Malware VBS Downloader Camoca Mosim in System32 Keeps Returning

[Sass Drake]

• Open Notepad (click Start button -> type notepad.exe -> press Enter)
• Copy text from code block below and paste it into Notepad

Code: [Select]

FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {170FC629-E5C7-4297-B4B7-091F09138452} - System32\Tasks\nelicil\{7518481C-EF1F-6C31-85F6-06EACB1AC84E} => C:\Users\lcoul\AppData\Roaming\751848~1\nelicil.exe <==== ATTENTION
VirusTotal: C:\Users\lcoul\AppData\Roaming\751848~1\nelicil.exe
C:\Users\lcoul\AppData\Roaming\751848~1

• Go to File -> Save As
• Make sure that  UTF-8 is selected as Encoding (left side of Save button)
• Save it as fixlist.txt on Desktop
• Open again FRST and click on button Fix
• Wait until FRST finishes
• fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

[lady777]

This file: VirusTotal: C:\Users\lcoul\AppData\Roaming\751848~1\nelicil.exe is no longer there. I made sure files were not hidden and triple checked. The 751848 nor the nelicil.exe are in this directory. Perhaps Malwarebytes got it too?  Maybe I'm good to go now? Maybe there isn't a need to have anyone else spend more time on this, unless you feel Sass drake should still take a look at it?

I truly appreciate all your help and time. THANK YOU!