Jump to content

perdrix

Members
  • Posts

    10
  • Joined

  • Last visited

Everything posted by perdrix

  1. Sorry for the delay - I've been up to my neck in alligators (code deadline). Here's the log file. Fixlog.txt
  2. That's odd I thought I had posted a question about the way that script uses MS Defender - will it allow me to overrule the removal of what it considers to be malware - some stuff I use has been ID'd as malware by Defender even though I know and trust the code in question.
  3. No fixlist.txt, just FRST.txt was that intended - look like a report file
  4. Here's the AdwCleaner log: # ------------------------------- # Malwarebytes AdwCleaner 8.4.0.0 # ------------------------------- # Build: 08-30-2022 # Database: 2022-10-10.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 11-28-2022 # Duration: 00:00:10 # OS: Windows 11 (Build 22621.819) # Scanned: 32070 # Detected: 21 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** Adware.Agent.Proxy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{0C96E9FC-BFCA-4191-8CEC-93CDA6CB91C0}C:\program files (x86)\sharpcap 4.0\sharpcap.exe Adware.Agent.Proxy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{E5D705D3-9965-4D3D-AAB6-F698CD383EA1}C:\program files (x86)\sharpcap 3.2\sharpcap.exe Adware.Agent.Proxy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{E1F3544A-7349-473B-8D67-430E033D8855}C:\program files (x86)\sharpcap 3.2\sharpcap.exe Adware.Agent.Proxy HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{F5BB7809-0BA4-4721-A0A1-62CEC32C34C3}C:\program files (x86)\sharpcap 4.0\sharpcap.exe PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IOBIT\ASC PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare HKLM\Software\Wow6432Node\IObit\RealTimeProtector PUP.Optional.WebCompanion HKLM\Software\Wow6432Node\Lavasoft\Web Companion ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Hosts File Entries ] ***** No malicious hosts file entries found. ***** [ Preinstalled Software ] ***** Preinstalled.DellDataProtection Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|CSFTrayApp Preinstalled.DellDataProtection Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0C11FE22-53F2-4C9B-9E79-824B10D0976E} Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\AUDIT Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SAREMEDIATION\PLUGIN Preinstalled.DellSupportAssistAgent Folder C:\Program Files\DELL\SUPPORTASSISTAGENT Preinstalled.DellSupportAssistAgent Folder C:\ProgramData\DELL\SUPPORTASSIST Preinstalled.DellSupportAssistAgent Folder C:\Users\amonra\Documents\DELL\SUPPORTASSIST Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5C594468-36F5-4C05-9BF1-DF9DDBA09BF3} Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C594468-36F5-4C05-9BF1-DF9DDBA09BF3} Preinstalled.DellSupportAssistAgent Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate Preinstalled.DellSupportAssistAgent Task C:\Windows\System32\Tasks\DELL SUPPORTASSISTAGENT AUTOUPDATE Preinstalled.DellUpdateforWindows10 Folder C:\Program Files (x86)\DELL\UPDATESERVICE Preinstalled.DellUpdateforWindows10 Folder C:\ProgramData\DELL\UPDATESERVICE AdwCleaner_Debug.log - [16992 octets] - [17/11/2022 16:02:22] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ########## I don't see anything there' that looks "dodgy" D.
  5. OK It's now letting my posts in! I can't remember exactly but AdwCleaner didn't find anything of interest, but malwarebytes continued blocking BitTorrent, so I turned off the "trial" of the non-free stuff. If the detection was genuine, is there an alternative torrent client that MWB won't dislike. Thanks, David
  6. I'm getting a lot of errors for craft.ooguy.com - I searched for similar errors and saw I need to sun FarBar FRST. I attach the files files reequested in other posts Thanks David Addition.txt FRST.txt
  7. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 1/3/18 Scan Time: 11:03 AM Log File: c819e05c-f075-11e7-9f09-005056c00001.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.262 Update Package Version: 1.0.3613 License: Trial -System Information- OS: Windows 10 (Build 16299.125) CPU: x64 File System: NTFS User: APOLLO\amonra -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 696419 Threats Detected: 17 Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 4 min, 3 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 4 PUP.Optional.eSupportNTFSUndelete, HKU\S-1-5-21-694050897-1356031325-3940840900-1001\SOFTWARE\ESUPPORT.COM\NTFSUndelete, No Action By User, [1981], [355425],1.0.3613 PUP.Optional.Amigo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\amigo.exe, No Action By User, [3877], [386186],1.0.3613 PUP.Optional.eSupportNTFSUndelete, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\NTFS Undelete_is1, No Action By User, [1981], [355426],1.0.3613 PUP.Optional.RussAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{8E8F97CD-60B5-456F-A201-73065652D099}, No Action By User, [10], [351113],1.0.3613 Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 3 PUP.Optional.eSupportNTFSUndelete, C:\PROGRAM FILES (X86)\ESUPPORT.COM\NTFS UNDELETE, No Action By User, [1981], [358075],1.0.3613 PUP.Optional.eSupportNTFSUndelete, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\ESUPPORT.COM\NTFS UNDELETE, No Action By User, [1981], [358076],1.0.3613 PUP.Optional.MailRu, C:\PROGRAM FILES (X86)\MAIL.RU, No Action By User, [635], [384138],1.0.3613 File: 10 PUP.Optional.eSupportNTFSUndelete, C:\USERS\PUBLIC\DESKTOP\NTFS UNDELETE.LNK, No Action By User, [1981], [355427],1.0.3613 PUP.Optional.MailRu, C:\USERS\AMONRA\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\MAIL.RU.LNK, No Action By User, [635], [384473],1.0.3613 PUP.Optional.MailRu, C:\USERS\AMONRA\FAVORITES\Mail.Ru Агент - используй для общения!.url, No Action By User, [635], [471428],1.0.3613 PUP.Optional.MailRu, C:\USERS\AMONRA\FAVORITES\Mail.Ru.url, No Action By User, [635], [471428],1.0.3613 PUP.Optional.eSupportNTFSUndelete, C:\Program Files (x86)\eSupport.com\NTFS Undelete\NTFSundelete.exe, No Action By User, [1981], [358075],1.0.3613 PUP.Optional.eSupportNTFSUndelete, C:\Program Files (x86)\eSupport.com\NTFS Undelete\unins000.dat, No Action By User, [1981], [358075],1.0.3613 PUP.Optional.eSupportNTFSUndelete, C:\Program Files (x86)\eSupport.com\NTFS Undelete\unins000.exe, No Action By User, [1981], [358075],1.0.3613 PUP.Optional.eSupportNTFSUndelete, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com\NTFS Undelete\NTFS Undelete.lnk, No Action By User, [1981], [358076],1.0.3613 PUP.Optional.eSupportNTFSUndelete, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eSupport.com\NTFS Undelete\Uninstall NTFS Undelete.lnk, No Action By User, [1981], [358076],1.0.3613 JokeTool.ScreenMate, C:\PROGRAM FILES (X86)\SCREENMATES\FELIX2.EXE, No Action By User, [4066], [474622],1.0.3613 Physical Sector: 0 (No malicious items detected) (end)
  8. There may be malware around that hides under this name, but I'm running the original animated cat that IS NOT MALWARE. So, please if you find this on a computer do at least make additional checks before you pronounce malware on it. Dave
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.