[Finaly got MWB to scan then Ransom page blocks all]

edited my post sry

[Finaly got MWB to scan then Ransom page blocks all]

hello? err sorry i didnt see ur last post, great!  I dont have an error in MWB...       It wasnt opening the internet website but I think that had to do with latency.   Thank you very much for your help..   Is MWB premium enough to keep me fairly safe?

 

[Finaly got MWB to scan then Ransom page blocks all]

Well something is up because the maulwarebytes website keeps throwing up DNS not found on that machine.. heres the logs.

Addition.txt

FRST.txt

[Finaly got MWB to scan then Ransom page blocks all]

# AdwCleaner 7.0.4.0 - Logfile created on Tue Nov 07 16:33:37 2017
# Updated on 2017/27/10 by Malwarebytes 
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

Deleted: C:\END

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKU\S-1-5-21-4067184759-194431734-3307552434-1001\Software\CoinisRevShare
Deleted: [Key] - HKCU\Software\CoinisRevShare
Deleted: [Key] - HKU\S-1-5-21-4067184759-194431734-3307552434-1001\Software\ELLS LLC
Deleted: [Key] - HKCU\Software\ELLS LLC
Deleted: [Key] - HKLM\SOFTWARE\mbs_install
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E9B5B0D2-D08A-49FC-8B5C-159B60BAA268}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{3157E247-2784-4028-BF0F-52D6DDC70E1B}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{873C7DA8-195D-4D5A-B830-C5E2831901EA}
Deleted: [Key] - HKLM\SOFTWARE\BSD
Deleted: [Key] - HKU\S-1-5-21-4067184759-194431734-3307552434-1001\Software\BSD
Deleted: [Key] - HKCU\Software\BSD
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemHealer_is1
Deleted: [Key] - HKU\S-1-5-21-4067184759-194431734-3307552434-1001\Software\PRODUCTSETUP
Deleted: [Key] - HKCU\Software\PRODUCTSETUP
Deleted: [Key] - HKU\S-1-5-21-4067184759-194431734-3307552434-1001\Software\Microsoft\Etsy
Deleted: [Key] - HKCU\Software\Microsoft\Etsy

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

Plugin deleted: Highlight to Search - 
Plugin deleted: Amazon Assistant for Chrome - 
SearchProvider deleted: Ask Search - websearch.ask.com
SearchProvider deleted: TheFreeGames Customized Web Search - search.conduit.com

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [2854 B] - [2017/11/7 16:32:56]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

 

 

 

 

 

rougekiller

 

 

RogueKiller V12.11.23.0 (x64) [Nov  6 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : MoFooKiN BizmaTek [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 11/07/2017 10:41:19 (Duration : 00:37:29)

¤¤¤ Processes : 1 ¤¤¤
[VT.Unknown] Dragon Center.exe(8436) -- C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe[7] -> Found

¤¤¤ Registry : 4 ¤¤¤
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) :   -> Found
[Adw.DNSUnlocker] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{242614b1-10f7-43a8-bb62-04fe018699de} | DHCPNameServer : 82.163.143.176 ([GB])  -> Found
[Adw.DNSUnlocker] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b46c7351-40b3-444c-b8cf-c5962f38c276} | DHCPNameServer : 82.163.143.176 ([GB])  -> Found
[Adw.DNSUnlocker] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d89ed064-ab14-4a21-a0e2-0620c9118ed6} | DHCPNameServer : 82.163.143.176 ([GB])  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS721010A9E630 +++++
--- User ---
[MBR] bf1cb7a693acddb42acb4b3ff9771efe
[BSP] b388edfefc66ea5ec0f01fbd550b2cd3 : Empty|VT.Unknown MBR Code
Partition table:
0 - Basic data partition | Offset (sectors): 2048 | Size: 935504 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1915914240 | Size: 18364 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Intel Raid 0 Volume +++++
--- User ---
[MBR] 930494fed18d558e3a9c127177a9f260
[BSP] 3172880cce65e09a5bc8ef7f116cfe1f : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 300 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 616448 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 878592 | Size: 487062 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 998381568 | Size: 900 MB
User = LL1 ... OK
Error reading LL2 MBR! NOT VALID!

+++++ PhysicalDrive2: SMI USB DISK USB Device +++++
--- User ---
[MBR] f1d4fde723e13c3bf58f9fd4c0ba5f24
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 120 | Size: 7536 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

[Finaly got MWB to scan then Ransom page blocks all]

Im not sure which of these you want, but upon restarting my machine a new version of mwb wanted to install. I suspect because I activated it... Anyway the new install is scanning now.

Ok they are xml documents and I cant attach them so im going to paste them...

 

<?xml version="1.0" encoding="UTF-16"?>

-<mbam-log>

-<header>

<date>2017/11/06 21:47:10 -0600</date>

<logfile>mbam-log-2017-11-06 (21-30-46).xml</logfile>

<isadmin>yes</isadmin>

</header>

-<engine>

<version>0.0.0.0000</version>

<malware-database>v2017.11.07.02</malware-database>

<rootkit-database>v2017.10.14.01</rootkit-database>

<license>premium</license>

<file-protection>enabled</file-protection>

<web-protection>enabled</web-protection>

<self-protection>disabled</self-protection>

</engine>

-<system>

<hostname>MSIFOOKIN</hostname>

<ip>10.0.0.77</ip>

<osversion>Windows 10</osversion>

<arch>x64</arch>

<username>MoFooKiN BizmaTek</username>

<filesys>NTFS</filesys>

</system>

-<summary>

<type>threat</type>

<result>completed</result>

<objects>319499</objects>

<time>397</time>

<processes>0</processes>

<modules>0</modules>

<keys>0</keys>

<values>0</values>

<datas>0</datas>

<folders>0</folders>

<files>0</files>

<sectors>0</sectors>

</summary>

-<options>

<memory>enabled</memory>

<startup>enabled</startup>

<filesystem>enabled</filesystem>

<archives>enabled</archives>

<rootkits>disabled</rootkits>

<deeprootkit>disabled</deeprootkit>

<heuristics>enabled</heuristics>

<pup>enabled</pup>

<pum>enabled</pum>

</options>

<items> </items>

</mbam-log>

 

 

And here is the second one

 

 

<?xml version="1.0" encoding="UTF-8"?>

-<logs>

<record toVersion="2017.11.6.1" name="IP Database" last_modified_tag="a2ccb38b-b159-43a3-8e80-67807ba5ea9d" fromVersion="2017.11.3.2" systemname="MSIFOOKIN" username="SYSTEM" type="Update" source="Manual" datetime="2017-11-06T21:20:45.383532-06:00" LoggingEventType="1" severity="debug"/>

<record toVersion="2017.11.6.8" name="Domain Database" last_modified_tag="48dfaa19-6eb1-44c5-a7ad-93e5cfd2d274" fromVersion="2016.2.16.8" systemname="MSIFOOKIN" username="SYSTEM" type="Update" source="Manual" datetime="2017-11-06T21:20:48.624153-06:00" LoggingEventType="1" severity="debug"/>

<record toVersion="2017.11.7.1" name="Malware Database" last_modified_tag="b76b3b09-adfc-489d-9df9-31510cb9add5" fromVersion="2016.2.16.6" systemname="MSIFOOKIN" username="SYSTEM" type="Update" source="Manual" datetime="2017-11-06T21:20:53.780809-06:00" LoggingEventType="1" severity="debug"/>

<record last_modified_tag="38975ff5-277a-4d79-8a7f-03868b78e0e9" systemname="MSIFOOKIN" username="SYSTEM" type="Error" source="Protection" datetime="2017-11-06T21:28:40.941061-06:00" LoggingEventType="4" severity="debug" message="ServiceCanRun" code="13"/>

<record last_modified_tag="38ab8b92-72b1-4940-b509-d25b591c83f3" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:28:40.958281-06:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Stopping"/>

<record last_modified_tag="83304afe-6c87-47ea-8fa6-21f65e81a737" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:28:40.958281-06:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Stopped"/>

<record last_modified_tag="04953f21-2de8-442a-b769-b669f0cbb347" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:28:45.414714-06:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Starting"/>

<record last_modified_tag="65b936b7-a7a8-4ce5-926b-9e24076509a9" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:28:45.420729-06:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Started"/>

<record last_modified_tag="ed9d3b80-2a90-4560-a4c1-e859ba571b8e" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:28:45.437273-06:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Starting"/>

<record last_modified_tag="12f9fa22-72ac-4997-9de5-adcb01c8c17e" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:28:47.594558-06:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Started"/>

<record toVersion="3.3.1.0" name="program" last_modified_tag="f68bc469-53d8-4798-abf4-660e72655c53" fromVersion="2.2.1.1043" systemname="MSIFOOKIN" username="SYSTEM" type="Update" source="Manual" datetime="2017-11-06T21:32:09.418838-06:00" LoggingEventType="1" severity="debug"/>

<record toVersion="2017.11.7.2" name="Malware Database" last_modified_tag="0683dbce-72d2-4f62-a408-f13894d5c220" fromVersion="2017.11.7.1" systemname="MSIFOOKIN" username="SYSTEM" type="Update" source="Scheduler" datetime="2017-11-06T21:47:10.382835-06:00" LoggingEventType="1" severity="debug"/>

<record last_modified_tag="f3f9691a-819b-4587-ba5e-1bd056be41ae" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:47:10.404856-06:00" LoggingEventType="2" severity="debug" subtype="Refresh" result="Starting"/>

<record last_modified_tag="ddfd3946-fcd8-4ef1-93d8-3c807f4a398c" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:47:10.410371-06:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Stopping"/>

<record last_modified_tag="413daaf1-05bf-49e7-9462-eee98bc2c741" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:47:11.415043-06:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Stopped"/>

<record last_modified_tag="fd17c60a-2928-4719-859a-6694251e63b0" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:47:14.335737-06:00" LoggingEventType="2" severity="debug" subtype="Refresh" result="Success"/>

<record last_modified_tag="7dd82a84-52d0-46bf-8be7-5cbbba45a9cc" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:47:14.347268-06:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Starting"/>

<record last_modified_tag="04c5c04c-2651-4283-b9eb-d959c67433ad" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:47:16.581291-06:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Started"/>

<record last_modified_tag="77fcfdfd-3f30-45dc-a5a2-8f2b7783f478" systemname="MSIFOOKIN" username="SYSTEM" type="Scan" source="Manual" datetime="2017-11-06T21:52:17.665868-06:00" LoggingEventType="6" severity="debug" scanresult="completed" nonmalwaredetections="88" malwaredetections="0" duration="397" starttime="2017-11-06T21:32:09-06:00" scantype="threat"/>

<record last_modified_tag="d023991b-e69d-4289-a8a3-129ec17d4c29" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:53:16.395714-06:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Starting"/>

<record last_modified_tag="96c6e3d0-49e5-4e57-bf3b-b694d8e5f098" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:53:16.411325-06:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Started"/>

<record last_modified_tag="0c549907-db9e-4cda-992f-142dba1f83ae" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:53:16.426952-06:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Starting"/>

<record last_modified_tag="110774f0-731e-460e-bdec-532a438bb2db" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:53:18.958468-06:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Started"/>

<record last_modified_tag="a794619c-8d99-4058-af3a-5a3ccad4aa8c" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:53:44.406138-06:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Stopping"/>

<record last_modified_tag="e06bbdee-60a0-4952-926f-ff339745f870" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:53:45.960770-06:00" LoggingEventType="2" severity="debug" subtype="Malicious Website Protection" result="Stopped"/>

<record last_modified_tag="bff26452-c7a1-4683-8009-1782a9890bfd" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:53:45.969795-06:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Stopping"/>

<record last_modified_tag="6ac6c8f6-20c8-4052-8e00-77c499a59c86" systemname="MSIFOOKIN" username="SYSTEM" type="Protection" source="Protection" datetime="2017-11-06T21:53:46.316717-06:00" LoggingEventType="2" severity="debug" subtype="Malware Protection" result="Stopped"/>

</logs>

 

 

 

 

And here is the log from the newly installed version:

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 11/6/17
Scan Time: 9:59 PM
Log File: 0b91bc0c-c370-11e7-8547-9cb6d010ec1a.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3193
License: Premium

-System Information-
OS: Windows 10 (Build 14393.1770)
CPU: x64
File System: NTFS
User: MSIFOOKIN\MoFooKiN BizmaTek

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 408867
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 1 min, 3 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

(end)

[Finaly got MWB to scan then Ransom page blocks all]

Ok, I was able to run the fix, and this time it did stop the blue screen, so I deleted the rest of the lisat of programs and I attempted to run the mwb.cmd and I got the same error that the .dll file wasnt there or something, so I ran the mwb.exe in that same zip file and it ran and scanned and removed maulware. I have attached both logs.   I hope I didnt jump the gun running mwb.exe.  Sorry if I did, I wont jump ahead again..

Fixlog.txt

mbar-log-2017-11-06 (19-30-16).txt

[Finaly got MWB to scan then Ransom page blocks all]

Sure, here you go.

Addition.txt

FRST.txt

[Finaly got MWB to scan then Ransom page blocks all]

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017
Ran by MoFooKiN BizmaTek (05-11-2017 20:04:27) Run:1
Running from C:\Users\MoFooKiN BizmaTek\Desktop\New folder (2)
Loaded Profiles: MoFooKiN BizmaTek (Available Profiles: MoFooKiN BizmaTek)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [AnonymizerGadget] => C:\Users\MoFooKiN BizmaTek\AppData\Roaming\AGData\bin\AnonymizerLauncher.exe [347784 2017-10-27] (Jetico ltd) <==== ATTENTION
HKLM-x32\...\Run: [AppleWebKit] => C:\Users\MoFooKiN BizmaTek\AppData\Roaming\SystemUpdate\client32.exe [105848 2016-12-06] (NetSupport Ltd)
HKLM\...\RunOnce: [MSIFOOKIN] => C:\WINDOWS\TEMP\gF915.tmp.exe [212992 2017-11-02] () <==== ATTENTION
HKLM-x32\...\RunOnce: [Cotesi] => C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\MOFOOK~1\AppData\Roaming\Megag"
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
HKU\S-1-5-21-4067184759-194431734-3307552434-1001\...\Run: [Chromium] => c:\users\mofookin bizmatek\appdata\local\chromium\application\chrome.exe [1044480 2016-01-25] (The Chromium Authors)
HKU\S-1-5-21-4067184759-194431734-3307552434-1001\...\Run: [WeatherBuddy] => C:\Users\MoFooKiN BizmaTek\AppData\Local\WeatherBuddy\WeatherBuddy.exe [3991552 2017-10-13] (ELLS LLC)
HKU\S-1-5-21-4067184759-194431734-3307552434-1001\...\Run: [Win64svc] => RevoTemp.tmp
HKU\S-1-5-21-4067184759-194431734-3307552434-1001\...\Run: [JVZGBBFDXH.exe] => C:\Users\MoFooKiN BizmaTek\AppData\Local\Temp\ba-9d9c9-671-4a4b3-20cdd50841ebc\JVZGBBFDXH.exe [135168 2017-10-27] () <==== ATTENTION
HKU\S-1-5-21-4067184759-194431734-3307552434-1001\...\RunOnce: [windows] => C:\Users\MoFooKiN BizmaTek\AppData\Roaming\windows.exe [121344 2017-10-26] (RealVNC Ltd) <==== ATTENTION

ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:8003
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => 127.0.0.1:8003
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => 127.0.0.1:8003
ProxyEnable: [S-1-5-21-4067184759-194431734-3307552434-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-4067184759-194431734-3307552434-1001] => 127.0.0.1:8003
ManualProxies: 1127.0.0.1:8003

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131536193403574783&GUID=A4A233F6-7B63-4FC7-AA0B-AEEFECB0DD9F
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131536193403584982&GUID=A4A233F6-7B63-4FC7-AA0B-AEEFECB0DD9F
HKU\S-1-5-21-4067184759-194431734-3307552434-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www-searching.com/?pid=s&s=HARzamobl20603BU,d290e000-95ce-4ad0-b00a-11cfeda08224,&vp=ch&prd=set_ie
HKU\S-1-5-21-4067184759-194431734-3307552434-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
SearchScopes: HKLM -> DefaultScope {A60FFDF8-6846-4BEC-BBA3-9ABE6DE82FA7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {A60FFDF8-6846-4BEC-BBA3-9ABE6DE82FA7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {A60FFDF8-6846-4BEC-BBA3-9ABE6DE82FA7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {A60FFDF8-6846-4BEC-BBA3-9ABE6DE82FA7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> DefaultScope {A60FFDF8-6846-4BEC-BBA3-9ABE6DE82FA7} URL = 
SearchScopes: HKU\S-1-5-21-4067184759-194431734-3307552434-1001 -> DefaultScope {A60FFDF8-6846-4BEC-BBA3-9ABE6DE82FA7} URL = 
SearchScopes: HKU\S-1-5-21-4067184759-194431734-3307552434-1001 -> {3881CA93-7596-4D7B-99F1-6206FA7FAF3A} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=HARzamobl20603BU,d290e000-95ce-4ad0-b00a-11cfeda08224,
SearchScopes: HKU\S-1-5-21-4067184759-194431734-3307552434-1001 -> {5e7797ae-5ca1-4b50-95d8-97e746340487} URL = hxxp://www.palikan.com/results.php?f=4&a=plk_coinisre_17_42_ssg01&cd=2XzuyEtN2Y1L1Qzuzy0E0ByC0DtDtCtD0E0CtCzyyEzyzztDtN0D0Tzu0StBtCtCzytN1L2XzutAtFtByBtFyEtFyDtAtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StCtA0Dzz0AyBtDtAtGyDyD0AtAtGtAyD0DyCtGyCzy0AyCtGyByEyEtBtBtByE0FtCtAyDtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0DyCyByByBtCtBtG0AtD0FtAtGyEyE0F0BtG0AyCtDyEtGyC0C0FtD0DyDtA0FzztA0Dzy2QtN0A0LzuyE&cr=1662538094&ir=&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4067184759-194431734-3307552434-1001 -> {A60FFDF8-6846-4BEC-BBA3-9ABE6DE82FA7} URL = 

CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=HARzamobl20603BU,d290e000-95ce-4ad0-b00a-11cfeda08224,&vp=ch&prd=set_ch
CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=HARzamobl20603BU,d290e000-95ce-4ad0-b00a-11cfeda08224,&vp=ch&prd=set_ch"
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=HARzamobl20603BU,d290e000-95ce-4ad0-b00a-11cfeda08224,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}

R2 84ada1afa7c167c2ece4358073ff9765; C:\Program Files\84ada1afa7c167c2ece4358073ff9765\b77c348bc31159007afbd7511aa499ed.exe [1189376 2017-10-26] () [File not signed] <==== ATTENTION
R2 EciZvBn5MomN Updater; C:\Program Files (x86)\EciZvBn5MomN Updater\EciZvBn5MomN Updater.exe [313344 2017-10-27] () [File not signed]
R2 NetMediaService; C:\Program Files\jetstrmedia\NetMedia\netmedia.exe [2131192 2017-10-26] ()
R2 srcsrv; C:\WINDOWS\src_srv\winsrcsrv.exe [17408 2017-10-07] () [File not signed] <==== ATTENTION
R1 cf7a54dc958ee2ea30fddb12c86c58b1; C:\WINDOWS\system32\drivers\cf7a54dc958ee2ea30fddb12c86c58b1.sys [109144 2017-10-26] (L00OHO) <==== ATTENTION

Task: {1FF014E5-2D75-417D-839E-94DEB56D6416} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe [2017-10-18] () <==== ATTENTION
Task: {201A8AD0-BB9C-45F2-85DE-C394C2FD53D1} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe [2017-10-27] () <==== ATTENTION
Task: {4184607C-072C-4D4B-8782-410E50BEDB60} - System32\Tasks\EciZvBn5MomN => ecizvbn5momn.exe
Task: {47C90924-902D-4F24-B76D-811AEB3F34DA} - System32\Tasks\5ef15c60a59549278130da19940e9560 => powershell.exe -NoProfile -NoLogo -NonInteractive -ExecutionPolicy Bypass -File "C:\WINDOWS\5ef15c60a59549278130da19940e9560.ps1" <==== ATTENTION
Task: {54F5DADC-CF72-4DCC-9055-F935C1507781} - System32\Tasks\One System CarePeriod => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2017-10-18] () <==== ATTENTION
Task: {5D9AB730-D4CB-4195-B2D9-60E032B4AE53} - System32\Tasks\{3DA2F7AE-E2B9-4759-D6C9-43BA0E8C3D15} => C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Kapihicus\updtask.exe [2013-05-01] () <==== ATTENTION
Task: {6F053D8C-56DF-4603-AFDF-2B5A7CC867F1} - System32\Tasks\DecMoFooKiN BizmaTek => C:\Users\MoFooKiN [Argument = BizmaTek\AppData\Local\Temp\RevoTemp.tmp] <==== ATTENTION
Task: {72D9B1FA-A578-40DB-B9B8-C09070B9D563} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\ReportErr => C:\\Users\\MoFooKiN BizmaTek\\AppData\\Roaming\\ReportErr\\mgrerr.exe [2017-10-27] ()
Task: {79DFE94B-6CA6-4403-BD1C-2B17CF2CE77E} - System32\Tasks\{2F05DD91-86B6-E05F-1952-81691A640B78} => C:\WINDOWS\system32\regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\38eae574\36fef984.dll" <==== ATTENTION
Task: {878A2CEF-FD43-4CA8-B336-8B5CF716692E} - System32\Tasks\AGProxyCheck => C:\Program [Argument = Files (x86)\AnonymizerGadget\AGService.exe /recove]
Task: {8A90A4E7-6459-40E7-80D9-299438B7AC5B} - System32\Tasks\L2Hourly => C:\Program Files (x86)\L2VPN\updater.exe [2017-10-24] ()
Task: {951C8C1D-4E88-4DFF-B62C-6D0B75C45BD1} - System32\Tasks\SoftUpgrade => C:\Program Files (x86)\SoftUpgrade\softup.exe [2017-10-27] () <==== ATTENTION
Task: {A452A0B5-7188-40AF-883B-395F8189AE90} - System32\Tasks\{7A0B0B47-7E0C-097E-0511-78080F0D110C} => C:\WINDOWS\system32\WindowsPowershell\v1.0\powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand IAAgADsAOwAgACAAIAAgADsAIAA7ADsAOwAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBzAHQAbwBwACIAOwAkAHMAYwA9ACIAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAiADsAJABXAGEAcgBuAGkAbgBnAFAAcgBlAGYAZQByAGUA (the data entry has 10040 more characters). <==== ATTENTION
Task: {AAFE5462-04D0-4A45-B73B-5B001DAEDABE} - System32\Tasks\Checker64 => C:\Program Files\jetstrmedia\NetMedia\checker.exe [2017-10-25] ()
Task: {B2671CA8-A975-4185-B680-6DC79BCA6A16} - System32\Tasks\{47351B3C-F09E-AC97-F73A-AD90999BAD57} => C:\ProgramData\{2CA8E9B4-9B03-5E1F-DA56-99977EEC4810}\2B8D12FC-9C26-A557-3FC6-85D27FDDFA75.exe [2017-11-02] () <==== ATTENTION
Task: {B8D113E0-89C4-452B-B5F8-D5892B97E865} - System32\Tasks\running => C:\Users\MoFooKiN [Argument = BizmaTek\AppData\Roaming\weatherscr.exe] <==== ATTENTION
Task: {BF1B349D-9033-4343-90E1-8DF3285763E5} - System32\Tasks\One System Care Run Delay => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2017-10-18] () <==== ATTENTION
Task: {CB87629A-8489-4C73-AE4D-105AA68062B0} - System32\Tasks\84ada1afa7c167c2ece4358073ff9765 => sc start 84ada1afa7c167c2ece4358073ff9765 <==== ATTENTION
Task: {CBED7720-A8A7-4B50-941F-535107E410D0} - System32\Tasks\Optimize Start Menu Cache Files-S-EN => C:\ProgramData\403699fe59484dd3887b22601a3ac593\chipset.exe exec hide IANEFCCDSL.cmd 
Task: {DDEC1899-7A45-4139-8EE1-F923E0A9F986} - System32\Tasks\L2Onstart => C:\Program Files (x86)\L2VPN\updater.exe [2017-10-24] ()
Task: {E5F370AF-44F5-4183-AE39-3EEAE7DCFFAC} - System32\Tasks\AVObjit => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\AVObjit\AVObjit.dll",CyJAVDOU <==== ATTENTION
Task: {E8EF9BC7-4813-40DD-9B0F-B77BD7079063} - System32\Tasks\OneSystemCare Task => C:\Program Files (x86)\OneSystemCare\SystemConsole.exe [2017-10-18] () <==== ATTENTION
Task: C:\WINDOWS\Tasks\One System CarePeriod.job => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\{3DA2F7AE-E2B9-4759-D6C9-43BA0E8C3D15}.job => C:\Users\MOFOOK~1\AppData\Roaming\KAPIHI~1\updtask.exe <==== ATTENTION

ShortcutWithArgument: C:\Users\MoFooKiN BizmaTek\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=harzamobl20603bu,d290e000-95ce-4ad0-b00a-11cfeda08224,
ShortcutWithArgument: C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Videostream for Google Chromecastâ„¢.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=harzamobl20603bu,d290e000-95ce-4ad0-b00a-11cfeda08224,
ShortcutWithArgument: C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=harzamobl20603bu,d290e000-95ce-4ad0-b00a-11cfeda08224,
ShortcutWithArgument: C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chromium.lnk -> C:\Users\MoFooKiN BizmaTek\AppData\Local\chromium\Application\chrome.exe (The Chromium Authors) -> hxxp://www%2dsearching.com/?prd=set_epf&s=harzamobl20603bu,d290e000-95ce-4ad0-b00a-11cfeda08224,
ShortcutWithArgument: C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=harzamobl20603bu,d290e000-95ce-4ad0-b00a-11cfeda08224,
ShortcutWithArgument: C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "microsoft-edge:hxxp://www%2dsearching.com/?prd=set_epe&s=HARzamobl20603BU,d290e000-95ce-4ad0-b00a-11cfeda08224,"
ShortcutWithArgument: C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk -> C:\program files\internet explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=harzamobl20603bu,d290e000-95ce-4ad0-b00a-11cfeda08224,
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=harzamobl20603bu,d290e000-95ce-4ad0-b00a-11cfeda08224,
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=harzamobl20603bu,d290e000-95ce-4ad0-b00a-11cfeda08224,

FirewallRules: [{91BEBEE6-45A7-4C4A-AE3B-4ADA11DF3531}] => (Allow) C:\Users\MoFooKiN BizmaTek\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{21D6B1BE-4D46-496D-947D-86C7C721CC4A}] => (Allow) C:\Users\MoFooKiN BizmaTek\AppData\Roaming\SystemUpdate\client32.exe
FirewallRules: [{A9DA1F68-AB01-4B6C-9B5C-A48C784AAC82}] => (Allow) C:\Users\MoFooKiN BizmaTek\AppData\Roaming\SystemUpdate\CLIENT32.exe
FirewallRules: [{008E7A76-C080-4918-9A08-4962A2A155D8}] => (Allow) C:\Users\MoFooKiN BizmaTek\AppData\Roaming\SystemUpdate\CLIENT32.exe
FirewallRules: [{DAEB742B-B67B-448B-8A1D-A793E3BF174D}] => (Allow) C:\Program Files\jetstrmedia\NetMedia\netmedia.exe
FirewallRules: [{14112D2C-FD96-4A71-9CB5-239AE65447CE}] => (Allow) C:\Program Files\jetstrmedia\NetMedia\checker.exe

C:\Users\MoFooKiN BizmaTek\Desktop\Download Video and Audio Online.lnk
C:\Users\MoFooKiN BizmaTek\Desktop\Gоoglе Сhrоmе.lnk
C:\Users\MoFooKiN BizmaTek\Desktop\Сhrоmium.lnk
C:\Users\MoFooKiN BizmaTek\Desktop\VR\NаhimiÑ 2.lnk
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Сhrоmium.lnk
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Vidеostreаm for Gоogle ChromеÑastâ„¢.lnk
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget\ÐnоnymizеrGаdget.lnk
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnet Еxplоrer.lnk
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоogle Chrоmе.lnk
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Сhromium.lnk
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gоoglе Chrоme.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооgle Сhrome.lnk
C:\Users\Public\Desktop\Gооgle Сhromе.lnk
C:\Users\Public\Desktop\Wоrld оf Wаrships.lnk

C:\Program Files\84ada1afa7c167c2ece4358073ff976
C:\Program Files\AVObjit
C:\Program Files\jetstrmedia
C:\Program Files\Common Files\Noobzo
C:\Program Files (x86)\AnonymizerGadget
C:\Program Files (x86)\Company
C:\Program Files (x86)\bnsplayer
C:\Program Files (x86)\BeansPlayer
C:\Program Files (x86)\EciZvBn5MomN
C:\Program Files (x86)\EciZvBn5MomN Updater
C:\Program Files (x86)\L2VPN
C:\Program Files (x86)\SoftUpgrade
C:\Program Files (x86)\OneSystemCare
2017-11-02 13:35 - 2017-11-02 13:35 - 000000000 ____D C:\ProgramData\69815218-2861-0
2017-11-02 13:35 - 2017-11-02 13:35 - 000000000 ____D C:\ProgramData\69815218-1777-1
2017-11-02 13:35 - 2017-11-02 13:35 - 000000000 ____D C:\ProgramData\38eae574
2017-11-02 13:35 - 2017-11-02 13:35 - 000000000 ____D C:\ProgramData\{6CF1C05A-DB5A-77F1-25CE-29904C39DD0D}
2017-11-02 13:35 - 2017-11-02 13:35 - 000000000 ____D C:\ProgramData\{60bf6030-412c-0}
2017-11-02 13:35 - 2017-11-02 13:35 - 000000000 ____D C:\ProgramData\{3a0f1d6a-012c-1}
2017-11-02 13:35 - 2017-11-02 13:35 - 000000000 ____D C:\ProgramData\{2CA8E9B4-9B03-5E1F-DA56-99977EEC4810}
2017-10-27 17:13 - 2017-11-02 13:36 - 000000000 ____D C:\ProgramData\494fa140-1c51-0
2017-10-27 17:13 - 2017-11-02 13:36 - 000000000 ____D C:\ProgramData\494fa140-0715-1
2017-10-27 17:12 - 2017-10-30 17:13 - 000000000 ____D C:\ProgramData\403699fe59484dd3887b22601a3ac593
C:\ProgramData\BSD
C:\ProgramData\TweakBit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
C:\ProgramData\smp2.exe
C:\Users\MoFooKiN BizmaTek\Downloads\adobe_flash_setup_1371505745.exe
C:\Users\MoFooKiN BizmaTek\AppData\Local\{A13F9763-8597-FBDB-E80F-DE33CC6722AB}
C:\Users\MoFooKiN BizmaTek\AppData\Local\4e199afe3d574f909138b5b7d0506b84
C:\Users\MoFooKiN BizmaTek\AppData\Local\AdvinstAnalytics
c:\users\mofookin bizmatek\appdata\local\chromium
C:\Users\MoFooKiN BizmaTek\AppData\Local\NetSupport
C:\Users\MoFooKiN BizmaTek\AppData\Local\WeatherBuddy
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\f6eb09d47736462b8a45ef97fcede229
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\a9111e571d1f4067bbb4ee9be5dd98c2
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\AGData
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Browsers
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Kapihicus
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\One System Care
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\ReportErr
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\SPI
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\SystemUpdate
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\windows.exe
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\weatherscr.exe
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\wb_ni_23_139_c.exe
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget
C:\Users\MOFOOK~1\AppData\Roaming\Megag
C:\Windows\src_srv
C:\WINDOWS\tang.exe
C:\WINDOWS\cross1467io.exe
C:\WINDOWS\Microsoft12.bmp
C:\WINDOWS\rsrcs.dll
C:\WINDOWS\5ef15c60a59549278130da19940e9560.ps1
C:\WINDOWS\c19cb907bdac8210b94900afb15783fd.exe
C:\WINDOWS\uninstaller.dat
C:\WINDOWS\unins000.exe
C:\WINDOWS\unins000.dat
C:\WINDOWS\WeatherBuddy.INI
C:\WINDOWS\system32\bi3.exe
C:\WINDOWS\system32\drivers\cf7a54dc958ee2ea30fddb12c86c58b1.sys
C:\WINDOWS\SysWOW64\SSL
C:\Windows\Temp\*.tmp.exe

Hosts:
EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AnonymizerGadget => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AppleWebKit => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\MSIFOOKIN => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Cotesi => value not found.
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\03D22C9C66915D58C88912B64C1F984B8344EF09 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\0F684EC1163281085C6AF20528878103ACEFCAAB => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\1667908C9E22EFBD0590E088715CC74BE4C60884 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\18DEA4EFA93B06AE997D234411F3FD72A677EECE => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\249BDA38A611CD746A132FA2AF995A2D3C941264 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3353EA609334A9F23A701B9159E30CB6C22D4C59 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3D496FA682E65FC122351EC29B55AB94F3BB03FC => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4420C99742DF11DD0795BC15B7B0ABF090DC84DF => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5240AB5B05D11B37900AC7712A3C6AE42F377C8C => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5DD3D41810F28B2A13E9A004E6412061E28FA48D => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\7457A3793086DBB58B3858D6476889E3311E550E => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\775B373B33B9D15B58BC02B184704332B97C3CAF => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\872CD334B7E7B3C3D1C6114CD6B221026D505EAB => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\88AD5DFE24126872B33175D1778687B642323ACF => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9132E8B079D080E01D52631690BE18EBC2347C1E => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9C43F665E690AB4D486D4717B456C5554D4BCEB5 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A5341949ABE1407DD7BF7DFE75460D9608FBC309 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A59CC32724DD07A6FC33F7806945481A2D13CA2F => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD4C5429E10F4FF6C01840C20ABA344D7401209F => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD96BB64BA36379D2E354660780C2067B81DA2E0 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\CDC37C22FE9272D8F2610206AD397A45040326B8 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB77E5CFEC34459146748B667C97B185619251BA => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E22240E837B52E691C71DF248F12D27F96441C00 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\ED841A61C0F76025598421BC1B00E24189E68D54 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F83099622B4A9F72CB5081F742164AD1B8D048C9 => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A => key removed successfully
HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 => key removed successfully
HKU\S-1-5-21-4067184759-194431734-3307552434-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Chromium => value removed successfully
HKU\S-1-5-21-4067184759-194431734-3307552434-1001\Software\Microsoft\Windows\CurrentVersion\Run\\WeatherBuddy => value removed successfully
HKU\S-1-5-21-4067184759-194431734-3307552434-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Win64svc => value removed successfully
HKU\S-1-5-21-4067184759-194431734-3307552434-1001\Software\Microsoft\Windows\CurrentVersion\Run\\JVZGBBFDXH.exe => value removed successfully
HKU\S-1-5-21-4067184759-194431734-3307552434-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\windows => value not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-21-4067184759-194431734-3307552434-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-21-4067184759-194431734-3307552434-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-4067184759-194431734-3307552434-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-4067184759-194431734-3307552434-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A60FFDF8-6846-4BEC-BBA3-9ABE6DE82FA7} => key removed successfully
HKLM\Software\Classes\CLSID\{A60FFDF8-6846-4BEC-BBA3-9ABE6DE82FA7} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{A60FFDF8-6846-4BEC-BBA3-9ABE6DE82FA7} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{A60FFDF8-6846-4BEC-BBA3-9ABE6DE82FA7} => key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-4067184759-194431734-3307552434-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-4067184759-194431734-3307552434-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3881CA93-7596-4D7B-99F1-6206FA7FAF3A} => key not found. 
HKLM\Software\Classes\CLSID\{3881CA93-7596-4D7B-99F1-6206FA7FAF3A} => key not found. 
HKU\S-1-5-21-4067184759-194431734-3307552434-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5e7797ae-5ca1-4b50-95d8-97e746340487} => key not found. 
HKLM\Software\Classes\CLSID\{5e7797ae-5ca1-4b50-95d8-97e746340487} => key not found. 
HKU\S-1-5-21-4067184759-194431734-3307552434-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A60FFDF8-6846-4BEC-BBA3-9ABE6DE82FA7} => key removed successfully
HKLM\Software\Classes\CLSID\{A60FFDF8-6846-4BEC-BBA3-9ABE6DE82FA7} => key not found. 
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
84ada1afa7c167c2ece4358073ff9765 => Unable to stop service.
HKLM\System\CurrentControlSet\Services\84ada1afa7c167c2ece4358073ff9765 => key removed successfully
84ada1afa7c167c2ece4358073ff9765 => service removed successfully
HKLM\System\CurrentControlSet\Services\EciZvBn5MomN Updater => key removed successfully
EciZvBn5MomN Updater => service removed successfully
HKLM\System\CurrentControlSet\Services\NetMediaService => key removed successfully
NetMediaService => service removed successfully
HKLM\System\CurrentControlSet\Services\srcsrv => key removed successfully
srcsrv => service removed successfully
cf7a54dc958ee2ea30fddb12c86c58b1 => Unable to stop service.
HKLM\System\CurrentControlSet\Services\cf7a54dc958ee2ea30fddb12c86c58b1 => key removed successfully
cf7a54dc958ee2ea30fddb12c86c58b1 => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1FF014E5-2D75-417D-839E-94DEB56D6416} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FF014E5-2D75-417D-839E-94DEB56D6416} => key removed successfully
C:\WINDOWS\System32\Tasks\One System Care Monitor => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Monitor => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{201A8AD0-BB9C-45F2-85DE-C394C2FD53D1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{201A8AD0-BB9C-45F2-85DE-C394C2FD53D1} => key removed successfully
C:\WINDOWS\System32\Tasks\SMW_P => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_P => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4184607C-072C-4D4B-8782-410E50BEDB60} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4184607C-072C-4D4B-8782-410E50BEDB60} => key removed successfully
C:\WINDOWS\System32\Tasks\EciZvBn5MomN => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EciZvBn5MomN => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47C90924-902D-4F24-B76D-811AEB3F34DA} => key not found. 
C:\WINDOWS\System32\Tasks\5ef15c60a59549278130da19940e9560 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5ef15c60a59549278130da19940e9560 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54F5DADC-CF72-4DCC-9055-F935C1507781} => key not found. 
C:\WINDOWS\System32\Tasks\One System CarePeriod => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System CarePeriod => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D9AB730-D4CB-4195-B2D9-60E032B4AE53} => key not found. 
C:\WINDOWS\System32\Tasks\{3DA2F7AE-E2B9-4759-D6C9-43BA0E8C3D15} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3DA2F7AE-E2B9-4759-D6C9-43BA0E8C3D15} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F053D8C-56DF-4603-AFDF-2B5A7CC867F1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F053D8C-56DF-4603-AFDF-2B5A7CC867F1} => key not found. 
C:\WINDOWS\System32\Tasks\DecMoFooKiN BizmaTek => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DecMoFooKiN BizmaTek => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{72D9B1FA-A578-40DB-B9B8-C09070B9D563} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72D9B1FA-A578-40DB-B9B8-C09070B9D563} => key removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Windows Error Reporting\ReportErr => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Error Reporting\ReportErr => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79DFE94B-6CA6-4403-BD1C-2B17CF2CE77E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79DFE94B-6CA6-4403-BD1C-2B17CF2CE77E} => key removed successfully
C:\WINDOWS\System32\Tasks\{2F05DD91-86B6-E05F-1952-81691A640B78} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2F05DD91-86B6-E05F-1952-81691A640B78} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{878A2CEF-FD43-4CA8-B336-8B5CF716692E} => key not found. 
C:\WINDOWS\System32\Tasks\AGProxyCheck => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AGProxyCheck => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A90A4E7-6459-40E7-80D9-299438B7AC5B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A90A4E7-6459-40E7-80D9-299438B7AC5B} => key removed successfully
C:\WINDOWS\System32\Tasks\L2Hourly => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\L2Hourly => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{951C8C1D-4E88-4DFF-B62C-6D0B75C45BD1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{951C8C1D-4E88-4DFF-B62C-6D0B75C45BD1} => key removed successfully
C:\WINDOWS\System32\Tasks\SoftUpgrade => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SoftUpgrade => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A452A0B5-7188-40AF-883B-395F8189AE90} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A452A0B5-7188-40AF-883B-395F8189AE90} => key removed successfully
C:\WINDOWS\System32\Tasks\{7A0B0B47-7E0C-097E-0511-78080F0D110C} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7A0B0B47-7E0C-097E-0511-78080F0D110C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AAFE5462-04D0-4A45-B73B-5B001DAEDABE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAFE5462-04D0-4A45-B73B-5B001DAEDABE} => key removed successfully
C:\WINDOWS\System32\Tasks\Checker64 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Checker64 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2671CA8-A975-4185-B680-6DC79BCA6A16} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2671CA8-A975-4185-B680-6DC79BCA6A16} => key removed successfully
C:\WINDOWS\System32\Tasks\{47351B3C-F09E-AC97-F73A-AD90999BAD57} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{47351B3C-F09E-AC97-F73A-AD90999BAD57} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8D113E0-89C4-452B-B5F8-D5892B97E865} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8D113E0-89C4-452B-B5F8-D5892B97E865} => key removed successfully
C:\WINDOWS\System32\Tasks\running => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\running => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF1B349D-9033-4343-90E1-8DF3285763E5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF1B349D-9033-4343-90E1-8DF3285763E5} => key removed successfully
C:\WINDOWS\System32\Tasks\One System Care Run Delay => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Run Delay => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{CB87629A-8489-4C73-AE4D-105AA68062B0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB87629A-8489-4C73-AE4D-105AA68062B0} => key removed successfully
C:\WINDOWS\System32\Tasks\84ada1afa7c167c2ece4358073ff9765 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\84ada1afa7c167c2ece4358073ff9765 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CBED7720-A8A7-4B50-941F-535107E410D0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBED7720-A8A7-4B50-941F-535107E410D0} => key removed successfully
C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-EN => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-EN => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{DDEC1899-7A45-4139-8EE1-F923E0A9F986} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDEC1899-7A45-4139-8EE1-F923E0A9F986} => key removed successfully
C:\WINDOWS\System32\Tasks\L2Onstart => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\L2Onstart => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{E5F370AF-44F5-4183-AE39-3EEAE7DCFFAC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5F370AF-44F5-4183-AE39-3EEAE7DCFFAC} => key removed successfully
C:\WINDOWS\System32\Tasks\AVObjit => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVObjit => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8EF9BC7-4813-40DD-9B0F-B77BD7079063} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8EF9BC7-4813-40DD-9B0F-B77BD7079063} => key removed successfully
C:\WINDOWS\System32\Tasks\OneSystemCare Task => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneSystemCare Task => key removed successfully
C:\WINDOWS\Tasks\One System CarePeriod.job => not found.
C:\WINDOWS\Tasks\{3DA2F7AE-E2B9-4759-D6C9-43BA0E8C3D15}.job => not found.
C:\Users\MoFooKiN BizmaTek\Desktop\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Videostream for Google Chromecastâ„¢.lnk => Shortcut argument removed successfully.
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk => Shortcut argument removed successfully.
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chromium.lnk => not found.
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk => Shortcut argument removed successfully.
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk => Shortcut argument removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\Public\Desktop\Google Chrome.lnk => Shortcut argument removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{91BEBEE6-45A7-4C4A-AE3B-4ADA11DF3531} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{21D6B1BE-4D46-496D-947D-86C7C721CC4A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A9DA1F68-AB01-4B6C-9B5C-A48C784AAC82} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{008E7A76-C080-4918-9A08-4962A2A155D8} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DAEB742B-B67B-448B-8A1D-A793E3BF174D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{14112D2C-FD96-4A71-9CB5-239AE65447CE} => value removed successfully
C:\Users\MoFooKiN BizmaTek\Desktop\Download Video and Audio Online.lnk => moved successfully
C:\Users\MoFooKiN BizmaTek\Desktop\Gоoglе Сhrоmе.lnk => moved successfully
C:\Users\MoFooKiN BizmaTek\Desktop\Сhrоmium.lnk => moved successfully
C:\Users\MoFooKiN BizmaTek\Desktop\VR\NаhimiÑ 2.lnk => moved successfully
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Сhrоmium.lnk => moved successfully
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Vidеostreаm for Gоogle ChromеÑastâ„¢.lnk => moved successfully
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget\ÐnоnymizеrGаdget.lnk => moved successfully
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnet Еxplоrer.lnk => moved successfully
"C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gоogle Chrоmе.lnk" => not found.
"C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Сhromium.lnk" => not found.
"C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gоoglе Chrоme.lnk" => not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооgle Сhrome.lnk => moved successfully
C:\Users\Public\Desktop\Gооgle Сhromе.lnk => moved successfully
C:\Users\Public\Desktop\Wоrld оf Wаrships.lnk => moved successfully
"C:\Program Files\84ada1afa7c167c2ece4358073ff976" => not found.
C:\Program Files\AVObjit => moved successfully
C:\Program Files\jetstrmedia => moved successfully
C:\Program Files\Common Files\Noobzo => moved successfully
C:\Program Files (x86)\AnonymizerGadget => moved successfully
C:\Program Files (x86)\Company => moved successfully
C:\Program Files (x86)\bnsplayer => moved successfully
"C:\Program Files (x86)\BeansPlayer" => not found.
C:\Program Files (x86)\EciZvBn5MomN => moved successfully
C:\Program Files (x86)\EciZvBn5MomN Updater => moved successfully
C:\Program Files (x86)\L2VPN => moved successfully
C:\Program Files (x86)\SoftUpgrade => moved successfully
"C:\Program Files (x86)\OneSystemCare" => not found.
C:\ProgramData\69815218-2861-0 => moved successfully
C:\ProgramData\69815218-1777-1 => moved successfully
C:\ProgramData\38eae574 => moved successfully
C:\ProgramData\{6CF1C05A-DB5A-77F1-25CE-29904C39DD0D} => moved successfully
C:\ProgramData\{60bf6030-412c-0} => moved successfully
C:\ProgramData\{3a0f1d6a-012c-1} => moved successfully
C:\ProgramData\{2CA8E9B4-9B03-5E1F-DA56-99977EEC4810} => moved successfully
C:\ProgramData\494fa140-1c51-0 => moved successfully
C:\ProgramData\494fa140-0715-1 => moved successfully
C:\ProgramData\403699fe59484dd3887b22601a3ac593 => moved successfully
C:\ProgramData\BSD => moved successfully
C:\ProgramData\TweakBit => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care" => not found.
C:\ProgramData\smp2.exe => moved successfully
C:\Users\MoFooKiN BizmaTek\Downloads\adobe_flash_setup_1371505745.exe => moved successfully
C:\Users\MoFooKiN BizmaTek\AppData\Local\{A13F9763-8597-FBDB-E80F-DE33CC6722AB} => moved successfully
C:\Users\MoFooKiN BizmaTek\AppData\Local\4e199afe3d574f909138b5b7d0506b84 => moved successfully
C:\Users\MoFooKiN BizmaTek\AppData\Local\AdvinstAnalytics => moved successfully
c:\users\mofookin bizmatek\appdata\local\chromium => moved successfully
C:\Users\MoFooKiN BizmaTek\AppData\Local\NetSupport => moved successfully
C:\Users\MoFooKiN BizmaTek\AppData\Local\WeatherBuddy => moved successfully
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\f6eb09d47736462b8a45ef97fcede229 => moved successfully
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\a9111e571d1f4067bbb4ee9be5dd98c2 => moved successfully
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\AGData => moved successfully
"C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Browsers" => not found.
"C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Kapihicus" => not found.
"C:\Users\MoFooKiN BizmaTek\AppData\Roaming\One System Care" => not found.
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\ReportErr => moved successfully
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\SPI => moved successfully
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\SystemUpdate => moved successfully
"C:\Users\MoFooKiN BizmaTek\AppData\Roaming\windows.exe" => not found.
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\weatherscr.exe => moved successfully
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\wb_ni_23_139_c.exe => moved successfully
C:\Users\MoFooKiN BizmaTek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnonymizerGadget => moved successfully
"C:\Users\MOFOOK~1\AppData\Roaming\Megag" => not found.
C:\Windows\src_srv => moved successfully
C:\WINDOWS\tang.exe => moved successfully
C:\WINDOWS\cross1467io.exe => moved successfully
C:\WINDOWS\Microsoft12.bmp => moved successfully
C:\WINDOWS\rsrcs.dll => moved successfully
C:\WINDOWS\5ef15c60a59549278130da19940e9560.ps1 => moved successfully
C:\WINDOWS\c19cb907bdac8210b94900afb15783fd.exe => moved successfully
C:\WINDOWS\uninstaller.dat => moved successfully
C:\WINDOWS\unins000.exe => moved successfully
C:\WINDOWS\unins000.dat => moved successfully
C:\WINDOWS\WeatherBuddy.INI => moved successfully
C:\WINDOWS\system32\bi3.exe => moved successfully
C:\WINDOWS\system32\drivers\cf7a54dc958ee2ea30fddb12c86c58b1.sys => moved successfully

"C:\WINDOWS\SysWOW64\SSL" folder move:

Could not move "C:\WINDOWS\SysWOW64\SSL" => Scheduled to move on reboot.

=========== "C:\Windows\Temp\*.tmp.exe" ==========

C:\Windows\Temp\gBDF7.tmp.exe => moved successfully
C:\Windows\Temp\gFBEC.tmp.exe => moved successfully
C:\Windows\Temp\gFBED.tmp.exe => moved successfully

========= End -> "C:\Windows\Temp\*.tmp.exe" ========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 123522 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 115739356 B
Java, Flash, Steam htmlcache => 342793810 B
Windows/system/drivers => 66563690 B
Edge => 38597991 B
Chrome => 360056538 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 6807214 B
systemprofile32 => 1737694 B
LocalService => 22508 B
NetworkService => 36810 B
MoFooKiN BizmaTek => 1943067903 B

RecycleBin => 115686 B
EmptyTemp: => 2.7 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 05-11-2017 20:06:32)

C:\WINDOWS\SysWOW64\SSL => Is moved successfully

==== End of Fixlog 20:06:32 ====

 

 

Still the blue screen persists...  This is driving me crazy! To top it off my other machine just threw a BSOD and now will not start up!!!  Npne of the repair options are working for it either... I believe its infected as well.. Might have to start another ticket after this one.. good thing i paid for two licenses!

[Finaly got MWB to scan then Ransom page blocks all]

it did not fix the blue screen.     im going to try it again. 

[Finaly got MWB to scan then Ransom page blocks all]

Ok i started going down the list uninstalling the programs you listed (all of which seem to be there)  but every time i get to chromium it seems to stall,  just sitting there.  Then this blue screen covers the whole screen on top of everything,  saing that i must re enter my windows serial key and gives me no other option to get out of it,  making me restart to use the laptop at all.  alt tab nor alt f4 work and i can ctrl alt del to shut down but task manager doesnt show through this screen.  I took a picture to post here but now my phone says it cant complete the action because of low memory.!  so ill put it in my next post from the pc when i get to it...    also it does this weather or not im trying to uninstall chromium.  My question is,  do i need to uninstall these programs before i run the fix u sent?  Im thinking im not going to be able to but im going to try one more time.. 

 

well i tried it again,  this time chromium was gone so i moved to game assist and it said that there was an error that game assist

apeared to already be uninstalled would i like to remove it from the list?  then it did the windows serial thing again.. 

[Finaly got MWB to scan then Ransom page blocks all]

Ok i started going down the list uninstalling the programs you listed (all of which seem to be there)  but every time i get to chromium it seems to stall,  just sitting there.  Then this blue screen covers the whole screen on top of everything,  saing that i must re enter my windows serial key and gives me no other option to get out of it,  making me restart to use the laptop at all.  alt tab nor alt f4 work and i can ctrl alt del to shut down but task manager doesnt show through this screen.  I took a picture to post here but now my phone says it cant complete the action because of low memory.!  so ill put it in my next post from the pc when i get to it...    also it does this weather or not im trying to uninstall chromium.  My question is,  do i need to uninstall these programs before i run the fix u sent?  Im thinking im not going to be able to but im going to try one more time.. 

[Finaly got MWB to scan then Ransom page blocks all]

Yes, thats how I have been doing it, I tried it again just to be sure...   No, neither of these will run. Ive done it exactly as you described. This time I took pictures. they are attached. Any more Ideas?   Note the 20171104_183124.jpg picture is when I attempted to run mbar.cmd.      Thanx for the help btw.

[Finaly got MWB to scan then Ransom page blocks all]

Yes I tried that before my last p[ost. the execution was blocked by an "admin" due to it being a malicious file type... Even though I am the only admin on the PC.

 

Wait are you talking about trying to run the file within the zip? cause I have been extracting it to my thumb drive and then running it from there on my broke machine..?

 

[Finaly got MWB to scan then Ransom page blocks all]

ok I can not get any .exe file or .cmd file to run I click on it asnd a error pops up saying that an admin has prevented the file from running for my safety.  I can get the camelian version to run but it fails to update, finds the same threats and well... you have the log I ghot for that..  what should I do?

 

[Finaly got MWB to scan then Ransom page blocks all]

Ok it should be noted that After using chamelian I was able to scan and remove threats, but when I( tried to install updates it couldnt reach the server. So I got mbar-1.10.3.1001-nr.exe

but it said that an admin had blocked the file from running. So I ren chamelian AGFAIN RAN A SCAN AND HAD ALOT OF THREATS POP UP AGASIN sry for caps. but this time I made a report aND IT IS ATTATCHED, NOW i AM dlING THE ZIP FILE TO TRY IT. iLL BE BACK AFTER.. grrr caps...   Anyway where do I find the log file that you are asking for?

mwb.txt

[Finaly got MWB to scan then Ransom page blocks all]

At first I couldn't run MWB but I followed the FAQ and got it to scan using Chameleon. At the end of that scan a blue background filled the screen with a blank box in the middle asking me to enter in the original serial key for windows 10 and wont let me do anything. Ctrl-alt-delete brings up the list but up[on clicking task manager, nothing...  Alt-f4 does nothing also. Only thing I can do to get this to temp go away is reboot. Upon start up random appearing web pages open on browser.. followed by the detection of some spyware by win defender and then the fake blue screen.   Ive included the logs listed in FAQ with the exception of the MWB as I couldnbt get it due to the msg I mentioned. Although it did remove 97 threats....  So there it is... Im at a loss.

 

Thanx in advance and I wont be asking for help with this issue anywhere else.

Addition.txt

FRST.txt