Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
hi and thank you for replying, i had already ran all three of those and uploaded them as attachments but it looks like they never got approved. i'll paste those attachments below, but i want to add a few things that might help give more info since i think this might be a rootkit, which i've never dealt with before. i'm hoping my files can be saved if that's the case.
first off, between the time i posted this and now, i had installed kaspersky internet cloud on my infected computer and it found that the remote registry service was enabled, but i dont know if thats a normal thing. i had also checked through my chrome extensions since antivirus programs were flagging my chrome folder despite never before doing so, and i found 'google docs offline' had been added by a third party with the permissions to read and modify all data that i copy and paste. i am certain i did not have this extension in the past but i'm not able to see the date it was added, though it's possible that could be unrelated to this specifically, the id is ghbmnnjooekpmoecnnnilnnbdlolhkhi.
i also ran it through app.any.run and noticed under events that it had accessed files in system directories, and read their attributes before overwriting them, which you can see here if you click on process 2212
https://app.any.run/tasks/f87cff4b-f529-4d4a-80cc-b37faa33daba/. i then went through my pc to collect a couple of these files to upload it to virustotal, and while virustotal would claim they're whitelisted by microsoft, all of the related files would be malware. i then went onto a clean windows 7 virtual machine and collected the same files, which then gave me conflicting info.
the file from my infected machine:
https://www.virustotal.com/gui/file/83dfd0c119b20aedb07114c9d1cf9ce2dfa938d0f1070256b0591a9e2c3997fa/relationsthe file from the virtual machine:
https://www.virustotal.com/gui/file/099177552db8cf6fd0997fa4f5eaa670c3305967feee2b6f0d160c611202a99b/detectionanyways, here's the logs. sorry they never uploaded in my original post. adwcleaner had also claimed the chrome extension under "djflhoibgkdhkhhcedjiklpkjnoahfmg" was potentially unwanted, although i removed it at a different time.
# -------------------------------
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build: 02-15-2021
# Database: 2021-01-11.1 (Local)
# Support:
https://www.malwarebytes.com/support#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-16-2021
# Duration: 00:00:00
# OS: Windows 7 Professional
# Cleaned: 1
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\APN PIP
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
- Delete Tracing Keys
- Reset Winsock
*************************
AdwCleaner[S00].txt - [1490 octets] - [16/02/2021 15:07:26]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
--
Malwarebytes
www.malwarebytes.com-Log Details-
Scan Date: 2/15/21
Scan Time: 10:51 PM
Log File: 6d2f37c4-7023-11eb-9959-00ff423707da.json
-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1157
Update Package Version: 1.0.36559
License: Free
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: asdfghjkl\user
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 348206
Threats Detected: 22
Threats Quarantined: 22
Time Elapsed: 5 min, 5 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 6
PUP.Optional.PushNotifications.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 15847, 838845, , , , , ,
PUP.Optional.PushNotifications.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 15847, 838845, , , , , ,
PUP.Optional.PushNotifications.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 15847, 838845, , , , , ,
PUP.Optional.PushNotifications.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 15847, 838845, , , , , ,
PUP.Optional.PushNotifications.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 15847, 838845, , , , , ,
PUP.Optional.PushNotifications.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Quarantined, 15847, 838845, , , , , ,
File: 16
Malware.AI.2780758606, C:\$RECYCLE.BIN\S-1-5-21-2990143310-1962791021-3746467091-1000\$RBFOM69\TRIAL-RESET.EXE, Quarantined, 1000000, 0, 1.0.36559, 0CE2AADC9311EE44A5BF024E, dds, 01097663, E7F45A987AA7BBA0034ACAC76AE64C32, 60721C4D087E2AE9B6167C5F1D574C8297B9C9A
EEEE9FD3F456BEFFB4FB896C5
PUP.Optional.GameHack, C:\PROGRAM FILES\CHEAT ENGINE 7.2\STANDALONEPHASE1.DAT, Quarantined, 477, 393793, 1.0.36559, , ame, , EB339EECEC8AA8C0FD3B08D39799D4D8, 88BB94C3CE727DB13B77ABDBDB75A4C878E91D6
51692F3618178DEC5BBB7080C
PUP.Optional.PushNotifications.Generic, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, Quarantined, 15847, 838845, , , , , 41965B23AF95A8B614EAFB55A854DE85, ED001FE6A89E4355A86396799E1D1B8C9BD6E90
9E4F7F108793BC948C01B309B
PUP.Optional.PushNotifications.Generic, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\014922.log, Quarantined, 15847, 838845, , , , , 6C8EA5DC0D1A85D3203BA196C7D70008, D78E0878F0A07DF985C21AE5B4584999F4DA659
4537589E2A89DF548E6825E23
PUP.Optional.PushNotifications.Generic, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\014924.ldb, Quarantined, 15847, 838845, , , , , 91D479CD3A5BDF3965EFC8FC224BED98, B6DED8B66C60C2ADFB50738C46CCA973C2A7005
D9E8FF6B5F55B7859F632DE0E
PUP.Optional.PushNotifications.Generic, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, Quarantined, 15847, 838845, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0
423263A3D39D6D0D70B780443
PUP.Optional.PushNotifications.Generic, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, Quarantined, 15847, 838845, , , , , ,
PUP.Optional.PushNotifications.Generic, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, Quarantined, 15847, 838845, , , , , A190444A2050AE7FDB01D7733B9B783D, 9C28A3E309694339BB05D4B29B14E0BEDB62F11
E5A870E8CFD0E375B6584FEE3
PUP.Optional.PushNotifications.Generic, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, Quarantined, 15847, 838845, , , , , 922E3CB0D00CA66E1655794EF57608E4, DDE1578BFF4C18B19F15FDB83F953890CAC6C21
71045170D15404B3606FDDBD0
PUP.Optional.PushNotifications.Generic, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, Quarantined, 15847, 838845, , , , , 08F974EFE9415AECC03FE72572716AE7, 57B912D64E4909F8F74358A15DD9ABC8DF9A2D5
488139233439DDB9641D2FB3D
PUP.Optional.PushNotifications.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 15847, 838845, 1.0.36559, , ame, , 8C96FDACEE4EB85836CF8914045D3D84, A9C02A20B0374BC4DEEE16F7B0CA56396679F3E
7B01A04A13389A6FC989C2128
PUP.Optional.PushNotifications.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 15847, 838845, 1.0.36559, , ame, , 8C96FDACEE4EB85836CF8914045D3D84, A9C02A20B0374BC4DEEE16F7B0CA56396679F3E
7B01A04A13389A6FC989C2128
PUP.Optional.PushNotifications.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 15847, 838845, 1.0.36559, , ame, , 8C96FDACEE4EB85836CF8914045D3D84, A9C02A20B0374BC4DEEE16F7B0CA56396679F3E
7B01A04A13389A6FC989C2128
PUP.Optional.PushNotifications.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 15847, 838845, 1.0.36559, , ame, , 8C96FDACEE4EB85836CF8914045D3D84, A9C02A20B0374BC4DEEE16F7B0CA56396679F3E
7B01A04A13389A6FC989C2128
PUP.Optional.PushNotifications.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 15847, 838845, 1.0.36559, , ame, , 8C96FDACEE4EB85836CF8914045D3D84, A9C02A20B0374BC4DEEE16F7B0CA56396679F3E
7B01A04A13389A6FC989C2128
PUP.Optional.PushNotifications.Generic, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 15847, 838845, 1.0.36559, , ame, , 8C96FDACEE4EB85836CF8914045D3D84, A9C02A20B0374BC4DEEE16F7B0CA56396679F3E
7B01A04A13389A6FC989C2128
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(end)
--
Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
Java version 32-bit out of Date! Google Chrome (88.0.4324.150)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````[/u]
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 30%
Defragment your hard drive soon! (Do NOT defrag if SSD!)````````````````````End of Log``````````````````````[/u]