisher) <==== ATTENTION
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DNS Unlocker version 1.4 (HKLM-x32\...\{E1527582-8509-4011-B922-29E3FB548882}_is1) (Version: 1.4 - www.dnsunlocker.com) <==== ATTENTION
    Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.28.5 - Google Inc.) Hidden
    Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.0.0.2023 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.10.1550 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
    iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
    Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
    KeysScript (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{5965d732}) (Version: - KeysScript) <==== ATTENTION
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mischief-Free (HKLM-x32\...\Mischief-Free) (Version: - )
    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
    PCKeeper (Version: 2.2.1198 - Kromtech) Hidden <==== ATTENTION
    Peggle (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.2.2 - Reimage) <==== ATTENTION
    SectionDouble (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{bfd46d07}) (Version: - Software Publisher) <==== ATTENTION
    SeekerInstance (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{442b8ad0}) (Version: - Software Publisher) <==== ATTENTION
    SegmentAssister (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{4aad814a}) (Version: - Software Publisher) <==== ATTENTION
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
    Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.)
    Spotify (HKU\S-1-5-21-219251710-3609435933-1062541636-1001\...\Spotify) (Version: 1.0.14.124.g4dfabc51 - Spotify AB)
    Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
    UMPlayer (HKLM-x32\...\{F7A991BC-C432-4CE6-836A-E81A09708A72}) (Version: 0.98.0 - InstallX, LLC) <==== ATTENTION
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.5 - Wacom Technology Corp.)
    WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.4 - Wacom Technology Corp.)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.0 - WildTangent)
    WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
    Windows Driver Package - ASUS (ATP) Mouse (09/17/2013 1.0.0.186) (HKLM\...\D9E691DCEE7D3B9B7C62A7F5C2EAABBB9335DC9A) (Version: 09/17/2013 1.0.0.186 - ASUS)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Restore Points =========================

    12-09-2015 11:28:56 Windows Update
    19-09-2015 14:11:37 Scheduled Checkpoint
    26-09-2015 20:07:31 Scheduled Checkpoint
    01-10-2015 16:28:01 Reimage Repair Restore Point

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2012-07-25 22:26 - 2015-05-07 22:59 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0F9E3D5E-CAE3-4717-99F6-C99D307875D3} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-08-19] (ASUS)
    Task: {1072C687-680A-43AF-BB0A-62EC5EBF22AA} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-07-01] (ASUSTeK Computer Inc.)
    Task: {143714DD-E834-4367-87AC-B3F5293E506E} - System32\Tasks\PCKeeper updater => C:\ProgramData\Kromtech\installer.exe [2015-08-12] () <==== ATTENTION
    Task: {1BAE2485-5CF5-4DDF-B046-33C0609851E5} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
    Task: {2488AD7E-6C56-40DD-8D65-458EAB9059DC} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-07-01] (ASUSTeK Computer Inc.)
    Task: {2D3E8533-2D08-4AFF-A434-8094A2312967} - \Optimizer Pro Schedule -> No File <==== ATTENTION
    Task: {598E7255-4798-4426-B4AE-C28479F47217} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-07-09] ()
    Task: {626E0AF7-A6FA-4795-8DC5-1D5E684D3D7D} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation)
    Task: {790FEB5B-6A9C-4CA9-9199-8D2A5E214C3A} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2015-08-19] (Reimage®) <==== ATTENTION
    Task: {7CC57533-9D97-44A1-B152-F6E3A5E6651B} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-07-23] (ASUS)
    Task: {8EA1ABF3-53B0-419A-963B-A66BEFC0059D} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-08-16] (ASUSTeK Computer Inc.)
    Task: {9BF44206-88DA-4F3C-9124-80B1CBB3ACC8} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe [2015-08-11] () <==== ATTENTION
    Task: {A5A96FEA-5CCA-432E-9AAE-AEEE080EC12F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
    Task: {AEF96A65-EDE6-4957-96ED-100E893BDE18} - System32\Tasks\DNSELSMORE => C:\Program Files (x86)\DNS Unlocker\dnselsmore.exe [2015-09-10] ()
    Task: {BAEFFCC5-DB8E-4E39-9CC4-5DAE481D3688} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
    Task: {DFE18502-F82F-406D-A8DB-2726801F03BB} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-09-23] (AsusTek)
    Task: {EF300D23-BAC7-4055-9D85-18E41BB175E9} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
    Task: {FEB8FE1D-F8D2-4793-B3FC-4069ACABE950} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2013-08-29] (ASUSTek Computer Inc.)
    Task: {FFAA63C6-EC79-47F4-A9C1-5CFDCBAC64D5} - System32\Tasks\Superclean => c:\programdata\{79f8ffd1-2cde-2270-79f8-8ffd12cdff44}\hqghumeaylnlf.exe [2014-08-21] (Super PC Tools Ltd) <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Superclean.job => c:\programdata\{79f8ffd1-2cde-2270-79f8-8ffd12cdff44}\hqghumeaylnlf.exe <==== ATTENTION

    ==================== Loaded Modules (Whitelisted) ==============

    2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-09-15 14:25 - 2015-09-15 14:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2012-12-18 23:10 - 2012-12-18 23:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
    2015-07-07 08:12 - 2015-07-07 08:12 - 00102104 _____ () C:\Program Files\Kromtech\PCKeeper\OneClickFixServicePS.dll
    2015-07-07 08:12 - 2015-07-07 08:12 - 00091864 _____ () C:\Program Files\Kromtech\PCKeeper\RegistryCleanerComponentPS.dll
    2007-06-05 14:20 - 2007-06-05 14:20 - 00177704 _____ () C:\WINDOWS\SysWOW64\PSIService.exe
    2013-07-23 10:54 - 2013-07-23 10:54 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
    2015-07-07 08:12 - 2015-07-07 08:12 - 00104664 _____ () C:\Program Files\Kromtech\PCKeeper\ZBAnalyticsCore.dll
    2015-07-07 08:12 - 2015-07-07 08:12 - 00092888 _____ () C:\Program Files\Kromtech\PCKeeper\SharedNativeLibraryPS.dll
    2015-07-07 08:12 - 2015-07-07 08:12 - 00060632 _____ () C:\Program Files\Kromtech\PCKeeper\ZBAnalytics.dll
    2015-07-07 08:12 - 2015-07-07 08:12 - 00092888 _____ () C:\Program Files\Kromtech\PCKeeper\DiskCleanerComponentPS.dll
    2015-08-19 01:56 - 2015-08-19 01:56 - 06908904 _____ () C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
    2015-09-13 23:37 - 2015-09-10 00:45 - 00537088 _____ () C:\Program Files (x86)\DNS Unlocker\dnselsmore.exe
    2013-08-16 11:03 - 2013-08-16 11:03 - 00023040 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
    2013-08-19 18:16 - 2013-08-19 18:16 - 00015440 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
    2015-03-13 22:02 - 2015-09-19 13:29 - 45067320 _____ () C:\Users\Zee\AppData\Roaming\Spotify\libcef.dll
    2015-08-11 23:57 - 2015-08-07 17:13 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libglesv2.dll
    2015-08-11 23:57 - 2015-08-07 17:13 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\libegl.dll
    2015-03-13 22:02 - 2015-09-19 13:29 - 01649208 _____ () C:\Users\Zee\AppData\Roaming\Spotify\libglesv2.dll
    2015-03-13 22:02 - 2015-09-19 13:29 - 00080952 _____ () C:\Users\Zee\AppData\Roaming\Spotify\libegl.dll
    2014-02-05 15:35 - 2013-05-31 14:30 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2015-08-11 23:57 - 2015-08-07 17:13 - 16393032 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.155\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-219251710-3609435933-1062541636-1001\...\genieo.com -> hxxp://search.genieo.com


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-219251710-3609435933-1062541636-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Zee\Pictures\kyo__dir_en_grey_6_by_b_d_m-d4pc1yf.jpg
    DNS Servers: 82.163.143.172 - 82.163.142.174
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{24A3CFC7-DC3A-41AC-8FCC-FBD3E2436175}] => (Allow) LPort=1886
    FirewallRules: [UDP Query User{12624CEA-9999-455F-8369-EDBC3A72F3BD}C:\users\zee\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\zee\appdata\roaming\spotify\spotify.exe
    FirewallRules: [TCP Query User{074D0EA3-7AD4-4FA0-8CB8-04816893677C}C:\users\zee\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\zee\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{F0CB8D95-464E-4A72-9A8A-A916BF410B58}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{85A01085-837A-468E-A685-76754D560FEF}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{120D943B-D0E8-4584-A88F-6293FCE84FF3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{49E3C26E-B00C-4DAD-A72A-32C95B879E69}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
    FirewallRules: [{EC0905EE-F270-4C3F-836F-B46229F1208B}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{E6D5A438-3BBD-44DB-BD0C-545AE350CCD5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{9E835905-E224-44C0-A818-B972D817FB78}] => (Allow) LPort=1900
    FirewallRules: [{DB976C7D-0F91-4268-89D9-93C9888B22BF}] => (Allow) LPort=2869
    FirewallRules: [{7DDB678C-AD17-4EE6-8C24-64C1BF85C773}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [TCP Query User{60DFB641-F121-4DE6-B9A3-40BFEA3BC39E}C:\users\zee\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\zee\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{5216045F-D8C8-4456-B1A3-42FF71F14E09}C:\users\zee\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\zee\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{4815EBCF-7CF8-47FC-B6DF-6A04BD3B981A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{F262BE96-5486-4B03-A9D9-823777E2B6B0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{7804B62C-ABED-4E69-8FF9-3C709B0BB145}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{5933F2EC-E4EE-40C6-B905-13C989057203}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{627DCA8E-451F-4E27-8AF6-A1707768893F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{6448602B-44F9-4AEA-B4D5-B2A173BF99AE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{E50DC0C1-7B40-4A21-98E0-A52B894F5447}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{D7FFD41F-6F8D-4A12-A72E-44E4F956857F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{1806AEA5-551A-492E-B9E5-24B2E4560894}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{9A87C24A-1C90-4632-92A3-1BE49649F0E0}] => (Allow) C:\Program Files\iTunes\iTunes.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/01/2015 04:48:46 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: Siegfried)
    Description: HRESULT:0x8004FF6F
    Description:You don’t need to install Microsoft Security Essentials. Your version of Windows includes an updated version of Windows Defender that provides the same level of protection as Microsoft Security Essentials, along with other significant improvements. <a>For more information on the differences and improvements, see online Help</a>. Error code:0x8004FF6F.

    Error: (10/01/2015 04:48:35 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: Siegfried)
    Description: HRESULT:0x8004FF6F
    Description:You don’t need to install Microsoft Security Essentials. Your version of Windows includes an updated version of Windows Defender that provides the same level of protection as Microsoft Security Essentials, along with other significant improvements. <a>For more information on the differences and improvements, see online Help</a>. Error code:0x8004FF6F.

    Error: (10/01/2015 04:27:57 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {fd8c7195-6730-4e1b-86f7-f0f2f4acf7f7}

    Error: (10/01/2015 03:51:58 PM) (Source: MsiInstaller) (EventID: 1002) (User: Siegfried)
    Description: Unexpected or missing value (name: 'PackageCode', value: 'GUID') in key 'HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219'

    Error: (10/01/2015 12:12:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1250

    Error: (10/01/2015 12:12:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1250

    Error: (10/01/2015 12:12:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (09/30/2015 11:18:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 486891

    Error: (09/30/2015 11:18:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 486891

    Error: (09/30/2015 11:18:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    System errors:
    =============
    Error: (10/01/2015 04:11:03 PM) (Source: DCOM) (EventID: 10010) (User: Siegfried)
    Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

    Error: (10/01/2015 03:55:51 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Security Center service hung on starting.

    Error: (10/01/2015 03:51:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Google Update Service (gupdate) service failed to start due to the following error:
    %%2

    Error: (10/01/2015 03:48:37 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 11:46:21 AM on ‎10/‎1/‎2015 was unexpected.

    Error: (09/30/2015 03:03:34 PM) (Source: Win32k) (EventID: 253) (User: )
    Description: A pointer device does not have a mandatory coordinate property.

    Error: (09/30/2015 03:02:36 PM) (Source: Win32k) (EventID: 253) (User: )
    Description: A pointer device does not have a mandatory coordinate property.

    Error: (09/30/2015 02:32:51 PM) (Source: NetBT) (EventID: 4319) (User: )
    Description: A duplicate name has been detected on the TCP network. The IP address of
    the computer that sent the message is in the data. Use nbtstat -n in a
    command window to see which name is in the Conflict state.

    Error: (09/30/2015 11:35:14 AM) (Source: DCOM) (EventID: 10010) (User: Siegfried)
    Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

    Error: (09/30/2015 11:34:44 AM) (Source: DCOM) (EventID: 10010) (User: Siegfried)
    Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

    Error: (09/30/2015 11:02:54 AM) (Source: NetBT) (EventID: 4321) (User: )
    Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 10.31.31.115.
    The computer with the IP address 10.31.31.9 did not allow the name to be claimed by
    this computer.


    CodeIntegrity:
    ===================================
    Date: 2015-10-01 16:23:25.810
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-10-01 16:23:25.608
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-10-01 16:02:19.163
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-10-01 16:02:18.917
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-09-24 19:55:14.212
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-09-24 19:55:14.057
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-09-21 15:47:00.785
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-09-21 15:47:00.581
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-09-19 22:55:29.016
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-09-19 22:55:28.846
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
    Percentage of memory in use: 86%
    Total physical RAM: 3979.84 MB
    Available physical RAM: 543.69 MB
    Total Virtual: 7051.84 MB
    Available Virtual: 2039.34 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:444.21 GB) (Free:312.83 GB) NTFS ==>[system with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 95DBDAD9)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  8. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    [​IMG]
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    [​IMG] Uninstall following unwanted programs:

    AccountService
    CutterProc
    DNS Unlocker
    KeysScript
    PCKeeper
    Reimage Repair
    SectionDouble
    SeekerInstance
    SegmentAssister
    UMPlayer


    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     

    Attached Files:

  9. Chelsey Zero

    Chelsey Zero TS Rookie Topic Starter Posts: 32

    Where is the fixlist file located? When I hit fix, it says it's in the same file as
     
  10. Chelsey Zero

    Chelsey Zero TS Rookie Topic Starter Posts: 32

    Fix result of Farbar Recovery Scan Tool (x64) Version:30-09-2015
    Ran by Zee (2015-10-01 17:23:45) Run:1
    Running from C:\Users\Zee\Desktop
    Loaded Profiles: Zee (Available Profiles: Zee)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    AccountService (Version: 1.1.66 - Kromtech) Hidden <==== ATTENTION

    *****************

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D759D18-9594-430B-BA12-1C3C7975DBD5}\\SystemComponent => value removed successfully

    ==== End of Fixlog 17:23:45 ====
     
  11. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Good :)
    Go on...
     
  12. Chelsey Zero

    Chelsey Zero TS Rookie Topic Starter Posts: 32

    Pc keeper, cutter proc, section double, seeker instance, and segment assister refuses to be uninstalled. But pc keeper isn't even found on the control panel
     
  13. Chelsey Zero

    Chelsey Zero TS Rookie Topic Starter Posts: 32

    I just tried locating pc keeper, but it won't be found
     
  14. Chelsey Zero

    Chelsey Zero TS Rookie Topic Starter Posts: 32

    It says "could not be found" with the other items
     
  15. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Uninstall all you can and then proceed with other steps.
     
  16. Chelsey Zero

    Chelsey Zero TS Rookie Topic Starter Posts: 32

    The roguekiller is stuck on 78% and it hasn't moved much
     
  17. Chelsey Zero

    Chelsey Zero TS Rookie Topic Starter Posts: 32

    Now it's messing up because it's trying to close when I didn't want it to
     
  18. Chelsey Zero

    Chelsey Zero TS Rookie Topic Starter Posts: 32

    "Closing, please wait" is what it says even though I didn't close it
     
  19. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Restart computer and try again.
     
  20. Chelsey Zero

    Chelsey Zero TS Rookie Topic Starter Posts: 32

    Thank you so, so very much for your help and patience
     
  21. Chelsey Zero

    Chelsey Zero TS Rookie Topic Starter Posts: 32

    For some reason it is stuck on 78% again?
     
  22. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Skip it and go ahead with next steps.
     
  23. Chelsey Zero

    Chelsey Zero TS Rookie Topic Starter Posts: 32

    Alright
     
  24. Chelsey Zero

    Chelsey Zero TS Rookie Topic Starter Posts: 32

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 10/1/2015
    Scan Time: 7:45 PM
    Logfile: text files.txt
    Administrator: Yes

    Version: 2.1.8.1057
    Malware Database: v2015.10.02.01
    Rootkit Database: v2015.09.22.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Zee

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 371099
    Time Elapsed: 38 min, 54 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 3
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\OneClickFixService.exe, 1324, Delete-on-Reboot, [5dccaea4c3c8fa3c9e3940a0d031ad53]
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\PCKeeperService.exe, 2104, Delete-on-Reboot, [0920331ffb90e94db2256f71c23f38c8]
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe, 1144, Delete-on-Reboot, [78b1cd85a2e9ef4706d1568ae51cd32d]

    Modules: 0
    (No malicious items detected)

    Registry Keys: 56
    PUP.Optional.PCKeeper, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PCKeeperOcfService, Quarantined, [5dccaea4c3c8fa3c9e3940a0d031ad53],
    PUP.Optional.PCKeeper, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PCKeeper2Service, Quarantined, [0920331ffb90e94db2256f71c23f38c8],
    PUP.Optional.Vosteran, HKLM\SOFTWARE\CLASSES\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, Quarantined, [e7426de5d9b27eb88388f2c4c63ca957],
    PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, Quarantined, [e7426de5d9b27eb88388f2c4c63ca957],
    PUP.Optional.Vosteran, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{4CB3598A-82E8-4D1F-983F-061238AE696E}, Quarantined, [e7426de5d9b27eb88388f2c4c63ca957],
    PUP.Optional.MultiPlug.BHO64, HKLM\SOFTWARE\CLASSES\CLSID\{671AC5BA-E4C2-4E26-A4D9-0CB74E13806D}, Quarantined, [a68379d95c2f81b53811596725dce61a],
    PUP.Optional.MultiPlug.BHO64, HKLM\SOFTWARE\CLASSES\P671AC5BA_E4C2_4E26_A4D9_0CB74E13806D_.P671AC5BA_E4C2_4E26_A4D9_0CB74E13806D_, Quarantined, [a68379d95c2f81b53811596725dce61a],
    PUP.Optional.MultiPlug.BHO64, HKLM\SOFTWARE\CLASSES\P671AC5BA_E4C2_4E26_A4D9_0CB74E13806D_.P671AC5BA_E4C2_4E26_A4D9_0CB74E13806D_.9, Quarantined, [a68379d95c2f81b53811596725dce61a],
    PUP.Optional.MultiPlug.BHO64, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P671AC5BA_E4C2_4E26_A4D9_0CB74E13806D_.P671AC5BA_E4C2_4E26_A4D9_0CB74E13806D_, Quarantined, [a68379d95c2f81b53811596725dce61a],
    PUP.Optional.MultiPlug.BHO64, HKLM\SOFTWARE\WOW6432NODE\CLASSES\P671AC5BA_E4C2_4E26_A4D9_0CB74E13806D_.P671AC5BA_E4C2_4E26_A4D9_0CB74E13806D_.9, Quarantined, [a68379d95c2f81b53811596725dce61a],
    PUP.Optional.MultiPlug.BHO64, HKLM\SOFTWARE\CLASSES\WOW6432NODE\P671AC5BA_E4C2_4E26_A4D9_0CB74E13806D_.P671AC5BA_E4C2_4E26_A4D9_0CB74E13806D_, Quarantined, [a68379d95c2f81b53811596725dce61a],
    PUP.Optional.MultiPlug.BHO64, HKLM\SOFTWARE\CLASSES\WOW6432NODE\P671AC5BA_E4C2_4E26_A4D9_0CB74E13806D_.P671AC5BA_E4C2_4E26_A4D9_0CB74E13806D_.9, Quarantined, [a68379d95c2f81b53811596725dce61a],
    PUP.Optional.PCKeeper, HKLM\SOFTWARE\KROMTECH\PCKeeper, Quarantined, [af7aaca62368989e0d0cc0fc11f38080],
    PUP.Optional.PCKeeper, HKLM\SOFTWARE\MICROSOFT\TRACING\PCKeeper_RASAPI32, Quarantined, [aa7f153d86052e08c951566658ac60a0],
    PUP.Optional.PCKeeper, HKLM\SOFTWARE\MICROSOFT\TRACING\PCKeeper_RASMANCS, Quarantined, [ff2ae46ee4a711250515219bf41016ea],
    PUP.Optional.MyPCBackup, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\LaunchPreSignup, Delete-on-Reboot, [3aef00529deefe38c1e63682d82ce31d],
    PUP.Optional.Superclean, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Superclean, Delete-on-Reboot, [dd4c79d9008bf046e7cd913908fc3cc4],
    PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, Quarantined, [8c9d361cbad175c1d05d285f5aaa36ca],
    PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{285bff21}, Quarantined, [ce5b98bad7b45adc72b8c1f730d4c040],
    PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{442b8ad0}, Quarantined, [78b1f260870472c4c466d6e2689c08f8],
    PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{4aad814a}, Quarantined, [57d21a38711a63d3a5857741dc28f60a],
    PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{bfd46d07}, Quarantined, [7bae153d8902b18571b99f1958ac1fe1],
    PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, Quarantined, [b9708ec46625a29482abb8cf05ff649c],
    PUP.Optional.SectionDouble, HKLM\SOFTWARE\WOW6432NODE\{12A61307-94CD-4F8E-94BC-918E511FAA81}, Quarantined, [cb5e1939b2d9e94dfc9812b241c3956b],
    PUP.Optional.Sanbreel, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{91975f83-f39c-43cf-aad4-0b3396b0f6db}Gw64, Quarantined, [67c231211a710333223908bab05401ff],
    PUP.Optional.PCKeeper, HKU\S-1-5-21-219251710-3609435933-1062541636-1001\SOFTWARE\KROMTECH\PCKeeper, Quarantined, [80a984cef29947ef53c47844d43001ff],
    PUP.Optional.Trovi, HKU\S-1-5-21-219251710-3609435933-1062541636-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [5acfd37ff497a690256c6d61d62e649c],
    PUP.Optional.SuperOptimizer, HKU\S-1-5-21-219251710-3609435933-1062541636-1001\SOFTWARE\SUPER OPTIMIZER, Quarantined, [b376bc96038893a37d5c7951956fd030],
    PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{9443C19D-B318-4EBD-8A7F-6A50D0472FB4}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{95CAD169-7912-410E-8C8A-7BA1729BD8F7}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{F6649783-7559-4772-96C7-02D33BEACD8C}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\INTERFACE\{F6649783-7559-4772-96C7-02D33BEACD8C}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{206E5E13-3B8F-4146-9C21-F18A63A9689B}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\INTERFACE\{206E5E13-3B8F-4146-9C21-F18A63A9689B}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{D8F2F7F9-F8F3-4562-9FDA-C1E2DAE60A30}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\INTERFACE\{D8F2F7F9-F8F3-4562-9FDA-C1E2DAE60A30}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{05562BE7-0EFC-4BD2-BD8F-FAA363E68410}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{05562BE7-0EFC-4BD2-BD8F-FAA363E68410}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\TYPELIB\{D3F79FC5-65FE-4650-8979-3BF0CCF02C1A}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D3F79FC5-65FE-4650-8979-3BF0CCF02C1A}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{D3F79FC5-65FE-4650-8979-3BF0CCF02C1A}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{828FB706-5749-4255-862F-3D30FCF017E1}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{817BF5D8-380E-44F4-8E61-43E7ECF74B53}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{0319DE47-F039-45DC-A213-DBB61C6AE509}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\INTERFACE\{0319DE47-F039-45DC-A213-DBB61C6AE509}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{33B2A2E0-18F6-45CB-8080-04320066A4A1}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{CCF68051-721D-40C7-812D-86ED0FDE7411}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{6F09F687-2C4C-4A37-8D7A-2CB76D2B3F71}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\INTERFACE\{6F09F687-2C4C-4A37-8D7A-2CB76D2B3F71}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{503F82AB-1549-4B08-AF10-289CCCF3BE4B}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{7944171A-50CC-479E-A6FC-B1E25E665C25}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{074BFF31-CA38-43C4-8F25-79213AD708EF}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\INTERFACE\{074BFF31-CA38-43C4-8F25-79213AD708EF}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{2F8F99FD-7C0E-4150-8DFD-13B1F4FBD916}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\CLSID\{0D838143-D511-4555-8B97-16C3CF5A780D}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, HKLM\SOFTWARE\CLASSES\INTERFACE\{0D838143-D511-4555-8B97-16C3CF5A780D}, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],

    Registry Values: 12
    PUP.Optional.PCKeeper, HKU\S-1-5-21-219251710-3609435933-1062541636-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|PCKeeper2, "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun, Quarantined, [78b1cd85a2e9ef4706d1568ae51cd32d]
    PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [8c9d361cbad175c1d05d285f5aaa36ca]
    PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Vosteran\\, Quarantined, [36f3d77bbfcc45f1f60d8cf5f212e11f]
    PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, Quarantined, [b9708ec46625a29482abb8cf05ff649c]
    PUP.Optional.SectionDouble, HKLM\SOFTWARE\WOW6432NODE\{12A61307-94CD-4F8E-94BC-918E511FAA81}|bfd46d07, C:\Program Files (x86)\SectionDouble\SectionDouble.dll, Quarantined, [cb5e1939b2d9e94dfc9812b241c3956b]
    PUP.Optional.Trovi, HKU\S-1-5-21-219251710-3609435933-1062541636-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|URL, http://www.trovi.com/Results.aspx?g...B&D=063015&q={searchTerms}&SSPV=SP302TA_sp_ie, Quarantined, [0f1a7ad8f89363d34947527cae56b050]
    PUP.Optional.Conduit, HKU\S-1-5-21-219251710-3609435933-1062541636-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|SuggestionsURL_JSON, http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}, Quarantined, [e8418ac89bf0ec4abc9e05964fb5b34d]
    PUP.Optional.Trovi, HKU\S-1-5-21-219251710-3609435933-1062541636-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|DisplayName, Trovi, Quarantined, [4adff75b7f0c0a2c6d23e7e72bd91be5]
    PUP.Optional.SuperOptimizer, HKU\S-1-5-21-219251710-3609435933-1062541636-1001\SOFTWARE\SUPER OPTIMIZER|SetupName, C:\Users\Zee\AppData\Local\Temp\3d05719a\311868.ftf, Quarantined, [b376bc96038893a37d5c7951956fd030]
    PUP.Optional.SuperOptimizer, HKU\S-1-5-21-219251710-3609435933-1062541636-1001\SOFTWARE\SUPER OPTIMIZER|AdsBuyNowURL, http://supc.superpctools.revenuewire.net/spu/register?221002333_1A2BF85E-C1DC-45E6-AA63-3150485558DE, Quarantined, [8a9ff65c3e4dfd39b62220aad72d0ef2]
    PUP.Optional.PCKeeper, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED|{05562BE7-0EFC-4BD2-BD8F-FAA363E68410}, PCKeeper shell extension, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c]
    PUP.Optional.PCKeeper, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED|{828FB706-5749-4255-862F-3D30FCF017E1}, PCKeeper shell extension, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c]

    Registry Data: 0
    (No malicious items detected)

    Folders: 15
    PUP.Optional.MultiPlug, C:\ProgramData\ihofpddlonjdejobgdlmbliclkmhpjag, Quarantined, [f73293bf35567abc6375dfa5fa0a8080],
    PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
    PUP.Optional.Happy2Save, C:\Program Files (x86)\HaapPy2SAve, Quarantined, [c564163c6a218aac142c1496e024946c],
    PUP.Optional.SuperOptimizer, C:\ProgramData\{79f8ffd1-2cde-2270-79f8-8ffd12cdff44}, Quarantined, [70b963efbdcecf67309f3b8fa85cd828],
    PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper, Delete-on-Reboot, [ff2aaca68b00b680eb9b5dcf4ab946ba],
    PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\Minidumps, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
    PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\ProblemFinder, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.RandomPrice, C:\Program Files (x86)\RAndoMPrice, Quarantined, [23067fd38dfe9b9bcde0a688b053a060],
    PUP.Optional.SearchProtect, C:\Users\Zee\AppData\Local\avabvdxvy, Quarantined, [85a4de74a4e714228839d060c3402cd4],
    PUP.Optional.SearchProtect, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect, Quarantined, [bf6a6ce6acdf92a4fdcb84ac9d66bc44],
    PUP.Optional.SearchProtect, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect\SearchProtect, Quarantined, [bf6a6ce6acdf92a4fdcb84ac9d66bc44],
    PUP.Optional.SearchProtect, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect\SearchProtect\rep, Quarantined, [bf6a6ce6acdf92a4fdcb84ac9d66bc44],
    PUP.Optional.Managera, C:\Users\Zee\AppData\Local\Temp\39fdaae5-8e0e-493c-88ec-e05c3be06e42, Quarantined, [d35664eee1aaa591f77b0e2dce35ca36],
    PUP.Optional.ExTutil, C:\Users\Zee\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B, Quarantined, [9c8d6ae8a1eaca6cf695c27936cdb64a],

    Files: 153
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\OneClickFixService.exe, Delete-on-Reboot, [5dccaea4c3c8fa3c9e3940a0d031ad53],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\PCKeeperService.exe, Delete-on-Reboot, [0920331ffb90e94db2256f71c23f38c8],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe, Delete-on-Reboot, [78b1cd85a2e9ef4706d1568ae51cd32d],
    PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\installer.exe, Quarantined, [c16867eba1ea072ff9de1cc436cb738d],
    PUP.Optional.SuperOptimizer, C:\ProgramData\{79f8ffd1-2cde-2270-79f8-8ffd12cdff44}\hqghumeaylnlf.exe, Quarantined, [03266be7503ba1953400319103fe2cd4],
    PUP.Optional.MultiPlug.BHO64, C:\Program Files (x86)\HaapPy2SAve\Ql94jBJunmEHPP.x64.dll, Quarantined, [a68379d95c2f81b53811596725dce61a],
    PUP.Optional.SearchProtect, C:\Users\Zee\AppData\Local\Temp\Setup.exe, Quarantined, [76b3fb577d0eea4c5842dbe65ca57f81],
    PUP.Optional.SuperOptimizer, C:\Users\Zee\AppData\Local\Temp\supoptsetup.exe, Quarantined, [f534ef6357348babf83b1ca6659ca55b],
    PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Users\Zee\AppData\Local\Temp\13dc441f\168223.ftf, Quarantined, [c960282ae4a7c670ede582d258a87b85],
    PUP.Optional.SuperOptimizer, C:\Users\Zee\AppData\Local\Temp\18577f88\90924.ftf, Quarantined, [f237d280b0db78be56deb80aaa57ce32],
    PUP.Optional.SearchProtect, C:\Users\Zee\AppData\Local\Temp\9C00\temp\embededstub.exe, Quarantined, [e34655fd2b60eb4b900b18a9ef12c53b],
    PUP.Optional.LightningDownloader, C:\Users\Zee\AppData\Local\Temp\9C00\temp\lightningdownloader.exe, Quarantined, [e742c9892f5cc76f4da31d3a867afd03],
    PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Users\Zee\AppData\Local\Temp\1ca28d6b\477303.ftf, Quarantined, [151465ed0d7ec96db81a97bd9868f010],
    PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Users\Zee\AppData\Local\Temp\248b74c2\299618.ftf, Quarantined, [c069025091fada5c4d85054ff20eb44c],
    PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\Users\Zee\AppData\Local\Temp\303cdbf9\344572.ftf, Quarantined, [40e9d77babe092a4d3ff23317f81df21],
    PUP.Optional.SuperOptimizer, C:\Users\Zee\AppData\Local\Temp\3d05719a\311868.ftf, Quarantined, [ae7b6ee4fa918caa270ddbe724ddfa06],
    PUP.Optional.MultiPlug, C:\Windows\Temp\tmpu8yedn\dnXmWK0aMhBbgNN.exe, Quarantined, [56d3242ee7a4c472998b4e722bd6b947],
    PUP.Optional.SearchProtect, C:\Windows\Temp\8515.tmp\avabvdxvy.exe, Quarantined, [5ccdb1a12a61f83e98f70e441fe2ea16],
    PUP.Optional.SearchProtect, C:\Windows\Temp\8515.tmp\pbqrmvbub, Quarantined, [51d85df5e0ab84b20f8bffc2847da35d],
    PUP.Optional.MultiPlug.BHO, C:\Windows\Temp\tmpwdwcvj\3Pe3oe7SWUZxRl.dll, Quarantined, [b079d47e5d2e1224b1e1f1c702ffff01],
    PUP.Optional.MultiPlug.BHO64, C:\Windows\Temp\tmpwdwcvj\3Pe3oe7SWUZxRl.x64.dll, Quarantined, [f8314a08800b34021534e9d76998d729],
    PUP.Optional.MultiPlug, C:\Windows\Temp\tmpwdwcvj\4ZNH3pu8DZMYRFX.exe, Quarantined, [0b1e5df59eedcc6ae83cd8e899686b95],
    PUP.Optional.InstallCore, C:\Users\Zee\Downloads\SpotifySetup.exe, Quarantined, [cd5caca6d9b279bda6fd26910bfaa858],
    PUP.Optional.DsiLoad, C:\Users\Zee\AppData\Local\dsisetup1758372652.exe, Quarantined, [2cfd88cab7d437ff88e8cebdcd34e11f],
    PUP.Optional.DsiLoad, C:\Users\Zee\AppData\Local\dsisetup3652680462.exe, Quarantined, [ae7b83cfb1da93a3a6caeba0748d04fc],
    PUP.Optional.DsiLoad, C:\Users\Zee\AppData\Local\dsisetup880681402.exe, Quarantined, [a980d37f8704191d67091a71fd04a55b],
    PUP.Optional.MultiPlug, C:\ProgramData\ihofpddlonjdejobgdlmbliclkmhpjag\lsdb.js, Quarantined, [f73293bf35567abc6375dfa5fa0a8080],
    PUP.Optional.MultiPlug, C:\ProgramData\ihofpddlonjdejobgdlmbliclkmhpjag\A7SnB67SZJ.js, Quarantined, [f73293bf35567abc6375dfa5fa0a8080],
    PUP.Optional.MultiPlug, C:\ProgramData\ihofpddlonjdejobgdlmbliclkmhpjag\background.html, Quarantined, [f73293bf35567abc6375dfa5fa0a8080],
    PUP.Optional.MultiPlug, C:\ProgramData\ihofpddlonjdejobgdlmbliclkmhpjag\content.js, Quarantined, [f73293bf35567abc6375dfa5fa0a8080],
    PUP.Optional.MultiPlug, C:\ProgramData\ihofpddlonjdejobgdlmbliclkmhpjag\manifest.json, Quarantined, [f73293bf35567abc6375dfa5fa0a8080],
    PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\01d803de0eaab875daeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
    PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\92d7c5fd76e0c5a5daeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
    PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\11dc18ba63700df9daeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
    PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\1451e0aa2bc0e546daeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
    PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\166d7a9c75fa11cbdaeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
    PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\1a23e23590c1fbf4daeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
    PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\29ec9b72a15a8627daeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
    PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\2c8582ccba4cc27ddaeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
    PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\3b666fd215f9c6e1daeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
    PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\4775d99c57b1799edaeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
    PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\7b454519bbfb9c52daeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
    PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\819693f039685626daeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
    PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\94ed4de9ca3f8249daeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
    PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\954accd1ef18255bdaeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
    PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\9809bbaa207c3dbddaeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
    PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\9937b805c8966bb4daeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
    PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\bed232c5fa70e024daeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
    PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\c55315d06955828adaeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
    PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\c5dda88116364677daeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
    PUP.Optional.MultiPlug.Gen, C:\ProgramData\17584159669914818999\d1b823d8a4cc4149daeddd5e668dfc6f.ini, Quarantined, [55d45ff3c0cbde589f677a10c93b09f7],
    PUP.Optional.Happy2Save, C:\Program Files (x86)\HaapPy2SAve\Ql94jBJunmEHPP.tlb, Quarantined, [c564163c6a218aac142c1496e024946c],
    PUP.Optional.Happy2Save, C:\Program Files (x86)\HaapPy2SAve\Ql94jBJunmEHPP.dat, Quarantined, [c564163c6a218aac142c1496e024946c],
    PUP.Optional.MyPCBackup, C:\Windows\System32\Tasks\LaunchPreSignup, Quarantined, [0d1cc38f078411254b5a15a37a8a738d],
    PUP.Optional.PastaLeads, C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage, Quarantined, [59d06ae89cef5adcfac9ad0ebc48b34d],
    PUP.Optional.PastaLeads, C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage-journal, Quarantined, [111850022d5e84b2a1225863f60ee719],
    PUP.Optional.PCKeeper, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kromtech\PCKeeper.lnk, Quarantined, [cd5c242eacdff24446ce922a50b456aa],
    PUP.Optional.PCKeeper, C:\Windows\System32\Tasks\PCKeeper updater, Quarantined, [42e78bc7d6b5a78f41d4d5e75ba9cc34],
    PUP.Optional.PricePeep, C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage, Delete-on-Reboot, [bc6d1c36e8a30432942fc9f5c63efb05],
    PUP.Optional.PricePeep, C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal, Quarantined, [65c454fe90fb39fd4281883618ec60a0],
    PUP.Optional.ReMarkable, C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, Delete-on-Reboot, [eb3e9bb78ffc2f078d584878d52fe818],
    PUP.Optional.ReMarkable, C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, Delete-on-Reboot, [b77232206c1fbf77588dd6eaa262966a],
    PUP.Optional.SelectNGo, C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage, Quarantined, [d356b69cccbf52e44d1a0fb6798b38c8],
    PUP.Optional.SelectNGo, C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage-journal, Quarantined, [f8319eb4c7c4d5611c4bc8fdfa0ad12f],
    PUP.Optional.ShoppingGate, C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage, Quarantined, [ff2a0b474e3d6ec83522ebdbc3419d63],
    PUP.Optional.ShoppingGate, C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage-journal, Quarantined, [c267f35f8ffc3bfbb3a4f7cf12f20ff1],
    PUP.Optional.Superclean, C:\Windows\System32\Tasks\Superclean, Quarantined, [67c29bb76c1f75c17c363d8da55feb15],
    PUP.Optional.Superclean, C:\Windows\Tasks\Superclean.job, Quarantined, [4adff16125669d994a698f3b3ec6bd43],
    PUP.Optional.SuperOptimizer, C:\ProgramData\{79f8ffd1-2cde-2270-79f8-8ffd12cdff44}\hqghumeaylnlf.dat, Quarantined, [70b963efbdcecf67309f3b8fa85cd828],
    PUP.Optional.SuperOptimizer, C:\ProgramData\{79f8ffd1-2cde-2270-79f8-8ffd12cdff44}\3a6da7a248e4c787, Quarantined, [70b963efbdcecf67309f3b8fa85cd828],
    PUP.Optional.SuperOptimizer, C:\ProgramData\{79f8ffd1-2cde-2270-79f8-8ffd12cdff44}\dcd715bb194ccd7, Quarantined, [70b963efbdcecf67309f3b8fa85cd828],
    PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\CrashReportSender.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
    PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\OneClickFixService.exe0.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
    PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\OneClickFixService.exe1.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
    PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\OneClickFixService.exe2.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
    PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\OneClickFixService.exe3.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
    PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\OneClickFixService.exe4.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
    PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\PCKeeper.exe0.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
    PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\PCKeeper.exe1.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
    PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\PCKeeper.exe2.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
    PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\PCKeeper.exe3.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
    PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\PCKeeper.exe4.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
    PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\PCKeeper.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
    PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\PCKeeperService.exe0.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
    PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\PCKeeperService.exe1.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
    PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\PCKeeperService.exe2.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
    PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\PCKeeperService.exe3.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
    PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\PCKeeperService.exe4.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
    PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\PCKeeperService.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
    PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\RegistryCleanerComponent.dll0.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
    PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\RegistryCleanerComponent.dll1.llog, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
    PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\ProblemFinder\RegistryScan.xml, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
    PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\ProblemFinder\ScanReport.xml, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
    PUP.Optional.PCKeeper, C:\ProgramData\Kromtech\PCKeeper\ProblemFinder\SystemScan.xml, Quarantined, [ff2aaca68b00b680eb9b5dcf4ab946ba],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\PCKeeper.Shared.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\AntiTheftServiceLibrary.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\AppRemFolder.exe, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\Contracts.Account.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\Contracts.PCKeeper.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\Controls.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\CrashReportSender.exe, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\DiskCleanerComponent.dll, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\DiskCleanerComponentPS.dll, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\DrvInstaller.exe, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\Elevator.exe, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\fileHiders.inf, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\fileHiders.sys, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\Ionic.Zip.dll, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\LocalizationHelpers.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\ManagedWifi.dll, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\Microsoft.Expression.Drawing.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\Microsoft.Expression.Interactions.dll, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\NativeMethods.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\Newtonsoft.Json.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\Ninject.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\NLog.config, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\NLog.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\OcfElevator.exe, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\OneClickFixServiceLibrary.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\OneClickFixServicePS.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\PCKeeperCore.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\PCKeeperServiceCore.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\PCKeeperServicePS.dll, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\PCKeeperShellExt32.dll, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\PCKeeperShellExt64.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\PCKElevatedHost.exe, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\PCKObjFactory.dll, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\PCKObjFactoryPS.dll, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\RegistryCleanerComponent.dll, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\RegistryCleanerComponentPS.dll, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\ServiceInfrastructure.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\SharedLibrary.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\SharedNativeLibrary.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\SharedNativeLibraryPS.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\SQLite.Interop.dll, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\System.Data.SQLite.dll, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\System.Windows.Interactivity.dll, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\SystemContextMenu.dll, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\TokenPrivileges.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\UtilitiesServiceLibrary.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\WebCamFrameCaptureComponent.dll, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\WebCamFrameCaptureComponentPS.dll, Quarantined, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\ZBAnalytics.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.PCKeeper, C:\Program Files\Kromtech\PCKeeper\ZBAnalyticsCore.dll, Delete-on-Reboot, [fd2c470bd0bb092d9aed60cc966d748c],
    PUP.Optional.RandomPrice, C:\Program Files (x86)\RAndoMPrice\RAndoMPrice.dat, Quarantined, [23067fd38dfe9b9bcde0a688b053a060],
    PUP.Optional.SearchProtect, C:\Users\Zee\AppData\Local\avabvdxvy\mkfvxfk, Quarantined, [85a4de74a4e714228839d060c3402cd4],
    PUP.Optional.SearchProtect, C:\Users\Zee\AppData\Local\avabvdxvy\qokvxfk, Quarantined, [85a4de74a4e714228839d060c3402cd4],
    PUP.Optional.SearchProtect, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, Quarantined, [bf6a6ce6acdf92a4fdcb84ac9d66bc44],
    PUP.Optional.Managera, C:\Users\Zee\AppData\Local\Temp\39fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, Quarantined, [d35664eee1aaa591f77b0e2dce35ca36],
    PUP.Optional.Managera, C:\Users\Zee\AppData\Local\Temp\39fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, Quarantined, [d35664eee1aaa591f77b0e2dce35ca36],
    PUP.Optional.ExTutil, C:\Users\Zee\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, Quarantined, [9c8d6ae8a1eaca6cf695c27936cdb64a],
    PUP.Optional.ExTutil, C:\Users\Zee\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, Quarantined, [9c8d6ae8a1eaca6cf695c27936cdb64a],
    PUP.Optional.ExTutil, C:\Users\Zee\AppData\Local\Temp\D8ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, Quarantined, [9c8d6ae8a1eaca6cf695c27936cdb64a],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  25. Chelsey Zero

    Chelsey Zero TS Rookie Topic Starter Posts: 32

    # AdwCleaner v5.009 - Logfile created 01/10/2015 at 20:52:05
    # Updated 27/09/2015 by Xplode
    # Database : 2015-09-30.1 [Server]
    # Operating system : Windows 8.1 (x64)
    # Username : Zee - SIEGFRIED
    # Running from : C:\Users\Zee\Desktop\adwcleaner_5.009.exe
    # Option : Cleaning
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****

    [-] Service Deleted : fileHiders

    ***** [ Folders ] *****

    [-] Folder Deleted : C:\Program Files\Kromtech
    [-] Folder Deleted : C:\Program Files (x86)\OLBPre
    [-] Folder Deleted : C:\Program Files (x86)\bestadblocker
    [!] Folder Not Deleted : C:\Program Files (x86)\bestadblocker
    [-] Folder Deleted : C:\Program Files (x86)\CUtThePricce
    [-] Folder Deleted : C:\Program Files (x86)\Haappiy2Save
    [-] Folder Deleted : C:\Program Files (x86)\RandOOmPrice
    [-] Folder Deleted : C:\Program Files (x86)\RRanidomPurICCe
    [-] Folder Deleted : C:\Program Files (x86)\FindMeFreebies
    [-] Folder Deleted : C:\ProgramData\Kromtech
    [-] Folder Deleted : C:\ProgramData\b274f2400000337d
    [-] Folder Deleted : C:\ProgramData\{172bd555-2ca7-dbaf-172b-bd5552ca5554}
    [-] Folder Deleted : C:\ProgramData\{74406929-64d1-9d72-7440-0692964da4a5}
    [-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kromtech
    [-] Folder Deleted : C:\Users\Zee\AppData\Local\Kromtech

    ***** [ Files ] *****

    [-] File Deleted : C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
    [-] File Deleted : C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
    [-] File Deleted : C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
    [-] File Deleted : C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
    [-] File Deleted : C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
    [-] File Deleted : C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
    [-] File Deleted : C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_secure.reimageplus.com_0.localstorage
    [-] File Deleted : C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_secure.reimageplus.com_0.localstorage-journal
    [-] File Deleted : C:\WINDOWS\Reimage.ini
    [-] File Deleted : C:\WINDOWS\Sysnative\drivers\fileHiders.sys

    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****

    [-] Task Deleted : PCKeeper updater
    [-] Task Deleted : ASUS Splendid ColorU

    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
    [-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
    [-] Key Deleted : HKLM\SOFTWARE\Classes\P00F1293C_CC93_4BDD_A199_2E5C4E64FFC7_.P00F1293C_CC93_4BDD_A199_2E5C4E64FFC7_
    [-] Key Deleted : HKLM\SOFTWARE\Classes\P00F1293C_CC93_4BDD_A199_2E5C4E64FFC7_.P00F1293C_CC93_4BDD_A199_2E5C4E64FFC7_.9
    [-] Key Deleted : HKLM\SOFTWARE\Classes\P1DACA1FC_42D3_42A6_8749_7A28F848A3C8_.P1DACA1FC_42D3_42A6_8749_7A28F848A3C8_
    [-] Key Deleted : HKLM\SOFTWARE\Classes\P1DACA1FC_42D3_42A6_8749_7A28F848A3C8_.P1DACA1FC_42D3_42A6_8749_7A28F848A3C8_.9
    [-] Key Deleted : HKLM\SOFTWARE\Classes\P70EB1D5C_41C1_464F_8964_D55680261267_.P70EB1D5C_41C1_464F_8964_D55680261267_
    [-] Key Deleted : HKLM\SOFTWARE\Classes\P70EB1D5C_41C1_464F_8964_D55680261267_.P70EB1D5C_41C1_464F_8964_D55680261267_.9
    [-] Key Deleted : HKLM\SOFTWARE\10d5dd8d-f0d9-ec22-6741-3aa59e4ee8e1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00F1293C-CC93-4BDD-A199-2E5C4E64FFC7}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1DACA1FC-42D3-42A6-8749-7A28F848A3C8}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70EB1D5C-41C1-464F-8964-D55680261267}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{330ED369-73D2-49BC-AC43-1E21602F742D}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BB1C0445-8E37-4D66-B4E4-947E53F654A8}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FDA3E1DF-B9C8-4A1A-A646-58E5E01520E4}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00F1293C-CC93-4BDD-A199-2E5C4E64FFC7}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1DACA1FC-42D3-42A6-8749-7A28F848A3C8}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00F1293C-CC93-4BDD-A199-2E5C4E64FFC7}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1DACA1FC-42D3-42A6-8749-7A28F848A3C8}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{00F1293C-CC93-4BDD-A199-2E5C4E64FFC7}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1DACA1FC-42D3-42A6-8749-7A28F848A3C8}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{70EB1D5C-41C1-464F-8964-D55680261267}
    [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{00F1293C-CC93-4BDD-A199-2E5C4E64FFC7}]
    [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{1DACA1FC-42D3-42A6-8749-7A28F848A3C8}]
    [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{70EB1D5C-41C1-464F-8964-D55680261267}]
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{00F1293C-CC93-4BDD-A199-2E5C4E64FFC7}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{1DACA1FC-42D3-42A6-8749-7A28F848A3C8}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{70EB1D5C-41C1-464F-8964-D55680261267}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
    [-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
    [-] Key Deleted : HKCU\Software\Reimage
    [-] Key Deleted : HKCU\Software\Kromtech
    [-] Key Deleted : HKCU\Software\WEBAPP
    [-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
    [-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    [-] Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E957849A-94AC-6F46-4623-C31474E3C170}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
    [!] Key Not Deleted : [x64] HKCU\Software\Reimage
    [!] Key Not Deleted : [x64] HKCU\Software\Kromtech
    [!] Key Not Deleted : [x64] HKCU\Software\WEBAPP
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Reimage
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Kromtech

    ***** [ Web browsers ] *****

    [-] [C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://vosteran.com/?f=7&a=vst_ggbc_14_48_ch&cd=2XzuyEtN2Y1L1Qzu0EtDtA0FyEzy0D0Dzz0E0EyB0Bzy0DtBtN0D0Tzu0StCtDyCtDtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0EyE0B0D0E0DyCtG0FtBtA0BtGtD0AzzzztGzztDtBzztGtD0CtD0F0DtDyC0D0AyCyCyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtDyD0A0EyBzyzytG0BtByCtAtGyE0Bzy0EtG0AyByCzytGzy0F0EtB0DtAzztCzytAtD0B2Q&cr=1720223081&ir=
    [-] [C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.trovi.com/?gd=&ctid=CT3333527&octid=EB_ORIGINAL_CTID&ISID=M28A9DCAE-80E4-4101-A319-3EE6422D513D&SearchSource=55&CUI=&UM=8&UP=SP2C45CFA0-8759-45E5-9B51-F5036DD4D3BB&D=063015&SSPV=SP302TA_sp_ch
    [-] [C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : booedmolknjekdopkepjjeckmjkdpfgl
    [-] [C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : dlnembnfbcpjnepmfjmngjenhhajpdfd
    [-] [C:\Users\Zee\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb

    *************************

    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [9095 bytes] ##########
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...