6y5abr 0 Posted May 31, 2016 Report Share Posted May 31, 2016 Hello, This virus ,turned up on my computer this morning. Any assistance that you may offer will be greatly appreciated. Thanks! Adrian scan_160531-134410.txt Addition.txt FRST.txt Link to post Share on other sites
Kevin Zoll 309 Posted June 1, 2016 Report Share Posted June 1, 2016 Do the following: Copy the below code to Notepad; Save As fixlist.txt to your Desktop. HKLM-x32\...\Run: [] => [X] HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION SearchScopes: HKU\S-1-5-21-1157311671-866355910-1506779047-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1157311671-866355910-1506779047-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 2015-04-21 09:33 - 2015-04-21 09:33 - 0038435 _____ () C:\Users\Adrian\AppData\Roaming\Comma Separated Values (DOS).ADR 2015-04-21 08:46 - 2015-04-21 09:28 - 0000154 _____ () C:\Users\Adrian\AppData\Roaming\Rim.Desktop.Exception.log 2015-04-21 08:40 - 2015-04-21 08:40 - 0001111 _____ () C:\Users\Adrian\AppData\Roaming\Rim.Desktop.HttpServerSetup.log 2015-04-21 08:46 - 2015-04-21 09:28 - 0000154 _____ () C:\Users\Adrian\AppData\Roaming\Rim.DesktopHelper.Exception.log 2014-05-13 09:54 - 2016-05-31 13:37 - 0000062 _____ () C:\Users\Adrian\AppData\Roaming\sp_data.sys 2013-05-01 04:34 - 2012-09-07 06:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd 2013-05-01 04:34 - 2009-07-22 05:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe 2013-05-01 04:34 - 2012-09-07 06:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS 2014-10-08 13:45 - 2015-06-08 11:43 - 0427840 _____ (ForensiT Limited) C:\ProgramData\UserProfileMigrationService.exe C:\ProgramData\UserProfileMigrationService.exe C:\Users\Adrian\AppData\Local\Temp\BSvcProcessor.exe C:\Users\Adrian\AppData\Local\Temp\BSvcUpdater.exe C:\Users\Adrian\AppData\Local\Temp\SkypeSetup.exe Task: {0FE72DF6-6A0B-480A-975C-FC8A73D94804} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {2C2AD96E-65C1-4439-B959-553AE0D3C86B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {2F4D890A-9D82-4546-8513-4112D4701507} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {3C76781D-7AC2-41EC-BA7F-F210B2B30CE5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {42A19E7D-A7A4-4C11-ADF5-7661EF637748} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION Task: {4D6D1C6F-16E6-4A42-8A29-1D53E9CB5B00} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {4ED41516-D710-47FB-A3EE-F1C59A274E94} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {51E9F117-6B57-4FEF-BA04-E112B3D0789B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {7FE30601-307D-405C-BEDD-95C3F328401F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {8B6F6893-4333-460D-ABB2-AF6CBF403728} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {C1130675-4A00-4577-BAE7-C59B31F5869E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {C57AAEF8-A50A-496F-8471-8467E42BA6E7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {E7BD6D97-59AC-4599-9BE1-747826077456} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} Task: {F94B793F-FD11-44C6-8349-92410F180A67} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION C:\Users\Adrian\AppData\Roaming\OpenCandy C:\Users\Adrian\AppData\Roaming\BitTorrent\updates\7.9.3_40299.exe C:\Users\Adrian\Downloads\BitTorrent.exe C:\Users\Adrian\Downloads\FlashPlayer__4369_i910108692_il19.exe C:\Users\Adrian\Downloads\FlashPlayer__4369_i910767252_il19.exe C:\Users\Adrian\Downloads\FlashPlayer__4369_i910110054_il19.exe C:\Users\Adrian\Downloads\Iomega_ScreenPlay_Pro_HD_Multimedia_Drive_Driver_Update_05-2014.exe Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}" /f) Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}" /f)Close Notepad.NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST64 and press the Fix button just once and wait. If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply. Note: If the tool warns you about an outdated version please download and run the updated version. Link to post Share on other sites
Kevin Zoll 309 Posted June 6, 2016 Report Share Posted June 6, 2016 Thread Closed Reason: Lack of Response PM either Kevin, Elise, or Arthur to have this thread reopened. All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread. Link to post Share on other sites
Recommended Posts