Jump to content

candylovergirl

Honorary Members
  • Content Count

    94
  • Joined

  • Last visited

Everything posted by candylovergirl

  1. Hello The link provided is broken What is my option for a very old computer running OS X 10.9 Mavericks in order to scan it using Malwarebytes? Thanks Camelia
  2. Give Full Disk Access for Malwarebytes on Mac only applies for macOS Catalina???? Do I have to perform the same steps described here for macOS Mojave and MBAM latest version? Thanks Camelia
  3. To bad, I don not like Piriform sortware 🤢 PrivaZer v3.0.91 Released (30 January 2020), still with the same issue I have contacted the PrivaZer team Thanks Camelia
  4. I am OK Thank you very much for all your help 🙌 You can close or archive this topic Camelia
  5. The SophosVirusRemovalTool log shows the computer is clean of malware? If I do not have anything to worry, thank you very much for your help! ❤️👍🙌 Camelia Update: I have deleted the downloaded file and the log, uninstalling the tool via Control Panel > All Control Panel Items > Programs and Features and deleted all the folders and sub-folders from C:\ProgramData\Sophos\ And All the folders and sub-folders from C:\FRS\ Will I have any problem about these deletions?
  6. Hello, How to uninstall Sophos Virus Removal Tool.exe, without leaving traces? Thanks Camelia SophosVirusRemovalTool.log SophosVirusRemovalTool.log
  7. Hello, Last question and suggest Could you please confirm that the issue was caused by O&O ShutUp10 latest version? Do you suggest another scan with FRST or another tool to search for malware or It is not necessary because my computer is clean of malware? Thank you Camelia
  8. SystemLook 04.09.10 by jpshortstuff Log created at 15:33 on 17/01/2020 by c4m3lia Administrator - Elevation successful ========== reg ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT] (No values found) -= EOF =- Extra Info: I noticed that If I do not enable this options in O&O ShutUp10 , MBAM does not detect the two Registry Values in the MRT registry The first time O&O ShutUp10 prompt to restart my computer I got this message from Windows Security, and I click on "Dismiss"
  9. Hello, The MRT detections started when I update from O&O ShutUp10 1.6.1402 - 05/07/2019 TO O&O ShutUp10 1.7.1405 - December 06, 2019, With the same settings, I have contacted the O&O ShutUp10 developer but they can not reproduce the issue and they suggest me to ask at this forum first. >The fix suggested should reset your System Restore which is disabled. I have enabled System Restore >No malware was found in your logs. :) >Please download the attached Fixlist.txt file to Done Location of Fixlist.txt C:\Users\c4m3lia\Desktop\FRST 12.1.2019\fixlist.txt >Please post the Fixlog.txt and let me know what problem persists. If I "Undo all changes" of O&O ShutUp10 to factory settings there is not detection But If I import the settings I had, the MBAM detects the MRT as PUM I wanted to attach ooshutup10.cfg just in case but .cfg is not an Allowed file extension to attach 😭 >p.s. >On the MTR issue, If you allow Malwarebytes to quarantine >it then that should be all that is necessary to reset it back to default >so that it will run when the next version of MRT is released. I did not quarantine the registries of Windows Malicious Software Removal Tool x64 December 2019 (KB890830) Successfully Installed new version of the latest Windows Malicious Software Removal Tool x64 January 2020 (KB890830) Latest MBAM scan: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/15/20 Scan Time: 9:18 AM Log File: 4e551268-37aa-11ea-955b-6cf049562b12.json -Software Information- Version: 4.0.4.49 Components Version: 1.0.793 Update Package Version: 1.0.17756 License: Premium -System Information- OS: Windows 10 (Build 18362.592) CPU: x64 File System: NTFS User: C4M3LIAUD7HD2\c4m3lia -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 288437 Threats Detected: 2 Threats Quarantined: 0 Time Elapsed: 3 min, 42 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 2 PUM.Optional.DisableMRT, HKLM\SOFTWARE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, No Action By User, 6979, 676881, 1.0.17756, , ame, PUM.Optional.DisableMRT, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, No Action By User, 6979, 676881, 1.0.17756, , ame, Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Fixlog.txt: Fix result of Farbar Recovery Scan Tool (x64) Version: 28-12-2019 Ran by c4m3lia (15-01-2020 09:12:08) Run:1 Running from C:\Users\c4m3lia\Desktop\FRST 12.1.2019 Loaded Profiles: c4m3lia (Available Profiles: c4m3lia) Boot Mode: Normal ============================================== fixlist content: ***************** SystemRestore: On CreateRestorePoint: CloseProcesses: Reboot: ***************** SystemRestore: On => completed Restore point was successfully created. Processes closed successfully. The system needed a reboot. ==== End of Fixlog 09:12:36 ====
  10. FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-12-2019 Ran by c4m3lia (administrator) on C4M3LIAUD7HD2 (Gigabyte Technology Co., Ltd. X58A-UD7) (13-01-2020 12:28:16) Running from C:\Users\c4m3lia\Desktop\FRST 12.1.2019 Loaded Profiles: c4m3lia (Available Profiles: c4m3lia) Platform: Windows 10 Home Version 1909 18363.535 (X64) Language: English (United States) Default browser: FF Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe (Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe (Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Locktime Software s.r.o. -> Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLClientApp.exe (Locktime Software s.r.o. -> Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Yang Ping -> SHADOWDEFENDER.COM) C:\Program Files\Shadow Defender\DefenderDaemon.exe (Yang Ping -> SHADOWDEFENDER.COM) C:\Program Files\Shadow Defender\Service.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [183088 2019-12-05] (ESET, spol. s r.o. -> ESET) HKLM\...\Run: [Shadow Defender Daemon] => C:\Program Files\Shadow Defender\DefenderDaemon.exe [601640 2018-04-21] (Yang Ping -> SHADOWDEFENDER.COM) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110144 2013-03-04] (CyberLink Corp. -> CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [492096 2013-03-04] (CyberLink Corp. -> CyberLink Corp.) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed] HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-1718580772-4280691558-506576080-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3681944 2019-12-16] (Invincea, Inc. -> Sandboxie Holdings, LLC) HKU\S-1-5-21-1718580772-4280691558-506576080-1001\...\Run: [Power2GoExpress8] => NA HKU\S-1-5-21-1718580772-4280691558-506576080-1001\...\Run: [NetLimiter] => C:\Program Files\Locktime Software\NetLimiter 4\nlclientapp.exe [82336 2019-06-12] (Locktime Software s.r.o. -> Locktime Software) ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01A3F2F5-354E-40CA-AAD3-B59104B3604C} - System32\Tasks\WiseCleaner\WDCSkipUAC => C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe [5914792 2018-06-01] (Lespeed Technology Ltd. -> WiseCleaner.com) Task: {142AEFE7-02A1-49F1-84FF-50274014B204} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-11-02] (Piriform Software Ltd -> Piriform Ltd) Task: {5ED4854F-38CF-4FF0-87AE-035CC42C22AB} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1718580772-4280691558-506576080-1001 => C:\Users\c4m3lia\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {72AC3519-FE26-4C79-966D-518B445164FC} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [1677600 2019-09-06] (Corel Corporation -> Corel Corporation) Task: {92E19732-0DFF-4662-B6F7-7D846C4A6D43} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-11-02] (Piriform Software Ltd -> Piriform Software Ltd) Task: {C625C3E4-A36A-42A3-AEA9-DE00D2ED8CCC} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files (x86)\PrivaZer\PrivaZer.exe [17253496 2020-01-12] (Goversoft LLC -> Goversoft LLC) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 10.2.9.164 10.2.9.196 Tcpip\..\Interfaces\{5b2449bb-98c4-4c7b-a6b9-8c18af4cd879}: [DhcpNameServer] 10.2.9.164 10.2.9.196 Tcpip\..\Interfaces\{da064f4b-4793-4e8e-bbf7-830dcef727f8}: [DhcpNameServer] 10.2.9.164 10.2.9.196 Internet Explorer: ================== BHO-x32: bho2gr Class -> {31FF080D-12A3-439A-A2EF-4BA95A3148E8} -> C:\Program Files (x86)\GetRight\xx2gr.dll [2009-10-19] (Headlight Software, Inc. -> Headlight Software, Inc.) FireFox: ======== FF DefaultProfile: uzzgcm05.default FF ProfilePath: C:\Users\c4m3lia\AppData\Roaming\Mozilla\Firefox\Profiles\uzzgcm05.default [2019-06-08] FF ProfilePath: C:\Users\c4m3lia\AppData\Roaming\Mozilla\Firefox\Profiles\16ebm1vx.default-release [2020-01-13] FF Homepage: Mozilla\Firefox\Profiles\16ebm1vx.default-release -> about:blank FF Extension: (uBlock Origin) - C:\Users\c4m3lia\AppData\Roaming\Mozilla\Firefox\Profiles\16ebm1vx.default-release\Extensions\uBlock0@raymondhill.net.xpi [2020-01-07] FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2020-01-13] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2245488 2019-12-05] (ESET, spol. s r.o. -> ESET) R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2245488 2019-12-05] (ESET, spol. s r.o. -> ESET) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6960640 2019-11-07] (Malwarebytes Inc -> Malwarebytes) R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] R2 nlsvc; C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe [309664 2019-06-12] (Locktime Software s.r.o. -> Locktime Software) R2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [328344 2019-12-16] (Invincea, Inc. -> Sandboxie Holdings, LLC) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed] S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\NisSrv.exe [2433136 2019-06-07] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MsMpEng.exe [109896 2019-06-07] (Microsoft Windows Publisher -> Microsoft Corporation) R2 {0CBD4F48-3751-475D-BE88-4F271385B672}; C:\Program Files\Shadow Defender\Service.exe [135160 2018-04-21] (Yang Ping -> SHADOWDEFENDER.COM) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 diskpt; C:\Windows\System32\drivers\diskpt.sys [464008 2017-10-15] (StarSoftComm(China) Ltd. -> SHADOWDEFENDER.COM) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-18] (Hewlett-Packard Company -> Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-18] (Hewlett-Packard Company -> Windows (R) Win 7 DDK provider) S3 dot4usb; C:\Windows\system32\DRIVERS\dot4usb.sys [49056 2012-10-18] (Hewlett-Packard Company -> Microsoft Corporation) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [149944 2019-11-03] (ESET, spol. s r.o. -> ESET) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [103264 2019-11-03] (ESET, spol. s r.o. -> ESET) S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15800 2019-06-07] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET) R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [189512 2019-11-03] (ESET, spol. s r.o. -> ESET) R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [50712 2019-11-03] (ESET, spol. s r.o. -> ESET) R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [79744 2019-12-05] (ESET, spol. s r.o. -> ESET) R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [116696 2019-12-05] (ESET, spol. s r.o. -> ESET) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-01-08] (Malwarebytes Corporation -> Malwarebytes) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [218288 2020-01-08] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-11-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [226448 2020-01-13] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73584 2020-01-13] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-01-13] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [105112 2020-01-13] (Malwarebytes Inc -> Malwarebytes) R3 mv91cons; C:\Windows\System32\drivers\mv91cons.sys [32184 2015-06-25] (Marvell Semiconductor, Inc. -> Marvell Semiconductor Inc.) R0 nldrv; C:\Windows\System32\drivers\nldrv.sys [178944 2019-06-11] (Locktime Software s.r.o. -> Locktime Software) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [711968 2019-06-04] (Realtek Semiconductor Corp. -> Realtek ) S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [451792 2019-04-02] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [224488 2019-12-15] (Invincea, Inc. -> Sandboxie Holdings, LLC) S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [47496 2019-06-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [337632 2019-06-07] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [53984 2019-06-07] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-01-13 12:23 - 2020-01-13 12:23 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2020-01-13 12:23 - 2020-01-13 12:23 - 000226448 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2020-01-13 12:23 - 2020-01-13 12:23 - 000105112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2020-01-13 12:23 - 2020-01-13 12:23 - 000073584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2020-01-13 12:22 - 2020-01-13 12:22 - 005052272 _____ C:\Windows\system32\FNTCACHE.DAT 2020-01-13 12:06 - 2020-01-13 12:06 - 000007526 _____ C:\Users\c4m3lia\Desktop\host_bck.txt 2020-01-13 11:39 - 2020-01-13 12:28 - 000000000 ____D C:\FRST 2020-01-13 11:38 - 2020-01-13 12:28 - 000000000 ____D C:\Users\c4m3lia\Desktop\FRST 12.1.2019 2020-01-13 06:21 - 2020-01-13 11:28 - 000002489 _____ C:\Users\c4m3lia\Desktop\MBAM.txt 2020-01-12 17:11 - 2020-01-12 17:11 - 000000798 _____ C:\Users\c4m3lia\Desktop\ghosting_vegas.txt 2020-01-12 17:03 - 2020-01-12 17:03 - 000000000 ____D C:\Users\c4m3lia\Desktop\Twitter Amc 2020-01-12 11:11 - 2020-01-12 11:11 - 000000000 ____D C:\Program Files (x86)\PrivaZer 2020-01-12 10:54 - 2020-01-13 04:23 - 000000000 ____D C:\Users\c4m3lia\Desktop\ooshutup10 2020-01-12 10:27 - 2020-01-12 10:27 - 000000117 _____ C:\Users\c4m3lia\Desktop\windows10build.txt 2020-01-10 07:05 - 2020-01-11 09:21 - 000000000 ____D C:\Users\c4m3lia\Desktop\Proyecto 2020-01-08 13:52 - 2020-01-08 13:52 - 000218288 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2020-01-08 08:10 - 2020-01-08 10:50 - 000000000 ____D C:\Users\c4m3lia\Desktop\Malditos 2020-01-08 08:10 - 2020-01-08 08:10 - 000000000 ____D C:\Users\c4m3lia\Desktop\Macias 2020-01-06 12:26 - 2020-01-08 13:36 - 000000450 _____ C:\Users\c4m3lia\Desktop\Cookie_Bkav.txt 2020-01-03 02:20 - 2020-01-08 13:56 - 000000000 ____D C:\Users\c4m3lia\Desktop\Mojave 2020-01-02 00:25 - 2020-01-02 00:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExamDiff Pro (64-bit) 2020-01-02 00:24 - 2020-01-02 00:25 - 000000000 ____D C:\Program Files\ExamDiff Pro 2020-01-02 00:16 - 2020-01-02 00:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie 2019-12-28 17:17 - 2019-12-28 17:17 - 000000000 ____D C:\Delegacion 2019-12-26 02:31 - 2020-01-05 08:10 - 000000521 _____ C:\Users\c4m3lia\Desktop\Defaults.txt 2019-12-22 03:41 - 2019-12-22 03:41 - 000000000 ____D C:\Users\c4m3lia\AppData\Local\D3DSCache 2019-12-21 04:10 - 2019-12-21 04:10 - 000000000 ____D C:\Users\c4m3lia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HandBrake 2019-12-21 04:10 - 2019-12-21 04:10 - 000000000 ____D C:\Program Files\HandBrake 2019-12-18 15:36 - 2019-12-18 15:36 - 000000178 _____ C:\Users\c4m3lia\Desktop\Vips.txt 2019-12-15 16:46 - 2019-12-19 21:42 - 000004206 _____ C:\Users\c4m3lia\Desktop\DownSM.txt 2019-12-14 09:58 - 2019-08-16 05:42 - 000000697 _____ C:\Users\c4m3lia\Desktop\MD5TXT.txt ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-01-13 12:22 - 2019-06-07 12:02 - 000000000 ____D C:\ProgramData\NVIDIA 2020-01-13 12:22 - 2019-06-06 23:57 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2020-01-13 12:18 - 2019-03-18 22:37 - 000262144 _____ C:\Windows\system32\config\BBI 2020-01-13 12:15 - 2019-06-08 00:28 - 000000000 ____D C:\Users\c4m3lia\AppData\Local\PrivaZer 2020-01-13 11:43 - 2019-03-18 22:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2020-01-13 11:42 - 2019-03-18 22:50 - 000000000 ____D C:\Windows\INF 2020-01-13 11:31 - 2019-06-07 00:09 - 000000000 ____D C:\Users\c4m3lia 2020-01-13 07:14 - 2019-06-08 01:14 - 000000000 ____D C:\Users\c4m3lia\AppData\Roaming\Wise Disk Cleaner 2020-01-13 05:45 - 2019-06-06 23:57 - 000000000 ____D C:\Windows\system32\SleepStudy 2020-01-12 11:11 - 2019-06-08 00:28 - 000001970 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk 2020-01-12 07:12 - 2019-12-02 00:20 - 000000824 _____ C:\Users\c4m3lia\Desktop\Vegas Forum.txt 2020-01-12 05:50 - 2019-06-08 01:13 - 000002094 _____ C:\Windows\Sandboxie.ini 2020-01-09 03:48 - 2019-12-03 10:12 - 000000000 ____D C:\Program Files\Mozilla Firefox 2020-01-09 02:55 - 2019-06-08 00:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2020-01-08 21:30 - 2019-06-08 00:20 - 000000000 ____D C:\Users\c4m3lia\AppData\LocalLow\Mozilla 2020-01-08 21:27 - 2019-06-08 00:20 - 000001009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2020-01-08 13:52 - 2019-11-07 09:51 - 000000000 ____D C:\Users\c4m3lia\AppData\Local\cache 2020-01-08 13:52 - 2019-07-06 22:14 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2020-01-05 08:09 - 2019-08-28 16:25 - 000002840 _____ C:\Users\c4m3lia\Desktop\Twitter Acounts.txt 2020-01-02 05:14 - 2019-10-06 16:41 - 000000000 ____D C:\iCloud 2019-12-31 09:01 - 2019-11-06 18:45 - 000000000 ____D C:\Users\c4m3lia\Documents\Movie Studio 16.0 Platinum Projects 2019-12-31 08:58 - 2019-07-06 20:06 - 000000000 ____D C:\ProgramData\Movie Studio Platinum 2019-12-31 08:57 - 2019-07-06 19:58 - 000000000 ____D C:\Users\c4m3lia\AppData\Roaming\Sony 2019-12-26 21:40 - 2019-06-10 03:36 - 000004210 _____ C:\Windows\system32\Tasks\CCleaner Update 2019-12-25 05:23 - 2019-12-03 01:25 - 000072084 _____ C:\Users\c4m3lia\Desktop\16MacUp Mojave.txt 2019-12-14 10:28 - 2019-07-16 00:12 - 000000600 _____ C:\Users\c4m3lia\AppData\Roaming\winscp.rnd 2019-12-14 10:22 - 2019-07-16 00:11 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk 2019-12-14 10:22 - 2019-07-16 00:11 - 000000000 ____D C:\Program Files (x86)\WinSCP ==================== Files in the root of some directories ======== 2019-07-16 00:12 - 2019-12-14 10:28 - 000000600 _____ () C:\Users\c4m3lia\AppData\Roaming\winscp.rnd ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== Addition.txt
  11. Ok, I know the tool you suggest me is detected with two FP @ virustotal.com I don't want to have more headaches.. Can I run the tool in Shadow Mode (https://www.shadowdefender.com) Or I will need to restart? Thanks Camelia
  12. Hello, I can not edit my topic Where is the option to edit it? I can not see it 😭😭 Thanks Came
  13. Hello, MRT stands for Malware Removal Tool am I right? I ran O&O ShutUp10 and MBAM detects 2 items detected OR maybe it is a FP MBAM update O&O ShutUp10 1.7.1405 https://dl5.oo-software.com/files/ooshutup10/OOSU10.exe If is not a FP is this Threat dangerous? 😱 What I did wrong? What this detection mean? And how do I fixed? Thanks Camelia My MBAM log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/13/20 Scan Time: 6:18 AM Log File: c9f56cb8-35fe-11ea-8a90-6cf049562b12.json -Software Information- Version: 4.0.4.49 Components Version: 1.0.793 Update Package Version: 1.0.17671 License: Premium -System Information- OS: Windows 10 (Build 18362.535) CPU: x64 File System: NTFS User: C4M3LIAUD7HD2\c4m3lia -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 288217 Threats Detected: 2 Threats Quarantined: 0 Time Elapsed: 1 min, 18 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 2 PUM.Optional.DisableMRT, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, No Action By User, 6975, 676881, 1.0.17671, , ame, PUM.Optional.DisableMRT, HKLM\SOFTWARE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, No Action By User, 6975, 676881, 1.0.17671, , ame, Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end)
  14. Hello, Sometimes... When I clean my HD for unwanted traces using Privazer https://privazer.com when the computer restart the MBAM icon is not more in taskbar, I didn't have this issue with olders MBAM versions Thanks After restart Restarting again
  15. Thanks Same issue with https://www.maxsecureantivirus.com/profile.htm How do I know if these AV vendors are the same company? https://www.maxpcsecure.com/ https://www.maxsecureantivirus.com/profile.htm Because both websites are block when I tried to enter Thanks Came
  16. Hello, What is the problem with this AV solution? I want to report a False positive, submitted @ Virus Total from this vendor but MBAM informs me the "website is blocked due a malware" Maybe because https://www.maxpcsecure.com/ is fraudulent? Or why MBAM block it? I did not have any problem browsing the site using my Mac, now I am worried if my Mac has a malware 😭 But in my PC I found out about this issue, and here are the screenshots Thanks Camelia These screenshots are from my PC
  17. Thanks I will change them to 127.0.0.1 Any help about CCleaner? Thanks Came
  18. @exile360 Hi, Adding to my HOSTS File, didn't work ? 0.0.0.0 dhl-news.com 0.0.0.0 www.dhl-news.com Also I am sure Ccleaner Free is attempting to connect to some of their sites ? Maybe https://www.ccleaner.com/ Piriform or Avast? Do you know what do I have to add to my HOSTS File to block these possible connections? Oh! if you think I am trying to block these connections because the CCleaner paid version I always avoid PUP software And I never paid for a Cleaner when there is great free software such as PrivaZer or Wise Disk Cleaner ? The version I had installed is the CCleaner - Slim Free version download from https://www.ccleaner.com/ccleaner/builds Finally is there a program that shows all the attempting connections of the software installed or from Windows OS, because EIS 2018 Or AIS 2018 sometimes don't show it, a software like Little Snitch for Mac? (Of course Little Snitch is a firewall but I am asking for a software for Windows) https://www.obdev.at/products/littlesnitch/index.html Thanks Came
  19. Wow your HOSTS File is very large!! ? So I added to my HOSTS File 0.0.0.0 dhl-news.com 0.0.0.0 www.dhl-news.com Is this ok? Thanks Camelia
  20. How do I block dhl-news.com via hosts file? Will it work? 127.0.0.1 dhl-news.com Thanks Camelia
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.