Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Request to check FRST and MTB Logs (Please)


  • This topic is locked This topic is locked
7 replies to this topic

#1 MrC0f33

MrC0f33

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:58 PM

Posted 12 September 2017 - 01:01 AM

Greetings,

May I kindly request that any experts in this forum, to kindly examine my FRST and MTB logs to ensure that my laptop is clean?
I am not infected per se, but just want to get experts to check on my current status as it has been a habit of mine to run FRST and MTB scans once a month and see if there maybe budding problems with my systems and network.

So may I kindly know is my laptop clean 

and

Is my Wifi Router DNS safe?

This has been a habit of mine after I got infected which forced me to reformat my laptop. 
I am looking forward to your reply

Thank-you



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:58 AM

Posted 12 September 2017 - 10:22 AM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


If you are from Malaysia and your ISP is TM Net, then your DNS is ok.

 

***


:step1: Please download Security Analysis by Rocket Grannie from here
  • Save it to your Desktop.
  • Close your security software to avoid potential conflicts.
  • Double click RGSA.exe
  • Click OK on the copyright-disclaimer
  • When finished, a Notepad window will open with the results of the scan.
  • The log named SALog.txt can also be found on the Desktop or in the same folder from where the tool is run if installed elsewhere.
  • Please copy and paste the contents of that log in this topic.
  • Note:
If you get a Warning from Windows about running the program, click on More info and then click Run Anyway to run it even though Windows says it might put your PC at risk.
 

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 MrC0f33

MrC0f33
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:58 PM

Posted 12 September 2017 - 10:46 AM

Dear Jo*,

Thanks for your reply. To answer your questions and request:

Yes I live in Malaysia and my ISP is TM (Telekom Malaysia)

Here is the log from Rocket Grannie (I did not turn of my AV programmes but instead I whitelisted RG in BD)
 

Result of Security Analysis by Rocket Grannie (x86) Updated: 28th August, 2017
Running from:C:\Users\Tham Yee Shung\Desktop (23:43:45 - 09/12/2017)
***---------------------------------------------------------***
Microsoft Windows 10 Home Single Language X64
UAC is Enabled
Internet Explorer 11
Default Browser: Opera
***------------Antivirus - Antispyware - Firewall-----------***
Windows Defender (Disabled - up to Date)
Malwarebytes (Enabled - up to Date)
Bitdefender Antivirus (Enabled - up to Date)
Bitdefender Antispyware (Enabled - up to Date)
Malwarebytes (Enabled - up to Date)
Windows Defender (Disabled - up to Date)
Bitdefender Firewall (Enabled)
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI is not installed
CCleaner (5.33)
Google Chrome (61.0.3163.79)
Malwarebytes (3.2.2.2018)
Opera (47.0.2631.80)
 
***----------------Analysis Complete-------------------------***

Edited by TechN3wb, 12 September 2017 - 10:52 AM.


#4 MrC0f33

MrC0f33
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:58 PM

Posted 12 September 2017 - 10:51 AM

Here is the scan log from MWB Premium with Anti-Rootkit enabled
 

alwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 9/12/17
Scan Time: 11:46 PM
Log File: 954dfd04-97d1-11e7-b830-f8a963374ef1.json
Administrator: Yes
 
-Software Information-
Version: 3.2.2.2018
Components Version: 1.0.188
Update Package Version: 1.0.2785
License: Premium
 
-System Information-
OS: Windows 10 (Build 15063.540)
CPU: x64
File System: NTFS
User: DESKTOP-M6AF5UE\Tham Yee Shung
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327462
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 3 min, 17 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#5 MrC0f33

MrC0f33
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:58 PM

Posted 12 September 2017 - 10:55 AM

My logs from ADW Cleaner
 

# AdwCleaner 7.0.2.1 - Logfile created on Tue Sep 12 15:54:36 2017
# Updated on 2017/29/08 by Malwarebytes 
# Database: 09-12-2017.1
# Running on Windows 10 Home Single Language (X64)
# Mode: scan
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [961 B] - [2017/7/30 1:55:27]
C:/AdwCleaner/AdwCleaner[S1].txt - [1027 B] - [2017/7/30 7:4:8]
C:/AdwCleaner/AdwCleaner[S2].txt - [1092 B] - [2017/7/31 19:33:8]
C:/AdwCleaner/AdwCleaner[S3].txt - [1159 B] - [2017/8/2 3:54:15]
C:/AdwCleaner/AdwCleaner[S4].txt - [1225 B] - [2017/8/7 9:9:37]
C:/AdwCleaner/AdwCleaner[S5].txt - [1290 B] - [2017/8/14 13:53:39]
C:/AdwCleaner/AdwCleaner[S6].txt - [1358 B] - [2017/8/14 14:53:49]
C:/AdwCleaner/AdwCleaner[S7].txt - [1426 B] - [2017/8/15 18:34:4]
C:/AdwCleaner/AdwCleaner[S8].txt - [1493 B] - [2017/8/18 15:59:29]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S9].txt ##########

Dear Jo*, judging from these results, is it safe to say that my laptop is clean?



#6 Jo*

Jo*

  • Malware Response Team
  • 3,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:58 AM

Posted 12 September 2017 - 11:00 AM

Your FRST and MTB Logs are clean too.
 

***


It Appears That Your Pc Is Clean!


***


Clean up:


***


Right-click AdwCleaner.exe and select Run As Administrator.
  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.

***


Clean up with delfix:
  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***


Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.

===================================

Here are some Preventive tips to reduce the potential for spyware infection in the future

:step1: Make sure you keep your Windows OS current.
  • Windows Vista / 7 / 8 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).
:step2: Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
:step3: Use only one anti-virus software and keep it up-to-date.

:step4: Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

:step5: Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

:step6: Use Strong passwords!

:step7: Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
And you could install Malwarebytes Anti-Exploit to run alongside your traditional anti-virus or anti-malware products.

Make sure your programs are up to date - because older versions may contain Security Leaks.


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 MrC0f33

MrC0f33
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:58 PM

Posted 12 September 2017 - 12:30 PM

Thanks Jo*!

That is good to know!

May I kindly request that this topic be locked/closed?

Thank-you very much for your assistance.

Cheers!



#8 Jo*

Jo*

  • Malware Response Team
  • 3,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:58 AM

Posted 12 September 2017 - 12:54 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users