-
Posts
98 -
Joined
-
Last visited
Reputation
0 NeutralAbout candylovergirl
- Birthday April 17
Profile Information
-
Location
Mexico City
Recent Profile Visitors
-
Hello, MBAM is reporting SD as Malware.Heuristic.1001 https://www.virustotal.com/gui/file/9d2b7851eacc1a2eb43d8dc1e8a999c592c9855df3ed45c1fa26d09425b2d503/detection Thanks Camelia SD.zip
-
Stop MBAM Privacy Pop Up
candylovergirl replied to candylovergirl's topic in Malwarebytes for Windows Support Forum
Thank you, sir ❤️❤️❤️ Camelia -
Hello I am very interested in the new MBAM Privacy service, unlucky due the pandemic I do not have enough money to pay the subscription at this moment, I have a legal MBAM License, How do I stop the offer? Thank you Camelia
-
Full Disk Access instructions
candylovergirl replied to MisterNeutron's topic in Malwarebytes for Mac Support Forum
Give Full Disk Access for Malwarebytes on Mac only applies for macOS Catalina???? Do I have to perform the same steps described here for macOS Mojave and MBAM latest version? Thanks Camelia -
PUM Registry Value MRT HELP
candylovergirl replied to candylovergirl's topic in Resolved Malware Removal Logs
I am OK Thank you very much for all your help 🙌 You can close or archive this topic Camelia -
PUM Registry Value MRT HELP
candylovergirl replied to candylovergirl's topic in Resolved Malware Removal Logs
The SophosVirusRemovalTool log shows the computer is clean of malware? If I do not have anything to worry, thank you very much for your help! ❤️👍🙌 Camelia Update: I have deleted the downloaded file and the log, uninstalling the tool via Control Panel > All Control Panel Items > Programs and Features and deleted all the folders and sub-folders from C:\ProgramData\Sophos\ And All the folders and sub-folders from C:\FRS\ Will I have any problem about these deletions? -
PUM Registry Value MRT HELP
candylovergirl replied to candylovergirl's topic in Resolved Malware Removal Logs
Hello, How to uninstall Sophos Virus Removal Tool.exe, without leaving traces? Thanks Camelia SophosVirusRemovalTool.log SophosVirusRemovalTool.log -
PUM Registry Value MRT HELP
candylovergirl replied to candylovergirl's topic in Resolved Malware Removal Logs
Hello, Last question and suggest Could you please confirm that the issue was caused by O&O ShutUp10 latest version? Do you suggest another scan with FRST or another tool to search for malware or It is not necessary because my computer is clean of malware? Thank you Camelia -
PUM Registry Value MRT HELP
candylovergirl replied to candylovergirl's topic in Resolved Malware Removal Logs
SystemLook 04.09.10 by jpshortstuff Log created at 15:33 on 17/01/2020 by c4m3lia Administrator - Elevation successful ========== reg ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT] (No values found) -= EOF =- Extra Info: I noticed that If I do not enable this options in O&O ShutUp10 , MBAM does not detect the two Registry Values in the MRT registry The first time O&O ShutUp10 prompt to restart my computer I got this message from Windows Security, and I click on "Dismiss" -
PUM Registry Value MRT HELP
candylovergirl replied to candylovergirl's topic in Resolved Malware Removal Logs
Hello, The MRT detections started when I update from O&O ShutUp10 1.6.1402 - 05/07/2019 TO O&O ShutUp10 1.7.1405 - December 06, 2019, With the same settings, I have contacted the O&O ShutUp10 developer but they can not reproduce the issue and they suggest me to ask at this forum first. >The fix suggested should reset your System Restore which is disabled. I have enabled System Restore >No malware was found in your logs. :) >Please download the attached Fixlist.txt file to Done Location of Fixlist.txt C:\Users\c4m3lia\Desktop\FRST 12.1.2019\fixlist.txt >Please post the Fixlog.txt and let me know what problem persists. If I "Undo all changes" of O&O ShutUp10 to factory settings there is not detection But If I import the settings I had, the MBAM detects the MRT as PUM I wanted to attach ooshutup10.cfg just in case but .cfg is not an Allowed file extension to attach 😭 >p.s. >On the MTR issue, If you allow Malwarebytes to quarantine >it then that should be all that is necessary to reset it back to default >so that it will run when the next version of MRT is released. I did not quarantine the registries of Windows Malicious Software Removal Tool x64 December 2019 (KB890830) Successfully Installed new version of the latest Windows Malicious Software Removal Tool x64 January 2020 (KB890830) Latest MBAM scan: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/15/20 Scan Time: 9:18 AM Log File: 4e551268-37aa-11ea-955b-6cf049562b12.json -Software Information- Version: 4.0.4.49 Components Version: 1.0.793 Update Package Version: 1.0.17756 License: Premium -System Information- OS: Windows 10 (Build 18362.592) CPU: x64 File System: NTFS User: C4M3LIAUD7HD2\c4m3lia -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 288437 Threats Detected: 2 Threats Quarantined: 0 Time Elapsed: 3 min, 42 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 2 PUM.Optional.DisableMRT, HKLM\SOFTWARE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, No Action By User, 6979, 676881, 1.0.17756, , ame, PUM.Optional.DisableMRT, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, No Action By User, 6979, 676881, 1.0.17756, , ame, Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Fixlog.txt: Fix result of Farbar Recovery Scan Tool (x64) Version: 28-12-2019 Ran by c4m3lia (15-01-2020 09:12:08) Run:1 Running from C:\Users\c4m3lia\Desktop\FRST 12.1.2019 Loaded Profiles: c4m3lia (Available Profiles: c4m3lia) Boot Mode: Normal ============================================== fixlist content: ***************** SystemRestore: On CreateRestorePoint: CloseProcesses: Reboot: ***************** SystemRestore: On => completed Restore point was successfully created. Processes closed successfully. The system needed a reboot. ==== End of Fixlog 09:12:36 ==== -
PUM Registry Value MRT HELP
candylovergirl replied to candylovergirl's topic in Resolved Malware Removal Logs
FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-12-2019 Ran by c4m3lia (administrator) on C4M3LIAUD7HD2 (Gigabyte Technology Co., Ltd. X58A-UD7) (13-01-2020 12:28:16) Running from C:\Users\c4m3lia\Desktop\FRST 12.1.2019 Loaded Profiles: c4m3lia (Available Profiles: c4m3lia) Platform: Windows 10 Home Version 1909 18363.535 (X64) Language: English (United States) Default browser: FF Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe (Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe (Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Locktime Software s.r.o. -> Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLClientApp.exe (Locktime Software s.r.o. -> Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Yang Ping -> SHADOWDEFENDER.COM) C:\Program Files\Shadow Defender\DefenderDaemon.exe (Yang Ping -> SHADOWDEFENDER.COM) C:\Program Files\Shadow Defender\Service.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [183088 2019-12-05] (ESET, spol. s r.o. -> ESET) HKLM\...\Run: [Shadow Defender Daemon] => C:\Program Files\Shadow Defender\DefenderDaemon.exe [601640 2018-04-21] (Yang Ping -> SHADOWDEFENDER.COM) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110144 2013-03-04] (CyberLink Corp. -> CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [492096 2013-03-04] (CyberLink Corp. -> CyberLink Corp.) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed] HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-1718580772-4280691558-506576080-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3681944 2019-12-16] (Invincea, Inc. -> Sandboxie Holdings, LLC) HKU\S-1-5-21-1718580772-4280691558-506576080-1001\...\Run: [Power2GoExpress8] => NA HKU\S-1-5-21-1718580772-4280691558-506576080-1001\...\Run: [NetLimiter] => C:\Program Files\Locktime Software\NetLimiter 4\nlclientapp.exe [82336 2019-06-12] (Locktime Software s.r.o. -> Locktime Software) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01A3F2F5-354E-40CA-AAD3-B59104B3604C} - System32\Tasks\WiseCleaner\WDCSkipUAC => C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe [5914792 2018-06-01] (Lespeed Technology Ltd. -> WiseCleaner.com) Task: {142AEFE7-02A1-49F1-84FF-50274014B204} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-11-02] (Piriform Software Ltd -> Piriform Ltd) Task: {5ED4854F-38CF-4FF0-87AE-035CC42C22AB} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1718580772-4280691558-506576080-1001 => C:\Users\c4m3lia\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {72AC3519-FE26-4C79-966D-518B445164FC} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [1677600 2019-09-06] (Corel Corporation -> Corel Corporation) Task: {92E19732-0DFF-4662-B6F7-7D846C4A6D43} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-11-02] (Piriform Software Ltd -> Piriform Software Ltd) Task: {C625C3E4-A36A-42A3-AEA9-DE00D2ED8CCC} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files (x86)\PrivaZer\PrivaZer.exe [17253496 2020-01-12] (Goversoft LLC -> Goversoft LLC) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 10.2.9.164 10.2.9.196 Tcpip\..\Interfaces\{5b2449bb-98c4-4c7b-a6b9-8c18af4cd879}: [DhcpNameServer] 10.2.9.164 10.2.9.196 Tcpip\..\Interfaces\{da064f4b-4793-4e8e-bbf7-830dcef727f8}: [DhcpNameServer] 10.2.9.164 10.2.9.196 Internet Explorer: ================== BHO-x32: bho2gr Class -> {31FF080D-12A3-439A-A2EF-4BA95A3148E8} -> C:\Program Files (x86)\GetRight\xx2gr.dll [2009-10-19] (Headlight Software, Inc. -> Headlight Software, Inc.) FireFox: ======== FF DefaultProfile: uzzgcm05.default FF ProfilePath: C:\Users\c4m3lia\AppData\Roaming\Mozilla\Firefox\Profiles\uzzgcm05.default [2019-06-08] FF ProfilePath: C:\Users\c4m3lia\AppData\Roaming\Mozilla\Firefox\Profiles\16ebm1vx.default-release [2020-01-13] FF Homepage: Mozilla\Firefox\Profiles\16ebm1vx.default-release -> about:blank FF Extension: (uBlock Origin) - C:\Users\c4m3lia\AppData\Roaming\Mozilla\Firefox\Profiles\16ebm1vx.default-release\Extensions\uBlock0@raymondhill.net.xpi [2020-01-07] FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2020-01-13] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2245488 2019-12-05] (ESET, spol. s r.o. -> ESET) R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2245488 2019-12-05] (ESET, spol. s r.o. -> ESET) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6960640 2019-11-07] (Malwarebytes Inc -> Malwarebytes) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] R2 nlsvc; C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe [309664 2019-06-12] (Locktime Software s.r.o. -> Locktime Software) R2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [328344 2019-12-16] (Invincea, Inc. -> Sandboxie Holdings, LLC) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed] S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\NisSrv.exe [2433136 2019-06-07] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MsMpEng.exe [109896 2019-06-07] (Microsoft Windows Publisher -> Microsoft Corporation) R2 {0CBD4F48-3751-475D-BE88-4F271385B672}; C:\Program Files\Shadow Defender\Service.exe [135160 2018-04-21] (Yang Ping -> SHADOWDEFENDER.COM) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 diskpt; C:\Windows\System32\drivers\diskpt.sys [464008 2017-10-15] (StarSoftComm(China) Ltd. -> SHADOWDEFENDER.COM) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-18] (Hewlett-Packard Company -> Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-18] (Hewlett-Packard Company -> Windows (R) Win 7 DDK provider) S3 dot4usb; C:\Windows\system32\DRIVERS\dot4usb.sys [49056 2012-10-18] (Hewlett-Packard Company -> Microsoft Corporation) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [149944 2019-11-03] (ESET, spol. s r.o. -> ESET) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [103264 2019-11-03] (ESET, spol. s r.o. -> ESET) S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15800 2019-06-07] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET) R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [189512 2019-11-03] (ESET, spol. s r.o. -> ESET) R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [50712 2019-11-03] (ESET, spol. s r.o. -> ESET) R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [79744 2019-12-05] (ESET, spol. s r.o. -> ESET) R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [116696 2019-12-05] (ESET, spol. s r.o. -> ESET) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-01-08] (Malwarebytes Corporation -> Malwarebytes) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [218288 2020-01-08] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-11-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [226448 2020-01-13] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73584 2020-01-13] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-01-13] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [105112 2020-01-13] (Malwarebytes Inc -> Malwarebytes) R3 mv91cons; C:\Windows\System32\drivers\mv91cons.sys [32184 2015-06-25] (Marvell Semiconductor, Inc. -> Marvell Semiconductor Inc.) R0 nldrv; C:\Windows\System32\drivers\nldrv.sys [178944 2019-06-11] (Locktime Software s.r.o. -> Locktime Software) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [711968 2019-06-04] (Realtek Semiconductor Corp. -> Realtek ) S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [451792 2019-04-02] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [224488 2019-12-15] (Invincea, Inc. -> Sandboxie Holdings, LLC) S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [47496 2019-06-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [337632 2019-06-07] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [53984 2019-06-07] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-01-13 12:23 - 2020-01-13 12:23 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2020-01-13 12:23 - 2020-01-13 12:23 - 000226448 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2020-01-13 12:23 - 2020-01-13 12:23 - 000105112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2020-01-13 12:23 - 2020-01-13 12:23 - 000073584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2020-01-13 12:22 - 2020-01-13 12:22 - 005052272 _____ C:\Windows\system32\FNTCACHE.DAT 2020-01-13 12:06 - 2020-01-13 12:06 - 000007526 _____ C:\Users\c4m3lia\Desktop\host_bck.txt 2020-01-13 11:39 - 2020-01-13 12:28 - 000000000 ____D C:\FRST 2020-01-13 11:38 - 2020-01-13 12:28 - 000000000 ____D C:\Users\c4m3lia\Desktop\FRST 12.1.2019 2020-01-13 06:21 - 2020-01-13 11:28 - 000002489 _____ C:\Users\c4m3lia\Desktop\MBAM.txt 2020-01-12 17:11 - 2020-01-12 17:11 - 000000798 _____ C:\Users\c4m3lia\Desktop\ghosting_vegas.txt 2020-01-12 17:03 - 2020-01-12 17:03 - 000000000 ____D C:\Users\c4m3lia\Desktop\Twitter Amc 2020-01-12 11:11 - 2020-01-12 11:11 - 000000000 ____D C:\Program Files (x86)\PrivaZer 2020-01-12 10:54 - 2020-01-13 04:23 - 000000000 ____D C:\Users\c4m3lia\Desktop\ooshutup10 2020-01-12 10:27 - 2020-01-12 10:27 - 000000117 _____ C:\Users\c4m3lia\Desktop\windows10build.txt 2020-01-10 07:05 - 2020-01-11 09:21 - 000000000 ____D C:\Users\c4m3lia\Desktop\Proyecto 2020-01-08 13:52 - 2020-01-08 13:52 - 000218288 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2020-01-08 08:10 - 2020-01-08 10:50 - 000000000 ____D C:\Users\c4m3lia\Desktop\Malditos 2020-01-08 08:10 - 2020-01-08 08:10 - 000000000 ____D C:\Users\c4m3lia\Desktop\Macias 2020-01-06 12:26 - 2020-01-08 13:36 - 000000450 _____ C:\Users\c4m3lia\Desktop\Cookie_Bkav.txt 2020-01-03 02:20 - 2020-01-08 13:56 - 000000000 ____D C:\Users\c4m3lia\Desktop\Mojave 2020-01-02 00:25 - 2020-01-02 00:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExamDiff Pro (64-bit) 2020-01-02 00:24 - 2020-01-02 00:25 - 000000000 ____D C:\Program Files\ExamDiff Pro 2020-01-02 00:16 - 2020-01-02 00:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie 2019-12-28 17:17 - 2019-12-28 17:17 - 000000000 ____D C:\Delegacion 2019-12-26 02:31 - 2020-01-05 08:10 - 000000521 _____ C:\Users\c4m3lia\Desktop\Defaults.txt 2019-12-22 03:41 - 2019-12-22 03:41 - 000000000 ____D C:\Users\c4m3lia\AppData\Local\D3DSCache 2019-12-21 04:10 - 2019-12-21 04:10 - 000000000 ____D C:\Users\c4m3lia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HandBrake 2019-12-21 04:10 - 2019-12-21 04:10 - 000000000 ____D C:\Program Files\HandBrake 2019-12-18 15:36 - 2019-12-18 15:36 - 000000178 _____ C:\Users\c4m3lia\Desktop\Vips.txt 2019-12-15 16:46 - 2019-12-19 21:42 - 000004206 _____ C:\Users\c4m3lia\Desktop\DownSM.txt 2019-12-14 09:58 - 2019-08-16 05:42 - 000000697 _____ C:\Users\c4m3lia\Desktop\MD5TXT.txt ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-01-13 12:22 - 2019-06-07 12:02 - 000000000 ____D C:\ProgramData\NVIDIA 2020-01-13 12:22 - 2019-06-06 23:57 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2020-01-13 12:18 - 2019-03-18 22:37 - 000262144 _____ C:\Windows\system32\config\BBI 2020-01-13 12:15 - 2019-06-08 00:28 - 000000000 ____D C:\Users\c4m3lia\AppData\Local\PrivaZer 2020-01-13 11:43 - 2019-03-18 22:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2020-01-13 11:42 - 2019-03-18 22:50 - 000000000 ____D C:\Windows\INF 2020-01-13 11:31 - 2019-06-07 00:09 - 000000000 ____D C:\Users\c4m3lia 2020-01-13 07:14 - 2019-06-08 01:14 - 000000000 ____D C:\Users\c4m3lia\AppData\Roaming\Wise Disk Cleaner 2020-01-13 05:45 - 2019-06-06 23:57 - 000000000 ____D C:\Windows\system32\SleepStudy 2020-01-12 11:11 - 2019-06-08 00:28 - 000001970 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk 2020-01-12 07:12 - 2019-12-02 00:20 - 000000824 _____ C:\Users\c4m3lia\Desktop\Vegas Forum.txt 2020-01-12 05:50 - 2019-06-08 01:13 - 000002094 _____ C:\Windows\Sandboxie.ini 2020-01-09 03:48 - 2019-12-03 10:12 - 000000000 ____D C:\Program Files\Mozilla Firefox 2020-01-09 02:55 - 2019-06-08 00:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2020-01-08 21:30 - 2019-06-08 00:20 - 000000000 ____D C:\Users\c4m3lia\AppData\LocalLow\Mozilla 2020-01-08 21:27 - 2019-06-08 00:20 - 000001009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2020-01-08 13:52 - 2019-11-07 09:51 - 000000000 ____D C:\Users\c4m3lia\AppData\Local\cache 2020-01-08 13:52 - 2019-07-06 22:14 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2020-01-05 08:09 - 2019-08-28 16:25 - 000002840 _____ C:\Users\c4m3lia\Desktop\Twitter Acounts.txt 2020-01-02 05:14 - 2019-10-06 16:41 - 000000000 ____D C:\iCloud 2019-12-31 09:01 - 2019-11-06 18:45 - 000000000 ____D C:\Users\c4m3lia\Documents\Movie Studio 16.0 Platinum Projects 2019-12-31 08:58 - 2019-07-06 20:06 - 000000000 ____D C:\ProgramData\Movie Studio Platinum 2019-12-31 08:57 - 2019-07-06 19:58 - 000000000 ____D C:\Users\c4m3lia\AppData\Roaming\Sony 2019-12-26 21:40 - 2019-06-10 03:36 - 000004210 _____ C:\Windows\system32\Tasks\CCleaner Update 2019-12-25 05:23 - 2019-12-03 01:25 - 000072084 _____ C:\Users\c4m3lia\Desktop\16MacUp Mojave.txt 2019-12-14 10:28 - 2019-07-16 00:12 - 000000600 _____ C:\Users\c4m3lia\AppData\Roaming\winscp.rnd 2019-12-14 10:22 - 2019-07-16 00:11 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk 2019-12-14 10:22 - 2019-07-16 00:11 - 000000000 ____D C:\Program Files (x86)\WinSCP ==================== Files in the root of some directories ======== 2019-07-16 00:12 - 2019-12-14 10:28 - 000000600 _____ () C:\Users\c4m3lia\AppData\Roaming\winscp.rnd ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== Addition.txt -
PUM Registry Value MRT HELP
candylovergirl replied to candylovergirl's topic in Resolved Malware Removal Logs
Ok, I know the tool you suggest me is detected with two FP @ virustotal.com I don't want to have more headaches.. Can I run the tool in Shadow Mode (https://www.shadowdefender.com) Or I will need to restart? Thanks Camelia