PC Slow with Frequent Not Responding Message

Hi gus,

The above is the only other scan results I could find from today - found it in the C://AdwCleaner folder.

I mistakenly thought that Malwarebytes was more of an on demand tool rather than constantly running. When I try to load it from the system tray I get an error saying:

"Malwarebytes is unable to load the Anti-Rootkit DDA Driver.

This error may be due to rootkit activity. We recommend rebooting so Malwarebytes can attempt to install the driver.

Do you want to reboot now?"

I will remove Malwarebytes.

Is there a more powerful tool than CCleaner for uninstalling programs? I think I must’ve attempted to remove Zonealarm using CCleaner.

I did not deliberately open ports on in the firewall.

Hi, werdnarolyat,

Tools such as Revo Uninstaller or Geek Uninstaller are arguably the pick of the uninstall tools, mind you no tools will remove everything. Probably jumping a bit ahead here too before I check your logs, but if you have anything Iobit on you machine I would strongly urge you to remove it/them.

I will be away for Today and whilst I look over your logs properly will you please run RogueKiller.

Please go here and download RogueKiller, click HERE to download a 32bit version, or HERE for a 64bit one. If you are unsure if your PC is a 32 or 64bit version look HERE.

[COLOR=rgb(184, 49, 47)]Save the download to your desktop.

[ul]
[li][COLOR=rgb(184, 49, 47)]Close all running programs, Including any Antivirus or Security programs. If you are unsure how to do this please ask.[/li][li]Right click the new RogueKiller desktop shortcut, and then click on “Run as Administrator”[/li][li]If you get a dialogue box explaining that there is a new version, go to the website and download it. Click the go to website button at the bottom of the box.[/li][li]Once the application is open, or you have updated it, click on the Scan button located on the top menu bar.[/li][li]The scan may take some time to complete depending on the amount of data on your PC. Allow it to complete.[/li][li]Once the scan is complete check every item for deletion.[/li][li]Then check “Remove Selected” [/li][/ul]

[MEDIA=imgur]C4i7v64[/MEDIA]

Again it may take a little time to remove the detections.
Then click “Open Report” on the bottom left of the main program interface.
A new dialogue box will open, click “Open TXT”

[MEDIA=imgur]u32ik5U[/MEDIA]

[COLOR=rgb(41, 105, 176)]Please Copy and Paste the contents of that text file in your next post.

If by chance you have closed the TXT file before copying it you can retrieve it by clicking on the History button on the programs main interface.[/COLOR][/COLOR][/COLOR]

Thanks gus.

Should I use Geek Uninstaller after you’ve checked the above logs and I’ve run Rogue Killer?

RogueKiller V12.12.10.0 [Mar 26 2018] (Free) by Adlice Software
mail : Support Form | Contact • Adlice Software
Feedback : https://forum.adlice.com
Website : Free Virus Cleaner | RogueKiller AntiMalware • Adlice Software
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : David [Administrator]
Started from : C:\Users\David\Desktop\RogueKiller_portable32.exe
Mode : Delete – Date : 03/29/2018 09:17:09 (Duration : 01:18:08)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[Hj.RegVal] HKEY_LOCAL_MACHINE\RK_Software_ON_D_653C\Microsoft \Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe → Replaced (explorer.exe)
[PUM.Proxy] HKEY_LOCAL_MACHINE\RK_System_ON_D_0500\ControlSet0 01\Services\NlaSvc\Parameters\Internet\ManualProxi es | (default) : → Deleted

¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks{4DB442F9-C5C4-47D4-CABC-256BB9E033EC}.job – C:\Users\David\AppData\Local{453F7~1\UNINST~1.EXE (/Check) → Deleted
[Hj.Shortcut] {6DCE0CBF-14D4-4F83-A3A5-6D140E6CC7A3} – “c:\program files\mozilla firefox\firefox.exe” ( http://ui.skype.com/ui/0/5.8.0.158.2...ll?page=tsMain ) → Deleted

¤¤¤ Files : 1 ¤¤¤
[Hj.Shortcut][File] C:\Users\David\AppData\Roaming\QuickScan\Launch QuickScan.lnk [LNK@] C:\PROGRA~1\MOZILL~1\firefox.exe http://quickscan.bitdefender.com/ → Shortcut cleaned

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3750630AS ATA Device +++++
— User —
[MBR] 3245321b7248dc7923dd47d9a442a0bd
[BSP] 5ac569e9e71c018ba2b70830b9d7016e : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 86 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 178176 | Size: 15360 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31635456 | Size: 699956 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 … OK
User = LL2 … OK

+++++ PhysicalDrive1: Seagate FreeAgent USB Device +++++
— User —
[MBR] e4d4c344682f37fae9a22fb26ed1af77
[BSP] a496701c9300c65bf86f597667d86edf : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 953867 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 … OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

Hi gus,

Just to let you know, I tried using Geek Uninstaller but it found no trace of any ZoneAlarm or Iobit products.

Hi werdnarolyat, sorry about the delay, back now so will check your logs today. If you have no Iobit apps I will remove the bits from your logs. Let me make a fix for your logs to date and then we will get some fresh logs and we will come back to Zonealarm later.

Great, thanks gus.

There are no Iobit apps intentionally installed just now.

Hi, can you also uninstall Superantispyware?

Hi again,

Please left click on the attached Fixlist.txt file at the bottom of this post. On the dialogue box that opens click “Save File” and then “OK”

[MEDIA=imgur]vzol8OV[/MEDIA]

Select a location then save the file. [COLOR=rgb(184, 49, 47)]IMPORTANT the fixlist.txt file must be in the same location as the FRST program otherwise the fix will not work.

[MEDIA=imgur]pjsQ8XB[/MEDIA]

To run the fix right click the FRST icon and choose “Run as Administrator” then click on “Fix”

[MEDIA=imgur]cp0349X[/MEDIA]

Depending on the amount of data to be moved it may take a few minutes to complete, and the computer may reboot. When the fix is complete and/or the computer has rebooted the “Fixlist.txt” file you created will be renamed “Fixlog.txt”

[COLOR=rgb(184, 49, 47)]Please COPY and PASTE the contents of this new file in your next post[COLOR=rgb(184, 49, 47)]

Now you need to reset your Internet Explorer browser.

https://i.imgur.com/vwUeyaZ.png
[ul]
[li]Download ResetBrowser To your desktop.[/li][li]Now [COLOR=rgb(41, 105, 176)]please close all open browsers.[/li][li]Right click and run as administrator.[/li][li]Click on [COLOR=rgb(250, 197, 28)]Reset INTERNET EXPLORER and allow completion.[/li][/ul][/COLOR][/COLOR][/COLOR][/COLOR][/COLOR]

Fix result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018
Ran by David (30-03-2018 20:26:05) Run:1
Running from C:\Users\David\Desktop
Loaded Profiles: David & UpdatusUser (Available Profiles: David & UpdatusUser)
Boot Mode: Normal

==============================================

fixlist content:

---

Start
CreateRestorepoint:
CloseProcesses:
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
HKU.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?rd=1&ucc=GB&dcc=GB&opt=0&ocid=iehp
HKU\S-1-5-21-1365679944-132168641-953657067-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/2
SearchScopes: HKLM → DefaultScope {CE278C74-1B0C-4615-96A3-38CC94C07A27} URL =
SearchScopes: HKLM → {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU.DEFAULT → DefaultScope {CE278C74-1B0C-4615-96A3-38CC94C07A27} URL =
SearchScopes: HKU\S-1-5-21-1365679944-132168641-953657067-1000 → {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1365679944-132168641-953657067-1000 → {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
FF Extension: (No Name) - C:\Program Files\eMusic Download Manager\xulrunner\extensionsdlm_itunes@emusic.com [not found]
FF Extension: (No Name) - C:\Program Files\eMusic Download Manager\xulrunner\extensionsdlm_winamp@emusic.com [not found]
FF Extension: (No Name) - C:\Program Files\eMusic Download Manager\xulrunner\extensionsdlm_wmp@emusic.com [not found]
CHR HKLM...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - <no Path/update_url>
C:\Windows\Tasks{4DB442F9-C5C4-47D4-CABC-256BB9E033EC}.job
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{04EBE69E-2DED-44F6-9854-9A3988F751ED}\InprocServer32 → C:\Users\David\AppData\Local\Dropbox\Update\1.3.51 .1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 → C:\Users\David\AppData\Local\Dropbox\Update\1.3.27 .33\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 → C:\Users\David\AppData\Local\Google\Update\1.3.33. 5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{2027D000-8CEB-4191-9620-15DD2561855F}\InprocServer32 → C:\Users\David\AppData\Local\Dropbox\Update\1.3.57 .1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 → C:\Users\David\AppData\Local\Google\Update\1.3.30. 3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 → C:\Users\David\AppData\Local\Google\Update\1.3.31. 5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 → C:\Users\David\AppData\Local\Google\Update\1.3.33. 3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 → C:\Users\David\AppData\Local\Google\Update\1.3.32. 7\psuser.dll => No File
ContextMenuHandlers1: [IObitUnstaler] → {B19ED566-D419-470b-B111-3C89040BC027} => → No File
ContextMenuHandlers1: [LavasoftShellExt] → {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => → No File
ContextMenuHandlers1: [SmartDefragExtension] → {189F1E63-33A7-404B-B2F6-8C76A452CC54} => → No File
ContextMenuHandlers1: [ZLAVShExt] → {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files\CheckPoint\ZoneAlarm\zlavscan.dll → No File
ContextMenuHandlers5: [igfxcui] → {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => → No File
ContextMenuHandlers6: [ZLAVShExt] → {D9872D13-7651-4471-9EEE-F0A00218BEBB} => C:\Program Files\CheckPoint\ZoneAlarm\zlavscan.dll → No File
Task: {07BA4BB6-FE13-4020-985A-780781738826} - \Driver Booster SkipUAC (David) → No File <==== ATTENTION
Task: {2BF84EFE-C4BA-4720-BD3C-C9BFBC620937} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {57A9D223-4743-42A4-A195-BD5F48C5755B} - System32\Tasks\SmartDefrag => C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
Task: {8401FDD5-BD53-4F87-AA11-45BB97713683} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
Task: {878236F4-BFB9-42A4-8EB7-BA1552F24AF4} - {4DB442F9-C5C4-47D4-CABC-256BB9E033EC} → No File <==== ATTENTION
Task: {BB81403D-923E-4F31-B6FA-1F24F0BDD336} - System32\Tasks{DF81553E-9FE4-46F9-A698-E6FEC3497677} => C:\Windows\system32\pcalua.exe -a C:\Users\David\Downloads\Xvid-1.2.2-07062009.exe -d “K:\Photos\Lost season 5”
Task: {C2C21F40-674F-47CF-8D11-D24E7D21EBBC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {DEAEF5E5-4577-4785-B02A-19A99003D01F} - {77FD207A-F73E-4650-9133-C6BF9DCB9A1D} → No File <==== ATTENTION
Task: {E3B74E19-B294-4BA5-8891-D72218EE4503} - System32\Tasks{C16E4FDC-EC6A-4B6B-9404-EDA79210A247} => C:\Windows\system32\pcalua.exe -a “C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe” -d “C:\Program Files\VS Revo Group\Revo Uninstaller”
Task: {F31BB7E0-A603-46F9-B04E-10075749C18E} - System32\Tasks{6DCE0CBF-14D4-4F83-A3A5-6D140E6CC7A3} => “c:\program files\mozilla firefox\firefox.exe” hxxp://ui.skype.com/ui/0/5.8.0.158.259/en/abandoninstall?page=tsMain
Task: C:\Windows\Tasks\SmartDefrag.job => C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
Task: C:\Windows\Tasks{4DB442F9-C5C4-47D4-CABC-256BB9E033EC}.job => C:\Users\David\AppData\Local{453F7~1\UNINST~1.EXE <==== ATTENTION
AlternateDataStreams: C:\Users\David\Downloads\f9824a1717a164c3.mp4:TOC. WMV [130]
C:\Program Files\GUT3E11.tmp
C:\Users\David\Downloads\4jtq78j5.exe
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state On
CMD: ipconfig /flushdns
Hosts:
Emptytemp:
Reboot:
end

---

Restore point was successfully created.
Processes closed successfully.
“HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\P arameters\NameSpace_Catalog5\Catalog_Entries\00000 0000007” => removed successfully.
“HKU.DEFAULT\Software\Microsoft\Internet Explorer\Main\Start Page Redirect Cache” => removed successfully.
HKU\S-1-5-21-1365679944-132168641-953657067-1000\Software\Microsoft\Internet Explorer\Main\Default_Page_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value restored successfully
“HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}” => removed successfully.
HKLM\Software\Classes\CLSID{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
“HKU.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope” => removed successfully.
“HKU\S-1-5-21-1365679944-132168641-953657067-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}” => removed successfully.
HKLM\Software\Classes\CLSID{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => not found
“HKU\S-1-5-21-1365679944-132168641-953657067-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}” => removed successfully.
HKLM\Software\Classes\CLSID{8EEAC88A-079B-4b2c-80C1-7836F79EB40A} => not found
“HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}” => removed successfully.
HKLM\Software\Classes\CLSID{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} => not found
“HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units{8AD9C840-044E-11D1-B3E9-00805F499D93}” => removed successfully.
HKLM\Software\Classes\CLSID{8AD9C840-044E-11D1-B3E9-00805F499D93} => not found
“HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units{CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA}” => removed successfully.
HKLM\Software\Classes\CLSID{CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} => not found
“HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}” => removed successfully.
HKLM\Software\Classes\CLSID{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => not found
C:\Program Files\eMusic Download Manager\xulrunner\extensionsdlm_itunes@emusic.com => path removed successfully.
C:\Program Files\eMusic Download Manager\xulrunner\extensionsdlm_winamp@emusic.com => path removed successfully.
C:\Program Files\eMusic Download Manager\xulrunner\extensionsdlm_wmp@emusic.com => path removed successfully.
“HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndje ohchalpbbcdekjklbdgfkk” => removed successfully.
“HKLM\SOFTWARE\Google\Chrome\Extensions\jfmjfhklog oienhpfnppmbcbjfjnkonk” => removed successfully.
“C:\Windows\Tasks{4DB442F9-C5C4-47D4-CABC-256BB9E033EC}.job” => not found
“HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{04EBE69E-2DED-44F6-9854-9A3988F751ED}” => removed successfully.
“HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{0A368B9B-3566-4730-B40E-EAF6858A53AF}” => removed successfully.
“HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{144DF3B2-2402-47AE-9583-5A045929A8D4}” => removed successfully.
“HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{2027D000-8CEB-4191-9620-15DD2561855F}” => removed successfully.
“HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}” => removed successfully.
“HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}” => removed successfully.
“HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{8C46158B-D978-483C-A312-16EE5013BE04}” => removed successfully.
“HKU\S-1-5-21-1365679944-132168641-953657067-1000_Classes\CLSID{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}” => removed successfully.
“HKLM\Software\Classes*\ShellEx\ContextMenuHandler s\IObitUnstaler” => removed successfully.
HKLM\Software\Classes\CLSID{B19ED566-D419-470b-B111-3C89040BC027} => not found
“HKLM\Software\Classes*\ShellEx\ContextMenuHandler s\LavasoftShellExt” => removed successfully.
HKLM\Software\Classes\CLSID{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => not found
“HKLM\Software\Classes*\ShellEx\ContextMenuHandler s\SmartDefragExtension” => removed successfully.
HKLM\Software\Classes\CLSID{189F1E63-33A7-404B-B2F6-8C76A452CC54} => not found
“HKLM\Software\Classes*\ShellEx\ContextMenuHandler s\ZLAVShExt” => removed successfully.
“HKLM\Software\Classes\CLSID{D9872D13-7651-4471-9EEE-F0A00218BEBB}” => removed successfully.
“HKLM\Software\Classes\Directory\Background\ShellE x\ContextMenuHandlers\igfxcui” => removed successfully.
HKLM\Software\Classes\CLSID{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
“HKLM\Software\Classes\Folder\ShellEx\ContextMenuH andlers\ZLAVShExt” => removed successfully.
HKLM\Software\Classes\CLSID{D9872D13-7651-4471-9EEE-F0A00218BEBB} => not found
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{07BA4BB 6-FE13-4020-985A-780781738826}” => removed successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{07BA4BB 6-FE13-4020-985A-780781738826}” => removed successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (David)” => removed successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{2BF84EF E-C4BA-4720-BD3C-C9BFBC620937}” => removed successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{2BF84EF E-C4BA-4720-BD3C-C9BFBC620937}” => removed successfully.
C:\Windows\System32\Tasks\CCleanerSkipUAC => moved successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleaner SkipUAC” => removed successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{57A9D22 3-4743-42A4-A195-BD5F48C5755B}” => removed successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{57A9D22 3-4743-42A4-A195-BD5F48C5755B}” => removed successfully.
C:\Windows\System32\Tasks\SmartDefrag => moved successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDef rag” => removed successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot{8401FDD5-BD53-4F87-AA11-45BB97713683}” => removed successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{8401FDD 5-BD53-4F87-AA11-45BB97713683}” => removed successfully.
C:\Windows\System32\Tasks\CCleaner Update => moved successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleaner Update” => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{878236F 4-BFB9-42A4-8EB7-BA1552F24AF4} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{4DB442F9-C5C4-47D4-CABC-256BB9E033EC} => could not remove. Access Denied.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{BB81403 D-923E-4F31-B6FA-1F24F0BDD336}” => removed successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{BB81403 D-923E-4F31-B6FA-1F24F0BDD336}” => removed successfully.
C:\Windows\System32\Tasks{DF81553E-9FE4-46F9-A698-E6FEC3497677} => moved successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{DF81553E-9FE4-46F9-A698-E6FEC3497677}” => removed successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{C2C21F4 0-674F-47CF-8D11-D24E7D21EBBC}” => removed successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{C2C21F4 0-674F-47CF-8D11-D24E7D21EBBC}” => removed successfully.
C:\Windows\System32\Tasks\Apple\AppleSoftwareUpdat e => moved successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\Ap pleSoftwareUpdate” => removed successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{DEAEF5E 5-4577-4785-B02A-19A99003D01F}” => removed successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{DEAEF5E 5-4577-4785-B02A-19A99003D01F}” => removed successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{77FD207A-F73E-4650-9133-C6BF9DCB9A1D}” => removed successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{E3B74E1 9-B294-4BA5-8891-D72218EE4503}” => removed successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{E3B74E1 9-B294-4BA5-8891-D72218EE4503}” => removed successfully.
C:\Windows\System32\Tasks{C16E4FDC-EC6A-4B6B-9404-EDA79210A247} => moved successfully
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{C16E4FDC-EC6A-4B6B-9404-EDA79210A247}” => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{F31BB7E 0-A603-46F9-B04E-10075749C18E} => could not remove. Access Denied.
“C:\Windows\System32\Tasks{6DCE0CBF-14D4-4F83-A3A5-6D140E6CC7A3}” => not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{6DCE0CBF-14D4-4F83-A3A5-6D140E6CC7A3} => could not remove. Access Denied.
C:\Windows\Tasks\SmartDefrag.job => moved successfully
“C:\Windows\Tasks{4DB442F9-C5C4-47D4-CABC-256BB9E033EC}.job” => not found
C:\Users\David\Downloads\f9824a1717a164c3.mp4 => “:TOC.WMV” ADS removed successfully.
C:\Program Files\GUT3E11.tmp => moved successfully
C:\Users\David\Downloads\4jtq78j5.exe => moved successfully

========= netsh advfirewall reset =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003
Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state On =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003
Ok.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

Could not move “C:\Windows\System32\Drivers\etc\hosts” => Scheduled to move on reboot.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 41976357 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 4009913 B
Edge => 0 B
Chrome => 791599070 B
Firefox => 28578707 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 31217978 B
LocalService => 132244 B
NetworkService => 85514 B
David => 180130137 B
UpdatusUser => 66116 B

RecycleBin => 80291510 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 30-03-2018 21:09:10)

“C:\Windows\System32\Drivers\etc\hosts” => Could not move.
Could not restore Hosts.

Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{878236F 4-BFB9-42A4-8EB7-BA1552F24AF4} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{4DB442F9-C5C4-47D4-CABC-256BB9E033EC} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{F31BB7E 0-A603-46F9-B04E-10075749C18E} => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{6DCE0CBF-14D4-4F83-A3A5-6D140E6CC7A3} => could not remove. Access Denied.

==== End of Fixlog 21:09:10 ====

Hi gus,

I have removed Super Anti-Spyware and reset Internet Explorer as you recommended.

Hi wernarolyat,

[ul]
[li]Click here to download RstHosts v2.0[/li][li]Save the file to your desktop.[/li][li]Right Click and Run as Administrator.[/li][li]Click on Restaurer, then click OK at the prompt.[/li][li]This will restore the default host file.[/li][li]Next Click on Creer Un Rapport.[/li][li]This will open a logfile, please post that in your next reply.[/li][/ul]

Next up,
[ul]
[li]Please go HERE and download Malwarebytes Anti-Rootkit, save it to your desktop.[/li][li]Right click the new desktop icon and then click “Run as Administrator” from the menu.[/li][li]A dialogue box will ask where to extract the program, again select the desktop. After the files are extracted a new folder will be created on the desktop, called Mbar, and the program will open.[/li][li]To re-open the program once it has been closed, right click the MBAR icon again and let it extract and overwrite the new folder again and the app will open, or open the folder Mbar created originally and right click mbar.exe or mbar.cmd and select “Run as Administrator”[/li][li]Once the program is open at the Introduction page, click Next.[/li][li]On the next screen click the update button on the right, and allow it to update. Once updated click Next.[/li][li]On the next screen click Scan. It will take some time to scan your system.[/li][li]When the scan is finished and if malware has been found, check all items and click cleanup. Should the program request a reboot please do so. (If the scan resulted in no malware found simply exit the app.[/li][li]Once the computer has rebooted open the desktop folder (mbar) and locate the log file with a similar format to that below excepting make sure the date is of your latest scan.[/li][/ul]

[MEDIA=imgur]K57Mh25[/MEDIA]

[ul]
[li][COLOR=rgb(184, 49, 47)]Open the notepad file by double clicking it, copy and paste the contents of it in your next post please[COLOR=rgb(184, 49, 47)]:[/li][/ul][/COLOR][/COLOR]

-|x| RstHosts v2.0 - Rapport créé le 31/03/2018 à 11:44:41
-|x| Système d’exploitation : Windows 7 Home Premium Service Pack 1 (32 bits)
-|x| Nom d’utilisateur : David - DAVID-PC (Administrateur)

-|x|- Informations -|x|-

Emplacement : C:\Windows\System32\drivers\etc\hosts
Attribut(s) : RASH
Propriétaire : Administrators - BUILTIN
Taille : 444930 bytes
Date de création : 02/11/2006 - 11:23:50
Date de modification : 24/10/2012 - 15:18:56
Date de dernier accès : 02/11/2006 - 11:23:50

-|x|- Contenu du fichier -|x|-
[HEADING=1]Copyright (c) 1993-2006 Microsoft Corp.[/HEADING]
[HEADING=1]This is a sample HOSTS file used by Microsoft TCP/IP for Windows.[/HEADING]
[HEADING=1]This file contains the mappings of IP addresses to host names. Each[/HEADING]
[HEADING=1]entry should be kept on an individual line. The IP address should[/HEADING]
[HEADING=1]be placed in the first column followed by the corresponding host name.[/HEADING]
[HEADING=1]The IP address and the host name should be separated by at least one[/HEADING]
[HEADING=1]space.[/HEADING]
[HEADING=1]Additionally, comments (such as these) may be inserted on individual[/HEADING]
[HEADING=1]lines or following the machine name denoted by a ‘#’ symbol.[/HEADING]
[HEADING=1]For example:[/HEADING]
[HEADING=1]102.54.94.97 rhino.acme.com # source server[/HEADING]
[HEADING=1]38.25.63.10 x.acme.com # x client host[/HEADING]
127.0.0.1 localhost
::1 localhost
[HEADING=1]Start of entries inserted by Spybot - Search & Destroy[/HEADING]
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com

→ 15303 ligne(s) supplémentaire(s)

-|x|- E.O.F - C:\RstHosts.txt - 1492 bytes -|x|-

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
main: v2018.03.31.04
rootkit: v2018.03.08.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.18860
David :: DAVID-PC [administrator]

31/03/2018 11:51:29
mbar-log-2018-03-31 (11-51-29).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 215029
Time elapsed: 40 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Hi werdnarolyat, can you please run another scan with FRST as per instructions in post number 5 and post the logs please. No need to delete the old logs because FRST will overwrite them. Only need FRST and not AdwCleaner.