Necessary files are attached.
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.
Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.
BitTorrent
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3789599527-899915616-2387813075-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3321848&octid=EB_ORIGINAL_CTID&ISID=M855B0A64-EF55-4EB1-92FC-FCA6E32F3BB7&SearchSource=55&CUI=&UM=8&UP=SP4A120AC9-3B2F-425F-B603-6FCFC1576ACF&D=082615&SSPV= CHR DefaultSearchURL: Default -> hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQ1dWVpBFwwXbQ0IVwxcFQ1HeBRaUgwSDFAUdgwIVAgXFgBAeB9aFQQTQkcFME0FBloEURNNfX5dFW0ZRGdGM0xUFUo5VFc=&q={searchTerms} CHR DefaultSearchKeyword: Default -> searchinterneat-a.akamaihd.net CHR DefaultNewTabURL: Default -> hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHAFGeFoIVwBFDAETdgwVVQEVGRhBcwxbTFxGFwATdQheVgwSGRNBNARaAktXUUEeJ1pNER8fHHJGNG1QBGsUUkBPNEpwFFs= 2015-12-19 21:14 - 2015-12-19 21:14 - 00000000 ____D C:\WINDOWS\LastGood.Tmp 2015-12-17 22:40 - 2015-12-22 15:00 - 00000284 _____ C:\WINDOWS\Tasks\InvinciblSens54.job 2015-12-17 22:40 - 2015-12-22 00:25 - 00000294 _____ C:\WINDOWS\Tasks\OutstandLocke8.job 2015-12-17 22:40 - 2015-12-17 22:40 - 00003204 _____ C:\WINDOWS\System32\Tasks\OutstandLocke8 2015-12-17 22:40 - 2015-12-17 22:40 - 00003196 _____ C:\WINDOWS\System32\Tasks\InvinciblSens54 2015-12-17 22:39 - 2015-12-21 14:01 - 00000000 ____D C:\Users\Bradley\AppData\Local\PlatinDivis423 2015-12-17 22:39 - 2015-12-21 14:01 - 00000000 ____D C:\Users\Bradley\AppData\Local\JumpstaServ370 2015-12-14 17:03 - 2015-12-19 13:50 - 00000000 ____D C:\Users\Bradley\AppData\LocalLow\BitTorrent BitTorrent (HKU\S-1-5-21-3789599527-899915616-2387813075-1000\...\BitTorrent) (Version: 7.9.5.41373 - BitTorrent Inc.) Task: {34CF499F-B9FB-4F9E-8CBC-B627B1B2D828} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {3ADD65DF-4154-4834-985F-28095E80C34B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {3E93385C-5FD5-4670-B619-0D286600B505} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {602891C6-8DEC-4DCF-AE51-A6824BD2C9F0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {61C4299B-8D34-4BFD-95DA-3028663B624D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {7A2542A0-1FD8-4E5A-BEF6-C014F39CC4F3} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {95D2278A-7FDA-4AB1-9EEF-05AA4574AE22} - \UpdateAdmin -> No File <==== ATTENTION Task: {9846E7D7-8A4B-40A9-90EE-6B76963C76B7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {98B8EB75-FF5C-4FB7-BDBB-DC44A01AB954} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {9D388FA0-001B-4F36-B2B4-BB809E91D4A4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {A6C58837-DA99-4A7E-8009-570522F3B4BF} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {F5969DDF-303D-4E54-BEDA-211034E8998C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: C:\WINDOWS\Tasks\InvinciblSens54.job => C:\Users\Bradley\AppData\Local\JUMPST~1\Jupromote.exe Task: C:\WINDOWS\Tasks\OutstandLocke8.job => C:\Users\Bradley\AppData\Local\JumpstaServ370\Judelete.exe C:\Users\Bradley\AppData\Local\JUMPST~1\Jupromote.exe C:\Users\Bradley\AppData\Local\JumpstaServ370\Judelete.exe FirewallRules: [{33EA5EBE-B638-440A-BE9E-5DF0039174E7}] => (Allow) C:\Users\Bradley\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{2B61F128-5A03-46D5-B1A0-E3665AD3C539}] => (Allow) C:\Users\Bradley\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{7C0CA26E-F51A-41ED-A0BB-24C03466702F}] => (Allow) C:\Users\Bradley\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{E0BA8369-C9AB-4054-8FE7-90036061FD9C}] => (Allow) C:\Users\Bradley\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{AF0F2A69-2D96-4D8E-A46A-FB39B8C7310B}] => (Allow) C:\Users\Bradley\AppData\Roaming\BitTorrent\BitTorrent.exe FirewallRules: [{6220987A-3302-40D8-8B7C-5D4AC8F6ADA7}] => (Allow) C:\Users\Bradley\AppData\Roaming\BitTorrent\BitTorrent.exe EmptyTemp: Hosts: Cmd: ipconfig /flushdns
Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;trovi;clientconnect;yahoo
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}] [-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}] [-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}] [-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}] [-HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}] Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityStore\LogonCache\D7F9888F-E3FC-49b0-9EA6-A85B5F392A4F\Name2Sid\042cacdf2300b099d8be154be7635172aedb10e99caf79c0c9bde03c2410a5ad" /v "IdentityName" /f Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IdentityStore\LogonCache\D7F9888F-E3FC-49b0-9EA6-A85B5F392A4F\Name2Sid\042cacdf2300b099d8be154be7635172aedb10e99caf79c0c9bde03c2410a5ad" /v "IdentityName" /f Reg: Reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Razer\Synapse\Analytics" /v "CurrentUser" /f [-HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\StoredIdentities\ledzeplin101@yahoo.com] Reg: Reg delete "HKEY_USERS\S-1-5-21-3789599527-899915616-2387813075-1000\SOFTWARE\Microsoft\ActiveSync\Partners\{0C4038CC-5C89-4CCF-8C70-C87FBA04C20C}" /v "Email" /f [-HKEY_USERS\S-1-5-21-3789599527-899915616-2387813075-1000\SOFTWARE\Microsoft\IdentityCRL\UserExtendedProperties\ledzeplin101@yahoo.com] [-HKEY_USERS\S-1-5-21-3789599527-899915616-2387813075-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\yahoo.com] [-HKEY_USERS\S-1-5-18\Software\Microsoft\IdentityCRL\StoredIdentities\ledzeplin101@yahoo.com]
Google Chrome
Return to Infected? Virus, malware, adware, ransomware, oh my!
Users browsing this forum: No registered users and 442 guests
Contact us:
Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.
Member site: UNITE Against Malware