Rootkit/malware removal

[Solamen]

Tried downloading buildbox game maker and ended up being filled with trojans. got most cleaned off but some remnants remain. some questionable EXE's running are:

upmebwxsvc.exe
cgakwsz.exe
svrtizo.exe
igfxmtc.exe

Attached are Mbar, FRST, Addition, and below is GMER basic scan log:
GMER 2.2.19882 - GMER - Rootkit Detector and Remover
Rootkit scan 2017-12-29 00:58:11
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000082 ATA_____ rev.CB6Q 465.76GB
Running: w1y60ggf.exe; Driver: C:\Users\Amen\AppData\Local\Temp\kwtdrpog.sys


---- Threads - GMER 2.2 ----

Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6148:6892] 000007fef9a02be0
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6148:5456] 000007fede328a28
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6148:6492] 000007fede28d668
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6148:6476] 000007fede328a28
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6148:6624] 000007fef4b55124
---- Processes - GMER 2.2 ----

Library C:\Users\Amen\AppData\Local\cgakwsz\cgakwsz.exe (*** suspicious ***) @ C:\Users\Amen\AppData\Local\cgakwsz\cgakwsz.exe [3552] 00000000012e0000
Library C:\Users\Amen\AppData\Local\igfxmtc\igfxmtc.exe (*** suspicious ***) @ C:\Users\Amen\AppData\Local\igfxmtc\igfxmtc.exe [4528] 0000000000ac0000
Library C:\Users\Amen\AppData\Local\cgakwsz\svrtizo.exe (*** suspicious ***) @ C:\Users\Amen\AppData\Local\cgakwsz\svrtizo.exe [2196] 0000000000200000
Library C:\Users\Amen\AppData\Local\cgakwsz\svrtizo.exe (*** suspicious ***) @ C:\Users\Amen\AppData\Local\cgakwsz\svrtizo.exe [3620] 0000000000200000
Library C:\Users\Amen\AppData\Local\cgakwsz\svrtizo.exe (*** suspicious ***) @ C:\Users\Amen\AppData\Local\cgakwsz\svrtizo.exe [1168] 0000000000200000
Library C:\Users\Amen\AppData\Local\cgakwsz\svrtizo.exe (*** suspicious ***) @ C:\Users\Amen\AppData\Local\cgakwsz\svrtizo.exe [848] 0000000000200000

---- Services - GMER 2.2 ----

Service C:\Windows\system32\drivers\5515452A.sys (*** hidden *** ) [DISABLED] 5515452A <-- ROOTKIT !!!
Service system32\drivers\coeosvyb.sys (*** hidden *** ) [BOOT] bkduogv <-- ROOTKIT !!!
Service C:\Windows\system32\drivers\mbamchameleon.sys (*** hidden *** ) [SYSTEM] mbamchameleon <-- ROOTKIT !!!

---- EOF - GMER 2.2 ----

 

[TwinHeadedEagle]

Hello,


Please download Farbar Recovery Scan Tool x64 and save it to a flash drive.

• Plug the flashdrive into the infected PC.
• Boot to windows recovery by using one of the methods on this link: Boot to Advanced Startup Options in Windows 10

• Now you should get a window like this where you need to click Troubleshoot.

• In the next window, click Advanced options and select Command Prompt.
• Now you should log in into your account and after that Command Promptwindow.

Access the notepad and identify your USB drive

In the Command Prompt please type in:

notepad

and press Enter.

• When the notepad opens, go to File menu.
• Select Open.
• Go to Computer and search there for your USB drive letter.
• Note down the letter and close the notepad.

Scan with Farbar Recovery Scan Tool

Once back in the command prompt window, please do the following:

• Type in e:\frst64.exe and press Enter.
  You need to replace e with the letter of your USB drive taken from notepad!
• FRST will start to run. Give him a minute or so to load itself.
• Click Yes to Disclaimer.
• In the main console, please click Scan and wait.
• When finished it will produce a logfile named FRST.txt in the root of your pendrive and display it. Close that logfile.

Transfer it to your clean machine and include it in your next reply.