Fix result of Farbar Recovery Scan Tool (x64) Version: 21.01.2018 Ran by sylvania (24-01-2018 21:10:38) Run:4 Running from C:\Users\sylvania\Desktop Loaded Profiles: sylvania (Available Profiles: sylvania & Administrator) Boot Mode: Safe Mode (with Networking) ============================================== fixlist content: ***************** start CloseProcesses: CreateRestorepoint: R3 ruxaeh; system32\drivers\xaehkn.sys [X] R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.) [File not signed] R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.) [File not signed] S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.) [File not signed] Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-09-29] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe (No File) GroupPolicy: Restriction - Chrome <==== ATTENTION GroupPolicy\User: Restriction <==== ATTENTION HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Services\edoalm <==== ATTENTION (Rootkit!) HKLM\...\RunOnce: [KICTHEN] => C:\Windows\Temp\g746A.tmp.exe <==== ATTENTION HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION 2018-01-21 12:45 - 2018-01-21 12:46 - 082634184 _____ (Malwarebytes ) C:\Users\sylvania\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3739.exe 2018-01-21 12:42 - 2018-01-21 12:42 - 008206624 _____ (Malwarebytes) C:\Users\sylvania\Downloads\adwcleaner_7.0.7.0.exe 2018-01-21 12:37 - 2018-01-21 12:39 - 000005717 _____ C:\Users\sylvania\Desktop\ZHPCleaner.txt 2018-01-21 12:29 - 2018-01-21 12:39 - 000000000 ____D C:\Users\sylvania\AppData\Roaming\ZHP 2018-01-21 12:29 - 2018-01-21 12:29 - 003046784 _____ C:\Users\sylvania\Downloads\ZHPCleaner.exe 2018-01-21 12:29 - 2018-01-21 12:29 - 000000880 _____ C:\Users\sylvania\Desktop\ZHPCleaner.lnk 2018-01-21 12:29 - 2018-01-21 12:29 - 000000000 ____D C:\Users\sylvania\AppData\Local\ZHP 2018-01-16 23:50 - 2018-01-16 23:50 - 000000000 ____D C:\Users\sylvania\AppData\Local\ESET 2018-01-16 23:36 - 2018-01-21 12:54 - 000000000 ____D C:\Users\sylvania\Desktop\Adware 2018-01-16 21:05 - 2018-01-16 21:05 - 005660870 _____ (Swearware) C:\Users\sylvania\Downloads\ComboFix (1).exe 2018-01-16 21:02 - 2018-01-16 21:02 - 000388608 _____ (Trend Micro Inc.) C:\Users\sylvania\Downloads\HijackThis.exe 2018-01-16 19:45 - 2018-01-16 19:46 - 083316440 _____ (Malwarebytes ) C:\Users\sylvania\Downloads\mb3-setup-1878.1878-3.3.1.2183.exe 2018-01-16 19:38 - 2018-01-16 19:38 - 000000000 ____D C:\Malware 2018-01-16 16:05 - 2018-01-17 00:08 - 000002662 _____ C:\WINDOWS\System32\Tasks\FreeAntiVirus 2018-01-16 09:52 - 2018-01-16 10:08 - 000000000 ____D C:\Users\sylvania\Downloads\Malwarebytes Premium 3.3.1.2183 + Crack [CracksNow] 2018-01-15 14:13 - 2018-01-15 14:09 - 000455384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys.151604513090604 2018-01-15 14:02 - 2018-01-16 11:35 - 000000000 ____D C:\ProgramData\AVAST Software 2018-01-15 13:51 - 2018-01-15 13:51 - 000000000 ____D C:\Users\sylvania\Downloads\Avast! Internet Security + Premier Antivirus 17.8.2318 (build 17.8.3705.0) [CracksNow] 2018-01-15 18:01 - 2018-01-15 18:01 - 008198432 _____ (Malwarebytes) C:\Users\sylvania\Downloads\adwcleaner_7.0.6.0.exe 2018-01-15 17:38 - 2018-01-17 19:26 - 000000000 ____D C:\Program Files (x86)\Spyware Terminator 2018-01-15 17:37 - 2018-01-15 17:37 - 009694960 _____ (Crawler Group ) C:\Users\sylvania\Downloads\Baixaki_spyware-terminator [1].exe 2018-01-15 17:07 - 2018-01-15 17:07 - 031622688 _____ (SUPERAntiSpyware) C:\Users\sylvania\Downloads\Baixaki_superantispyware-free [1].exe 2018-01-15 17:02 - 2018-01-15 17:03 - 000249390 _____ C:\Users\sylvania\Downloads\Baixaki_spybot-search-destroy [1].exe 2018-01-15 16:50 - 2018-01-15 16:50 - 002189240 _____ ( ) C:\Users\sylvania\Downloads\Baixaki_spyware-terminator.exe 2018-01-15 16:47 - 2018-01-15 16:47 - 005660870 _____ (Swearware) C:\Users\sylvania\Downloads\ComboFix.exe 2018-01-15 13:30 - 2018-01-15 13:30 - 000003580 _____ C:\WINDOWS\System32\Tasks\Guard 2018-01-15 13:27 - 2018-01-19 14:44 - 000000000 ____D C:\Users\sylvania\AppData\Local\atomeug 2018-01-15 13:25 - 2018-01-15 13:25 - 000000000 ____D C:\Users\sylvania\AppData\Local\pcckgxe 2018-01-15 13:24 - 2018-01-15 13:24 - 000016876 _____ C:\WINDOWS\System32\Tasks\Unreal Tournament System 2018-01-15 12:28 - 2018-01-17 00:08 - 000016784 _____ C:\WINDOWS\System32\Tasks\MAndnoid 2018-01-15 12:26 - 2018-01-15 15:22 - 000000000 ____D C:\Users\sylvania\AppData\Local\8e00a5bd31a24925985c7e814dbcd34a 2018-01-15 12:26 - 2018-01-15 12:26 - 000000000 ____D C:\Users\sylvania\AppData\Local\b94931fdcac5403c92e2e73da835b9f3 2018-01-15 12:24 - 2018-01-15 12:24 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2018-01-15 12:11 - 2018-01-15 12:11 - 000003532 _____ C:\WINDOWS\System32\Tasks\MicrosoftUpd 2018-01-15 12:10 - 2018-01-17 00:08 - 000014468 _____ C:\WINDOWS\System32\Tasks\5the-StoryPDF 2018-01-15 12:10 - 2018-01-15 12:10 - 000000258 __RSH C:\Users\sylvania\ntuser.pol 2018-01-15 12:09 - 2018-01-21 12:53 - 000000000 ____D C:\Users\sylvania\AppData\Local\aucoblx 2018-01-15 11:23 - 2018-01-15 11:23 - 000003908 _____ C:\WINDOWS\System32\Tasks\8841884888418848 2018-01-15 11:23 - 2018-01-15 11:23 - 000003900 _____ C:\WINDOWS\System32\Tasks\4149211341492113 2018-01-15 11:23 - 2018-01-15 11:23 - 000003892 _____ C:\WINDOWS\System32\Tasks\23421212342121 2018-01-15 11:23 - 2018-01-15 11:23 - 000003856 _____ C:\WINDOWS\System32\Tasks\k41492113 2018-01-15 11:23 - 2018-01-15 11:23 - 000003854 _____ C:\WINDOWS\System32\Tasks\88418848 2018-01-15 11:23 - 2018-01-15 11:23 - 000003844 _____ C:\WINDOWS\System32\Tasks\41492113 2018-01-15 11:23 - 2018-01-15 11:23 - 000003842 _____ C:\WINDOWS\System32\Tasks\2342121 2018-01-15 11:22 - 2018-01-15 14:04 - 000000000 ___HD C:\Program Files (x86)\Peh 2018-01-15 11:22 - 2018-01-15 13:28 - 000000103 _____ C:\WINDOWS\SysWOW64\del.bat 2018-01-15 11:21 - 2018-01-15 13:27 - 000000000 ____D C:\Users\sylvania\AppData\Local\f242f081524444d6bef341ea63e30225 2018-01-15 11:21 - 2018-01-15 11:21 - 000140800 _____ C:\Users\sylvania\AppData\Local\installer.dat 2018-01-15 11:21 - 2018-01-15 11:21 - 000004088 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_RC 2018-01-15 11:21 - 2018-01-15 11:21 - 000004088 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_HT 2018-01-15 11:21 - 2018-01-15 11:21 - 000004088 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_HO 2018-01-15 11:21 - 2018-01-15 11:21 - 000004088 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_AN 2018-01-15 11:21 - 2018-01-15 11:21 - 000004080 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_UP 2018-01-15 11:21 - 2018-01-15 11:21 - 000000000 ____D C:\WINDOWS\SysWOW64\cokgrnb 2018-01-15 11:21 - 2018-01-15 11:21 - 000000000 ____D C:\WINDOWS\system32\cokgrnb 2018-01-15 11:21 - 2018-01-15 11:21 - 000000000 ____D C:\Users\sylvania\AppData\Local\zmvkn 2018-01-15 11:19 - 2018-01-15 11:19 - 000014848 _____ C:\Users\sylvania\AppData\Local\dolsaw.dll 2018-01-15 11:19 - 2018-01-15 11:19 - 000003072 _____ C:\Users\sylvania\AppData\Local\uninstallBR.exe 2018-01-15 11:19 - 2018-01-15 11:19 - 000014848 _____ () C:\Users\sylvania\AppData\Local\dolsaw.dll 2018-01-15 11:21 - 2018-01-15 11:21 - 000140800 _____ () C:\Users\sylvania\AppData\Local\installer.dat 2018-01-16 19:46 - 2018-01-16 19:46 - 083316440 _____ (Malwarebytes) C:\Users\sylvania\AppData\Local\Temp\mb3-setup-1878.1878-3.3.1.2183.exe Task: {015FB16F-C445-420C-95F7-95D08DA02A30} - System32\Tasks\MAndnoid => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\MAndnoid\MAndnoid.dll",KagZyluac <==== ATTENTION Task: {072FCC2B-D313-44EE-B379-74168ADCF076} - System32\Tasks\GoogleUpdateSecurityTaskMachine_RC => C:\Users\sylvania\AppData\Roaming\240e403a56ce48ff959050de1779ae41\chipset.exe exec hide CCHRXSFIFC.cmd <==== ATTENTION Task: {1A5217E1-C498-461F-A06C-67CC443AC9A8} - System32\Tasks\GoogleUpdateSecurityTaskMachine_HO => C:\Users\sylvania\AppData\Roaming\46fdfd7893ed431e9266132606b9faed\chipset.exe exec hide OUOHPHRXPB.cmd <==== ATTENTION Task: {3509B144-F3FC-47A6-B99D-3A7A8372646D} - System32\Tasks\Unreal Tournament System => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Unreal Tournament System\Unreal Tournament System.dll",DuMAuBY <==== ATTENTION Task: {35BE92FA-70C2-45F5-BB8F-ABF996B3AB11} - System32\Tasks\GoogleUpdateSecurityTaskMachine_UP => C:\Users\sylvania\AppData\Local\f242f081524444d6bef341ea63e30225\chipset.exe exec hide NSMPNQGYAN.cmd <==== ATTENTION Task: {3EC0033B-3370-4733-84EB-10C3D464B24D} - System32\Tasks\88418848 => C:\Users\sylvania\AppData\Local\hawaiian.exe <==== ATTENTION Task: {5D01E282-0EEF-48D4-A1B9-DF39D164EE7A} - System32\Tasks\MicrosoftUpd => C:\ProgramData\MicrosoftUpd.exe <==== ATTENTION Task: {68D47E07-5B30-4370-AD36-9F066B16B564} - System32\Tasks\Mouse Video Converter => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Mouse Video Converter\Mouse Video Converter.dll",nZajaVdtGGmp <==== ATTENTION Task: {7088B7C3-248B-4C76-914E-AB9189D0DE98} - System32\Tasks\23421212342121 => C:\Program Files (x86)\volpi\correlations.exe <==== ATTENTION Task: {8F437DF9-F650-4F8C-81B1-01B33EEEBC37} - System32\Tasks\8841884888418848 => C:\Users\sylvania\AppData\Local\correlations.exe <==== ATTENTION Task: {98E9D453-9E6A-4397-9C9F-0363B15D7D00} - System32\Tasks\5the-StoryPDF => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\5the-StoryPDF\5the-StoryPDF.dll",PqMfKgc <==== ATTENTION Task: {A6D298CF-E2E7-45D3-8EB2-59BE56F206AF} - System32\Tasks\2342121 => C:\Program Files (x86)\Prune\hawaiian.exe <==== ATTENTION Task: {B3738D91-2C51-4462-970D-317C6037E48B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated) Task: {B94D0EA6-32CC-4439-A59A-83BC922EA69F} - System32\Tasks\4149211341492113 => C:\Program Files (x86)\Peh\correlations.exe <==== ATTENTION Task: {BA1ED955-A2B0-41B6-8E93-75F6398430F1} - System32\Tasks\FreeAntiVirus => C:\WINDOWS\explorer.exe "hxxp://destyy.com/qNHR3u" <==== ATTENTION Task: {DB5BCFD7-3048-404A-874A-7D2691407738} - System32\Tasks\GoogleUpdateSecurityTaskMachine_AN => C:\Users\sylvania\AppData\Roaming\37c695d4924440dcbd07c800b3d8eab3\chipset.exe exec hide QKASIHBDFV.cmd <==== ATTENTION Task: {E1C71B97-2836-4369-BB76-8DD9B72F755F} - System32\Tasks\Guard => C:\Program Files (x86)\System Native\Main Services\Guard.exe <==== ATTENTION Task: {F3FFC702-2A04-4223-93E8-4CCF6634E93F} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {F5EF4418-8A45-4FA9-9ABF-3E402704BD02} - System32\Tasks\GoogleUpdateSecurityTaskMachine_HT => C:\Users\sylvania\AppData\Roaming\3a8c3ef3fd414bff8a3e5a34158aceae\chipset.exe exec hide AHCWRJOCHC.cmd <==== ATTENTION Task: {F753E39E-3850-40B4-8EBA-D39731575138} - System32\Tasks\41492113 => C:\Program Files (x86)\Peh\hawaiian.exe <==== ATTENTION AlternateDataStreams: C:\Users\sylvania\Desktop\1.jpeg:3or4kl4x13tuuug3Byamue2s4b [89] AlternateDataStreams: C:\Users\sylvania\Desktop\1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\sylvania\Desktop\2.jpeg:3or4kl4x13tuuug3Byamue2s4b [89] AlternateDataStreams: C:\Users\sylvania\Desktop\2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:\Users\sylvania\Desktop\3.jpeg:3or4kl4x13tuuug3Byamue2s4b [89] AlternateDataStreams: C:\Users\sylvania\Desktop\3.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] C:\Users\sylvania\AppData\Local\aucoblx\avswuok.exe C:\Users\sylvania\AppData\Local\aucoblx\avswuok.exe C:\Users\sylvania\AppData\Local\aucoblx\aucoblx.exe C:\Users\sylvania\AppData\Local\pcckgxe\pwnvdtm.exe C:\Users\sylvania\AppData\Local\zmvkn\apexpsvc.exe C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe C:\Program Files\TrueKey\McTkSchedulerService.exe C:\Users\sylvania\AppData\Local\pcckgxe C:\Users\sylvania\AppData\Local\zmvkn C:\Users\sylvania\AppData\Local\aucoblx CMD: rd /S /Q "%WinDir%\System32\GroupPolicyUsers" CMD: rd /S /Q "%WinDir%\System32\GroupPolicy" CMD: gpupdate /force CMD: netsh winsock reset catalog VirusTotal: C:\WINDOWS\system32\drivers\wdbnruxa.sys CMD: ipconfig /flushdns RemoveProxy: EmptyTemp: Hosts: Reboot: end ***************** Processes closed successfully. Error: Restore point can only be created in normal mode. ruxaeh => service not found. "HKLM\System\CurrentControlSet\Services\TrueKey" => removed successfully TrueKey => service removed successfully "HKLM\System\CurrentControlSet\Services\TrueKeyScheduler" => removed successfully TrueKeyScheduler => service removed successfully "HKLM\System\CurrentControlSet\Services\TrueKeyServiceHelper" => removed successfully TrueKeyServiceHelper => service removed successfully HKLM\System\CurrentControlSet\Control\Lsa\\Notification Packages => value restored successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => moved successfully "C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe" => not found C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully C:\WINDOWS\system32\GroupPolicy\User => moved successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService" => removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\MBAMService" => removed successfully HKLM\SYSTEM\CurrentControlSet\Services\edoalm <==== ATTENTION (Rootkit!) => Error: No automatic fix found for this entry. "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\KICTHEN" => not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\03D22C9C66915D58C88912B64C1F984B8344EF09 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\0F684EC1163281085C6AF20528878103ACEFCAAB => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\1667908C9E22EFBD0590E088715CC74BE4C60884 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\18DEA4EFA93B06AE997D234411F3FD72A677EECE => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\249BDA38A611CD746A132FA2AF995A2D3C941264 => key could not remove. Access Denied. HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\31AC96A6C17C425222C46D55C3CCA6BA12E54DAF => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\331E2046A1CCA7BFEF766724394BE6112B4CA3F7 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3353EA609334A9F23A701B9159E30CB6C22D4C59 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\373C33726722D3A5D1EDD1F1585D5D25B39BEA1A => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3D496FA682E65FC122351EC29B55AB94F3BB03FC => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4420C99742DF11DD0795BC15B7B0ABF090DC84DF => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5240AB5B05D11B37900AC7712A3C6AE42F377C8C => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\5DD3D41810F28B2A13E9A004E6412061E28FA48D => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\7457A3793086DBB58B3858D6476889E3311E550E => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\76A9295EF4343E12DFC5FE05DC57227C1AB00D29 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\775B373B33B9D15B58BC02B184704332B97C3CAF => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\872CD334B7E7B3C3D1C6114CD6B221026D505EAB => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\88AD5DFE24126872B33175D1778687B642323ACF => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9132E8B079D080E01D52631690BE18EBC2347C1E => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\982D98951CF3C0CA2A02814D474A976CBFF6BDB1 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9C43F665E690AB4D486D4717B456C5554D4BCEB5 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A5341949ABE1407DD7BF7DFE75460D9608FBC309 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A59CC32724DD07A6FC33F7806945481A2D13CA2F => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD4C5429E10F4FF6C01840C20ABA344D7401209F => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD96BB64BA36379D2E354660780C2067B81DA2E0 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 => key could not remove. Access Denied. HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\CDC37C22FE9272D8F2610206AD397A45040326B8 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB303C9B61282DE525DC754A535CA2D6A9BD3D87 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB77E5CFEC34459146748B667C97B185619251BA => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E22240E837B52E691C71DF248F12D27F96441C00 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\ED841A61C0F76025598421BC1B00E24189E68D54 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F83099622B4A9F72CB5081F742164AD1B8D048C9 => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FBB42F089AF2D570F2BF6F493D107A3255A9BB1A => key not found HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 => key not found "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully "C:\Users\sylvania\Downloads\mb3-setup-consumer-3.3.1.2183-1.0.262-1.0.3739.exe" => not found C:\Users\sylvania\Downloads\adwcleaner_7.0.7.0.exe => moved successfully "C:\Users\sylvania\Desktop\ZHPCleaner.txt" => not found C:\Users\sylvania\AppData\Roaming\ZHP => moved successfully C:\Users\sylvania\Downloads\ZHPCleaner.exe => moved successfully "C:\Users\sylvania\Desktop\ZHPCleaner.lnk" => not found C:\Users\sylvania\AppData\Local\ZHP => moved successfully C:\Users\sylvania\AppData\Local\ESET => moved successfully C:\Users\sylvania\Desktop\Adware => moved successfully "C:\Users\sylvania\Downloads\ComboFix (1).exe" => not found C:\Users\sylvania\Downloads\HijackThis.exe => moved successfully "C:\Users\sylvania\Downloads\mb3-setup-1878.1878-3.3.1.2183.exe" => not found C:\Malware => moved successfully "C:\WINDOWS\System32\Tasks\FreeAntiVirus" => not found C:\Users\sylvania\Downloads\Malwarebytes Premium 3.3.1.2183 + Crack [CracksNow] => moved successfully C:\WINDOWS\system32\Drivers\aswSP.sys.151604513090604 => moved successfully C:\ProgramData\AVAST Software => moved successfully C:\Users\sylvania\Downloads\Avast! Internet Security + Premier Antivirus 17.8.2318 (build 17.8.3705.0) [CracksNow] => moved successfully "C:\Users\sylvania\Downloads\adwcleaner_7.0.6.0.exe" => not found C:\Program Files (x86)\Spyware Terminator => moved successfully C:\Users\sylvania\Downloads\Baixaki_spyware-terminator [1].exe => moved successfully C:\Users\sylvania\Downloads\Baixaki_superantispyware-free [1].exe => moved successfully C:\Users\sylvania\Downloads\Baixaki_spybot-search-destroy [1].exe => moved successfully "C:\Users\sylvania\Downloads\Baixaki_spyware-terminator.exe" => not found C:\Users\sylvania\Downloads\ComboFix.exe => moved successfully "C:\WINDOWS\System32\Tasks\Guard" => not found "C:\Users\sylvania\AppData\Local\atomeug" folder move: Could not move "C:\Users\sylvania\AppData\Local\atomeug" => Scheduled to move on reboot. "C:\Users\sylvania\AppData\Local\pcckgxe" folder move: Could not move "C:\Users\sylvania\AppData\Local\pcckgxe" => Scheduled to move on reboot. "C:\WINDOWS\System32\Tasks\Unreal Tournament System" => not found "C:\WINDOWS\System32\Tasks\MAndnoid" => not found C:\Users\sylvania\AppData\Local\8e00a5bd31a24925985c7e814dbcd34a => moved successfully C:\Users\sylvania\AppData\Local\b94931fdcac5403c92e2e73da835b9f3 => moved successfully C:\WINDOWS\system32\Drivers\wd => moved successfully "C:\WINDOWS\System32\Tasks\MicrosoftUpd" => not found C:\WINDOWS\System32\Tasks\5the-StoryPDF => moved successfully C:\Users\sylvania\ntuser.pol => moved successfully "C:\Users\sylvania\AppData\Local\aucoblx" folder move: Could not move "C:\Users\sylvania\AppData\Local\aucoblx" => Scheduled to move on reboot. "C:\WINDOWS\System32\Tasks\8841884888418848" => not found "C:\WINDOWS\System32\Tasks\4149211341492113" => not found "C:\WINDOWS\System32\Tasks\23421212342121" => not found "C:\WINDOWS\System32\Tasks\k41492113" => not found "C:\WINDOWS\System32\Tasks\88418848" => not found "C:\WINDOWS\System32\Tasks\41492113" => not found "C:\WINDOWS\System32\Tasks\2342121" => not found C:\Program Files (x86)\Peh => moved successfully "C:\WINDOWS\SysWOW64\del.bat" => not found "C:\Users\sylvania\AppData\Local\f242f081524444d6bef341ea63e30225" => not found C:\Users\sylvania\AppData\Local\installer.dat => moved successfully "C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_RC" => not found "C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_HT" => not found "C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_HO" => not found "C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_AN" => not found "C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_UP" => not found C:\WINDOWS\SysWOW64\cokgrnb => moved successfully "C:\WINDOWS\system32\cokgrnb" folder move: Could not move "C:\WINDOWS\system32\cokgrnb" => Scheduled to move on reboot. C:\Users\sylvania\AppData\Local\zmvkn => moved successfully "C:\Users\sylvania\AppData\Local\dolsaw.dll" => not found "C:\Users\sylvania\AppData\Local\uninstallBR.exe" => not found "C:\Users\sylvania\AppData\Local\dolsaw.dll" => not found "C:\Users\sylvania\AppData\Local\installer.dat" => not found "C:\Users\sylvania\AppData\Local\Temp\mb3-setup-1878.1878-3.3.1.2183.exe" => not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{015FB16F-C445-420C-95F7-95D08DA02A30} => could not remove key. ErrorCode1: 0x00000001 "C:\WINDOWS\System32\Tasks\MAndnoid" => not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MAndnoid => key not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{072FCC2B-D313-44EE-B379-74168ADCF076}" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{072FCC2B-D313-44EE-B379-74168ADCF076} => key not found "C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_RC" => not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_RC => key not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A5217E1-C498-461F-A06C-67CC443AC9A8}" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A5217E1-C498-461F-A06C-67CC443AC9A8} => key not found "C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_HO" => not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_HO => key not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3509B144-F3FC-47A6-B99D-3A7A8372646D} => key not found "C:\WINDOWS\System32\Tasks\Unreal Tournament System" => not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Unreal Tournament System => key not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35BE92FA-70C2-45F5-BB8F-ABF996B3AB11}" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35BE92FA-70C2-45F5-BB8F-ABF996B3AB11} => key not found "C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_UP" => not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_UP => key not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3EC0033B-3370-4733-84EB-10C3D464B24D}" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EC0033B-3370-4733-84EB-10C3D464B24D} => key not found "C:\WINDOWS\System32\Tasks\88418848" => not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\88418848 => key not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D01E282-0EEF-48D4-A1B9-DF39D164EE7A} => key not found "C:\WINDOWS\System32\Tasks\MicrosoftUpd" => not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MicrosoftUpd => key not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68D47E07-5B30-4370-AD36-9F066B16B564} => key not found C:\WINDOWS\System32\Tasks\Mouse Video Converter => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Mouse Video Converter" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7088B7C3-248B-4C76-914E-AB9189D0DE98}" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7088B7C3-248B-4C76-914E-AB9189D0DE98} => key not found "C:\WINDOWS\System32\Tasks\23421212342121" => not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\23421212342121 => key not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8F437DF9-F650-4F8C-81B1-01B33EEEBC37}" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F437DF9-F650-4F8C-81B1-01B33EEEBC37} => key not found "C:\WINDOWS\System32\Tasks\8841884888418848" => not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\8841884888418848 => key not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{98E9D453-9E6A-4397-9C9F-0363B15D7D00}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98E9D453-9E6A-4397-9C9F-0363B15D7D00}" => removed successfully "C:\WINDOWS\System32\Tasks\5the-StoryPDF" => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5the-StoryPDF" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A6D298CF-E2E7-45D3-8EB2-59BE56F206AF}" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6D298CF-E2E7-45D3-8EB2-59BE56F206AF} => key not found "C:\WINDOWS\System32\Tasks\2342121" => not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\2342121 => key not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B3738D91-2C51-4462-970D-317C6037E48B}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3738D91-2C51-4462-970D-317C6037E48B}" => removed successfully C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B94D0EA6-32CC-4439-A59A-83BC922EA69F}" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B94D0EA6-32CC-4439-A59A-83BC922EA69F} => key not found "C:\WINDOWS\System32\Tasks\4149211341492113" => not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4149211341492113 => key not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA1ED955-A2B0-41B6-8E93-75F6398430F1}" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA1ED955-A2B0-41B6-8E93-75F6398430F1} => key not found "C:\WINDOWS\System32\Tasks\FreeAntiVirus" => not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FreeAntiVirus => key not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB5BCFD7-3048-404A-874A-7D2691407738}" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB5BCFD7-3048-404A-874A-7D2691407738} => key not found "C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_AN" => not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_AN => key not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1C71B97-2836-4369-BB76-8DD9B72F755F}" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1C71B97-2836-4369-BB76-8DD9B72F755F} => key not found "C:\WINDOWS\System32\Tasks\Guard" => not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Guard => key not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3FFC702-2A04-4223-93E8-4CCF6634E93F}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3FFC702-2A04-4223-93E8-4CCF6634E93F}" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => key not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5EF4418-8A45-4FA9-9ABF-3E402704BD02}" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5EF4418-8A45-4FA9-9ABF-3E402704BD02} => key not found "C:\WINDOWS\System32\Tasks\GoogleUpdateSecurityTaskMachine_HT" => not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateSecurityTaskMachine_HT => key not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F753E39E-3850-40B4-8EBA-D39731575138}" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F753E39E-3850-40B4-8EBA-D39731575138} => key not found "C:\WINDOWS\System32\Tasks\41492113" => not found HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\41492113 => key not found C:\Users\sylvania\Desktop\1.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove. C:\Users\sylvania\Desktop\1.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully C:\Users\sylvania\Desktop\2.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove. C:\Users\sylvania\Desktop\2.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully C:\Users\sylvania\Desktop\3.jpeg => ":3or4kl4x13tuuug3Byamue2s4b" ADS could not remove. C:\Users\sylvania\Desktop\3.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully "C:\Users\sylvania\AppData\Local\aucoblx\avswuok.exe" => not found "C:\Users\sylvania\AppData\Local\aucoblx\avswuok.exe" => not found "C:\Users\sylvania\AppData\Local\aucoblx\aucoblx.exe" => not found "C:\Users\sylvania\AppData\Local\pcckgxe\pwnvdtm.exe" => not found "C:\Users\sylvania\AppData\Local\zmvkn\apexpsvc.exe" => not found C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe => moved successfully C:\Program Files\TrueKey\McTkSchedulerService.exe => moved successfully "C:\Users\sylvania\AppData\Local\pcckgxe" folder move: Could not move "C:\Users\sylvania\AppData\Local\pcckgxe" => Scheduled to move on reboot. "C:\Users\sylvania\AppData\Local\zmvkn" => not found "C:\Users\sylvania\AppData\Local\aucoblx" folder move: Could not move "C:\Users\sylvania\AppData\Local\aucoblx" => Scheduled to move on reboot. ========= rd /S /Q "%WinDir%\System32\GroupPolicyUsers" ========= ========= End of CMD: ========= ========= rd /S /Q "%WinDir%\System32\GroupPolicy" ========= ========= End of CMD: ========= ========= gpupdate /force ========= Updating policy... Computer Policy Update Failed. User Policy Update Failed. To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results. ========= End of CMD: ========= ========= netsh winsock reset catalog ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= "VirusTotal: C:\WINDOWS\system32\drivers\wdbnruxa.sys" => not found ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= RemoveProxy: ========= "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully "HKU\S-1-5-21-2400762992-834235184-972392584-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully "HKU\S-1-5-21-2400762992-834235184-972392584-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully ========= End of RemoveProxy: ========= Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 8151040 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 38507832 B Java, Flash, Steam htmlcache => 74072908 B Windows/system/drivers => 3859 B Edge => 2092292 B Chrome => 316626008 B Firefox => 227027647 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 99852 B systemprofile32 => 0 B LocalService => 78674 B NetworkService => 0 B sylvania => 430464236 B Administrator => 71898 B RecycleBin => 99170756 B EmptyTemp: => 1.1 GB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Safe Mode (with Networking)) (Date&Time: 24-01-2018 21:12:40) C:\Users\sylvania\AppData\Local\atomeug => Could not move C:\Users\sylvania\AppData\Local\pcckgxe => Could not move C:\Users\sylvania\AppData\Local\aucoblx => Could not move C:\WINDOWS\system32\cokgrnb => Could not move C:\Users\sylvania\AppData\Local\pcckgxe => Could not move C:\Users\sylvania\AppData\Local\aucoblx => Could not move Result of scheduled keys to remove after reboot: HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\249BDA38A611CD746A132FA2AF995A2D3C941264 => key removed successfully HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 => key removed successfully ==== End of Fixlog 21:12:40 ====