Ran suspicous program and am not sure if I'm clean or not

[jsqrc]

Hey all, so in a lapse of judgement I downloaded an .exe and ran it without really thinking of what I was doing. Unfortunately I didn't virustotal the exe before running it so I ended up installing some kind of virus or trojan on my computer (VirusTotal).

Anyways, after the program "failed" to run (missing some .dll file, probably a fake window), I ran the file through virustotal and checked what files it had added and modified, it looks like it followed the same behavior as reported, which is modifying some registry keys and dropping a bunch of files, one which contained my current ip address. In any case, I deleted some of those files and ran the following:

* Malwarebytes
* KVRT
* Hitman Pro
* EmsisoftEmergencyKit

I was wondering if there was way to determine if there's still traces left on my pc, or if any experts know if the program above had any behavior that would cause some sabotage later down the line.

Thanks!

 

[jsqrc]

Here's FRST reports just in case

 

[nasdaq]

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Not malware was found in your logs.

Did you set and see that DisallowRun reported by Malwarebytes.

PUM.Optional.DisallowRun

PUM.Optional.DisallowRun is Malwarebytes' detection name for potentially unwanted modifications (PUMs) in the Windows registry where users are prevented from running specific computer programs that could aid them in manually removing malware.

blog.malwarebytes.com

If you know what is disallowed fine, otherwise clean the item with Malwarebytes or run this fix.

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.

start

CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-587742373-4164257733-1939967323-1001\...\Policies\Explorer: [DisallowRun] 1

EmptyTemp:

End

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Windows Defender is presently Disabled.

It should be Enabled.
How To:

Company Portal device setting requirements for Windows

Learn more about Intune Company Portal device setting requirements for Windows OS.

docs.microsoft.com

<<>>>

Hope all is well.

 

[jsqrc]

Hey, nasdaq.

Thanks for the response. Malwarebytes did not catch that registry key edit. I ran the fix and the log is attached. Looks like installing Malwarebytes turned off Windows Defender yesterday. I've re-enabled it.

Thanks for confirming that there's no other remnants. Hopefully whatever got sent when I opened that file isn't going to bite me later down the line.

 

[nasdaq]

Glad we could help.