system
May 10, 2016, 12:02pm
1
Hello,
since a couple of days, my Virusscan is blocking a thread from skegnessasc.org . Depending on the network it happens every five minutes, sometimes up 30 times per block. I tried to remove the source, but somehow the messages keep appearing.
Log files as requested in the “Logs to assist in cleaning malware” topic are in the attachment. My apologies to the several languages in the log files and a huge thanks in advance for any advice or tip to resolve this problem.
Language is not a problem, let me know if this stops it
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
U3 McAPExe; kein ImagePath
U3 McMPFSvc; kein ImagePath
U3 McNaiAnn; kein ImagePath
U3 mfecore; kein ImagePath
U3 MSK80Service; kein ImagePath
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams: C:\ProgramData\Temp:A1EDB939 [131]
AlternateDataStreams: C:\Users\Boy d'Hont\Lokale Einstellungen:lxlIPrArBBaPkytn7teQtO [2242]
AlternateDataStreams: C:\Users\Boy d'Hont\AppData\Local:lxlIPrArBBaPkytn7teQtO [2242]
AlternateDataStreams: C:\Users\Boy d'Hont\AppData\Local\Anwendungsdaten:lxlIPrArBBaPkytn7teQtO [2242]
AlternateDataStreams: C:\Users\Boy d'Hont\AppData\Local\Temporary Internet Files:LVk4kAsV1d44NcqKfviL1 [1998]
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt , in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that