Threat detected/ aborted connection on 172.86.120.188 infected with URL:Mal

[REDACTED]

Here you go..I also included a screenshot of what malwarebytes shows as the problem. I quarantine and also tried deleting them but it keeps coming back, not sure if this helps but thank you!

[Sass Drake]

• Open Notepad (click Start button -> type notepad.exe -> press Enter)
• Copy text from code block below and paste it into Notepad

Code: [Select]

CloseProcesses:
Task: {DA31CBB2-1E99-40C8-8509-F108596E3358} - System32\Tasks\Windows Cryptography Service Installer => C:\Program Files (x86)\Common Files\Cryptography\Hasher\Installer.bat [2018-01-28] () <==== ATTENTION
C:\Program Files (x86)\Common Files\system
C:\Program Files (x86)\Common Files\CRYPTOGRAPHY
EmptyTemp:


• Go to File -> Save As
• Make sure that  UTF-8 is selected as Encoding (left side of Save button)
• Save it as fixlist.txt on Desktop
• Open again FRST and click on button Fix
• Wait until FRST finishes
• fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

[REDACTED]

Here it is..still getting avast warnings in case you need to know. Thanks!

[Sass Drake]

Please post new FRST.txt and Addition.txt logs.

[REDACTED]

Here you go, sorry I didn't include them in my previous post.

[Sass Drake]

• Open Notepad (click Start button -> type notepad.exe -> press Enter)
• Copy text from code block below and paste it into Notepad

Code: [Select]

CloseProcesses:
Task: {9018AF11-5659-4742-A0C2-D73F97574880} - System32\Tasks\Windows Service Updater => C:\Program Files (x86)\Common Files\system\services\update.bat <==== ATTENTION
C:\WINDOWS\System32\Tasks\Windows Service Updater
C:\Program Files (x86)\Common Files\system
cmd: bitsadmin /reset /allusers
EmptyTemp:

• Go to File -> Save As
• Make sure that  UTF-8 is selected as Encoding (left side of Save button)
• Save it as fixlist.txt on Desktop
• Open again FRST and click on button Fix
• Wait until FRST finishes
• fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

[REDACTED]

Here it is,still getting same warning if that is pertinent. I haven't said it in a few posts but I appreciate the time you've taken to help me out, thanks!   

[Sass Drake]

Please post new FRST logs.

[REDACTED]

Here they are..

[Sass Drake]

• Open Notepad (click Start button -> type notepad.exe -> press Enter)
• Copy text from code block below and paste it into Notepad

Code: [Select]

cmd: sc stop BITS
Task: {4840B9A1-A586-4F37-AE54-2C3FAB5C4BCB} - System32\Tasks\omgbgei => C:\Users\Vega\omgbgei\cexz.exe
C:\Users\Vega\omgbgei
cmd: bitsadmin /reset /allusers
EmptyTemp:

• Go to File -> Save As
• Make sure that  UTF-8 is selected as Encoding (left side of Save button)
• Save it as fixlist.txt on Desktop
• Open again FRST and click on button Fix
• Wait until FRST finishes
• fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

[REDACTED]

Here are the updated logs threat still detected , thanks again!

[Sass Drake]

• Open Notepad (click Start button -> type notepad.exe -> press Enter)
• Copy text from code block below and paste it into Notepad

Code: [Select]

sc stop BITS
Task: {6DB0E2CE-9945-4CEB-92C8-B6CA360EEE7E} - System32\Tasks\{5B795EE8-2498-4BC6-A8A9-8CF4F424BEBB} => C:\Users\Vega\Downloads\IMSM_V8901023\IMSM_V8901023\Install\setup.exe
VirusTotal: C:\Users\Vega\Downloads\IMSM_V8901023\IMSM_V8901023\Install\setup.exe;
RemoveDirectory: C:\ProgramData\Microsoft\Network\Downloader
EmptyTemp:


• Go to File -> Save As
• Make sure that  UTF-8 is selected as Encoding (left side of Save button)
• Save it as fixlist.txt on Desktop
• Open again FRST and click on button Fix
• Wait until FRST finishes
• fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

[REDACTED]

Here are the updated logs again, Thanks!!

[Sass Drake]

What is system status now?

[REDACTED]

Nice...no warnings from avast!! Just a weird question, I noticed in task manager that my browser has a number 6 or 8 next to it regardless of if im using Firefox or opera. Does this mean that they are opening unseen tabs? Malwarebytes and Avast scans don't show anything,just thought it was weird. Thanks again for getting me this far!!!