.lnk file running powershell script malware(?)

[danbugre]

Hello,

As seen on other few recent topics I too had someone accidentally click on a .lnk file by mistake thinking it was a .avi file that ran a powershell command initiating inadvertently an unknown script on a workstation.

Initially I noticed it disabled my default anti-virus and also its status detection so did a cleanup and deleted the associated files, got the status for windows defender green again but would like to know what further consequences there may have been to this script. Attached are the FRST, adwarecleaner and mbam recent logs. Any help is appreciated

As I deleted the .lnk file I no longer have the script content but I managed to save to a .txt file (also attached) a portion of the script for future investigation

Any assistance in detecting what could have been tampered further or if any present infections I still need to address is appreciated

Thanks

 

Addition.txt

FRST.txt

AdwCleaner[C00]_postclean.txt

mbamscan5dayspriortomalwarescriptrun.txt

mbamscanpostscript.txt

virusscriptmalware.txt

[nasdaq]

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program in bold via the Control Panel > Programs > Programs and Features.
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the log and let me know of any issues with this computer.

fixlist.txt

Edited November 12, 2018 by nasdaq

[danbugre]

Attached fixlog after following indicated instructions

Fixlog.txt

[nasdaq]

As your problem been solved?

[danbugre]

I do not know what the original problem was but I think it has. Was just concerned regarding the powershell script that ran but really was unable to see any infection symptoms.

Thanks Nasdaq

[nasdaq]

Glad we could help.

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks