Can not install malwarebytes, prettry sure pc is infected

[Cyrabo]

Hi so I've been trying to install malwarebytes but when i launch the installer and hit install, the progress bar does not move and after a while an error message pops up saying check your internet connection.

[kevinf80]

Hello Cyrabo and welcome to Malwarebytes, Continue with the following: Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status...   Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans"   Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs in your reply... Thank you, Kevin....

[Cyrabo]

Hey thanks for the reply, here are those 2 files you asked for:

Addition.txt FRST.txt

[kevinf80]

Thanks for those logs Cyrabo,

Continue:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Download and run the Malwarebytes Support Tool Accept the EULA and click Advanced tab on the left (not Start Repair) Click the Clean button, and allow it to restart your system and then reinstall Malwarebytes, either by allowing the tool to do so when it offers to on restart, or by downloading and installing the latest version from here   Next,   Open Malwarebytes, select > "settings" > "protection tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following:   Click on the Report tab > from main interface. Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply   Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror   Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download "Microsoft's Safety Scanner" and save direct to the desktop Ensure to get the correct version for your system.... https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window In the "Scan Type" window, select Quick Scan Perform a scan and Click Finish when the scan is done. Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function 2) Type or Copy/Paste the following command to the "Run Line" and Press Enter: notepad c:\windows\debug\msert.log The log will include log details for each time MSRT has run, we only need the most recent log by date and time.... Let me see those logs in your reply. One other point, there are port forwarding entries listed in your Firewall settings, are you aware of those settings..? Thank you, Kevin

fixlist.txt

[Cyrabo]

so, quick question: how long is it supposed to take after I hit fix? It's been working for at least 40-50 minutes now. Also to answer your question regarding the port forwarding, yes I'm pretty sure I did that a few months back when I was trying to fix some problems with connecting to a game's servers. Should I reset them just in case? 

[kevinf80]

Hello Cyrabo,

The fix time can vary between 10 minutes or possible a couple of hours, its not predictable...

Thanks,

Kevin

[Cyrabo]

hey again, just finished up with all of the above here are the logs you wanted;

MALWAREBYTES LOG REPORT

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/4/20
Scan Time: 8:47 PM
Log File: 044a4c2a-ee9c-11ea-a291-4ccc6a082c67.json

-Software Information-
Version: 4.2.0.82
Components Version: 1.0.1036
Update Package Version: 1.0.29431
License: Trial

-System Information-
OS: Windows 10 (Build 18362.1016)
CPU: x64
File System: NTFS
User: DESKTOP-D1QNCEA\Can Senyurt

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 383131
Threats Detected: 40
Threats Quarantined: 40
Time Elapsed: 5 min, 22 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 9
Adware.ProxyAgent, HKLM\SOFTWARE\WOW6432NODE\TRUSTEDLOGOS, Quarantined, 6871, 780878, 1.0.29431, , ame, , , 
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\bestavicampaign563, Quarantined, 532, 584322, 1.0.29431, , ame, , , 
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\campaign9961, Quarantined, 532, 518478, 1.0.29431, , ame, , , 
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\multitimercampaign84170, Quarantined, 532, 518476, 1.0.29431, , ame, , , 
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\Speedycar, Quarantined, 532, 518473, 1.0.29431, , ame, , , 
Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\TechnologyDesktopnew, Quarantined, 532, 518479, 1.0.29431, , ame, , , 
Adware.ProxyAgent.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\UNINS000.EXE, Quarantined, 6119, 780876, , , , , , 
Adware.ProxyAgent.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\UNINS000.EXE, Quarantined, 6119, 780876, , , , , , 
Adware.ProxyAgent.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, 6119, -1, 0.0.0, , action, , , 

Registry Value: 6
Adware.ProxyAgent, HKLM\SOFTWARE\WOW6432NODE\TRUSTEDLOGOS|CAMPAIGNID, Quarantined, 6871, 780878, 1.0.29431, , ame, , , 
Adware.ProxyAgent.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, 6119, -1, 0.0.0, , action, , , 
Adware.ProxyAgent.PrxySvrRST, HKU\S-1-5-21-1596756152-890293819-295426424-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, 6119, -1, 0.0.0, , action, , , 
Adware.ProxyAgent.PrxySvrRST, HKU\S-1-5-21-1596756152-890293819-295426424-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, 6119, -1, 0.0.0, , action, , , 
Adware.ProxyAgent.PrxySvrRST, HKU\S-1-5-21-1596756152-890293819-295426424-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYOVERRIDE, Quarantined, 6119, -1, 0.0.0, , action, , , 
Adware.ProxyAgent.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, 6119, -1, 0.0.0, , action, , , 

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 25
Adware.Linkury.Generic, C:\USERS\CAN SENYURT\APPDATA\LOCAL\NOAH.DAT, Quarantined, 3764, 404865, 1.0.29431, , ame, , 4DACED3E7D48D10B8A3A05CECF834E2E, 77024EBB67C45480DDC8F7FEF85F24FF816E4A1AB2CD8B8405703ECF711222D2
Adware.Linkury.Generic, C:\USERS\CAN SENYURT\APPDATA\LOCAL\CanKeyfan.tst, Quarantined, 3764, 404871, 1.0.29431, , ame, , E8A4D0AE3783D01D2677A33D6E0F18E5, FB78529BF8DD1D6C6455712076417CB96B481F972209639BD5EEEF91B42D8E1A
Adware.Linkury.Generic, C:\USERS\CAN SENYURT\APPDATA\LOCAL\Via-Dom.tst, Quarantined, 3764, 404871, 1.0.29431, , ame, , D7F0C811C73DC9CE81ADDB035B76412F, 153C90B55619E63DC78AD2D033B7DD16D4F1BC8C4602DEED571C303D28770711
Adware.Linkury.Generic, C:\USERS\CAN SENYURT\APPDATA\LOCAL\MD.XML, Quarantined, 3764, 404866, 1.0.29431, , ame, , FFB9BF1A895AC00778EB2C27941240FB, 856E979BC8B8BDD37312FE3CA0C89AF832886591F8EAB1D0F582F89D53DAB3FC
Adware.Linkury.Generic, C:\USERS\CAN SENYURT\APPDATA\LOCAL\AGENT.DAT, Quarantined, 3764, 404872, 1.0.29431, , ame, , 8541C5DCF74FDC7E693D337DC6A61327, C58DC825760E4CC04AD7D69AF6DF7F7D019C932CDBFDB2B561B56A411BCE8D54
Adware.Linkury, C:\USERS\CAN SENYURT\APPDATA\LOCAL\installer.dat, Quarantined, 431, 715618, 1.0.29431, , ame, , 00418C61A9AC4FC4FD1A2FAA0DCE786B, 11D074F42F346B8C4D8A1A817AE5E76F0A36777923393E8508A47E1D82CB81EA
Adware.Linkury.Generic, C:\USERS\CAN SENYURT\APPDATA\LOCAL\MAIN.DAT, Quarantined, 3764, 442900, 1.0.29431, , ame, , 0D2414C12D8556E8FEE3D81D69042621, BBAFB538DB8CFC245F876732C76B25DB834F21D402FEE5647DBF8493A5E0A359
Trojan.Agent, C:\USERS\CAN SENYURT\APPDATA\LOCAL\APPLICATIONHOSTING.DAT, Quarantined, 501, 712640, 1.0.29431, , ame, , A3757755BBA73F8C1D1DC84A6341F327, 1A8DFDBB961042F078A242A4E12567180F7952549F05ACDC4069B32669A17769
Trojan.Agent, C:\USERS\CAN SENYURT\APPDATA\LOCAL\LOBBY.DAT, Quarantined, 501, 712637, 1.0.29431, , ame, , 4DACED3E7D48D10B8A3A05CECF834E2E, 77024EBB67C45480DDC8F7FEF85F24FF816E4A1AB2CD8B8405703ECF711222D2
Adware.ProxyAgent.PrxySvrRST, C:\WINDOWS\TRUSTEDLOGOS\UNINS000.DAT, Quarantined, 6119, 780876, 1.0.29431, , ame, , A5ECE9EE1EFB4C3101035463D38C8C54, B8E84FF8B407154ECC2D032ACC9EC2803C46CA5E1368570DB15F9D49D676E7DC
Adware.ProxyAgent.PrxySvrRST, C:\Windows\trustedlogos\BrotliSharpLib.dll, Quarantined, 6119, 780876, , , , , 7BA33B5FBFD4662D72B50BB09BDE7ED7, EC1E6529A83DB97684474C1CB4E0A989EB7BCFEA98591AFC2C026B08F48600A0
Adware.ProxyAgent.PrxySvrRST, C:\Windows\trustedlogos\crashed, Quarantined, 6119, 780876, , , , , , 
Adware.ProxyAgent.PrxySvrRST, C:\Windows\trustedlogos\crashed.log, Quarantined, 6119, 780876, , , , , B74551DACB8611B1ACFC6B437609D4A0, 45F3FF255E53DDEFFBF630506F8058230E5ACFEA866BB13CB5F2D48097AAB475
Adware.ProxyAgent.PrxySvrRST, C:\Windows\trustedlogos\LICENSE.txt, Quarantined, 6119, 780876, , , , , 5A20C75EDF598F063214B433CE658521, DB43BA8EBABAC8DC1A62CE5DD07ED8542930A5836DAC800DD35DDD7E07F92C1C
Adware.ProxyAgent.PrxySvrRST, C:\Windows\trustedlogos\Newtonsoft.Json.dll, Quarantined, 6119, 780876, , , , , D827DD8A8C4B2A2CFA23C7F90F3CCE95, B66749B81E1489FCD8D754B2AD39EBE0DB681344E392A3F49DC9235643BDBD06
Adware.ProxyAgent.PrxySvrRST, C:\Windows\trustedlogos\ProxyLibrary.dll, Quarantined, 6119, 780876, , , , , 63CB0F346CF4C5035ACA654455E44C8A, 811EB94157C0D9524A98CF96A8B0EED44E8CE01A54ACADA79FFC9AA95612F424
Adware.ProxyAgent.PrxySvrRST, C:\Windows\trustedlogos\rootCert.pfx, Quarantined, 6119, 780876, , , , , 4D3A8A6CE526C7C2F791528BF45EDB4A, 4884C73A92E09CA37E06D4983FBF742EB06DCF3A4BF309B988EE8D255B4055EE
Adware.ProxyAgent.PrxySvrRST, C:\Windows\trustedlogos\StreamExtended.dll, Quarantined, 6119, 780876, , , , , F762F281D1D0060C154795B68F0E90B8, 2A84463E6AF4DEF5A2B34092A60CB31043727568188F88A16F119BDEEE90548D
Adware.ProxyAgent.PrxySvrRST, C:\Windows\trustedlogos\Titanium.Web.Proxy.dll, Quarantined, 6119, 780876, , , , , AF6F8C28487B05A5951493494A0E06FB, 3C9649C72366B3ABD5B5C95D5A05A094B648A656ABBFDF759477E747DE5D2D4E
Adware.ProxyAgent.PrxySvrRST, C:\Windows\trustedlogos\unins000.exe, Quarantined, 6119, 780876, , , , , FEC1F7286E6730385DFAC42DA057819D, 8532F0D81626D537CBDFA034EC6D6186FD933AA8DF0689D05E74728C6D451CD8
Adware.Linkury.Generic, C:\USERS\CAN SENYURT\APPDATA\LOCAL\CONFIG.XML, Quarantined, 3764, 404859, 1.0.29431, , ame, , 3C1059989B0E249AF6E00E2A567A41EB, 691D449973F93B46CE1DF12554EA28657021848EEE803D8A56AAEA2EC2DBBE00
Adware.ProxyAgent, C:\PROGRAM FILES\MOZILLA FIREFOX\DEFAULTS\PREF\A.JS, Quarantined, 6871, 780880, 1.0.29431, , ame, , A5B984FC49D245B48CCF9328E1A2333E, D18B970F3B3459B4B020B259F0692CE7E6AB31679C7494BC9A3C784C8516A3DA
Adware.Linkury.TskLnk, C:\USERS\CAN SENYURT\APPDATA\LOCAL\INSTALLATIONCONFIGURATION.XML, Quarantined, 15187, 444923, 1.0.29431, , ame, , 8CBA2F964953FAA6E558C3B3E9DBB056, 488775F73DE4D0C2F386C23B79336EC337895F1C179F0F7C69AA024F45FCEDB2
Trojan.Crypt.MSIL.Generic, C:\PROGRAM FILES\UNDELETE360\SUBAGENCY.EXE, Quarantined, 10255, 850867, 1.0.29431, 7D25ADDD0EC7265AF34D5B8C, dds, 00881849, 444B8EB95236DDF37016315FF9BB6ED4, 7AFCCD98212B5877F2FCC9E9A0EF6F33F667B6530154CFE6D6B1DE7DECFFE4E4
Trojan.Crypt.MSIL.Generic, C:\PROGRAM FILES\UNDELETE360\OFFER.EXE, Quarantined, 10255, 850867, 1.0.29431, , ame, , 132205D9DD4C5361FD0FE8BB1957DC68, 9CFD46131C28BFAEC14D9F275287AB9B08D9856AA2FB0DC415DD552A75458C08

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

 

ADWCleaner Report;

 

# -------------------------------
# Malwarebytes AdwCleaner 8.0.7.0
# -------------------------------
# Build:    07-22-2020
# Database: 2020-07-20.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    09-04-2020
# Duration: 00:00:01
# OS:       Windows 10 Pro
# Cleaned:  18
# Failed:   0

***** [ Services ] *****

Deleted       Update service

***** [ Folders ] *****

Deleted       C:\Users\Can Senyurt\AppData\Local\slimware utilities inc
Deleted       C:\Users\Can Senyurt\AppData\Roaming\Tencent
Deleted       C:\Users\Public\Documents\Downloaded Installers
Deleted       C:\Users\Public\Documents\Notation
Deleted       C:\Windows\TrustedLogos

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\softwareupdate.exe
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{00AA872F-C9AC-4F26-8C9A-0476CE2514FD}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{3A5A201C-4F5F-4F6C-A6E2-27053043E0DD}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{57125E41-50D5-4F04-BCC1-0DBD29C59B5F}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{5B3823A8-B801-43C4-9686-23DE0048B9F2}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{AF7ADAFF-B4ED-4370-98D5-30EE65973EFA}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{CB0EA462-0564-470B-A17A-3D7C2EAE891E}
Deleted       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|DiskFixer
Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\softwareupdate.exe

***** [ Chromium (and derivatives) ] *****

Deleted       Shoptagr - Your New Shopping Assistant - emalgedpdlghbkikiaeocoblajamonoh
Deleted       Touch VPN - Secure and unlimited VPN proxy - bihmplhobchoageeokmgbdihknkjbknd

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

Deleted       Honey - jid1-93CWPmRbVPjRQA@jetpack

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.

*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3324 octets] - [04/09/2020 21:12:05]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

MSRT REPORT;

 

---------------------------------------------------------------------------------------

Microsoft Safety Scanner v1.0, (build 1.323.475.0)
Started On Fri Sep 04 21:16:31 2020
->Scan ERROR: resource process://pid:104,ProcessStart:132436916305587861 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:372,ProcessStart:132436916372970423 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:572,ProcessStart:132436916410467388 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:700,ProcessStart:132436916425715134 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:716,ProcessStart:132436916425809229 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:916,ProcessStart:132436916471391967 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:2128,ProcessStart:132436916480104825 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:2316,ProcessStart:132436916480854448 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:3660,ProcessStart:132436916498220984 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:4248,ProcessStart:132436916504766087 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:4648,ProcessStart:132436916523815113 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:6844,ProcessStart:132436916531338092 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:7176,ProcessStart:132436916536180183 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:8388,ProcessStart:132436916555110322 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:9020,ProcessStart:132436916568540920 (code 0x0000012B (299))
->Scan ERROR: resource process://pid:13120,ProcessStart:132436916781810255 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:17424,ProcessStart:132436917401439369 (code 0x0000012B (299))
->Scan ERROR: resource process://pid:18184,ProcessStart:132436917691569416 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:7308,ProcessStart:132436917966375756 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:4648,ProcessStart:132436916523815113 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:7176,ProcessStart:132436916536180183 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:3660,ProcessStart:132436916498220984 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:2128,ProcessStart:132436916480104825 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:8388,ProcessStart:132436916555110322 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:4248,ProcessStart:132436916504766087 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:13120,ProcessStart:132436916781810255 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:7308,ProcessStart:132436917966375756 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:18184,ProcessStart:132436917691569416 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:6844,ProcessStart:132436916531338092 (code 0x00000005 (5))

Quick Scan Results for 17D916AA-892F-4986-A8CC-7F2370A00E8F:
----------------
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000021 (33))
->Scan ERROR: resource file://C:\hiberfil.sys (code 0x00000021 (33))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000021 (33))
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000021 (33))
->Scan ERROR: resource file://C:\swapfile.sys (code 0x00000021 (33))
->Scan ERROR: resource file://C:\swapfile.sys (code 0x00000021 (33))
->Scan ERROR: resource process://pid:4248,ProcessStart:132436916504766087 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:4248,ProcessStart:132436916504766087 (code 0x00000005 (5))
Threat detected: HackTool:Win32/AutoKMS
    file://C:\WINDOWS\system32\SppExtComObjPatcher.exe
        SigSeq: 0x00002267A4CE41F1
        SHA1:   470c266a1bb09c7af4fccb780d951349dedbdfa0
Threat detected: HackTool:Win64/AutoKMS
    file://C:\WINDOWS\system32\SppExtComObjHook.dll
        SigSeq: 0x00002267E886F269
        SHA1:   59962e7aa52cc3b79a8ca9c63bea80bda8bfc9ea

Quick Scan Removal Results
----------------
Start 'remove' for file://\\?\C:\WINDOWS\system32\SppExtComObjPatcher.exe
Operation succeeded !

Start 'remove' for file://\\?\C:\WINDOWS\system32\SppExtComObjHook.dll
Operation succeeded !

Results Summary:
----------------
Found HackTool:Win32/AutoKMS and Removed!
Found HackTool:Win64/AutoKMS and Removed!
Microsoft Safety Scanner Finished On Fri Sep 04 21:21:18 2020

Return code: 6 (0x6)
 

 

 

[kevinf80]

Did you run FRST fix, can I see that log...

[Cyrabo]

oh yes right I forgot about that one here it is

Fixlog.txt

[kevinf80]

Hiya Cyrabo,

Thanks for those logs, what is the current status of your PC, any remaining issues or concerns...?

Thank you,

Kevin

[Cyrabo]

hey man, yeah nothing out of the ordinary has happened so far, it used to open up random websites occasionally (when I first got the virus) but that hasn't happened since I've ran the scans. I also just ran another test scan with malwarebytes and it didn't find anything  Thank you so much for the help you're a life saver!

[kevinf80]

Hello Cyrabo,

Good to hear your system is working ok for you, continue to clean up:

Right click on FRST here: D:\Downloads\FRST64.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator" If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST64 to uninstall That action will remove FRST and all created files and folders... Next, Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2 Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/ Download and use a Password Management application. https://www.windowscentral.com/best-password-manager-windows From there you should be good to go... Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful.... Answers to Common Security Questions and best Practices Do I need a Registry Cleaner? Take care and surf safe Kevin...

[kevinf80]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you