Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2014.11.18.05
  rootkit: v2014.11.12.01

Windows 10 x64 NTFS
Internet Explorer 11.953.14393.0
Gregory :: GO-AWAY [administrator]

3/27/2017 9:16:12 PM
mbar-log-2017-03-27 (21-16-12).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 383370
Time elapsed: 47 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 8
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.exe (Trojan.Agent) -> Delete on reboot. [6bd21d20d5a7a78febe26292a063fe02]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe (Security.Hijack) -> Delete on reboot. [360792abadcfe452875f64905ba80000]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe (Security.Hijack) -> Delete on reboot. [59e42d104735181e957104f371921ce4]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.exe (Trojan.Agent) -> Delete on reboot. [d36a69d43a4245f12aa3757f927106fa]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe (Security.Hijack) -> Delete on reboot. [330a61dc2d4f072f9452eb09e12220e0]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe (Security.Hijack) -> Delete on reboot. [c5782e0fc2baeb4bc145d621a26151af]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EXPLORER.EXE (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [83bacd70106cb87eea8bd47a9e6749b7]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EXPLORER.EXE (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [83bacd70106cb87eea8bd47a9e6749b7]

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Program Files (x86)\regtool (Rogue.RegTool) -> Delete on reboot. [de5f64d968143204d7e2f903659d01ff]

Files Detected: 2
C:\Program Files (x86)\regtool\regtool.exe (Rogue.RegTool) -> Delete on reboot. [de5f64d968143204d7e2f903659d01ff]
C:\Users\Gregory\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot. [83bacd70106cb87eea8bd47a9e6749b7]

Physical Sectors Detected: 0
(No malicious items detected)

(end)