MoFooKiN

edited my post sry

hello? err sorry i didnt see ur last post, great! I dont have an error in MWB... It wasnt opening the internet website but I think that had to do with latency. Thank you very much for your help.. Is MWB premium enough to keep me fairly safe?

Well something is up because the maulwarebytes website keeps throwing up DNS not found on that machine.. heres the logs. Addition.txt FRST.txt

# AdwCleaner 7.0.4.0 - Logfile created on Tue Nov 07 16:33:37 2017 # Updated on 2017/27/10 by Malwarebytes # Running on Windows 10 Home (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** No malicious folders deleted. ***** [ Files ] ***** Deleted: C:\END ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** Deleted: [Key] - HKU\S-1-5-21-4067184759-194431734-3307552434-1001\Software\CoinisRevShare Deleted: [Key] - HKCU\Software\CoinisRevShare Deleted: [Key] - HKU\S-1-5-21-4067184759-194431734-3307552434-1001\Software\ELLS LLC Deleted: [Key] - HKCU\Software\ELLS LLC Deleted: [Key] - HKLM\SOFTWARE\mbs_install Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{3157E247-2784-4028-BF0F-52D6DDC70E1B} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D} Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{873C7DA8-195D-4D5A-B830-C5E2831901EA} Deleted: [Key] - HKLM\SOFTWARE\BSD Deleted: [Key] - HKU\S-1-5-21-4067184759-194431734-3307552434-1001\Software\BSD Deleted: [Key] - HKCU\Software\BSD Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemHealer_is1 Deleted: [Key] - HKU\S-1-5-21-4067184759-194431734-3307552434-1001\Software\PRODUCTSETUP Deleted: [Key] - HKCU\Software\PRODUCTSETUP Deleted: [Key] - HKU\S-1-5-21-4067184759-194431734-3307552434-1001\Software\Microsoft\Etsy Deleted: [Key] - HKCU\Software\Microsoft\Etsy ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** Plugin deleted: Highlight to Search - Plugin deleted: Amazon Assistant for Chrome - SearchProvider deleted: Ask Search - websearch.ask.com SearchProvider deleted: TheFreeGames Customized Web Search - search.conduit.com ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [2854 B] - [2017/11/7 16:32:56] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ########## rougekiller RogueKiller V12.11.23.0 (x64) [Nov 6 2017] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 10 (10.0.14393) 64 bits version Started in : Normal mode User : MoFooKiN BizmaTek [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Scan -- Date : 11/07/2017 10:41:19 (Duration : 00:37:29) ¤¤¤ Processes : 1 ¤¤¤ [VT.Unknown] Dragon Center.exe(8436) -- C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe[7] -> Found ¤¤¤ Registry : 4 ¤¤¤ [PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : -> Found [Adw.DNSUnlocker] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{242614b1-10f7-43a8-bb62-04fe018699de} | DHCPNameServer : 82.163.143.176 ([GB]) -> Found [Adw.DNSUnlocker] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b46c7351-40b3-444c-b8cf-c5962f38c276} | DHCPNameServer : 82.163.143.176 ([GB]) -> Found [Adw.DNSUnlocker] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d89ed064-ab14-4a21-a0e2-0620c9118ed6} | DHCPNameServer : 82.163.143.176 ([GB]) -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: HGST HTS721010A9E630 +++++ --- User --- [MBR] bf1cb7a693acddb42acb4b3ff9771efe [BSP] b388edfefc66ea5ec0f01fbd550b2cd3 : Empty|VT.Unknown MBR Code Partition table: 0 - Basic data partition | Offset (sectors): 2048 | Size: 935504 MB 1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1915914240 | Size: 18364 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: Intel Raid 0 Volume +++++ --- User --- [MBR] 930494fed18d558e3a9c127177a9f260 [BSP] 3172880cce65e09a5bc8ef7f116cfe1f : Empty|VT.Unknown MBR Code Partition table: 0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 300 MB 1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 616448 | Size: 128 MB 2 - Basic data partition | Offset (sectors): 878592 | Size: 487062 MB 3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 998381568 | Size: 900 MB User = LL1 ... OK Error reading LL2 MBR! NOT VALID! +++++ PhysicalDrive2: SMI USB DISK USB Device +++++ --- User --- [MBR] f1d4fde723e13c3bf58f9fd4c0ba5f24 [BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code Partition table: 0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 120 | Size: 7536 MB User = LL1 ... OK Error reading LL2 MBR! ([32] The request is not supported. )

Im not sure which of these you want, but upon restarting my machine a new version of mwb wanted to install. I suspect because I activated it... Anyway the new install is scanning now. Ok they are xml documents and I cant attach them so im going to paste them... <?xml version="1.0" encoding="UTF-16"?> -<mbam-log> -<header> <date>2017/11/06 21:47:10 -0600</date> <logfile>mbam-log-2017-11-06 (21-30-46).xml</logfile> <isadmin>yes</isadmin> </header> -<engine> <version>0.0.0.0000</version> <malware-database>v2017.11.07.02</malware-database> <rootkit-database>v2017.10.14.01</rootkit-database> <license>premium</license> <file-protection>enabled</file-protection> <web-protection>enabled</web-protection> <self-protection>disabled</self-protection> </engine> -<system> <hostname>MSIFOOKIN</hostname> <ip>10.0.0.77</ip> <osversion>Windows 10</osversion> <arch>x64</arch> <username>MoFooKiN BizmaTek</username> <filesys>NTFS</filesys> </system> -<summary> <type>threat</type> <result>completed</result> <objects>319499</objects> <time>397</time> <processes>0</processes> <modules>0</modules> <keys>0</keys> <values>0</values> <datas>0</datas> <folders>0</folders> <files>0</files> <sectors>0</sectors> </summary> -<options> <memory>enabled</memory> <startup>enabled</startup> <filesystem>enabled</filesystem> <archives>enabled</archives> <rootkits>disabled</rootkits> <deeprootkit>disabled</deeprootkit> <heuristics>enabled</heuristics> <pup>enabled</pup> <pum>enabled</pum> </options> <items> </items> </mbam-log> And here is the second one <?xml version="1.0" encoding="UTF-8"?> -<logs> <record toVersion="2017.11.6.1" name="IP Database" last_modified_tag="a2ccb38b-b159-43a3-8e80-67807ba5ea9d" fromVersion="2017.11.3.2" systemname="MSIFOOKIN" username="SYSTEM" type="Update" source="Manual" datetime="2017-11-06T21:20:45.383532-06:00" LoggingEventType="1" severity="debug"/> <record toVersion="2017.11.6.8" name="Domain Database" last_modified_tag="48dfaa19-6eb1-44c5-a7ad-93e5cfd2d274" fromVersion="2016.2.16.8" systemname="MSIFOOKIN" username="SYSTEM" type="Update" source="Manual" datetime="2017-11-06T21:20:48.624153-06:00" LoggingEventType="1" severity="debug"/> <record toVersion="2017.11.7.1" name="Malware Database" last_modified_tag="b76b3b09-adfc-489d-9df9-31510cb9add5" fromVersion="2016.2.16.6" systemname="MSIFOOKIN" username="SYSTEM" type="Update" source="Manual" datetime="2017-11-06T21:20:53.780809-06:00" LoggingEventType="1" severity="debug"/> <record last_modified_tag="38975ff5-277a-4d79-8a7f-03868b78e0e9" systemname="MSIFOOKIN" username="SYSTEM" type="Error" source="Protection" datetime="2017-11-06T21:28:40.941061-06:00" LoggingEventType="4" severity="debug" message="ServiceCanRun" code="13"/> <record last_modified_tag="38ab8b92-72b1-4940-b509-d25b591c83f3" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:28:40.958281-06:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Stopping"/> <record last_modified_tag="83304afe-6c87-47ea-8fa6-21f65e81a737" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:28:40.958281-06:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Stopped"/> <record last_modified_tag="04953f21-2de8-442a-b769-b669f0cbb347" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:28:45.414714-06:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Starting"/> <record last_modified_tag="65b936b7-a7a8-4ce5-926b-9e24076509a9" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:28:45.420729-06:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Started"/> <record last_modified_tag="ed9d3b80-2a90-4560-a4c1-e859ba571b8e" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:28:45.437273-06:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Starting"/> <record last_modified_tag="12f9fa22-72ac-4997-9de5-adcb01c8c17e" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:28:47.594558-06:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Started"/> <record toVersion="3.3.1.0" name="program" last_modified_tag="f68bc469-53d8-4798-abf4-660e72655c53" fromVersion="2.2.1.1043" systemname="MSIFOOKIN" username="SYSTEM" type="Update" source="Manual" datetime="2017-11-06T21:32:09.418838-06:00" LoggingEventType="1" severity="debug"/> <record toVersion="2017.11.7.2" name="Malware Database" last_modified_tag="0683dbce-72d2-4f62-a408-f13894d5c220" fromVersion="2017.11.7.1" systemname="MSIFOOKIN" username="SYSTEM" type="Update" source="Scheduler" datetime="2017-11-06T21:47:10.382835-06:00" LoggingEventType="1" severity="debug"/> <record last_modified_tag="f3f9691a-819b-4587-ba5e-1bd056be41ae" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:47:10.404856-06:00" LoggingEventType="2" severity="debug" subtype="Refresh" result="Starting"/> <record last_modified_tag="ddfd3946-fcd8-4ef1-93d8-3c807f4a398c" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:47:10.410371-06:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Stopping"/> <record last_modified_tag="413daaf1-05bf-49e7-9462-eee98bc2c741" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:47:11.415043-06:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Stopped"/> <record last_modified_tag="fd17c60a-2928-4719-859a-6694251e63b0" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:47:14.335737-06:00" LoggingEventType="2" severity="debug" subtype="Refresh" result="Success"/> <record last_modified_tag="7dd82a84-52d0-46bf-8be7-5cbbba45a9cc" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:47:14.347268-06:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Starting"/> <record last_modified_tag="04c5c04c-2651-4283-b9eb-d959c67433ad" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:47:16.581291-06:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Started"/> <record last_modified_tag="77fcfdfd-3f30-45dc-a5a2-8f2b7783f478" systemname="MSIFOOKIN" username="SYSTEM" type="Scan" source="Manual" datetime="2017-11-06T21:52:17.665868-06:00" LoggingEventType="6" severity="debug" scanresult="completed" nonmalwaredetections="88" malwaredetections="0" duration="397" starttime="2017-11-06T21:32:09-06:00" scantype="threat"/> <record last_modified_tag="d023991b-e69d-4289-a8a3-129ec17d4c29" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:53:16.395714-06:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Starting"/> <record last_modified_tag="96c6e3d0-49e5-4e57-bf3b-b694d8e5f098" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:53:16.411325-06:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Started"/> <record last_modified_tag="0c549907-db9e-4cda-992f-142dba1f83ae" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:53:16.426952-06:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Starting"/> <record last_modified_tag="110774f0-731e-460e-bdec-532a438bb2db" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:53:18.958468-06:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Started"/> <record last_modified_tag="a794619c-8d99-4058-af3a-5a3ccad4aa8c" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:53:44.406138-06:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Stopping"/> <record last_modified_tag="e06bbdee-60a0-4952-926f-ff339745f870" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:53:45.960770-06:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Stopped"/> <record last_modified_tag="bff26452-c7a1-4683-8009-1782a9890bfd" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:53:45.969795-06:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Stopping"/> <record last_modified_tag="6ac6c8f6-20c8-4052-8e00-77c499a59c86" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:53:46.316717-06:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Stopped"/> </logs> And here is the log from the newly installed version: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/6/17 Scan Time: 9:59 PM Log File: 0b91bc0c-c370-11e7-8547-9cb6d010ec1a.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.236 Update Package Version: 1.0.3193 License: Premium -System Information- OS: Windows 10 (Build 14393.1770) CPU: x64 File System: NTFS User: MSIFOOKIN\MoFooKiN BizmaTek -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 408867 Threats Detected: 0 (No malicious items detected) Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 1 min, 3 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end)

Ok, I was able to run the fix, and this time it did stop the blue screen, so I deleted the rest of the lisat of programs and I attempted to run the mwb.cmd and I got the same error that the .dll file wasnt there or something, so I ran the mwb.exe in that same zip file and it ran and scanned and removed maulware. I have attached both logs. I hope I didnt jump the gun running mwb.exe. Sorry if I did, I wont jump ahead again.. Fixlog.txt mbar-log-2017-11-06 (19-30-16).txt

Sure, here you go. Addition.txt FRST.txt

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017 Ran by MoFooKiN BizmaTek (05-11-2017 20:04:27) Run:1 Running from C:\Users\MoFooKiN BizmaTek\Desktop\New folder (2) Loaded Profiles: MoFooKiN BizmaTek (Available Profiles: MoFooKiN BizmaTek) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: HKLM-x32\...\Run: [AnonymizerGadget] => C:\Users\MoFooKiN BizmaTek\AppData\Roaming\AGData\bin\AnonymizerLauncher.exe [347784 2017-10-27] (Jetico ltd) <==== ATTENTION HKLM-x32\...\Run: [AppleWebKit] => C:\Users\MoFooKiN BizmaTek\AppData\Roaming\SystemUpdate\client32.exe [105848 2016-12-06] (NetSupport Ltd) HKLM\...\RunOnce: [MSIFOOKIN] => C:\WINDOWS\TEMP\gF915.tmp.exe [212992 2017-11-02] () <==== ATTENTION HKLM-x32\...\RunOnce: [Cotesi] => C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\MOFOOK~1\AppData\Roaming\Megag" HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION HKU\S-1-5-21-4067184759-194431734-3307552434-1001\...\Run: [Chromium] => c:\users\mofookin bizmatek\appdata\local\chromium\application\chrome.exe [1044480 2016-01-25] (The Chromium Authors) HKU\S-1-5-21-4067184759-194431734-3307552434-1001\...\Run: [WeatherBuddy] => C:\Users\MoFooKiN BizmaTek\AppData\Local\WeatherBuddy\WeatherBuddy.exe [3991552 2017-10-13] (ELLS LLC) HKU\S-1-5-21-4067184759-194431734-3307552434-1001\...\Run: [Win64svc] => RevoTemp.tmp HKU\S-1-5-21-4067184759-194431734-3307552434-1001\...\Run: [JVZGBBFDXH.exe] => C:\Users\MoFooKiN BizmaTek\AppData\Local\Temp\ba-9d9c9-671-4a4b3-20cdd50841ebc\JVZGBBFDXH.exe [135168 2017-10-27] () <==== ATTENTION HKU\S-1-5-21-4067184759-194431734-3307552434-1001\...\RunOnce: [windows] => C:\Users\MoFooKiN BizmaTek\AppData\Roaming\windows.exe [121344 2017-10-26] (RealVNC Ltd) <==== ATTENTION ProxyEnable: [.DEFAULT] => Proxy is enabled. ProxyServer: [.DEFAULT] => 127.0.0.1:8003 ProxyEnable: [S-1-5-19] => Proxy is enabled. ProxyServer: [S-1-5-19] => 127.0.0.1:8003 ProxyEnable: [S-1-5-20] => Proxy is enabled. ProxyServer: [S-1-5-20] => 127.0.0.1:8003 ProxyEnable: [S-1-5-21-4067184759-194431734-3307552434-1001] => Proxy is enabled. ProxyServer: [S-1-5-21-4067184759-194431734-3307552434-1001] => 127.0.0.1:8003 ManualProxies: 1127.0.0.1:8003 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131536193403574783&GUID=A4A233F6-7B63-4FC7-AA0B-AEEFECB0DD9F HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131536193403584982&GUID=A4A233F6-7B63-4FC7-AA0B-AEEFECB0DD9F HKU\S-1-5-21-4067184759-194431734-3307552434-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www-searching.com/?pid=s&s=HARzamobl20603BU,d290e000-95ce-4ad0-b00a-11cfeda08224,&vp=ch&prd=set_ie HKU\S-1-5-21-4067184759-194431734-3307552434-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE SearchScopes: HKLM -> DefaultScope {A60FFDF8-6846-4BEC-BBA3-9ABE6DE82FA7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM -> {A60FFDF8-6846-4BEC-BBA3-9ABE6DE82FA7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM-x32 -> DefaultScope {A60FFDF8-6846-4BEC-BBA3-9ABE6DE82FA7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM-x32 -> {A60FFDF8-6846-4BEC-BBA3-9ABE6DE82FA7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\.DEFAULT -> DefaultScope {A60FFDF8-6846-4BEC-BBA3-9ABE6DE82FA7} URL = SearchScopes: HKU\S-1-5-21-4067184759-194431734-3307552434-1001 -> DefaultScope {A60FFDF8-6846-4BEC-BBA3-9ABE6DE82FA7} URL = SearchScopes: HKU\S-1-5-21-4067184759-194431734-3307552434-1001 -> {3881CA93-7596-4D7B-99F1-6206FA7FAF3A} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=HARzamobl20603BU,d290e000-95ce-4ad0-b00a-11cfeda08224, SearchScopes: HKU\S-1-5-21-4067184759-194431734-3307552434-1001 -> {5e7797ae-5ca1-4b50-95d8-97e746340487} URL = hxxp://www.palikan.com/results.php?f=4&a=plk_coinisre_17_42_ssg01&cd=2XzuyEtN2Y1L1Qzuzy0E0ByC0DtDtCtD0E0CtCzyyEzyzztDtN0D0Tzu0StBtCtCzytN1L2XzutAtFtByBtFyEtFyDtAtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StCtA0Dzz0AyBtDtAtGyDyD0AtAtGtAyD0DyCtGyCzy0AyCtGyByEyEtBtBtByE0FtCtAyDtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0DyCyByByBtCtBtG0AtD0FtAtGyEyE0F0BtG0AyCtDyEtGyC0C0FtD0DyDtA0FzztA0Dzy2QtN0A0LzuyE&cr=1662538094&ir=&q={searchTerms} SearchScopes: HKU\S-1-5-21-4067184759-194431734-3307552434-1001 -> {A60FFDF8-6846-4BEC-BBA3-9ABE6DE82FA7} URL = CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=HARzamobl20603BU,d290e000-95ce-4ad0-b00a-11cfeda08224,&vp=ch&prd=set_ch CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=HARzamobl20603BU,d290e000-95ce-4ad0-b00a-11cfeda08224,&vp=ch&prd=set_ch" CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=HARzamobl20603BU,d290e000-95ce-4ad0-b00a-11cfeda08224, CHR DefaultSearchKeyword: Default -> www-searching.com CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms} R2 84ada1afa7c167c2ece4358073ff9765; C:\Program Files\84ada1afa7c167c2ece4358073ff9765\b77c348bc31159007afbd7511aa499ed.exe [1189376 2017-10-26] () [File not signed] <==== ATTENTION R2 EciZvBn5MomN Updater; C:\Program Files (x86)\EciZvBn5MomN Updater\EciZvBn5MomN Updater.exe [313344 2017-10-27] () [File not signed] R2 NetMediaService; C:\Program Files\jetstrmedia\NetMedia\netmedia.exe [2131192 2017-10-26] () R2 srcsrv; C:\WINDOWS\src_srv\winsrcsrv.exe [17408 2017-10-07] () [File not signed] <==== ATTENTION R1 cf7a54dc958ee2ea30fddb12c86c58b1; C:\WINDOWS\system32\drivers\cf7a54dc958ee2ea30fddb12c86c58b1.sys [109144 2017-10-26] (L00OHO) <==== ATTENTION Task: {1FF014E5-2D75-417D-839E-94DEB56D6416} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe [2017-10-18] () <==== ATTENTION Task: {201A8AD0-BB9C-45F2-85DE-C394C2FD53D1} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe [2017-10-27] () <==== ATTENTION Task: {4184607C-072C-4D4B-8782-410E50BEDB60} - System32\Tasks\EciZvBn5MomN => ecizvbn5momn.exe Task: {47C90924-902D-4F24-B76D-811AEB3F34DA} - System32\Tasks\5ef15c60a59549278130da19940e9560 => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File "C:\WINDOWS\5ef15c60a59549278130da19940e9560.ps1" <==== ATTENTION Task: {54F5DADC-CF72-4DCC-9055-F935C1507781} - System32\Tasks\One System CarePeriod => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2017-10-18] () <==== ATTENTION Task: {5D9AB730-D4CB-4195-B2D9-60E032B4AE53} - System32\Tasks\{3DA2F7AE-E2B9-4759-D6C9-43BA0E8C3D15} => C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Kapihicus\updtask.exe [2013-05-01] () <==== ATTENTION Task: {6F053D8C-56DF-4603-AFDF-2B5A7CC867F1} - System32\Tasks\DecMoFooKiN BizmaTek => C:\Users\MoFooKiN [Argument = BizmaTek\AppData\Local\Temp\RevoTemp.tmp] <==== ATTENTION Task: {72D9B1FA-A578-40DB-B9B8-C09070B9D563} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\ReportErr => C:\\Users\\MoFooKiN BizmaTek\\AppData\\Roaming\\ReportErr\\mgrerr.exe [2017-10-27] () Task: {79DFE94B-6CA6-4403-BD1C-2B17CF2CE77E} - System32\Tasks\{2F05DD91-86B6-E05F-1952-81691A640B78} => C:\WINDOWS\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\38eae574\36fef984.dll" <==== ATTENTION Task: {878A2CEF-FD43-4CA8-B336-8B5CF716692E} - System32\Tasks\AGProxyCheck => C:\Program [Argument = Files (x86)\AnonymizerGadget\AGService.exe /recove] Task: {8A90A4E7-6459-40E7-80D9-299438B7AC5B} - System32\Tasks\L2Hourly => C:\Program Files (x86)\L2VPN\updater.exe [2017-10-24] () Task: {951C8C1D-4E88-4DFF-B62C-6D0B75C45BD1} - System32\Tasks\SoftUpgrade => C:\Program Files (x86)\SoftUpgrade\softup.exe [2017-10-27] () <==== ATTENTION Task: {A452A0B5-7188-40AF-883B-395F8189AE90} - System32\Tasks\{7A0B0B47-7E0C-097E-0511-78080F0D110C} => C:\WINDOWS\system32\WindowsPowershell\v1.0\powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand IAAgADsAOwAgACAAIAAgADsAIAA7ADsAOwAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBzAHQAbwBwACIAOwAkAHMAYwA9ACIAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAiADsAJABXAGEAcgBuAGkAbgBnAFAAcgBlAGYAZQByAGUA (the data entry has 10040 more characters). <==== ATTENTION Task: {AAFE5462-04D0-4A45-B73B-5B001DAEDABE} - System32\Tasks\Checker64 => C:\Program Files\jetstrmedia\NetMedia\checker.exe [2017-10-25] () Task: {B2671CA8-A975-4185-B680-6DC79BCA6A16} - System32\Tasks\{47351B3C-F09E-AC97-F73A-AD90999BAD57} => C:\ProgramData\{2CA8E9B4-9B03-5E1F-DA56-99977EEC4810}\2B8D12FC-9C26-A557-3FC6-85D27FDDFA75.exe [2017-11-02] () <==== ATTENTION Task: {B8D113E0-89C4-452B-B5F8-D5892B97E865} - System32\Tasks\running => C:\Users\MoFooKiN [Argument = BizmaTek\AppData\Roaming\weatherscr.exe] <==== ATTENTION Task: {BF1B349D-9033-4343-90E1-8DF3285763E5} - System32\Tasks\One System Care Run Delay => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2017-10-18] () <==== ATTENTION Task: {CB87629A-8489-4C73-AE4D-105AA68062B0} - System32\Tasks\84ada1afa7c167c2ece4358073ff9765 => sc start 84ada1afa7c167c2ece4358073ff9765 <==== ATTENTION Task: {CBED7720-A8A7-4B50-941F-535107E410D0} - System32\Tasks\Optimize Start Menu Cache Files-S-EN => C:\ProgramData\403699fe59484dd3887b22601a3ac593\chipset.exe exec hide IANEFCCDSL.cmd Task: {DDEC1899-7A45-4139-8EE1-F923E0A9F986} - System32\Tasks\L2Onstart => C:\Program Files (x86)\L2VPN\updater.exe [2017-10-24] () Task: {E5F370AF-44F5-4183-AE39-3EEAE7DCFFAC} - System32\Tasks\AVObjit => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\AVObjit\AVObjit.dll",CyJAVDOU <==== ATTENTION Task: {E8EF9BC7-4813-40DD-9B0F-B77BD7079063} - System32\Tasks\OneSystemCare Task => C:\Program Files (x86)\OneSystemCare\SystemConsole.exe [2017-10-18] () <==== ATTENTION Task: C:\WINDOWS\Tasks\One System CarePeriod.job => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\{3DA2F7AE-E2B9-4759-D6C9-43BA0E8C3D15}.job => C:\Users\MOFOOK~1\AppData\Roaming\KAPIHI~1\updtask.exe <==== ATTENTION ShortcutWithArgument: C:\Users\MoFooKiN BizmaTek\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=harzamobl20603bu,d290e000-95ce-4ad0-b00a-11cfeda08224, ShortcutWithArgument: C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Videostream for Google Chromecastâ„¢.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=harzamobl20603bu,d290e000-95ce-4ad0-b00a-11cfeda08224, ShortcutWithArgument: C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=harzamobl20603bu,d290e000-95ce-4ad0-b00a-11cfeda08224, ShortcutWithArgument: C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chromium.lnk -> C:\Users\MoFooKiN BizmaTek\AppData\Local\chromium\Application\chrome.exe (The Chromium Authors) -> hxxp://www%2dsearching.com/?prd=set_epf&s=harzamobl20603bu,d290e000-95ce-4ad0-b00a-11cfeda08224, ShortcutWithArgument: C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=harzamobl20603bu,d290e000-95ce-4ad0-b00a-11cfeda08224, ShortcutWithArgument: C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "microsoft-edge:hxxp://www%2dsearching.com/?prd=set_epe&s=HARzamobl20603BU,d290e000-95ce-4ad0-b00a-11cfeda08224," ShortcutWithArgument: C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk -> C:\program files\internet explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=harzamobl20603bu,d290e000-95ce-4ad0-b00a-11cfeda08224, ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=harzamobl20603bu,d290e000-95ce-4ad0-b00a-11cfeda08224, ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=harzamobl20603bu,d290e000-95ce-4ad0-b00a-11cfeda08224, FirewallRules: [{91BEBEE6-45A7-4C4A-AE3B-4ADA11DF3531}] => (Allow) C:\Users\MoFooKiN BizmaTek\AppData\Local\Chromium\Application\chrome.exe FirewallRules: [{21D6B1BE-4D46-496D-947D-86C7C721CC4A}] => (Allow) C:\Users\MoFooKiN BizmaTek\AppData\Roaming\SystemUpdate\client32.exe FirewallRules: [{A9DA1F68-AB01-4B6C-9B5C-A48C784AAC82}] => (Allow) C:\Users\MoFooKiN BizmaTek\AppData\Roaming\SystemUpdate\CLIENT32.exe FirewallRules: [{008E7A76-C080-4918-9A08-4962A2A155D8}] => (Allow) C:\Users\MoFooKiN BizmaTek\AppData\Roaming\SystemUpdate\CLIENT32.exe FirewallRules: [{DAEB742B-B67B-448B-8A1D-A793E3BF174D}] => (Allow) C:\Program Files\jetstrmedia\NetMedia\netmedia.exe FirewallRules: [{14112D2C-FD96-4A71-9CB5-239AE65447CE}] => (Allow) C:\Program Files\jetstrmedia\NetMedia\checker.exe C:\Users\MoFooKiN BizmaTek\Desktop\Download Video and Audio Online.lnk C:\Users\MoFooKiN BizmaTek\Desktop\Gоoglе Сhrоmе.lnk C:\Users\MoFooKiN BizmaTek\Desktop\Сhrоmium.lnk C:\Users\MoFooKiN BizmaTek\Desktop\VR\NаhimiÑ 2.lnk C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Сhrоmium.lnk C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Vidеostreаm for Gоogle ChromеÑastâ„¢.lnk C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget\ÐnоnymizеrGаdget.lnk C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnet Еxplоrer.lnk C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоogle Chrоmе.lnk C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Сhromium.lnk C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gоoglе Chrоme.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооgle Сhrome.lnk C:\Users\Public\Desktop\Gооgle Сhromе.lnk C:\Users\Public\Desktop\Wоrld оf Wаrships.lnk C:\Program Files\84ada1afa7c167c2ece4358073ff976 C:\Program Files\AVObjit C:\Program Files\jetstrmedia C:\Program Files\Common Files\Noobzo C:\Program Files (x86)\AnonymizerGadget C:\Program Files (x86)\Company C:\Program Files (x86)\bnsplayer C:\Program Files (x86)\BeansPlayer C:\Program Files (x86)\EciZvBn5MomN C:\Program Files (x86)\EciZvBn5MomN Updater C:\Program Files (x86)\L2VPN C:\Program Files (x86)\SoftUpgrade C:\Program Files (x86)\OneSystemCare 2017-11-02 13:35 - 2017-11-02 13:35 - 000000000 ____D C:\ProgramData\69815218-2861-0 2017-11-02 13:35 - 2017-11-02 13:35 - 000000000 ____D C:\ProgramData\69815218-1777-1 2017-11-02 13:35 - 2017-11-02 13:35 - 000000000 ____D C:\ProgramData\38eae574 2017-11-02 13:35 - 2017-11-02 13:35 - 000000000 ____D C:\ProgramData\{6CF1C05A-DB5A-77F1-25CE-29904C39DD0D} 2017-11-02 13:35 - 2017-11-02 13:35 - 000000000 ____D C:\ProgramData\{60bf6030-412c-0} 2017-11-02 13:35 - 2017-11-02 13:35 - 000000000 ____D C:\ProgramData\{3a0f1d6a-012c-1} 2017-11-02 13:35 - 2017-11-02 13:35 - 000000000 ____D C:\ProgramData\{2CA8E9B4-9B03-5E1F-DA56-99977EEC4810} 2017-10-27 17:13 - 2017-11-02 13:36 - 000000000 ____D C:\ProgramData\494fa140-1c51-0 2017-10-27 17:13 - 2017-11-02 13:36 - 000000000 ____D C:\ProgramData\494fa140-0715-1 2017-10-27 17:12 - 2017-10-30 17:13 - 000000000 ____D C:\ProgramData\403699fe59484dd3887b22601a3ac593 C:\ProgramData\BSD C:\ProgramData\TweakBit C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care C:\ProgramData\smp2.exe C:\Users\MoFooKiN BizmaTek\Downloads\adobe_flash_setup_1371505745.exe C:\Users\MoFooKiN BizmaTek\AppData\Local\{A13F9763-8597-FBDB-E80F-DE33CC6722AB} C:\Users\MoFooKiN BizmaTek\AppData\Local\4e199afe3d574f909138b5b7d0506b84 C:\Users\MoFooKiN BizmaTek\AppData\Local\AdvinstAnalytics c:\users\mofookin bizmatek\appdata\local\chromium C:\Users\MoFooKiN BizmaTek\AppData\Local\NetSupport C:\Users\MoFooKiN BizmaTek\AppData\Local\WeatherBuddy C:\Users\MoFooKiN BizmaTek\AppData\Roaming\f6eb09d47736462b8a45ef97fcede229 C:\Users\MoFooKiN BizmaTek\AppData\Roaming\a9111e571d1f4067bbb4ee9be5dd98c2 C:\Users\MoFooKiN BizmaTek\AppData\Roaming\AGData C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Browsers C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Kapihicus C:\Users\MoFooKiN BizmaTek\AppData\Roaming\One System Care C:\Users\MoFooKiN BizmaTek\AppData\Roaming\ReportErr C:\Users\MoFooKiN BizmaTek\AppData\Roaming\SPI C:\Users\MoFooKiN BizmaTek\AppData\Roaming\SystemUpdate C:\Users\MoFooKiN BizmaTek\AppData\Roaming\windows.exe C:\Users\MoFooKiN BizmaTek\AppData\Roaming\weatherscr.exe C:\Users\MoFooKiN BizmaTek\AppData\Roaming\wb_ni_23_139_c.exe C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget C:\Users\MOFOOK~1\AppData\Roaming\Megag C:\Windows\src_srv C:\WINDOWS\tang.exe C:\WINDOWS\cross1467io.exe C:\WINDOWS\Microsoft12.bmp C:\WINDOWS\rsrcs.dll C:\WINDOWS\5ef15c60a59549278130da19940e9560.ps1 C:\WINDOWS\c19cb907bdac8210b94900afb15783fd.exe C:\WINDOWS\uninstaller.dat C:\WINDOWS\unins000.exe C:\WINDOWS\unins000.dat C:\WINDOWS\WeatherBuddy.INI C:\WINDOWS\system32\bi3.exe C:\WINDOWS\system32\drivers\cf7a54dc958ee2ea30fddb12c86c58b1.sys C:\WINDOWS\SysWOW64\SSL C:\Windows\Temp\*.tmp.exe Hosts: EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AnonymizerGadget => value not found. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AppleWebKit => value removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\MSIFOOKIN => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Cotesi => value not found. HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\03D22C9C66915D58C88912B64C1F984B8344EF09 => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\0F684EC1163281085C6AF20528878103ACEFCAAB => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\1667908C9E22EFBD0590E088715CC74BE4C60884 => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\18DEA4EFA93B06AE997D234411F3FD72A677EECE => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\249BDA38A611CD746A132FA2AF995A2D3C941264 => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3353EA609334A9F23A701B9159E30CB6C22D4C59 => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3D496FA682E65FC122351EC29B55AB94F3BB03FC => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4420C99742DF11DD0795BC15B7B0ABF090DC84DF => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5240AB5B05D11B37900AC7712A3C6AE42F377C8C => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5DD3D41810F28B2A13E9A004E6412061E28FA48D => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\7457A3793086DBB58B3858D6476889E3311E550E => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\775B373B33B9D15B58BC02B184704332B97C3CAF => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\872CD334B7E7B3C3D1C6114CD6B221026D505EAB => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\88AD5DFE24126872B33175D1778687B642323ACF => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9132E8B079D080E01D52631690BE18EBC2347C1E => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9C43F665E690AB4D486D4717B456C5554D4BCEB5 => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A5341949ABE1407DD7BF7DFE75460D9608FBC309 => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A59CC32724DD07A6FC33F7806945481A2D13CA2F => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD4C5429E10F4FF6C01840C20ABA344D7401209F => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD96BB64BA36379D2E354660780C2067B81DA2E0 => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\CDC37C22FE9272D8F2610206AD397A45040326B8 => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB77E5CFEC34459146748B667C97B185619251BA => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E22240E837B52E691C71DF248F12D27F96441C00 => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\ED841A61C0F76025598421BC1B00E24189E68D54 => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F83099622B4A9F72CB5081F742164AD1B8D048C9 => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 => key removed successfully HKU\S-1-5-21-4067184759-194431734-3307552434-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Chromium => value removed successfully HKU\S-1-5-21-4067184759-194431734-3307552434-1001\Software\Microsoft\Windows\CurrentVersion\Run\\WeatherBuddy => value removed successfully HKU\S-1-5-21-4067184759-194431734-3307552434-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Win64svc => value removed successfully HKU\S-1-5-21-4067184759-194431734-3307552434-1001\Software\Microsoft\Windows\CurrentVersion\Run\\JVZGBBFDXH.exe => value removed successfully HKU\S-1-5-21-4067184759-194431734-3307552434-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\windows => value not found. HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully HKU\S-1-5-21-4067184759-194431734-3307552434-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully HKU\S-1-5-21-4067184759-194431734-3307552434-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKU\S-1-5-21-4067184759-194431734-3307552434-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully HKU\S-1-5-21-4067184759-194431734-3307552434-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A60FFDF8-6846-4BEC-BBA3-9ABE6DE82FA7} => key removed successfully HKLM\Software\Classes\CLSID\{A60FFDF8-6846-4BEC-BBA3-9ABE6DE82FA7} => key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{A60FFDF8-6846-4BEC-BBA3-9ABE6DE82FA7} => key removed successfully HKLM\Software\Wow6432Node\Classes\CLSID\{A60FFDF8-6846-4BEC-BBA3-9ABE6DE82FA7} => key not found. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-21-4067184759-194431734-3307552434-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully HKU\S-1-5-21-4067184759-194431734-3307552434-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3881CA93-7596-4D7B-99F1-6206FA7FAF3A} => key not found. HKLM\Software\Classes\CLSID\{3881CA93-7596-4D7B-99F1-6206FA7FAF3A} => key not found. HKU\S-1-5-21-4067184759-194431734-3307552434-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5e7797ae-5ca1-4b50-95d8-97e746340487} => key not found. HKLM\Software\Classes\CLSID\{5e7797ae-5ca1-4b50-95d8-97e746340487} => key not found. HKU\S-1-5-21-4067184759-194431734-3307552434-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A60FFDF8-6846-4BEC-BBA3-9ABE6DE82FA7} => key removed successfully HKLM\Software\Classes\CLSID\{A60FFDF8-6846-4BEC-BBA3-9ABE6DE82FA7} => key not found. Chrome HomePage => removed successfully Chrome StartupUrls => removed successfully Chrome DefaultSearchURL => removed successfully Chrome DefaultSearchKeyword => removed successfully Chrome DefaultSuggestURL => removed successfully 84ada1afa7c167c2ece4358073ff9765 => Unable to stop service. HKLM\System\CurrentControlSet\Services\84ada1afa7c167c2ece4358073ff9765 => key removed successfully 84ada1afa7c167c2ece4358073ff9765 => service removed successfully HKLM\System\CurrentControlSet\Services\EciZvBn5MomN Updater => key removed successfully EciZvBn5MomN Updater => service removed successfully HKLM\System\CurrentControlSet\Services\NetMediaService => key removed successfully NetMediaService => service removed successfully HKLM\System\CurrentControlSet\Services\srcsrv => key removed successfully srcsrv => service removed successfully cf7a54dc958ee2ea30fddb12c86c58b1 => Unable to stop service. HKLM\System\CurrentControlSet\Services\cf7a54dc958ee2ea30fddb12c86c58b1 => key removed successfully cf7a54dc958ee2ea30fddb12c86c58b1 => service removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1FF014E5-2D75-417D-839E-94DEB56D6416} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FF014E5-2D75-417D-839E-94DEB56D6416} => key removed successfully C:\WINDOWS\System32\Tasks\One System Care Monitor => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Monitor => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{201A8AD0-BB9C-45F2-85DE-C394C2FD53D1} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{201A8AD0-BB9C-45F2-85DE-C394C2FD53D1} => key removed successfully C:\WINDOWS\System32\Tasks\SMW_P => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_P => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4184607C-072C-4D4B-8782-410E50BEDB60} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4184607C-072C-4D4B-8782-410E50BEDB60} => key removed successfully C:\WINDOWS\System32\Tasks\EciZvBn5MomN => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EciZvBn5MomN => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47C90924-902D-4F24-B76D-811AEB3F34DA} => key not found. C:\WINDOWS\System32\Tasks\5ef15c60a59549278130da19940e9560 => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5ef15c60a59549278130da19940e9560 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54F5DADC-CF72-4DCC-9055-F935C1507781} => key not found. C:\WINDOWS\System32\Tasks\One System CarePeriod => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System CarePeriod => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D9AB730-D4CB-4195-B2D9-60E032B4AE53} => key not found. C:\WINDOWS\System32\Tasks\{3DA2F7AE-E2B9-4759-D6C9-43BA0E8C3D15} => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3DA2F7AE-E2B9-4759-D6C9-43BA0E8C3D15} => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F053D8C-56DF-4603-AFDF-2B5A7CC867F1} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F053D8C-56DF-4603-AFDF-2B5A7CC867F1} => key not found. C:\WINDOWS\System32\Tasks\DecMoFooKiN BizmaTek => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DecMoFooKiN BizmaTek => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{72D9B1FA-A578-40DB-B9B8-C09070B9D563} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72D9B1FA-A578-40DB-B9B8-C09070B9D563} => key removed successfully C:\WINDOWS\System32\Tasks\Microsoft\Windows\Windows Error Reporting\ReportErr => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Error Reporting\ReportErr => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79DFE94B-6CA6-4403-BD1C-2B17CF2CE77E} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79DFE94B-6CA6-4403-BD1C-2B17CF2CE77E} => key removed successfully C:\WINDOWS\System32\Tasks\{2F05DD91-86B6-E05F-1952-81691A640B78} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2F05DD91-86B6-E05F-1952-81691A640B78} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{878A2CEF-FD43-4CA8-B336-8B5CF716692E} => key not found. C:\WINDOWS\System32\Tasks\AGProxyCheck => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AGProxyCheck => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A90A4E7-6459-40E7-80D9-299438B7AC5B} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A90A4E7-6459-40E7-80D9-299438B7AC5B} => key removed successfully C:\WINDOWS\System32\Tasks\L2Hourly => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\L2Hourly => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{951C8C1D-4E88-4DFF-B62C-6D0B75C45BD1} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{951C8C1D-4E88-4DFF-B62C-6D0B75C45BD1} => key removed successfully C:\WINDOWS\System32\Tasks\SoftUpgrade => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SoftUpgrade => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A452A0B5-7188-40AF-883B-395F8189AE90} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A452A0B5-7188-40AF-883B-395F8189AE90} => key removed successfully C:\WINDOWS\System32\Tasks\{7A0B0B47-7E0C-097E-0511-78080F0D110C} => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7A0B0B47-7E0C-097E-0511-78080F0D110C} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AAFE5462-04D0-4A45-B73B-5B001DAEDABE} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAFE5462-04D0-4A45-B73B-5B001DAEDABE} => key removed successfully C:\WINDOWS\System32\Tasks\Checker64 => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Checker64 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2671CA8-A975-4185-B680-6DC79BCA6A16} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2671CA8-A975-4185-B680-6DC79BCA6A16} => key removed successfully C:\WINDOWS\System32\Tasks\{47351B3C-F09E-AC97-F73A-AD90999BAD57} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{47351B3C-F09E-AC97-F73A-AD90999BAD57} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8D113E0-89C4-452B-B5F8-D5892B97E865} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8D113E0-89C4-452B-B5F8-D5892B97E865} => key removed successfully C:\WINDOWS\System32\Tasks\running => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\running => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF1B349D-9033-4343-90E1-8DF3285763E5} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF1B349D-9033-4343-90E1-8DF3285763E5} => key removed successfully C:\WINDOWS\System32\Tasks\One System Care Run Delay => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Run Delay => key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{CB87629A-8489-4C73-AE4D-105AA68062B0} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB87629A-8489-4C73-AE4D-105AA68062B0} => key removed successfully C:\WINDOWS\System32\Tasks\84ada1afa7c167c2ece4358073ff9765 => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\84ada1afa7c167c2ece4358073ff9765 => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CBED7720-A8A7-4B50-941F-535107E410D0} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBED7720-A8A7-4B50-941F-535107E410D0} => key removed successfully C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-EN => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-EN => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{DDEC1899-7A45-4139-8EE1-F923E0A9F986} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDEC1899-7A45-4139-8EE1-F923E0A9F986} => key removed successfully C:\WINDOWS\System32\Tasks\L2Onstart => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\L2Onstart => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{E5F370AF-44F5-4183-AE39-3EEAE7DCFFAC} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5F370AF-44F5-4183-AE39-3EEAE7DCFFAC} => key removed successfully C:\WINDOWS\System32\Tasks\AVObjit => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVObjit => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8EF9BC7-4813-40DD-9B0F-B77BD7079063} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8EF9BC7-4813-40DD-9B0F-B77BD7079063} => key removed successfully C:\WINDOWS\System32\Tasks\OneSystemCare Task => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneSystemCare Task => key removed successfully C:\WINDOWS\Tasks\One System CarePeriod.job => not found. C:\WINDOWS\Tasks\{3DA2F7AE-E2B9-4759-D6C9-43BA0E8C3D15}.job => not found. C:\Users\MoFooKiN BizmaTek\Desktop\Google Chrome.lnk => Shortcut argument removed successfully. C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Videostream for Google Chromecastâ„¢.lnk => Shortcut argument removed successfully. C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk => Shortcut argument removed successfully. C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chromium.lnk => not found. C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument removed successfully. C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk => Shortcut argument removed successfully. C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk => Shortcut argument removed successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully. C:\Users\Public\Desktop\Google Chrome.lnk => Shortcut argument removed successfully. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{91BEBEE6-45A7-4C4A-AE3B-4ADA11DF3531} => value not found. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{21D6B1BE-4D46-496D-947D-86C7C721CC4A} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A9DA1F68-AB01-4B6C-9B5C-A48C784AAC82} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{008E7A76-C080-4918-9A08-4962A2A155D8} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DAEB742B-B67B-448B-8A1D-A793E3BF174D} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{14112D2C-FD96-4A71-9CB5-239AE65447CE} => value removed successfully C:\Users\MoFooKiN BizmaTek\Desktop\Download Video and Audio Online.lnk => moved successfully C:\Users\MoFooKiN BizmaTek\Desktop\Gоoglе Сhrоmе.lnk => moved successfully C:\Users\MoFooKiN BizmaTek\Desktop\Сhrоmium.lnk => moved successfully C:\Users\MoFooKiN BizmaTek\Desktop\VR\NаhimiÑ 2.lnk => moved successfully C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Сhrоmium.lnk => moved successfully C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Vidеostreаm for Gоogle ChromеÑastâ„¢.lnk => moved successfully C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget\ÐnоnymizеrGаdget.lnk => moved successfully C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnet Еxplоrer.lnk => moved successfully "C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоogle Chrоmе.lnk" => not found. "C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Сhromium.lnk" => not found. "C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gоoglе Chrоme.lnk" => not found. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооgle Сhrome.lnk => moved successfully C:\Users\Public\Desktop\Gооgle Сhromе.lnk => moved successfully C:\Users\Public\Desktop\Wоrld оf Wаrships.lnk => moved successfully "C:\Program Files\84ada1afa7c167c2ece4358073ff976" => not found. C:\Program Files\AVObjit => moved successfully C:\Program Files\jetstrmedia => moved successfully C:\Program Files\Common Files\Noobzo => moved successfully C:\Program Files (x86)\AnonymizerGadget => moved successfully C:\Program Files (x86)\Company => moved successfully C:\Program Files (x86)\bnsplayer => moved successfully "C:\Program Files (x86)\BeansPlayer" => not found. C:\Program Files (x86)\EciZvBn5MomN => moved successfully C:\Program Files (x86)\EciZvBn5MomN Updater => moved successfully C:\Program Files (x86)\L2VPN => moved successfully C:\Program Files (x86)\SoftUpgrade => moved successfully "C:\Program Files (x86)\OneSystemCare" => not found. C:\ProgramData\69815218-2861-0 => moved successfully C:\ProgramData\69815218-1777-1 => moved successfully C:\ProgramData\38eae574 => moved successfully C:\ProgramData\{6CF1C05A-DB5A-77F1-25CE-29904C39DD0D} => moved successfully C:\ProgramData\{60bf6030-412c-0} => moved successfully C:\ProgramData\{3a0f1d6a-012c-1} => moved successfully C:\ProgramData\{2CA8E9B4-9B03-5E1F-DA56-99977EEC4810} => moved successfully C:\ProgramData\494fa140-1c51-0 => moved successfully C:\ProgramData\494fa140-0715-1 => moved successfully C:\ProgramData\403699fe59484dd3887b22601a3ac593 => moved successfully C:\ProgramData\BSD => moved successfully C:\ProgramData\TweakBit => moved successfully "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care" => not found. C:\ProgramData\smp2.exe => moved successfully C:\Users\MoFooKiN BizmaTek\Downloads\adobe_flash_setup_1371505745.exe => moved successfully C:\Users\MoFooKiN BizmaTek\AppData\Local\{A13F9763-8597-FBDB-E80F-DE33CC6722AB} => moved successfully C:\Users\MoFooKiN BizmaTek\AppData\Local\4e199afe3d574f909138b5b7d0506b84 => moved successfully C:\Users\MoFooKiN BizmaTek\AppData\Local\AdvinstAnalytics => moved successfully c:\users\mofookin bizmatek\appdata\local\chromium => moved successfully C:\Users\MoFooKiN BizmaTek\AppData\Local\NetSupport => moved successfully C:\Users\MoFooKiN BizmaTek\AppData\Local\WeatherBuddy => moved successfully C:\Users\MoFooKiN BizmaTek\AppData\Roaming\f6eb09d47736462b8a45ef97fcede229 => moved successfully C:\Users\MoFooKiN BizmaTek\AppData\Roaming\a9111e571d1f4067bbb4ee9be5dd98c2 => moved successfully C:\Users\MoFooKiN BizmaTek\AppData\Roaming\AGData => moved successfully "C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Browsers" => not found. "C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Kapihicus" => not found. "C:\Users\MoFooKiN BizmaTek\AppData\Roaming\One System Care" => not found. C:\Users\MoFooKiN BizmaTek\AppData\Roaming\ReportErr => moved successfully C:\Users\MoFooKiN BizmaTek\AppData\Roaming\SPI => moved successfully C:\Users\MoFooKiN BizmaTek\AppData\Roaming\SystemUpdate => moved successfully "C:\Users\MoFooKiN BizmaTek\AppData\Roaming\windows.exe" => not found. C:\Users\MoFooKiN BizmaTek\AppData\Roaming\weatherscr.exe => moved successfully C:\Users\MoFooKiN BizmaTek\AppData\Roaming\wb_ni_23_139_c.exe => moved successfully C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget => moved successfully "C:\Users\MOFOOK~1\AppData\Roaming\Megag" => not found. C:\Windows\src_srv => moved successfully C:\WINDOWS\tang.exe => moved successfully C:\WINDOWS\cross1467io.exe => moved successfully C:\WINDOWS\Microsoft12.bmp => moved successfully C:\WINDOWS\rsrcs.dll => moved successfully C:\WINDOWS\5ef15c60a59549278130da19940e9560.ps1 => moved successfully C:\WINDOWS\c19cb907bdac8210b94900afb15783fd.exe => moved successfully C:\WINDOWS\uninstaller.dat => moved successfully C:\WINDOWS\unins000.exe => moved successfully C:\WINDOWS\unins000.dat => moved successfully C:\WINDOWS\WeatherBuddy.INI => moved successfully C:\WINDOWS\system32\bi3.exe => moved successfully C:\WINDOWS\system32\drivers\cf7a54dc958ee2ea30fddb12c86c58b1.sys => moved successfully "C:\WINDOWS\SysWOW64\SSL" folder move: Could not move "C:\WINDOWS\SysWOW64\SSL" => Scheduled to move on reboot. =========== "C:\Windows\Temp\*.tmp.exe" ========== C:\Windows\Temp\gBDF7.tmp.exe => moved successfully C:\Windows\Temp\gFBEC.tmp.exe => moved successfully C:\Windows\Temp\gFBED.tmp.exe => moved successfully ========= End -> "C:\Windows\Temp\*.tmp.exe" ======== C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 123522 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 115739356 B Java, Flash, Steam htmlcache => 342793810 B Windows/system/drivers => 66563690 B Edge => 38597991 B Chrome => 360056538 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 6807214 B systemprofile32 => 1737694 B LocalService => 22508 B NetworkService => 36810 B MoFooKiN BizmaTek => 1943067903 B RecycleBin => 115686 B EmptyTemp: => 2.7 GB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 05-11-2017 20:06:32) C:\WINDOWS\SysWOW64\SSL => Is moved successfully ==== End of Fixlog 20:06:32 ==== Still the blue screen persists... This is driving me crazy! To top it off my other machine just threw a BSOD and now will not start up!!! Npne of the repair options are working for it either... I believe its infected as well.. Might have to start another ticket after this one.. good thing i paid for two licenses!

it did not fix the blue screen. im going to try it again.

Ok i started going down the list uninstalling the programs you listed (all of which seem to be there) but every time i get to chromium it seems to stall, just sitting there. Then this blue screen covers the whole screen on top of everything, saing that i must re enter my windows serial key and gives me no other option to get out of it, making me restart to use the laptop at all. alt tab nor alt f4 work and i can ctrl alt del to shut down but task manager doesnt show through this screen. I took a picture to post here but now my phone says it cant complete the action because of low memory.! so ill put it in my next post from the pc when i get to it... also it does this weather or not im trying to uninstall chromium. My question is, do i need to uninstall these programs before i run the fix u sent? Im thinking im not going to be able to but im going to try one more time.. well i tried it again, this time chromium was gone so i moved to game assist and it said that there was an error that game assist apeared to already be uninstalled would i like to remove it from the list? then it did the windows serial thing again..

Ok i started going down the list uninstalling the programs you listed (all of which seem to be there) but every time i get to chromium it seems to stall, just sitting there. Then this blue screen covers the whole screen on top of everything, saing that i must re enter my windows serial key and gives me no other option to get out of it, making me restart to use the laptop at all. alt tab nor alt f4 work and i can ctrl alt del to shut down but task manager doesnt show through this screen. I took a picture to post here but now my phone says it cant complete the action because of low memory.! so ill put it in my next post from the pc when i get to it... also it does this weather or not im trying to uninstall chromium. My question is, do i need to uninstall these programs before i run the fix u sent? Im thinking im not going to be able to but im going to try one more time..

Yes, thats how I have been doing it, I tried it again just to be sure... No, neither of these will run. Ive done it exactly as you described. This time I took pictures. they are attached. Any more Ideas? Note the 20171104_183124.jpg picture is when I attempted to run mbar.cmd. Thanx for the help btw.

Yes I tried that before my last p[ost. the execution was blocked by an "admin" due to it being a malicious file type... Even though I am the only admin on the PC. Wait are you talking about trying to run the file within the zip? cause I have been extracting it to my thumb drive and then running it from there on my broke machine..?

ok I can not get any .exe file or .cmd file to run I click on it asnd a error pops up saying that an admin has prevented the file from running for my safety. I can get the camelian version to run but it fails to update, finds the same threats and well... you have the log I ghot for that.. what should I do?

Ok it should be noted that After using chamelian I was able to scan and remove threats, but when I( tried to install updates it couldnt reach the server. So I got mbar-1.10.3.1001-nr.exe but it said that an admin had blocked the file from running. So I ren chamelian AGFAIN RAN A SCAN AND HAD ALOT OF THREATS POP UP AGASIN sry for caps. but this time I made a report aND IT IS ATTATCHED, NOW i AM dlING THE ZIP FILE TO TRY IT. iLL BE BACK AFTER.. grrr caps... Anyway where do I find the log file that you are asking for? mwb.txt

At first I couldn't run MWB but I followed the FAQ and got it to scan using Chameleon. At the end of that scan a blue background filled the screen with a blank box in the middle asking me to enter in the original serial key for windows 10 and wont let me do anything. Ctrl-alt-delete brings up the list but up[on clicking task manager, nothing... Alt-f4 does nothing also. Only thing I can do to get this to temp go away is reboot. Upon start up random appearing web pages open on browser.. followed by the detection of some spyware by win defender and then the fake blue screen. Ive included the logs listed in FAQ with the exception of the MWB as I couldnbt get it due to the msg I mentioned. Although it did remove 97 threats.... So there it is... Im at a loss. Thanx in advance and I wont be asking for help with this issue anywhere else. Addition.txt FRST.txt