Jump to content
candylovergirl

PUM Registry Value MRT HELP

Recommended Posts

Hello,

MRT stands for Malware Removal Tool am I right?

I ran O&O ShutUp10 and MBAM detects 2  items detected OR maybe it is a FP  MBAM update

O&O ShutUp10 1.7.1405
 

https://dl5.oo-software.com/files/ooshutup10/OOSU10.exe

 

If is not a FP is this Threat dangerous? 😱

What I did wrong?

What this detection mean?

And how do I fixed? 

Thanks

Camelia

My MBAM log:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/13/20
Scan Time: 6:18 AM
Log File: c9f56cb8-35fe-11ea-8a90-6cf049562b12.json

-Software Information-
Version: 4.0.4.49
Components Version: 1.0.793
Update Package Version: 1.0.17671
License: Premium

-System Information-
OS: Windows 10 (Build 18362.535)
CPU: x64
File System: NTFS
User: C4M3LIAUD7HD2\c4m3lia

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 288217
Threats Detected: 2
Threats Quarantined: 0
Time Elapsed: 1 min, 18 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 2
PUM.Optional.DisableMRT, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, No Action By User, 6975, 676881, 1.0.17671, , ame, 
PUM.Optional.DisableMRT, HKLM\SOFTWARE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, No Action By User, 6975, 676881, 1.0.17671, , ame, 

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

 

 

 

 

Edited by AdvancedSetup
Removed live hyperlink

Share this post


Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Malwarebytes is reporting a restriction.

Let see what we can find.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file:
In the Reply section in the bottom of the topic Select Click the Choose a File.
Navigate to the location of the File.
Click the file. It will appear in section.
Click the Saving button.

Please post the logs for my review.

Wait for further instructions
====

Share this post


Link to post
Share on other sites

Hi,

Trust me the tool if downloaded from the Site I gave you is clean.

It must be run as an Administrator.

 

Share this post


Link to post
Share on other sites

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-12-2019
Ran by c4m3lia (administrator) on C4M3LIAUD7HD2 (Gigabyte Technology Co., Ltd. X58A-UD7) (13-01-2020 12:28:16)
Running from C:\Users\c4m3lia\Desktop\FRST 12.1.2019
Loaded Profiles: c4m3lia (Available Profiles: c4m3lia)
Platform: Windows 10 Home Version 1909 18363.535 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Invincea, Inc. -> Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Locktime Software s.r.o. -> Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLClientApp.exe
(Locktime Software s.r.o. -> Locktime Software) C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Yang Ping -> SHADOWDEFENDER.COM) C:\Program Files\Shadow Defender\DefenderDaemon.exe
(Yang Ping -> SHADOWDEFENDER.COM) C:\Program Files\Shadow Defender\Service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [183088 2019-12-05] (ESET, spol. s r.o. -> ESET)
HKLM\...\Run: [Shadow Defender Daemon] => C:\Program Files\Shadow Defender\DefenderDaemon.exe [601640 2018-04-21] (Yang Ping -> SHADOWDEFENDER.COM)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110144 2013-03-04] (CyberLink Corp. -> CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [492096 2013-03-04] (CyberLink Corp. -> CyberLink Corp.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1718580772-4280691558-506576080-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3681944 2019-12-16] (Invincea, Inc. -> Sandboxie Holdings, LLC)
HKU\S-1-5-21-1718580772-4280691558-506576080-1001\...\Run: [Power2GoExpress8] => NA
HKU\S-1-5-21-1718580772-4280691558-506576080-1001\...\Run: [NetLimiter] => C:\Program Files\Locktime Software\NetLimiter 4\nlclientapp.exe [82336 2019-06-12] (Locktime Software s.r.o. -> Locktime Software)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01A3F2F5-354E-40CA-AAD3-B59104B3604C} - System32\Tasks\WiseCleaner\WDCSkipUAC => C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe [5914792 2018-06-01] (Lespeed Technology Ltd. -> WiseCleaner.com)
Task: {142AEFE7-02A1-49F1-84FF-50274014B204} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-11-02] (Piriform Software Ltd -> Piriform Ltd)
Task: {5ED4854F-38CF-4FF0-87AE-035CC42C22AB} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1718580772-4280691558-506576080-1001 => C:\Users\c4m3lia\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {72AC3519-FE26-4C79-966D-518B445164FC} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [1677600 2019-09-06] (Corel Corporation -> Corel Corporation)
Task: {92E19732-0DFF-4662-B6F7-7D846C4A6D43} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-11-02] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {C625C3E4-A36A-42A3-AEA9-DE00D2ED8CCC} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files (x86)\PrivaZer\PrivaZer.exe [17253496 2020-01-12] (Goversoft LLC -> Goversoft LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.2.9.164 10.2.9.196
Tcpip\..\Interfaces\{5b2449bb-98c4-4c7b-a6b9-8c18af4cd879}: [DhcpNameServer] 10.2.9.164 10.2.9.196
Tcpip\..\Interfaces\{da064f4b-4793-4e8e-bbf7-830dcef727f8}: [DhcpNameServer] 10.2.9.164 10.2.9.196

Internet Explorer:
==================
BHO-x32: bho2gr Class -> {31FF080D-12A3-439A-A2EF-4BA95A3148E8} -> C:\Program Files (x86)\GetRight\xx2gr.dll [2009-10-19] (Headlight Software, Inc. -> Headlight Software, Inc.)

FireFox:
========
FF DefaultProfile: uzzgcm05.default
FF ProfilePath: C:\Users\c4m3lia\AppData\Roaming\Mozilla\Firefox\Profiles\uzzgcm05.default [2019-06-08]
FF ProfilePath: C:\Users\c4m3lia\AppData\Roaming\Mozilla\Firefox\Profiles\16ebm1vx.default-release [2020-01-13]
FF Homepage: Mozilla\Firefox\Profiles\16ebm1vx.default-release -> about:blank
FF Extension: (uBlock Origin) - C:\Users\c4m3lia\AppData\Roaming\Mozilla\Firefox\Profiles\16ebm1vx.default-release\Extensions\uBlock0@raymondhill.net.xpi [2020-01-07]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2020-01-13]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2245488 2019-12-05] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2245488 2019-12-05] (ESET, spol. s r.o. -> ESET)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6960640 2019-11-07] (Malwarebytes Inc -> Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 nlsvc; C:\Program Files\Locktime Software\NetLimiter 4\NLSvc.exe [309664 2019-06-12] (Locktime Software s.r.o. -> Locktime Software)
R2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [328344 2019-12-16] (Invincea, Inc. -> Sandboxie Holdings, LLC)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\NisSrv.exe [2433136 2019-06-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1905.4-0\MsMpEng.exe [109896 2019-06-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 {0CBD4F48-3751-475D-BE88-4F271385B672}; C:\Program Files\Shadow Defender\Service.exe [135160 2018-04-21] (Yang Ping -> SHADOWDEFENDER.COM)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 diskpt; C:\Windows\System32\drivers\diskpt.sys [464008 2017-10-15] (StarSoftComm(China) Ltd. -> SHADOWDEFENDER.COM)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-18] (Hewlett-Packard Company -> Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-18] (Hewlett-Packard Company -> Windows (R) Win 7 DDK provider)
S3 dot4usb; C:\Windows\system32\DRIVERS\dot4usb.sys [49056 2012-10-18] (Hewlett-Packard Company -> Microsoft Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [149944 2019-11-03] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [103264 2019-11-03] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15800 2019-06-07] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [189512 2019-11-03] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [50712 2019-11-03] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [79744 2019-12-05] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [116696 2019-12-05] (ESET, spol. s r.o. -> ESET)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-01-08] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [218288 2020-01-08] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-11-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [226448 2020-01-13] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73584 2020-01-13] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-01-13] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [105112 2020-01-13] (Malwarebytes Inc -> Malwarebytes)
R3 mv91cons; C:\Windows\System32\drivers\mv91cons.sys [32184 2015-06-25] (Marvell Semiconductor, Inc. -> Marvell Semiconductor Inc.)
R0 nldrv; C:\Windows\System32\drivers\nldrv.sys [178944 2019-06-11] (Locktime Software s.r.o. -> Locktime Software)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [711968 2019-06-04] (Realtek Semiconductor Corp. -> Realtek )
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [451792 2019-04-02] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [224488 2019-12-15] (Invincea, Inc. -> Sandboxie Holdings, LLC)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [47496 2019-06-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [337632 2019-06-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [53984 2019-06-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-13 12:23 - 2020-01-13 12:23 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-01-13 12:23 - 2020-01-13 12:23 - 000226448 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2020-01-13 12:23 - 2020-01-13 12:23 - 000105112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2020-01-13 12:23 - 2020-01-13 12:23 - 000073584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2020-01-13 12:22 - 2020-01-13 12:22 - 005052272 _____ C:\Windows\system32\FNTCACHE.DAT
2020-01-13 12:06 - 2020-01-13 12:06 - 000007526 _____ C:\Users\c4m3lia\Desktop\host_bck.txt
2020-01-13 11:39 - 2020-01-13 12:28 - 000000000 ____D C:\FRST
2020-01-13 11:38 - 2020-01-13 12:28 - 000000000 ____D C:\Users\c4m3lia\Desktop\FRST 12.1.2019
2020-01-13 06:21 - 2020-01-13 11:28 - 000002489 _____ C:\Users\c4m3lia\Desktop\MBAM.txt
2020-01-12 17:11 - 2020-01-12 17:11 - 000000798 _____ C:\Users\c4m3lia\Desktop\ghosting_vegas.txt
2020-01-12 17:03 - 2020-01-12 17:03 - 000000000 ____D C:\Users\c4m3lia\Desktop\Twitter Amc
2020-01-12 11:11 - 2020-01-12 11:11 - 000000000 ____D C:\Program Files (x86)\PrivaZer
2020-01-12 10:54 - 2020-01-13 04:23 - 000000000 ____D C:\Users\c4m3lia\Desktop\ooshutup10
2020-01-12 10:27 - 2020-01-12 10:27 - 000000117 _____ C:\Users\c4m3lia\Desktop\windows10build.txt
2020-01-10 07:05 - 2020-01-11 09:21 - 000000000 ____D C:\Users\c4m3lia\Desktop\Proyecto
2020-01-08 13:52 - 2020-01-08 13:52 - 000218288 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-01-08 08:10 - 2020-01-08 10:50 - 000000000 ____D C:\Users\c4m3lia\Desktop\Malditos
2020-01-08 08:10 - 2020-01-08 08:10 - 000000000 ____D C:\Users\c4m3lia\Desktop\Macias
2020-01-06 12:26 - 2020-01-08 13:36 - 000000450 _____ C:\Users\c4m3lia\Desktop\Cookie_Bkav.txt
2020-01-03 02:20 - 2020-01-08 13:56 - 000000000 ____D C:\Users\c4m3lia\Desktop\Mojave
2020-01-02 00:25 - 2020-01-02 00:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExamDiff Pro (64-bit)
2020-01-02 00:24 - 2020-01-02 00:25 - 000000000 ____D C:\Program Files\ExamDiff Pro
2020-01-02 00:16 - 2020-01-02 00:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2019-12-28 17:17 - 2019-12-28 17:17 - 000000000 ____D C:\Delegacion
2019-12-26 02:31 - 2020-01-05 08:10 - 000000521 _____ C:\Users\c4m3lia\Desktop\Defaults.txt
2019-12-22 03:41 - 2019-12-22 03:41 - 000000000 ____D C:\Users\c4m3lia\AppData\Local\D3DSCache
2019-12-21 04:10 - 2019-12-21 04:10 - 000000000 ____D C:\Users\c4m3lia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HandBrake
2019-12-21 04:10 - 2019-12-21 04:10 - 000000000 ____D C:\Program Files\HandBrake
2019-12-18 15:36 - 2019-12-18 15:36 - 000000178 _____ C:\Users\c4m3lia\Desktop\Vips.txt
2019-12-15 16:46 - 2019-12-19 21:42 - 000004206 _____ C:\Users\c4m3lia\Desktop\DownSM.txt
2019-12-14 09:58 - 2019-08-16 05:42 - 000000697 _____ C:\Users\c4m3lia\Desktop\MD5TXT.txt

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-01-13 12:22 - 2019-06-07 12:02 - 000000000 ____D C:\ProgramData\NVIDIA
2020-01-13 12:22 - 2019-06-06 23:57 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-01-13 12:18 - 2019-03-18 22:37 - 000262144 _____ C:\Windows\system32\config\BBI
2020-01-13 12:15 - 2019-06-08 00:28 - 000000000 ____D C:\Users\c4m3lia\AppData\Local\PrivaZer
2020-01-13 11:43 - 2019-03-18 22:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-01-13 11:42 - 2019-03-18 22:50 - 000000000 ____D C:\Windows\INF
2020-01-13 11:31 - 2019-06-07 00:09 - 000000000 ____D C:\Users\c4m3lia
2020-01-13 07:14 - 2019-06-08 01:14 - 000000000 ____D C:\Users\c4m3lia\AppData\Roaming\Wise Disk Cleaner
2020-01-13 05:45 - 2019-06-06 23:57 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-01-12 11:11 - 2019-06-08 00:28 - 000001970 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk
2020-01-12 07:12 - 2019-12-02 00:20 - 000000824 _____ C:\Users\c4m3lia\Desktop\Vegas Forum.txt
2020-01-12 05:50 - 2019-06-08 01:13 - 000002094 _____ C:\Windows\Sandboxie.ini
2020-01-09 03:48 - 2019-12-03 10:12 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-01-09 02:55 - 2019-06-08 00:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-01-08 21:30 - 2019-06-08 00:20 - 000000000 ____D C:\Users\c4m3lia\AppData\LocalLow\Mozilla
2020-01-08 21:27 - 2019-06-08 00:20 - 000001009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-01-08 13:52 - 2019-11-07 09:51 - 000000000 ____D C:\Users\c4m3lia\AppData\Local\cache
2020-01-08 13:52 - 2019-07-06 22:14 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-01-05 08:09 - 2019-08-28 16:25 - 000002840 _____ C:\Users\c4m3lia\Desktop\Twitter Acounts.txt
2020-01-02 05:14 - 2019-10-06 16:41 - 000000000 ____D C:\iCloud
2019-12-31 09:01 - 2019-11-06 18:45 - 000000000 ____D C:\Users\c4m3lia\Documents\Movie Studio 16.0 Platinum Projects
2019-12-31 08:58 - 2019-07-06 20:06 - 000000000 ____D C:\ProgramData\Movie Studio Platinum
2019-12-31 08:57 - 2019-07-06 19:58 - 000000000 ____D C:\Users\c4m3lia\AppData\Roaming\Sony
2019-12-26 21:40 - 2019-06-10 03:36 - 000004210 _____ C:\Windows\system32\Tasks\CCleaner Update
2019-12-25 05:23 - 2019-12-03 01:25 - 000072084 _____ C:\Users\c4m3lia\Desktop\16MacUp Mojave.txt
2019-12-14 10:28 - 2019-07-16 00:12 - 000000600 _____ C:\Users\c4m3lia\AppData\Roaming\winscp.rnd
2019-12-14 10:22 - 2019-07-16 00:11 - 000001146 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2019-12-14 10:22 - 2019-07-16 00:11 - 000000000 ____D C:\Program Files (x86)\WinSCP

==================== Files in the root of some directories ========

2019-07-16 00:12 - 2019-12-14 10:28 - 000000600 _____ () C:\Users\c4m3lia\AppData\Roaming\winscp.rnd

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Addition.txt

Share this post


Link to post
Share on other sites

Hi,

The fix suggested should reset your System Restore which is disabled.
No malware was found in your logs.

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

p.s.
On the MTR issue, If you allow Malwarebytes to quarantine it then that should be all that is necessary to reset it back to default so that it will run when the next version of MRT is released.

fixlist.txt

Edited by nasdaq

Share this post


Link to post
Share on other sites

Hello,

The MRT detections started when I update from O&O ShutUp10 1.6.1402 - 05/07/2019 TO O&O ShutUp10 1.7.1405 - December 06, 2019, With the same settings,
I have contacted the O&O ShutUp10 developer but they can not reproduce the issue and they suggest me to ask at this forum first.

>The fix suggested should reset your System Restore which is disabled.

I have enabled System Restore

>No malware was found in your logs.

:)

>Please download the attached Fixlist.txt file to
Done

Location of Fixlist.txt
C:\Users\c4m3lia\Desktop\FRST 12.1.2019\fixlist.txt

>Please post the Fixlog.txt and let me know what problem persists.

If I "Undo all changes" of O&O ShutUp10 to factory settings there is not detection
But If I import the settings I had, the MBAM detects the MRT as PUM

I wanted to attach ooshutup10.cfg just in case but .cfg is not an Allowed file extension to attach 😭

>p.s.
>On the MTR issue, If you allow Malwarebytes to quarantine
>it then that should be all that is necessary to reset it back to default
>so that it will run when the next version of MRT is released.

I did not quarantine the registries of Windows Malicious Software Removal Tool x64 December 2019 (KB890830)
Successfully Installed new version of the latest Windows Malicious Software Removal Tool x64 January 2020 (KB890830)

Latest MBAM scan:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/15/20
Scan Time: 9:18 AM
Log File: 4e551268-37aa-11ea-955b-6cf049562b12.json

-Software Information-
Version: 4.0.4.49
Components Version: 1.0.793
Update Package Version: 1.0.17756
License: Premium

-System Information-
OS: Windows 10 (Build 18362.592)
CPU: x64
File System: NTFS
User: C4M3LIAUD7HD2\c4m3lia

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 288437
Threats Detected: 2
Threats Quarantined: 0
Time Elapsed: 3 min, 42 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 2
PUM.Optional.DisableMRT, HKLM\SOFTWARE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, No Action By User, 6979, 676881, 1.0.17756, , ame,
PUM.Optional.DisableMRT, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, No Action By User, 6979, 676881, 1.0.17756, , ame,

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

Fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-12-2019
Ran by c4m3lia (15-01-2020 09:12:08) Run:1
Running from C:\Users\c4m3lia\Desktop\FRST 12.1.2019
Loaded Profiles: c4m3lia (Available Profiles: c4m3lia)
Boot Mode: Normal
==============================================

fixlist content:
*****************
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
Reboot:

*****************

SystemRestore: On => completed
Restore point was successfully created.
Processes closed successfully.


The system needed a reboot.

==== End of Fixlog 09:12:36 ====

Share this post


Link to post
Share on other sites

Hi,

This MRT entry is set in the registry.
Lets have a look at it.

Download the Systemlook appropriate for you system.

SystemLook (32-Bit Version) or SystemLook (64-Bit Version)

  • Double-click SystemLook.exe/SystemLook_x64.exe
  • to run it.
  • Copy and paste the content of the following bold text into the main textfield:
    :reg 
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT /sub
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.


===

Share this post


Link to post
Share on other sites

SystemLook 04.09.10 by jpshortstuff
Log created at 15:33 on 17/01/2020 by c4m3lia
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT]
(No values found)


-= EOF =-

Extra Info:

I noticed that If I do not enable this options in O&O ShutUp10 , MBAM does not detect the two Registry Values in the  MRT registry

WD.thumb.jpg.c1fd2eebc46de0682ceb25d83e080cbb.jpg

The first time O&O ShutUp10 prompt to restart my computer I got this message from Windows Security, and I click on "Dismiss"

WSE.jpg.28ad1bdb26d958be70fa9cac1860843f.jpg

Share this post


Link to post
Share on other sites

Hello,

Last question and suggest

Could you please confirm that the issue was caused by O&O ShutUp10 latest version? 

Do you suggest another scan with FRST  or another tool to search for malware or It is not necessary because my computer is clean of malware?

Thank you

Camelia

Share this post


Link to post
Share on other sites

Hi,

Malwarebytes works well with all the Security programs.

On occasions there is interference and to solve it and if the Security Program installed is causing issues it  must be added to the Malwarebytes restrictions list.

All is well.

===

For you peace of mind run this Sophos Virus Removal Tool.
Do it when you know the computer will not be used for an hour or 2.

Please download Sophos Virus Removal Tool and save it to your computer's Desktop.

  • Right-click the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Next button.
  • Select 'I accept the terms in the license agreement', then click Next twice.
  • Click the Install button and wait until the installation is complete.
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug your Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.



Windows Vista and above:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
 
Please post the contents of the log in your next reply and note any errors encountered.
===

Share this post


Link to post
Share on other sites
On 1/20/2020 at 7:36 AM, nasdaq said:

For you peace of mind run this Sophos Virus Removal Tool.

 

Hello,

How to uninstall  Sophos Virus Removal Tool.exe, without leaving traces?

Thanks

Camelia

SophosVirusRemovalTool.log

 

 

 

SophosVirusRemovalTool.log

Share this post


Link to post
Share on other sites

Hi,

Delete the downloaded file and the log.

 

 

 

Share this post


Link to post
Share on other sites
18 hours ago, nasdaq said:

Hi,

Delete the downloaded file and the log.

The SophosVirusRemovalTool log shows the computer is clean of malware?

If I do not have anything to worry, thank you very much for your help! ❤️👍🙌

Camelia

Update: I have deleted the downloaded file and the log,  uninstalling the tool via Control Panel > All Control Panel Items > Programs and Features and deleted all the folders and sub-folders from C:\ProgramData\Sophos\  

And

All the folders and sub-folders from C:\FRS\

Will I have any problem about these deletions?

 

 

Edited by candylovergirl

Share this post


Link to post
Share on other sites

Hi,

I do not think so. The only way to find out it's using the computer normally, using the programs you need.

I will leave this topic open for 6 days. If you need to return please do.

Share this post


Link to post
Share on other sites
On 2/1/2020 at 7:46 AM, AdvancedSetup said:

Hello @candylovergirl

Just following up to see if you need any further assistance before we close your topic

Thanks

 

I am OK

Thank you very much for all your help 🙌

You can close or archive this topic

Camelia

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.