TechSpot

[A] Two viruses - generic29.anpx & win64/patched.a

Inactive
By PatJj
Sep 20, 2012
  1. PatJj

    PatJj TS Rookie Topic Starter Posts: 23

    FSS Log:

    Farbar Service Scanner Version: 19-09-2012
    Ran by Pat & Sara (administrator) on 28-09-2012 at 00:45:48
    Running from "C:\Users\Pat & Sara\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============
    mpsdrv Service is not running. Checking service configuration:
    The start type of mpsdrv service is OK.
    The ImagePath of mpsdrv service is OK.

    MpsSvc Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to retrieve start type of MpsSvc. The value does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of MpsSvc. The value does not exist.
    Unable to retrieve ServiceDll of MpsSvc. The value does not exist.

    bfe Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

    BITS Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============
    Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
    Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
    Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  2. PatJj

    PatJj TS Rookie Topic Starter Posts: 23

    AdwCleaner[S1].txt:

    # AdwCleaner v2.003 - Logfile created 09/28/2012 at 00:53:50
    # Updated 23/09/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Pat & Sara - PATSARA-HP
    # Boot Mode : Normal
    # Running from : C:\Users\Pat & Sara\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421


    -\\ Mozilla Firefox v15.0.1 (en-US)

    Profile name : default
    File : C:\Users\Pat & Sara\AppData\Roaming\Mozilla\Firefox\Profiles\vms3dim1.default\prefs.js

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [686 octets] - [28/09/2012 00:53:50]

    ########## EOF - C:\AdwCleaner[S1].txt - [745 octets] ##########
     
  3. PatJj

    PatJj TS Rookie Topic Starter Posts: 23

    ADWcleaner isn't uninstalling. I guess I'll just manually delete afterwards (?)
     
  4. PatJj

    PatJj TS Rookie Topic Starter Posts: 23

    TFC did require a restart
     
  5. PatJj

    PatJj TS Rookie Topic Starter Posts: 23

    I ran the ESET scanner, and the first time it found 16 threats, and removed them all. I didn't see any option to export to a log or anything like that. So I ran it again, and it found 0 threats.
     
  6. Broni

    Broni Malware Annihilator Posts: 47,164   +264

    You have several registry keys missing.

    Download Windows Repair (all in one) from this site

    Install the program then run it.

    Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

    [​IMG]



    Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

    [​IMG]


    Go to Step 4 and under "System Restore" click on Create button:

    [​IMG]


    Go to Start Repairs tab and click Start button.

    [​IMG]


    Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

    [​IMG]

    Click on box next to the Restart System when Finished. Then click on Start.

    Post new FSS log.
     
  7. Broni

    Broni Malware Annihilator Posts: 47,164   +264

    Still with me?
     
  8. Broni

    Broni Malware Annihilator Posts: 47,164   +264

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.