theoldmole Posted May 29, 2021 ID:1460266 Share Posted May 29, 2021 My computer has been playing up recently. Programs have been freezing and crashing. While this isn't necessarily indicative of an infection, it's better to be safe than sorry. FRST.txt Addition.txt Scan.txt Link to post Share on other sites More sharing options...
kevinf80 Posted May 29, 2021 ID:1460307 Share Posted May 29, 2021 Hiya theoldmole and welcome to Malwarebytes, Do not see any obvious Malware or Infection in your logs. There are several error entries related to Dropbox showing in event viewer, these are certification errors for the main service DbxSvc. Can you reinstall Dropbox and see if that makes any difference... Thank you, Kevin. Link to post Share on other sites More sharing options...
theoldmole Posted May 30, 2021 Author ID:1460402 Share Posted May 30, 2021 17 hours ago, kevinf80 said: Hiya theoldmole and welcome to Malwarebytes, Do not see any obvious Malware or Infection in your logs. There are several error entries related to Dropbox showing in event viewer, these are certification errors for the main service DbxSvc. Can you reinstall Dropbox and see if that makes any difference... Thank you, Kevin. Do you want me to rerun the scans after I have reinstalled it? Link to post Share on other sites More sharing options...
kevinf80 Posted May 30, 2021 ID:1460403 Share Posted May 30, 2021 Yes please.. Link to post Share on other sites More sharing options...
theoldmole Posted May 30, 2021 Author ID:1460411 Share Posted May 30, 2021 2 hours ago, kevinf80 said: Yes please.. Here you go. Addition.txt FRST.txt Link to post Share on other sites More sharing options...
Solution kevinf80 Posted May 30, 2021 Solution ID:1460448 Share Posted May 30, 2021 Hiya theoldmole, Thanks for those logs, continue with the following: Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.Note: If the tool warned you about an outdated version please download and run the updated version.NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. Next, Download "Microsoft's Safety Scanner" and save direct to the desktop Ensure to get the correct version for your system....https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Right click on the Tool, select Run as Administrator the tool will expand to the options Window In the "Scan Type" window, select Quick Scan Perform a scan and Click Finish when the scan is done. Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function 2) Type or Copy/Paste the following command to the "Run Line" and Press Enter: notepad c:\windows\debug\msert.log The log will include log details for each time MSRT has run, we only need the most recent log by date and time.... Let me see those logs, also tell me if there are any remaining issues or concerns... Thank you, Kevin... fixlist.txt Link to post Share on other sites More sharing options...
theoldmole Posted May 31, 2021 Author ID:1460572 Share Posted May 31, 2021 15 hours ago, kevinf80 said: Hiya theoldmole, Thanks for those logs, continue with the following: Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.NOTE. It's important that both files, FRST or FRSTEnglish, and fixlist.txt are in the same location or the fix will not work.NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.Note: If the tool warned you about an outdated version please download and run the updated version.NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files.NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. Next, Download "Microsoft's Safety Scanner" and save direct to the desktop Ensure to get the correct version for your system....https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download Right click on the Tool, select Run as Administrator the tool will expand to the options Window In the "Scan Type" window, select Quick Scan Perform a scan and Click Finish when the scan is done. Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function 2) Type or Copy/Paste the following command to the "Run Line" and Press Enter: notepad c:\windows\debug\msert.log The log will include log details for each time MSRT has run, we only need the most recent log by date and time.... Let me see those logs, also tell me if there are any remaining issues or concerns... Thank you, Kevin... fixlist.txt 6.55 kB · 3 downloads Thanks for that Kevin. Malwarebytes quarantined FRST and the fixlist.txt and flagged it as ransomware. I think the scan had finished though. I will attach the the log here. Fixlog.txt Link to post Share on other sites More sharing options...
theoldmole Posted May 31, 2021 Author ID:1460577 Share Posted May 31, 2021 msert.log Link to post Share on other sites More sharing options...
theoldmole Posted May 31, 2021 Author ID:1460578 Share Posted May 31, 2021 Apologies for double posting. I can't figure out how to edit my replies. Here is the log for the FRST quarantining. False positive? Log.txt Link to post Share on other sites More sharing options...
kevinf80 Posted May 31, 2021 ID:1460670 Share Posted May 31, 2021 Hiya theoldmole, Yes an FP, FRST is not malicious. How is yyour PC responding now, any issues or concerns..? Thank you, Kevin... Link to post Share on other sites More sharing options...
theoldmole Posted June 1, 2021 Author ID:1460766 Share Posted June 1, 2021 14 hours ago, kevinf80 said: Hiya theoldmole, Yes an FP, FRST is not malicious. How is yyour PC responding now, any issues or concerns..? Thank you, Kevin... Everything is working great! Link to post Share on other sites More sharing options...
kevinf80 Posted June 1, 2021 ID:1460768 Share Posted June 1, 2021 Hiya theoldmole, Good to hear your PC is working normally. To clean up etc do the folllowing: Right click on FRST here: C:\Users\John\Downloads\FRST.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator" If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST to uninstall That action will remove FRST and all created files and folders... Next, Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2 Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/ Condsider the following: Disable Remote Desktop: https://www.tenforums.com/tutorials/92433-enable-disable-remote-desktop-connections-windows-10-pc.html Disable Windows Telemetry: https://helpdeskgeek.com/windows-10/how-to-disable-windows-10-telemetry/ Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/ Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Will also work for Opera and Edge.. PatchMyPC, keep all your software upto date - https://patchmypc.com/home-updater#download From there you should be good to go... Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful....Answers to Common Security Questions and best PracticesDo I need a Registry Cleaner? Take care and surf safe Kevin... Link to post Share on other sites More sharing options...
theoldmole Posted June 1, 2021 Author ID:1460774 Share Posted June 1, 2021 42 minutes ago, kevinf80 said: Hiya theoldmole, Good to hear your PC is working normally. To clean up etc do the folllowing: Right click on FRST here: C:\Users\John\Downloads\FRST.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator" If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST to uninstall That action will remove FRST and all created files and folders... Next, Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2 Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/ Condsider the following: Disable Remote Desktop: https://www.tenforums.com/tutorials/92433-enable-disable-remote-desktop-connections-windows-10-pc.html Disable Windows Telemetry: https://helpdeskgeek.com/windows-10/how-to-disable-windows-10-telemetry/ Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/ Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Will also work for Opera and Edge.. PatchMyPC, keep all your software upto date - https://patchmypc.com/home-updater#download From there you should be good to go... Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful....Answers to Common Security Questions and best PracticesDo I need a Registry Cleaner? Take care and surf safe Kevin... Thank you very much for your time. Link to post Share on other sites More sharing options...
kevinf80 Posted June 1, 2021 ID:1460777 Share Posted June 1, 2021 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you Link to post Share on other sites More sharing options...
Recommended Posts