Hello,
Lets see if we can move anything.
A few items to fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemOpen notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
C:\Users\Momin\AppData\Local\wrirmrmv
Unlock: C:\Users\Momin\AppData\Local\wrirmrmv
C:\Users\Momin\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe
C:\Users\Momin\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe
Unlock: C:\Users\Momin\AppData\Local\ntuserlitelist
C:\Users\Momin\AppData\Local\ntuserlitelist
HKLM-x32\...\Run: [cpx] => "C:\Users\Default\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
HKLM-x32\...\Run: [svcvmx] => "C:\Users\Default\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe" -starup
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicyScripts\User: Restriction <==== ATTENTION
HKU\S-1-5-21-792130682-3646775307-2699870585-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-792130682-3646775307-2699870585-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-792130682-3646775307-2699870585-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
R2 windowsmanagementservice; C:\Users\Momin\AppData\Local\wrirmrmv\wyivdei\ct.exe [689664 2017-05-30] () [File not signed] <==== ATTENTION
Unlock: 2017-06-17 19:33 - 2017-06-17 19:46 - 00000000 ____D C:\Users\Momin\AppData\Local\llssoft
Unlock: C:\Users\Momin\AppData\Local\llssoft
C:\Users\Momin\AppData\Local\llssoft
2017-06-17 19:32 - 2017-06-17 19:32 - 00002048 _____ C:\Users\Momin\AppData\Local\uninstallro.exe
2017-06-17 19:32 - 2017-06-17 19:32 - 00000000 ____D C:\Users\Momin\AppData\Roaming\c
2017-06-17 19:32 - 2017-06-17 19:32 - 00000000 ____D C:\Users\Momin\AppData\Local\xgpsjqsh
Task: {6A741AB5-75CD-4F31-ACC7-1CD0EA5FD699} - \5004826 -> No File <==== ATTENTION
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
Emptytemp:
- Click Format and ensure Wordwrap is unchecked.
- Save as Fixlist.txt to C:\Users\Momin\OneDrive\Documents (Must be in this location)
- Run FRST/FRST64 and press the Fix button just once and wait.
- If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
- The tool will make a log in C:\Users\Momin\OneDrive\Documents (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
ThenBefore you go to bed start the scan and let run over nite, reboot the computer in the morning. The Malware installs over 2500 Malware files in some cases more.
I'll return about 4pm EST Tomorrow.