Google won't work because of Virus Re-Direct?

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select “Run as administrator” from the menu"



If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
FRST will open with two dialogue boxes, accept the disclaimer.


[ol]
[li]Accept the default whitelist options,[/li][li]If the additions.txt options box is not checked please select it. [/li]
[li]Then select Scan[/li][/ol]



Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.



Please Copy and Paste the contents of these logs in your next post for review

Here you are!

While I look over these logs, please do the following.

Reset Host File

[ul]
[li]Click here to download RstHosts v2.0[/li][li]Save the file to your desktop.[/li][li]Right Click and Run as Administrator.[/li][li]Click on Restaurer, then click OK at the prompt.[/li][li]This will restore the default host file.[/li][li]Next Click on Creer Un Rapport.[/li][li]This will open a logfile, post that in your next reply.[/li][/ul]

Zemana Deep Scan.

[ul]
[li]Right click on Zemana and run as admin.[/li][li]Click the Cog/Sproket Wheel, at the top right of Zemana[/li]
[li]Select Advanced - I have read the warning and wish to proceed.[/li][li]Place a tick next to Detect Suspicious (Root CA) Certificates.[/li][li]Then click the house icon in Zemana.[/li][li]Then hit your start button at the lower left hand corner of your desktop.[/li]
[li]Then left click on Computer.[/li][li]Drag Local Disk C: Into the area of Zemana that reads Drag and drop files here to scan them.[/li][li]http://i.imgur.com/bOVO6lY.png[/li][li]Once the scan has completed click graph icon on the top right of the programs User interface.[/li][li]Double click to open the latest log-file.[/li][li]Copy it to your clipboard.[/li]
[li]Post the log here in your next reply.[/li][/ul]

FRST Fix.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


Fresh FRST Logs.

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

[ul]
[li]Right-click on FRST icon and select Run as Administrator to start the tool.[/li](XP users click run after receipt of Windows Security Warning - Open File).
[li]Make sure that Addition option is checked.[/li][li]Press Scan button and wait.[/li][li]The tool will produce two logfiles on your desktop: FRST.txt, and Addition.txt.[/li][/ul]
Please Copy & Paste them into your next reply

Tell me what issues remain.

Awesome! I think that fixlist worked! Not getting any of the problems anymore! Looks good to go!

Am I able to uninstall everything now?

I’d rather you post the logs from all scans, so that I can see that everything worked as it was supposed to work. I would hate to send you out of here with a live infection.

-|x| RstHosts v2.0 - Rapport créé le 06/01/2017 à 11:47:10
-|x| Système d’exploitation : Windows 10 Home (64 bits)
-|x| Nom d’utilisateur : Clint - FCLINT (Administrateur)

-|x|- Informations -|x|-

Emplacement : C:\WINDOWS\System32\drivers\etc\hosts
Attribut(s) : RASH
Propriétaire : Administrators - BUILTIN
Taille : 89 bytes
Date de création : 22/08/2013 - 07:25:43
Date de modification : 06/01/2017 - 10:46:11
Date de dernier accès : 06/01/2017 - 10:46:11

-|x|- Contenu du fichier -|x|-
[HEADING=1]Fichier Hosts créé par RstHosts[/HEADING]
127.0.0.1 localhost
::1 localhost

-|x|- E.O.F - C:\RstHosts.txt - 601 bytes -|x|-

The FRST txts are also attached.

Can you post the fixlog generated after the fix list, and the Zemana Scan please.

I’ll have to do the Zemena scan again, since it takes a while. But here is the fixlog.

The instructions show how to get the logs from Zemana.
In any case, I need to look over the FRST logs but I have to step out for a few hours.
Go ahead and update your old programs with Patch My PC then post a security check log for me
Run a clean up scan with ZHP cleaner Adware removal tool. ( These scans are fast)

Adware Removal Tool Scan.

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

[MEDIA=imgur]LOr0Gd7[/MEDIA]

Hit Ok.

[MEDIA=imgur]sYFsqHx[/MEDIA]

Hit next make sure to leave all items checked, for removal.

[MEDIA=imgur]8NcZjGc[/MEDIA]

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.

ZHP Scan.

Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.

1. Once you have started the program, you will need to click the scanner button.

[IMG alt="EgsT69u" width="602px" height="129px"]https://windowsinstructed.com/wp-content/uploads/2015/06/EgsT69u.png[/IMG]

The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.
[URL unfurl="true"]http://windowsinstructed.com/wp-content/uploads/2015/06/6QJjV50.png[/URL]

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.
Copy and paste the report here in your next reply.

Security Check Scan.

[ul]
[li]Download Security Check to your desktop.[/li][li]Right click it run as administrator.[/li][li]When the program completes, the tool will automatically open a log file.[/li][li]Please post that log here in your next post.[/li][/ul]

Also, here are some steps that you can take to optimize your internet settings while I am away. I will come back to this thread some time tonight.

Reset Internet Settings.

Download and unzip internet Flush.zip to your desktop right click it run as Administrator. Reboot the machine to apply the settings.

Hit enter after each command below.

1. Open Start and type cmd, then right-click Command Prompt and choose Run as Administrator
2. Once Command Prompt has started enter the following command. nbtstat -r
3. Wait for that command to complete, a new line will appear, now enter the following command. nbtstat -rr
   4 Wait for that command to complete, a new line will appear, now enter the following command. Shutdown -r
   

Disable useless items.

Download easy service optmizer, save it to your desktop and unzip it there. Right click it and run as admin, then select tweaked at the bottom. Then click on the rocket, this will turn off a lot of useless items.

https://i.imgur.com/tnkjYlk.png

You will however need to change one setting. Right Click on Wlansvc — WLAN AutoConfig, then select start service, the edit service. Make sure it is automatic across the board, as per the picture.

https://i.imgur.com/PO7tPc7.png

Disable Computer Browser Service.

1. Press the Windows + R key at the same time, a Run Window will appear
2. Type or copy and paste Services.msc hit enter.
3. Scroll to the Computer Browser Service
4. Right-Click Computer Browser Service and choose Stop the service.
5. Right Click Computer Browser Service again select Properties.
6. Change the Startup type to disabled.

[MEDIA=imgur]Uh8lcOJ[/MEDIA]
7. Hit Apply then Ok.

Repeat the same above to disable the Iphelper Service. Also the DNS Client Service.

Disable net bios over tcpip.

Windows key & r at the same time.
Type or copy and paste ncpa.cpl hit enter.
Right click your connection hit properties.
Select internet protocol version 4 then properties.
Select Advanced, then Wins tab.
Put a tick next to Disable Net Bios over TCPIP.

Reset Host File

[ul]

• [li]Click here to download RstHosts v2.0[/li][/ul]
  [ul]
  [li]Save the file to your desktop.[/li][/ul]
  [ul]
  [li]Right Click and Run as Administrator.[/li][/ul]
  [ul]
  [li]Click on Restaurer, then click OK at the prompt.[/li][/ul]
  [ul]
  [li]This will restore the default host file.[/li][/ul]
  [ul]
  [li]Next Click on Creer Un Rapport.[/li][/ul]
  [ul]
  [li]This will open a logfile, post that in your next reply.[/li][/ul]

Set your DNS Server to Alternate DNS Ad blocking DNS!!

Use DNS Jumper to easily change the settings.
Copy and paste 198.101.242.72 & 23.253.163.53
Into DNS Jumper [ See Picture]
[MEDIA=imgur]2uueQ6A[/MEDIA]
Then select Apply DNS
Close DNS Jumper.

Speedy fox

Unzip Speedy fox to desktop.
Close open Browsers.
Right Click Run as admin.

Clean up temp files and reduce startup load with CCleaner.

[ul]
[li]Download CCleaner from here.[/li][li]After install Click Options.[/li][li]Go to monitoring.[/li][li]Uncheck All Monitoring items.[/li][li]Go to advanced – Click close program after cleaning.[/li][li]Go to settings – click run ccleaner when the computer starts.[/li][li]Now that you have ccleaner installed and set-up:[/li][li]Open the program.[/li][li]Go to Tools[/li][li]Go to Startup[/li][li]Now double click each item. To Disable.[/li][li]Leave only your antivirus enabled.[/li][li]Then disable All items in your scheduled task as well.[/li][li]Unless they are related to windows defender.Or your antivirus.[/li][li]Reboot the machine.[/li][/ul]

Changing some settings.

Follow the steps here to stop your machine from communicating with other devices on your network. Click Here for instructions.

Also, go ahead and run this tool, it stops the machine from doing other things that chew bandwidth The tool is designed to stop all the telemetry.

Please report back if these steps have helped.

Okay here are my security cleaner logs:

Zemana AntiMalware 2.70.2.312 (Installed)

---

Scan Result : Completed
Scan Date : 2017/1/6
Operating System : Windows 10 64-bit
Processor : 4X Intel(R) Core™ i7-5500U CPU @ 2.40GHz
BIOS Mode : UEFI
CUID : 127BCA30031A76D012BA16
Scan Type : Custom Scan
Duration : 155m 37s
Scanned Objects : 377327
Detected Objects : 9
Excluded Objects : 0
Read Level : Normal
Auto Upload : Disabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2
[HEADING=1]Detected Objects[/HEADING]
ARPPRODUCTICON.exe
Status : Failed
Object : %systemroot%\installer{f07c2cf8-4c53-4ec3-8162-a6221e36eb88}\arpproducticon.exe
MD5 : E8F6E2D0C4EB34727FF96DDFBF5276F0
Publisher : -
Size : 65536
Version : 16.0.0.328
Detection :
Cleaning Action : Quarantine
Related Objects :
File - %systemroot%\installer{f07c2cf8-4c53-4ec3-8162-a6221e36eb88}\arpproducticon.exe

NewShortcut1_F786A42112584B209F0A451D45676774.exe
Status : Failed
Object : %systemroot%\installer{f07c2cf8-4c53-4ec3-8162-a6221e36eb88}\newshortcut1_f786a42112584b209f0a451 d45676774.exe
MD5 : E8F6E2D0C4EB34727FF96DDFBF5276F0
Publisher : -
Size : 65536
Version : 16.0.0.328
Detection :
Cleaning Action : Quarantine
Related Objects :
File - %systemroot%\installer{f07c2cf8-4c53-4ec3-8162-a6221e36eb88}\newshortcut1_f786a42112584b209f0a451 d45676774.exe

NewShortcut2_C40B08E982EB4577A9E0A3E77F8FD97E.exe
Status : Failed
Object : %systemroot%\installer{f07c2cf8-4c53-4ec3-8162-a6221e36eb88}\newshortcut2_c40b08e982eb4577a9e0a3e 77f8fd97e.exe
MD5 : E8F6E2D0C4EB34727FF96DDFBF5276F0
Publisher : -
Size : 65536
Version : 16.0.0.328
Detection :
Cleaning Action : Quarantine
Related Objects :
File - %systemroot%\installer{f07c2cf8-4c53-4ec3-8162-a6221e36eb88}\newshortcut2_c40b08e982eb4577a9e0a3e 77f8fd97e.exe

uninstaller.exe
Status : Scanned
Object : NE->c:\program files\5rj9y7q2et\uninstaller.exe
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/Wizzcaster.D!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)

uninstaller.exe
Status : Scanned
Object : NE->c:\program files\bqp6bll5nm\uninstaller.exe
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/Wizzcaster.D!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)

uninstaller.exe
Status : Scanned
Object : NE->c:\program files\cjuagpo3xr\uninstaller.exe
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/Wizzcaster.D!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)

uninstaller.exe
Status : Scanned
Object : NE->c:\program files\d2v3g0w795\uninstaller.exe
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/Wizzcaster.D!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)

uninstaller.exe
Status : Scanned
Object : NE->c:\program files\gn78tur5ch\uninstaller.exe
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/Wizzcaster.D!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)

uninstaller.exe
Status : Scanned
Object : NE->c:\program files\x9w0x7th2j\uninstaller.exe
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/Wizzcaster.D!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)

firefox.bat
Status : Scanned
Object : NE->c:\program files (x86)\mozilla firefox\firefox.bat
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/Gen.bat.AF!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)

screenshared
Status : Scanned
Object : NE->c:\program files (x86)\screenshared
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA:Win32/ScreenShared.A!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)

AGUtils.dll
Status : Scanned
Object : %homedrive%\adwcleaner\quarantine\files\yjkuwmuqno ollykobcdzglseaeuamidg\agutils.dll
MD5 : 36A70D169326B9F4D2643A54FBFA38FA
Publisher : Investservis JSC
Size : 310792
Version : 1.968.0.0
Detection : Adware:Win32/AnonymizerGadget
Cleaning Action : Quarantine
Related Objects :
File - %homedrive%\adwcleaner\quarantine\files\yjkuwmuqno ollykobcdzglseaeuamidg\agutils.dll
[HEADING=1]Cleaning Result[/HEADING]
Cleaned : 9
Reported as safe : 0
Failed : 0

---

Adware Removal Tool 5.1
Time: 2017_01_06_15_08_43
OS: Windows 10 Home - x64 Bit
Account Name: Clint
Adware Definition: 01062017
Elapsed time: 12:59
Repair Status:- Automatic Done
\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\

[-] Deleted ->> Folder ->> C:\Users\Clint\Local Settings\Application Data\Google\Chrome\User Data Default\Default\databases\http_www.searchprivacy.w ebsite_0

[-] Deleted ->> Folder ->> C:\Users\Clint\Local Settings\Application Data\Google\Chrome\User Data Default\Default\IndexedDB\http_www.searchprivacy.w ebsite_0.indexeddb.leveldb

[-] Deleted ->> Folder ->> C:\Users\Clint\Appdata\Local\Google\Chrome\User Data Default\Default\databases\http_www.searchprivacy.w ebsite_0

[-] Deleted ->> Folder ->> C:\Users\Clint\Appdata\Local\Google\Chrome\User Data Default\Default\IndexedDB\http_www.searchprivacy.w ebsite_0.indexeddb.leveldb

[-] Deleted ->> Folder ->> C:\Windows\System32\GroupPolicy\adm

[-] Deleted ->> Registry Key ->> HKEY_CURRENT_USER\Software\IM

~ ZHPCleaner v2017.1.5.3 by Nicolas Coolman (2017/01/05)
~ Run by Clint (Administrator) (06/01/2017 17:26:46)
~ Web: https://www.nicolascoolman.com
~ Blog: https://www.anti-malware.top
~ Facebook : ZHP
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Clint\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Clint\AppData\Roaming\ZHP\ZHPCleaner_Quar antine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit (Build 14393)

—\ Services (0)
~ No malicious or unnecessary items found.

—\ Browser internet (1)
REPLACED Google Chrome Preferences: " https://d31qbv1cthcecs.cloudfront.net/ " =>.Superfluous.CloudfrontNet

—\ Hosts file (0)
~ No malicious or unnecessary items found.

—\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.

—\ Explorer ( File, Folder) (40)
MOVED file: C:\Windows\Prefetch\ANONYMIZERGADGETSETUP.1.000.1-CC2CF404.pf =>.Superfluous.AnonymizerGadget
MOVED file: C:\Windows\Prefetch\ANONYMIZERLAUNCHER.EXE-B80B0BEF.pf =>.Superfluous.AnonymizerGadget
MOVED file: C:\Windows\Prefetch\DAILYBEE.EXE-BE5BE7DC.pf =>.Superfluous.DailyBee
MOVED file: C:\Windows\Prefetch\ONESYSTEMCARE.EXE-E3FA0840.pf =>PUP.Optional.OneSystemCare
MOVED file: C:\Windows\Installer\wix{1B444AF9-1DBE-4884-8F35-969BEFCF69A8}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{3540181E-340A-4E7A-B409-31663472B2F7}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{7774002B-60B3-4146-BF82-5BF767D468B8}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Users\Clint\Downloads\The Wheels on the Bus - Mother Goose Club Playhouse Kid Song.mp3 =>.Superfluous.MaxStart
MOVED file: C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ol.at.atwola.com_0.localstorage =>.Superfluous.Atwola
MOVED file: C:\Users\Clint\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ol.at.atwola.com_0.localstorage-journal =>.Superfluous.Atwola
MOVED folder: C:\Program Files (x86)\Lavasoft =>.Superfluous.Empty
MOVED folder: C:\Program Files (x86)\Syllabic =>.Superfluous.Empty
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LenovoSHAREit =>.Superfluous.SHAREit
MOVED folder: C:\Program Files (x86)\QuickTime =>Riskware.QuickTime
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime =>Riskware.QuickTime
MOVED folder: C:\WINDOWS\Installer\MSI4093.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI4598.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI4C74.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI57E1.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI59AB.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI5A0.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI5AA6.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI5B72.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI5ECF.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI5EC1.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI5FEA.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI61BF.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI63C4.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI64FD.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI6656.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI67D8.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI7B04.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI86E2.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI89E0.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI8B49.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI8C82.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSI907C.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIF217.tmp- =>.Superfluous.Empty
MOVED folder: C:\WINDOWS\Installer\MSIFFA.tmp- =>.Superfluous.Empty

—\ Registry ( Key, Value, Data) (2)
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\atwola.com =>.Superfluous.Atwola
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ol.at.atwola.com [83] =>.Superfluous.Atwola

—\ Summary of the elements found (9)
Redirecting... =>.Superfluous.CloudfrontNet
Redirecting... =>.Superfluous.AnonymizerGadget
Blog - Nicolas Coolman =>.Superfluous.DailyBee
https://www.nicolascoolman.com/fr/re...et_infections/ =>PUP.Optional.OneSystemCare
Blog - Nicolas Coolman =>.Superfluous.Empty
Redirecting... =>.Superfluous.MaxStart
Redirecting... =>.Superfluous.Atwola
Blog - Nicolas Coolman =>.Superfluous.SHAREit
Redirecting... =>Riskware.QuickTime

—\ Other deletions. (14)
~ Registry Keys Tracing deleted (14)
~ Remove the old reports ZHPCleaner. (0)

—\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)

—\ Statistics
~ Items scanned : 878
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 43

~ End of clean in 00h00mn25s
~====================
ZHPCleaner-[R]-06012017-17_27_11.txt
ZHPCleaner–06012017-17_25_45.txt

SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 06.01.2017 17:30:14
Path starting: C:\Users\Clint\AppData\Local\Temp\SecurityCheck\Se curityCheck.exe
Log directory: C:\SecurityCheck
IsAdmin: True
User: Clint
VersionXML: 3.68is-07.01.2017

---

Windows 10(6.3.14393) (x64) Core Lang: English(0409)
Installation date OS: 18.09.2016 12:32:00
Boot Mode: Normal
Default Browser: Internet Explorer (C:\Program Files\Internet Explorer\iexplore.exe)
SystemDrive: C: FS: [NTFS] Capacity: [891.5 Gb] Used: [354.2 Gb] Free: [537.3 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.576.14393.0
User Account Control enabled
Automatically download and schedule installation
Windows Update (wuauserv) - The service has stopped
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Norton Security (enabled)
Windows Defender (disabled and up to date)
Malwarebytes (enabled and up to date)
---------------------------- [ Firewall_WMI ] -----------------------------
Norton Security
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Malwarebytes (enabled and up to date)
Windows Defender (disabled and up to date)
Norton Security (enabled)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Internet Security Essentials v.1.1.404761.40
Norton Security v.22.8.1.14
-------------------------- [ SecurityUtilities ] --------------------------
Zemana AntiMalware v.2.70.312
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.27 v.7.27.101 Warning! Download Update
^Optional update.[1]
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 111 v.8.0.1110.14 Warning! Download Update
Uninstall old version and install new one (jre-8u112-windows-i586.exe).
--------------------------- [ AppleProduction ] ---------------------------
Bonjour v.3.1.0.1
iTunes v.12.3.3.17 Warning! Download Update
^Please use Apple Software Update tool.[2]
QuickTime 7 v.7.79.80.95 Warning! This software is no longer supported. Please uninstall it and use another software.
Bonjour Service (Bonjour Service) - The service is running
--------------------------- [ AdobeProduction ] ---------------------------
Adobe AIR v.23.0.0.257 Warning! Download Update
Adobe Flash Player 24 NPAPI v.24.0.0.186
------------------------------- [ Browser ] -------------------------------
Google Chrome v.55.0.2883.87
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.55.0.2883.87
chrome.exe
------------------ [ AntivirusFirewallProcessServices ] -------------------
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.1.0.388
Windows Defender Service (WinDefend) - The service has stopped
Windows Defender Network Inspection Service (WdNisSvc) - The service has stopped
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.0.0.0.0
---------------------------- [ UnwantedApps ] -----------------------------
Skype Click to Call v.8.5.0.9167 Warning! Browser’s toolbar. It can slow down the working of your browser and have violation privacy problems.
----------------------------- [ End of Log ] ------------------------------

---

1. /b ↩︎
2. /b ↩︎

Step 1: Rogue Killer Scan.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
[ul]
[li]Close all the running programs[/li][li]Double click on downloaded setup.exe file to install the program.[/li][li]Click on Start Scan button.[/li][li]Click on another Start Scan button.[/li][li]Wait until the Status box shows Scan Finished[/li][li]Click on Delete.[/li][li]Wait until the Status box shows Deleting Finished.[/li][li]Click on Report and copy/paste the content of the Notepad into your next reply.[/li][li]RKreport.txt could also be found on your desktop.[/li][li]If more than one log is produced post all logs.[/li][/ul]
Step 2: FRST Fix.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Here you go! Thanks!
[HEADING=1]Fix result of Farbar Recovery Scan Tool (x64) Version: 01-01-2017
Ran by Clint (06-01-2017 20:15:27) Run:2
Running from C:\Users\Clint\Desktop
Loaded Profiles: Clint (Available Profiles: Clint & Administrator)
Boot Mode: Normal[/HEADING]
fixlist content:

---

Start
CreateRestorePoint:
Closeprocesses:
Emptytemp:
Task: {400F33B6-D14C-4017-874B-A5342D52FCCC} - System32\Tasks\bak69151299k69151299 => C:\Program Files (x86)\abhors\abhors.exe [2017-01-04] (disastrous)
Task: {44E9D6BD-5894-4BB8-8E94-5D8E7DE0FED0} - System32\Tasks\dc08A0RSQSzg3xTWtv7hSL-ni-2017-01-04-ni-12202-ni-1 => C:\Program Files (x86)\cartridge\antivirals.exe
Task: {502B7F9A-0E44-4501-93F1-8CFAFECE7A65} - System32\Tasks\ab08A0RSQSzg3xTWtv7hSL-ni-2017-01-04-ni-12202-ni-1 => C:\Program Files (x86)\cartridge\antivirals.exe
Task: {9C40CA84-2344-43CA-BA17-FE8C161D1D61} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-10] (Lenovo)
Task: {A28164B8-58B5-46CD-9BB9-1F1BA2754BA1} - System32\Tasks\Lenovo\ImController\Plugins\LenovoS ystemUpdatePlugin_WeeklyTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {AEC034CC-323E-464A-B547-2396755DC906} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-09-02] (Lenovo)
ShortcutTarget: ok2089576.lnk → C:\Program Files (x86)\cartridge\antivirals.exe (No File)
Startup: C:\Users\Clint\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\ok2089576palsy.lnk [2017-01-04]
ShortcutTarget: ok2089576palsy.lnk → C:\Program Files (x86)\Syllabic\genoese.exe (No File)
Startup: C:\Users\Clint\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\palsy.lnk [2017-01-04]
ShortcutTarget: palsy.lnk → C:\Program Files (x86)\cartridge\antivirals.exe (No File)
ShortcutTarget: ok2089576.lnk → C:\Program Files (x86)\cartridge\antivirals.exe (No File)
ShortcutTarget: ok2089576palsy.lnk → C:\Program Files (x86)\Syllabic\genoese.exe (No File)
ShortcutTarget: palsy.lnk → C:\Program Files (x86)\cartridge\antivirals.exe (No File)
SearchScopes: HKLM → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [118472 2016-12-05] (COMODO)
C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe
S2 gupdate; “C:\Program Files (x86)\Google\Update\GoogleUpdate.exe” /svc
S3 gupdatem; “C:\Program Files (x86)\Google\Update\GoogleUpdate.exe” /medsvc
R1 isedrv; C:\WINDOWS\system32\drivers\isedrv.sys [52960 2016-12-05] (COMODO)
C:\WINDOWS\system32\drivers\isedrv.sys
2017-01-05 12:57 - 2017-01-06 11:27 - 00000180 _____ C:\WINDOWS\system32{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-05 10:32 - 2017-01-05 10:32 - 00707354 _____ C:\WINDOWS\unins000.exe
2017-01-05 10:32 - 2017-01-05 10:32 - 00001529 _____ C:\WINDOWS\unins000.dat
C:\Program Files (x86)\COMODO
2017-01-04 14:14 - 2017-01-05 12:35 - 00000000 ____D C:\Program Files (x86)\Avira
2017-01-04 14:12 - 2017-01-04 14:13 - 04581024 _____ (Avira Operations GmbH & Co. KG) C:\Users\Clint\Downloads\avira_en_av_586d57299086c __ws.exe
2017-01-04 13:02 - 2017-01-05 09:16 - 00000000 ____D C:\Program Files\BQP6BLL5NM
2017-01-04 13:00 - 2017-01-05 09:42 - 00000000 ___HD C:\Program Files (x86)\Maxxam
2017-01-04 13:00 - 2017-01-05 09:16 - 00000000 ____D C:\Program Files\X9W0X7TH2J
2017-01-04 13:00 - 2017-01-05 09:16 - 00000000 ____D C:\Program Files\D2V3G0W795
2017-01-04 13:00 - 2017-01-05 09:16 - 00000000 ____D C:\Program Files\5RJ9Y7Q2ET
2017-01-04 13:00 - 2017-01-04 13:24 - 00004020 _____ C:\WINDOWS\System32\Tasks\ab08A0RSQSzg3xTWtv7hSL-ni-2017-01-04-ni-12202-ni-1
2017-01-04 13:00 - 2017-01-04 13:24 - 00003856 _____ C:\WINDOWS\System32\Tasks\dc08A0RSQSzg3xTWtv7hSL-ni-2017-01-04-ni-12202-ni-1
2017-01-04 13:00 - 2017-01-04 13:00 - 00003708 _____ C:\WINDOWS\System32\Tasks\bak69151299k69151299
2017-01-04 13:00 - 2017-01-04 13:00 - 00000055 _____ C:\WINDOWS\key.ini
2017-01-04 13:00 - 2017-01-04 13:00 - 00000000 ___HD C:\Program Files (x86)\anthers
2017-01-04 13:00 - 2017-01-04 13:00 - 00000000 ____D C:\Program Files (x86)\abhors
2017-01-04 12:59 - 2017-01-05 23:42 - 00000000 ____D C:\a
2017-01-04 12:59 - 2017-01-05 09:42 - 00000000 ___HD C:\Program Files (x86)\Intramural
2017-01-04 12:59 - 2017-01-05 09:16 - 00000000 ____D C:\Program Files\GN78TUR5CH
2017-01-04 12:59 - 2017-01-05 09:16 - 00000000 ____D C:\Program Files\CJUAGPO3XR
2017-01-04 12:59 - 2017-01-04 18:44 - 00000000 ____D C:\Program Files (x86)\cartridge
2017-01-04 12:59 - 2017-01-04 18:43 - 00000000 ____D C:\Program Files (x86)\waistbands
2017-01-04 12:59 - 2017-01-04 18:40 - 00000000 ____D C:\Program Files (x86)\carats
2017-01-04 12:59 - 2017-01-04 18:02 - 00000000 ____D C:\Program Files (x86)\Syllabic
2017-01-04 12:59 - 2017-01-04 13:26 - 00000000 ____D C:\Program Files (x86)\ScreenShared
2017-01-04 12:59 - 2017-01-04 12:59 - 00000000 ____D C:\Program Files (x86)\MaxInternet
2017-01-04 12:59 - 2017-01-04 12:59 - 00000000 ____D C:\Program Files (x86)\commonsensical
2017-01-04 07:13 - 2017-01-04 07:13 - 00192000 _____ C:\WINDOWS\dll.dll
2017-01-04 07:13 - 2017-01-04 07:13 - 00041202 _____ C:\WINDOWS\smite.exe
2017-01-04 05:39 - 2017-01-04 05:39 - 00010752 _____ C:\WINDOWS\quits.exe
RemoveProxy:
CMD: ipconfig /flushdns
End

---

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{400F33B 6-D14C-4017-874B-A5342D52FCCC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{400F33B 6-D14C-4017-874B-A5342D52FCCC} => key removed successfully
C:\WINDOWS\System32\Tasks\bak69151299k69151299 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bak69151 299k69151299 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{44E9D6B D-5894-4BB8-8E94-5D8E7DE0FED0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{44E9D6B D-5894-4BB8-8E94-5D8E7DE0FED0} => key removed successfully
C:\WINDOWS\System32\Tasks\dc08A0RSQSzg3xTWtv7hSL-ni-2017-01-04-ni-12202-ni-1 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\dc08A0RS QSzg3xTWtv7hSL-ni-2017-01-04-ni-12202-ni-1 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{502B7F9 A-0E44-4501-93F1-8CFAFECE7A65} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{502B7F9 A-0E44-4501-93F1-8CFAFECE7A65} => key removed successfully
C:\WINDOWS\System32\Tasks\ab08A0RSQSzg3xTWtv7hSL-ni-2017-01-04-ni-12202-ni-1 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ab08A0RS QSzg3xTWtv7hSL-ni-2017-01-04-ni-12202-ni-1 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{9C40CA8 4-2344-43CA-BA17-FE8C161D1D61} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{9C40CA8 4-2344-43CA-BA17-FE8C161D1D61} => key removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\L enovo Customer Feedback Program 64 35 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{A28164B 8-58B5-46CD-9BB9-1F1BA2754BA1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{A28164B 8-58B5-46CD-9BB9-1F1BA2754BA1} => key removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\ImController\Plug ins\LenovoSystemUpdatePlugin_WeeklyTask => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\I mController\Plugins\LenovoSystemUpdatePlugin_Weekl yTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{AEC034C C-323E-464A-B547-2396755DC906} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{AEC034C C-323E-464A-B547-2396755DC906} => key removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\L enovo Customer Feedback Program 64 => key removed successfully
C:\Program Files (x86)\cartridge\antivirals.exe => not found.
C:\Users\Clint\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\ok2089576palsy.lnk => moved successfully
C:\Program Files (x86)\Syllabic\genoese.exe => not found.
C:\Users\Clint\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\palsy.lnk => moved successfully
C:\Program Files (x86)\cartridge\antivirals.exe => not found.
C:\Program Files (x86)\cartridge\antivirals.exe => not found.
C:\Program Files (x86)\Syllabic\genoese.exe => not found.
C:\Program Files (x86)\cartridge\antivirals.exe => not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value restored successfully
HKLM\System\CurrentControlSet\Services\isesrv => key removed successfully
isesrv => service removed successfully
C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe => moved successfully
HKLM\System\CurrentControlSet\Services\gupdate => key removed successfully
gupdate => service removed successfully
HKLM\System\CurrentControlSet\Services\gupdatem => key removed successfully
gupdatem => service removed successfully
isedrv => Unable to stop service.
HKLM\System\CurrentControlSet\Services\isedrv => key removed successfully
isedrv => service removed successfully
C:\WINDOWS\system32\drivers\isedrv.sys => moved successfully
C:\WINDOWS\system32{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
C:\WINDOWS\unins000.exe => moved successfully
C:\WINDOWS\unins000.dat => moved successfully
C:\Program Files (x86)\COMODO => moved successfully
C:\Program Files (x86)\Avira => moved successfully
C:\Users\Clint\Downloads\avira_en_av_586d57299086c __ws.exe => moved successfully
“C:\Program Files\BQP6BLL5NM” => not found.
C:\Program Files (x86)\Maxxam => moved successfully
“C:\Program Files\X9W0X7TH2J” => not found.
“C:\Program Files\D2V3G0W795” => not found.
“C:\Program Files\5RJ9Y7Q2ET” => not found.
“C:\WINDOWS\System32\Tasks\ab08A0RSQSzg3xTWtv7hSL-ni-2017-01-04-ni-12202-ni-1” => not found.
“C:\WINDOWS\System32\Tasks\dc08A0RSQSzg3xTWtv7hSL-ni-2017-01-04-ni-12202-ni-1” => not found.
“C:\WINDOWS\System32\Tasks\bak69151299k69151299” => not found.
C:\WINDOWS\key.ini => moved successfully
C:\Program Files (x86)\anthers => moved successfully
C:\Program Files (x86)\abhors => moved successfully
C:\a => moved successfully
C:\Program Files (x86)\Intramural => moved successfully
“C:\Program Files\GN78TUR5CH” => not found.
“C:\Program Files\CJUAGPO3XR” => not found.
C:\Program Files (x86)\cartridge => moved successfully
C:\Program Files (x86)\waistbands => moved successfully
C:\Program Files (x86)\carats => moved successfully
“C:\Program Files (x86)\Syllabic” => not found.
“C:\Program Files (x86)\ScreenShared” => not found.
C:\Program Files (x86)\MaxInternet => moved successfully
C:\Program Files (x86)\commonsensical => moved successfully
C:\WINDOWS\dll.dll => moved successfully
C:\WINDOWS\smite.exe => moved successfully
C:\WINDOWS\quits.exe => moved successfully

========= RemoveProxy: =========

HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\Connections\DefaultConnectionSettings => value removed successfully
HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\Connections\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3646257312-145341772-451683423-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3646257312-145341772-451683423-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13870837 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 444768 B
Edge => 13824 B
Chrome => 35497271 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 822 B
NetworkService => 0 B
Clint => 2204467 B
Administrator => 0 B

RecycleBin => 0 B
EmptyTemp: => 49.6 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 20:15:56 ====

RogueKiller V12.9.1.0 (x64) [Jan 2 2017] (Free) by Adlice Software
mail : Support Form | Contact • Adlice Software
Feedback : http://forum.adlice.com
Website : Free Virus Cleaner | RogueKiller AntiMalware • Adlice Software
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : Clint [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete – Date : 01/06/2017 19:20:04 (Duration : 00:51:22)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 11 ¤¤¤
[VT.Unknown] (X64) HKEY_USERS\S-1-5-21-3646257312-145341772-451683423-1001\Software\Microsoft\Windows\CurrentVersion\Run | rodin : “C:\Program Files (x86)\anthers\rodin.exe” [-] → Deleted
[VT.Unknown] (X64) HKEY_USERS\S-1-5-21-3646257312-145341772-451683423-1001\Software\Microsoft\Windows\CurrentVersion\Run | hadera : “C:\Program Files (x86)\waistbands\hadera.exe” [-] → Deleted
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\T cpip\Parameters\Interfaces{2b4853f6-1f64-4d6a-920f-2d52eb8d4392} | NameServer : 198.101.242.72,23.253.163.53 ([-][US]) → Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\T cpip\Parameters\Interfaces{3a0cba34-e379-4cd6-83ea-c29a3fc0ca9c} | NameServer : 198.101.242.72,23.253.163.53 ([-][US]) → Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\T cpip\Parameters\Interfaces{75bb4bff-73e2-448c-bac2-90b437711db7} | NameServer : 198.101.242.72,23.253.163.53 ([-][US]) → Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\T cpip\Parameters\Interfaces{7fefbccb-0b0c-4b46-ab0d-ca98f6ef4450} | NameServer : 198.101.242.72,23.253.163.53 ([-][US]) → Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\T cpip\Parameters\Interfaces{2B4853F6-1F64-4D6A-920F-2D52EB8D4392} | NameServer : 198.101.242.72,23.253.163.53 ([-][US]) → Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\T cpip\Parameters\Interfaces{3A0CBA34-E379-4CD6-83EA-C29A3FC0CA9C} | NameServer : 198.101.242.72,23.253.163.53 ([-][US]) → Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\T cpip\Parameters\Interfaces{75BB4BFF-73E2-448C-BAC2-90B437711DB7} | NameServer : 198.101.242.72,23.253.163.53 ([-][US]) → Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\T cpip\Parameters\Interfaces{7FEFBCCB-0B0C-4B46-AB0D-CA98F6EF4450} | NameServer : 198.101.242.72,23.253.163.53 ([-][US]) → Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\T cpip\Parameters\Interfaces{F7956392-016B-4F12-9F65-825EDBF06453} | NameServer : 198.101.242.72,23.253.163.53,192.168.2.1 ([-][US][-]) → Replaced ()

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 3 ¤¤¤
[PUP.Gen1][Folder] C:\Users\Clint\AppData\Local\Free YouTube Downloader → Deleted
[PUP.Gen1][File] C:\Users\Clint\AppData\Local\Free YouTube Downloader\Downloads.data → Deleted
[PUP.Gen1][File] C:\Users\Clint\AppData\Local\Free YouTube Downloader\ffmpeg.exe → Deleted
[PUP.Gen1][File] C:\Users\Clint\AppData\Local\Free YouTube Downloader\Settings.data → Deleted
[PUP.Gen1][File] C:\Users\Clint\AppData\Local\Free YouTube Downloader\Temp\02bd2a0da9824d7cab904389e51597b3.t mp → Deleted
[PUP.Gen1][File] C:\Users\Clint\AppData\Local\Free YouTube Downloader\Temp\0ae228d99e284960b7f31b1f5205dbcd.t mp → Deleted
[PUP.Gen1][File] C:\Users\Clint\AppData\Local\Free YouTube Downloader\Temp\0d725e4ce9b346828c5a3daef3b621a4.t mp → Deleted
[PUP.Gen1][File] C:\Users\Clint\AppData\Local\Free YouTube Downloader\Temp\1a759e57afbd4a2683aedf09c8892c56.t mp → Deleted
[PUP.Gen1][File] C:\Users\Clint\AppData\Local\Free YouTube Downloader\Temp\21e691ec37e4437cb53bb9d0fe31c393.t mp → Deleted
[PUP.Gen1][File] C:\Users\Clint\AppData\Local\Free YouTube Downloader\Temp\28dc0f47bc8e42a48e348f86b8d7cd33.t mp → Deleted
[PUP.Gen1][File] C:\Users\Clint\AppData\Local\Free YouTube Downloader\Temp\31689dc5a55e4e7c8736f6b240a60b89.t mp → Deleted
[PUP.Gen1][File] C:\Users\Clint\AppData\Local\Free YouTube Downloader\Temp\4439d92261cd46b38a765e5938700732.t mp → Deleted
[PUP.Gen1][File] C:\Users\Clint\AppData\Local\Free YouTube Downloader\Temp\50dae8cca0694bd2bc79bfb2cedf439c.t mp → Deleted
[PUP.Gen1][File] C:\Users\Clint\AppData\Local\Free YouTube Downloader\Temp\514b823e2beb463eb72c7d20fd181c31.t mp → Deleted
[PUP.Gen1][File] C:\Users\Clint\AppData\Local\Free YouTube Downloader\Temp\51c564a90fc046dd989249a35dd74010.t mp → Deleted
[PUP.Gen1][File] C:\Users\Clint\AppData\Local\Free YouTube Downloader\Temp\569505d744b540aa965ef8c14e4485d3.t mp → Deleted
[PUP.Gen1][File] C:\Users\Clint\AppData\Local\Free YouTube Downloader\Temp\590254f272184f63a5cfee7ff196e2ef.t mp → Deleted
[PUP.Gen1][File] C:\Users\Clint\AppData\Local\Free YouTube Downloader\Temp\61981d540e12499099f22b65e95499d6.t mp → Deleted
[PUP.Gen1][File] C:\Users\Clint\AppData\Local\Free YouTube Downloader\Temp\67612e00e21042078426fb09b465c5f8.t mp → Deleted
[PUP.Gen1][File] C:\Users\Clint\AppData\Local\Free YouTube Downloader\Temp\6d19619af92b4dac8486d212fc127140.t mp → Deleted
[PUP.Gen1][File] C:\Users\Clint\AppData\Local\Free YouTube Downloader\Temp\6e83f1e4c8d14e0094703ecbe24985da.t mp → Deleted
[PUP.Gen1][File] C:\Users\Clint\AppData\Local\Free YouTube Downloader\Temp\6f2fa3d712dc4754aa85a3882602054a.t mp → Deleted
[PUP.Gen1][File] C:\Users\Clint\AppData\Local\Free YouTube Downloader\Temp\728ea8c199d94752bfbfefafaa2494eb.t mp → Deleted
[PUP.Gen1][File] C:\Users\Clint\AppData\Local\Free YouTube Downloader\Temp\734d895a15fe4d168f3a95b91411ccdf.t mp → Deleted
[PUP.Gen1][File] C:\Users\Clint\AppData\Local\Free YouTube Downloader\Temp\80221c96c6bd4252abf578f37e0a794b.t mp → Deleted
[PUP.Gen1][File] C:\Users\Clint\AppData\Local\Free YouTube Downloader\Temp\84dd006e6788481c81878d8108823db9.t mp → Deleted
[PUP.Gen1][File] C:\Users\Clint\AppData\Local\Free YouTube Downloader\Temp\86b17a9a304e497993e1daf95f3e4eed.t mp → Deleted
[PUP.Gen1][File] C:\Users\Clint\AppData\Local\Free YouTube Downloader\Temp\8ebf520601414728b491d1ff47559703.t mp → Deleted
[PUP.Gen1][File] C:\Users\Clint\AppData\Local\Free YouTube Downloader\Temp\a70a3b9885444859851feca4d504c1af.t mp → Deleted
[PUP.Gen1][File] C:\Users\Clint\AppData\Local\Free YouTube Downloader\Temp\a84d897277064622858bd92fb882cb91.t mp → Deleted
[PUP.Gen1][File] C:\Users\Clint\AppData\Local\Free YouTube Downloader\Temp\b87cc947379c48b6873d913aec6219d4.t mp → Deleted
[PUP.Gen1][File] C:\Users\Clint\AppData\Local\Free YouTube Downloader\Temp\c12eae541dc74e899fc3d3022fedb84d.t mp → Deleted
[PUP.Gen1][File] C:\Users\Clint\AppData\Local\Free YouTube Downloader\Temp\c589ae32d8c84b9485880f9dd6c41f40.t mp → Deleted
[PUP.Gen1][File] C:\Users\Clint\AppData\Local\Free YouTube Downloader\Temp\c75d2838a7154e358df6efa7159e4500.t mp → Deleted
[PUP.Gen1][File] C:\Users\Clint\AppData\Local\Free YouTube Downloader\Temp\d83da2ceddcc419583af46eed1037707.t mp → Deleted
[PUP.Gen1][File] C:\Users\Clint\AppData\Local\Free YouTube Downloader\Temp\f4ee2e1ebd7b424d85eaaa4371c15153.t mp → Deleted
[PUP.Gen1][Folder] C:\Users\Clint\AppData\Local\Free YouTube Downloader\Temp → Deleted
[PUP.Gen1][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader → Deleted
[PUP.Gen1][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader\Free YouTube Downloader.lnk → Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Free YouTube Downloader → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\BouncyCastle.Crypto.dll → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\de\MigraDoc.DocumentObjectModel.resourc es.dll → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\de\MigraDoc.Rendering.resources.dll → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\de\PdfSharp.Charting.resources.dll → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\de\PdfSharp.resources.dll → Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Free YouTube Downloader\de → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\es\FreeYouTubeDownloader.Localization.r esources.dll → Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Free YouTube Downloader\es → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\FreeYouTubeDownloader.Analyzer.dll → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\FreeYouTubeDownloader.Common.dll → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\FreeYouTubeDownloader.Converter.dll → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\FreeYouTubeDownloader.Debug.dll → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\FreeYouTubeDownloader.Downloader.dll → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\FreeYouTubeDownloader.Localization.dll → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\Ionic.Zip.dll → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\Microsoft.WindowsAPICodePack.dll → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\Microsoft.WindowsAPICodePack.Shell.dll → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\MigraDoc.DocumentObjectModel.dll → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\MigraDoc.Rendering.dll → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\Newtonsoft.Json.dll → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\NLog.dll → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\ObjectListView.dll → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\PdfSharp.Charting.dll → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\PdfSharp.dll → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\pt\FreeYouTubeDownloader.Localization.r esources.dll → Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Free YouTube Downloader\pt → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\Readme.txt → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\ru\FreeYouTubeDownloader.Localization.r esources.dll → Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Free YouTube Downloader\ru → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\SplitButton.dll → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\uk\FreeYouTubeDownloader.Localization.r esources.dll → Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Free YouTube Downloader\uk → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\unins000.dat → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\unins000.exe → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\unins000.msg → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\Uninstall.txt → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\YouTubeDownloader.exe → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\YouTubeDownloader.ico → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\YouTubeDownloader.vshost.exe → Deleted
[PUP.Gen1][File] C:\Program Files (x86)\Free YouTube Downloader\zh-CHS\FreeYouTubeDownloader.Localization.resources.d ll → Deleted
[PUP.Gen1][Folder] C:\Program Files (x86)\Free YouTube Downloader\zh-CHS → Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10SPCX-24HWST1 +++++
— User —
[MBR] 65183f9861274ab065f4662ea61bfa7e
[BSP] 619659299408df9b2cfc778547151535 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1000 MB
1 - [SYSTEM][MAN-MOUNT] EFI system partition | Offset (sectors): 2050048 | Size: 260 MB
2 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2582528 | Size: 1000 MB
3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 4630528 | Size: 128 MB
4 - Basic data partition | Offset (sectors): 4892672 | Size: 912904 MB
5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1874522112 | Size: 471 MB
6 - Basic data partition | Offset (sectors): 1875486720 | Size: 25600 MB
7 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1927915520 | Size: 12504 MB
User = LL1 … OK
User = LL2 … OK