Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Want to check the virus is gone. [Closed]


  • This topic is locked This topic is locked

#61
TheFallenAng3l

TheFallenAng3l

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Farbar Service Scanner Version: 16-02-2014
Ran by Leo Carpenter (administrator) on 21-02-2014 at 09:49:05
Running from "C:\Users\Leo Carpenter\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

Advertisements


#62
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts
Download Windows Repair (All In One)

Check the following boxes and run :

01
02
03
04
06
07
08
09
14
16
18
20
22
25

Restart/Shutdown System when finished. Restart System.

After that

Please run the MGA Diagnostic Tool and post back the report it produces:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.

  • 0

#63
TheFallenAng3l

TheFallenAng3l

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
I just ran the first one. Once I restarted my computer, everything I tried to run was not responding and then after a period of time all the icons and and the bottom toolbar disappeared so I had to go into task manager and close explorer.exe and relaunch it.

^^Hope this is normal..
I shall start running the next one in a hour or two.
  • 0

#64
TheFallenAng3l

TheFallenAng3l

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-M4KRT-8WPP8-VTQFM
Windows Product Key Hash: wC4lLajmxBGxNmUomNFfkMCs9wk=
Windows Product ID: 00371-618-6052107-85136
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {D9F5386C-F530-488D-AD54-35CE9F0A84CD}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130828-1532
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{D9F5386C-F530-488D-AD54-35CE9F0A84CD}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-VTQFM</PKey><PID>00371-618-6052107-85136</PID><PIDType>5</PIDType><SID>S-1-5-21-2683137839-147017386-2422825300</SID><SYSTEM><Manufacturer>Packard Bell</Manufacturer><Model>ipower G5800</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>P01-A3 </Version><SMBIOSVersion major="2" minor="6"/><Date>20100517000000.000000+000</Date></BIOS><HWID>367B3D07018400FE</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows® 7, Professional edition
Description: Windows Operating System - Windows® 7, RETAIL channel
Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00170-618-605210-01-2057-7600.0000-3432010
Installation ID: 002666204535580401592351486593378110535826156656208955
Processor Certificate URL: http://go.microsoft....k/?LinkID=88338
Machine Certificate URL: http://go.microsoft....k/?LinkID=88339
Use License URL: http://go.microsoft....k/?LinkID=88341
Product Key Certificate URL: http://go.microsoft....k/?LinkID=88340
Partial Product Key: VTQFM
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 23/02/2014 09:31:13

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: PgAAAAQAAAABAAEAAwAEAAAAAwABAAEAonaY/ag3FT9TNHqrxBuIz1gYd/aN72I92jQG6ef9kLgUe9gtdlY=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC ACRSYS APIC1139
FACP ACRSYS FACP1139
HPET ACRSYS OEMHPET
MCFG ACRSYS OEMMCFG
SLIC ACRSYS ACRPRDCT
OEMB ACRSYS OEMB1139
ASF! LEGEND I865PASF
AWMI ACRSYS OEMB1139
SSDT DpgPmm CpuPm
  • 0

#65
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts
Hello TheFallenAng3l,

Please run Farbar Service Scanner again.

  • Make sure the following options are checked:


  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Other Services

[*]Press Scan
[*]A log (FSS.txt) will be created in the same directory the tool is run.
[*]Copy and paste the log back here.
[/list]After that

You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.

If you no-longer have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

So when you return please post
  • FSS.txt
  • MBAM scan results

  • 0

#66
TheFallenAng3l

TheFallenAng3l

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
You can close the thread, issue fixed. I knew it was a virus. also, thanks for the help.

Edited by TheFallenAng3l, 03 March 2014 - 12:23 PM.

  • 0

#67
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts
Interesting.

You haven't posted the logs requested in the last post.

Neither have we cleared away the tools we have been using.

What was the particular virus you identified and can you show me the log generated by whatever manual action/tool/program you used when you cleared it away?
  • 0

#68
TheFallenAng3l

TheFallenAng3l

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.23.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Leo Carpenter :: LEOCARPENTER-PC [administrator]

Protection: Enabled

23/02/2014 22:03:16
mbam-log-2014-02-23 (22-03-16).txt

Scan type: Full scan (C:\|D:\|L:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 903178
Time elapsed: 4 hour(s), 26 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Program Files (x86)\Steam\steamapps\go3stk1ll3r\garrysmod\garrysmod\data\kim.txt (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\Users\Leo Carpenter\Documents\Dayz Manager v1.5.zip (Riskware.Tool.CK) -> Quarantined and deleted successfully.

(end)

The trojan that was detected was the file I was looking for when going though the logs.

Edited by TheFallenAng3l, 04 March 2014 - 04:08 PM.

  • 0

#69
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts
So, how is your machine?

Everything working okay now?
  • 0

#70
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP