Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

FBI Moneypak Virus: Maybe Dormant? [Solved] [Closed] [Solved]


  • This topic is locked This topic is locked

#31
cherinacherine

cherinacherine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
wFarbar Service Scanner Version: 04-11-2012
Ran by Gwei (administrator) on 04-11-2012 at 12:10:37
Running from "C:\Users\Gwei\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2008-01-20 21:48] - [2008-01-20 21:48] - 0408064 ____A (Microsoft Corporation) DB37041AB857ABC7E179E856D8E1582C

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2009-10-31 01:24] - [2009-08-14 13:05] - 1418840 ____A (Microsoft Corporation) 3BCD46BE9988B09D3510A0EF54F0D65B

C:\Windows\System32\dnsrslvr.dll
[2008-01-20 21:48] - [2008-01-20 21:48] - 0117760 ____A (Microsoft Corporation) 93CE26DBED3182634F18DD2FE10E41BE

C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-10-02 21:23] - [2009-08-06 21:24] - 2424024 ____A (Microsoft Corporation) FB3796754FE00F0BDC87A36F164A5F4D

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

Advertisements


#32
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK as I suspected windows is not writing the registry entry correctly

Go Start > Run
Type in Regedit and press OK
Navigate to the following key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\windefend
Select sub key Parameters
Right click Service.dll select modify
In the box that opens remove the (x86) part only
You should be left with %ProgramFiles%\Windows Defender\mpsvc.dll
Click OK
Close out of regedit and then try windefender
  • 0

#33
cherinacherine

cherinacherine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
There are two different control sets, ControlSet001 and ControlSet002, which one should I use?
  • 0

#34
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Current control set please



[attachment=61348:Capture.JPG]
  • 0

#35
cherinacherine

cherinacherine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi, sorry! I misread that part!

I did exactly what you said, but I'm still getting an error message.
  • 0

#36
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
could you run FSS again please
  • 0

#37
cherinacherine

cherinacherine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Farbar Service Scanner Version: 04-11-2012
Ran by Gwei (administrator) on 04-11-2012 at 17:26:25
Running from "C:\Users\Gwei\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2008-01-20 21:48] - [2008-01-20 21:48] - 0408064 ____A (Microsoft Corporation) DB37041AB857ABC7E179E856D8E1582C

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2009-10-31 01:24] - [2009-08-14 13:05] - 1418840 ____A (Microsoft Corporation) 3BCD46BE9988B09D3510A0EF54F0D65B

C:\Windows\System32\dnsrslvr.dll
[2008-01-20 21:48] - [2008-01-20 21:48] - 0117760 ____A (Microsoft Corporation) 93CE26DBED3182634F18DD2FE10E41BE

C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-10-02 21:23] - [2009-08-06 21:24] - 2424024 ____A (Microsoft Corporation) FB3796754FE00F0BDC87A36F164A5F4D

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#38
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets try windows repair.. When you try to start defender what error do you get ?

Download Windows Repair (all in one) from this site

Install the programme then run

Posted Image

Go to step 3 and allow it to run SFC
Posted Image


On the start repairs tab click start
Posted Image

Select the following items and tick restart system when finished
Posted Image
  • 0

#39
cherinacherine

cherinacherine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Sorry, probably a really obvious and silly question. I clicked the start button on the repairs tab, and it a pop up asked if I wanted to create a back up or restore point before I started. Yes or No?
  • 0

#40
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes create a restore point
  • 0

Advertisements


#41
cherinacherine

cherinacherine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
How long do you think Window Repair will run before it's finished? It's been running for 4 hours now, and it's still on repair jobs 1/19. Is that normal? :o
  • 0

#42
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
First it will run SFC to scan your system files, then it proceeds to the various tasks

If it is stuck on the first one then stop the programme and re-run it (no need to do the restore or SFC)
  • 0

#43
cherinacherine

cherinacherine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
I'm not sure if it's still running SFC or not....this is what it looks like:

Posted Image


Posted Image
  • 0

#44
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Stop it and re-run, deselect the first element .. Registry permissions and try again please
  • 0

#45
cherinacherine

cherinacherine

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
YAY It worked! I did what you said, and after the restart, Windows Defender loaded!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP