Jeff7171
Honorary Members-
Posts
57 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Jeff7171
-
CLOUDNET Virus Keeps Coming Back
Jeff7171 replied to Jeff7171's topic in Resolved Malware Removal Logs
Will do everything you suggested. Thank you very much. There's nothing else I need help with 😊. -
CLOUDNET Virus Keeps Coming Back
Jeff7171 replied to Jeff7171's topic in Resolved Malware Removal Logs
Another thing, I scanned for viruses with Windows Defender and detected this virus: Zpevdo.B. But I removed it, so I think I'm okay now. Thanks again. Just letting you know. -
CLOUDNET Virus Keeps Coming Back
Jeff7171 replied to Jeff7171's topic in Resolved Malware Removal Logs
Hi! It's fixed now. Maraming salamat, AdvancedSetup! 😊 -
CLOUDNET Virus Keeps Coming Back
Jeff7171 replied to Jeff7171's topic in Resolved Malware Removal Logs
If it's this-- MsMpEng_Locations.txt -- Where do I get it? -
CLOUDNET Virus Keeps Coming Back
Jeff7171 replied to Jeff7171's topic in Resolved Malware Removal Logs
I mean, what will I attach? -
CLOUDNET Virus Keeps Coming Back
Jeff7171 replied to Jeff7171's topic in Resolved Malware Removal Logs
Microsoft Windows [Version 10.0.18363.1379] (c) 2019 Microsoft Corporation. All rights reserved. C:\Windows\system32>reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /s HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService DependOnService REG_MULTI_SZ RpcSs Description REG_SZ @%systemroot%\system32\SecurityHealthAgent.dll,-1001 DisplayName REG_SZ @%systemroot%\system32\SecurityHealthAgent.dll,-1002 ErrorControl REG_DWORD 0x1 FailureActions REG_BINARY 80510100000000000000000003000000140000000100000060EA00000100000060EA00000000000000000000 ImagePath REG_EXPAND_SZ %SystemRoot%\system32\SecurityHealthService.exe LaunchProtected REG_DWORD 0x2 ObjectName REG_SZ LocalSystem RequiredPrivileges REG_MULTI_SZ SeImpersonatePrivilege\0SeBackupPrivilege\0SeRestorePrivilege\0SeDebugPrivilege\0SeChangeNotifyPrivilege\0SeSecurityPrivilege\0SeAssignPrimaryTokenPrivilege\0SeTcbPrivilege\0SeSystemEnvironmentPrivilege\0SeShutdownPrivilege ServiceSidType REG_DWORD 0x1 Start REG_DWORD 0x3 Type REG_DWORD 0x10 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService\Security Security REG_BINARY 010014801C01000028010000140000003000000002001C000100000002801400FF010F000101000000000001000000000200EC0008000000000018009D00020001020000000000052000000021020000000014009D010200010100000000000512000000000018009D01020001020000000000052000000020020000000014009D000200010100000000000504000000000014009D00020001010000000000050600000000002800FD010200010600000000000550000000E5FE795FA0AE0D3B22FA0AC9015A413AE5A64AB700002800FF010F00010600000000000550000000B589FB381984C2CB5C6C236D5700776EC002648700002800FF010F00010600000000000550000000DB8C740FC27273F32B26B944771E4F027663B521010100000000000512000000010100000000000512000000 C:\Windows\system32>reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend" /s ERROR: The system was unable to find the specified registry key or value. C:\Windows\system32>reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc" /s HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc DependOnService REG_MULTI_SZ mpsdrv\0bfe Description REG_SZ @%SystemRoot%\system32\FirewallAPI.dll,-23091 DisplayName REG_SZ @%SystemRoot%\system32\FirewallAPI.dll,-23090 ErrorControl REG_DWORD 0x1 FailureActions REG_BINARY 80510100000000000000000003000000140000000200000060EA00000200000060EA00000200000060EA0000 Group REG_SZ NetworkProvider ImagePath REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p ObjectName REG_SZ NT Authority\LocalService RequiredPrivileges REG_MULTI_SZ SeAssignPrimaryTokenPrivilege\0SeAuditPrivilege\0SeChangeNotifyPrivilege\0SeCreateGlobalPrivilege\0SeImpersonatePrivilege\0SeIncreaseQuotaPrivilege ServiceSidType REG_DWORD 0x3 Start REG_DWORD 0x2 SvcHostSplitDisable REG_DWORD 0x1 SvcMemHardLimitInMB REG_DWORD 0x1b SvcMemMidLimitInMB REG_DWORD 0x14 SvcMemSoftLimitInMB REG_DWORD 0xc Type REG_DWORD 0x20 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc\Parameters ServiceDll REG_EXPAND_SZ %SystemRoot%\system32\mpssvc.dll ServiceDllUnloadOnStop REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc\Parameters\ACService HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc\Parameters\AppCs HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc\Parameters\PortKeywords HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc\Parameters\PortKeywords\DHCP HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc\Parameters\PortKeywords\IPTLSIn HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc\Parameters\PortKeywords\IPTLSOut HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc\Parameters\PortKeywords\RPC-EPMap HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc\Parameters\PortKeywords\Teredo HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc\Security Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF000F000101000000000001000000000200600004000000000014008500020001010000000000050B000000000014009F000E00010100000000000512000000000018009D000E0001020000000000052000000020020000000018008500000001020000000000052000000021020000010100000000000512000000010100000000000512000000 C:\Windows\system32>sc qc SecurityHealthService [SC] QueryServiceConfig SUCCESS SERVICE_NAME: SecurityHealthService TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Windows\system32\SecurityHealthService.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Windows Security Service DEPENDENCIES : RpcSs SERVICE_START_NAME : LocalSystem C:\Windows\system32>sc queryex SecurityHealthService SERVICE_NAME: SecurityHealthService TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE, NOT_PAUSABLE, ACCEPTS_PRESHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 15548 FLAGS : C:\Windows\system32>sc qc WinDefend [SC] OpenService FAILED 1060: The specified service does not exist as an installed service. C:\Windows\system32>sc queryex WinDefend [SC] EnumQueryServicesStatus:OpenService FAILED 1060: The specified service does not exist as an installed service. C:\Windows\system32>sc qc mpssvc [SC] QueryServiceConfig SUCCESS SERVICE_NAME: mpssvc TYPE : 20 WIN32_SHARE_PROCESS START_TYPE : 2 AUTO_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p LOAD_ORDER_GROUP : NetworkProvider TAG : 0 DISPLAY_NAME : Windows Defender Firewall DEPENDENCIES : mpsdrv : bfe SERVICE_START_NAME : NT Authority\LocalService C:\Windows\system32>sc queryex mpssvc SERVICE_NAME: mpssvc TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 4260 FLAGS : C:\Windows\system32>dir /a /s MsMpEng.exe >MsMpEng_Locations.txt File Not Found -------------- I don't get the "attach" part -
CLOUDNET Virus Keeps Coming Back
Jeff7171 replied to Jeff7171's topic in Resolved Malware Removal Logs
Here it is. Thanks. ________ Microsoft Windows [Version 10.0.18363.1379] (c) 2019 Microsoft Corporation. All rights reserved. C:\Windows\system32>reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /s HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService DependOnService REG_MULTI_SZ RpcSs Description REG_SZ @%systemroot%\system32\SecurityHealthAgent.dll,-1001 DisplayName REG_SZ @%systemroot%\system32\SecurityHealthAgent.dll,-1002 ErrorControl REG_DWORD 0x1 FailureActions REG_BINARY 80510100000000000000000003000000140000000100000060EA00000100000060EA00000000000000000000 ImagePath REG_EXPAND_SZ %SystemRoot%\system32\SecurityHealthService.exe LaunchProtected REG_DWORD 0x2 ObjectName REG_SZ LocalSystem RequiredPrivileges REG_MULTI_SZ SeImpersonatePrivilege\0SeBackupPrivilege\0SeRestorePrivilege\0SeDebugPrivilege\0SeChangeNotifyPrivilege\0SeSecurityPrivilege\0SeAssignPrimaryTokenPrivilege\0SeTcbPrivilege\0SeSystemEnvironmentPrivilege\0SeShutdownPrivilege ServiceSidType REG_DWORD 0x1 Start REG_DWORD 0x3 Type REG_DWORD 0x10 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService\Security Security REG_BINARY 010014801C01000028010000140000003000000002001C000100000002801400FF010F000101000000000001000000000200EC0008000000000018009D00020001020000000000052000000021020000000014009D010200010100000000000512000000000018009D01020001020000000000052000000020020000000014009D000200010100000000000504000000000014009D00020001010000000000050600000000002800FD010200010600000000000550000000E5FE795FA0AE0D3B22FA0AC9015A413AE5A64AB700002800FF010F00010600000000000550000000B589FB381984C2CB5C6C236D5700776EC002648700002800FF010F00010600000000000550000000DB8C740FC27273F32B26B944771E4F027663B521010100000000000512000000010100000000000512000000 C:\Windows\system32>reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\WinDefend" /s HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\WinDefend EventMessageFile REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MpEvMsg.dll ParameterMessageFile REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MpEvMsg.dll ProviderGuid REG_SZ {11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78} TypesSupported REG_DWORD 0x7 C:\Windows\system32>sc qc SecurityHealthService [SC] QueryServiceConfig SUCCESS SERVICE_NAME: SecurityHealthService TYPE : 10 WIN32_OWN_PROCESS START_TYPE : 3 DEMAND_START ERROR_CONTROL : 1 NORMAL BINARY_PATH_NAME : C:\Windows\system32\SecurityHealthService.exe LOAD_ORDER_GROUP : TAG : 0 DISPLAY_NAME : Windows Security Service DEPENDENCIES : RpcSs SERVICE_START_NAME : LocalSystem C:\Windows\system32>sc queryex SecurityHealthService SERVICE_NAME: SecurityHealthService TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE, NOT_PAUSABLE, ACCEPTS_PRESHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 15548 FLAGS : C:\Windows\system32>sc qc WinDefend [SC] OpenService FAILED 1060: The specified service does not exist as an installed service. C:\Windows\system32>sc queryex WinDefend [SC] EnumQueryServicesStatus:OpenService FAILED 1060: The specified service does not exist as an installed service. C:\Windows\system32> -
CLOUDNET Virus Keeps Coming Back
Jeff7171 replied to Jeff7171's topic in Resolved Malware Removal Logs
It didn't work. Here are the scans from FRST64. Thanks! FRST.txtAddition.txt -
CLOUDNET Virus Keeps Coming Back
Jeff7171 replied to Jeff7171's topic in Resolved Malware Removal Logs
-
CLOUDNET Virus Keeps Coming Back
Jeff7171 replied to Jeff7171's topic in Resolved Malware Removal Logs
I'll keep Malwarebytes turned off for now, right? -
CLOUDNET Virus Keeps Coming Back
Jeff7171 replied to Jeff7171's topic in Resolved Malware Removal Logs
Okay. -
CLOUDNET Virus Keeps Coming Back
Jeff7171 replied to Jeff7171's topic in Resolved Malware Removal Logs
-
CLOUDNET Virus Keeps Coming Back
Jeff7171 replied to Jeff7171's topic in Resolved Malware Removal Logs
Nevermind, I'm a bit impatient xD. I tried turning off Malwwarebytes inside it's settings, and tried to turn on Windows Defender again and this error popped up. I disabled this: Then I clicked this: Then this showed up: And I clicked Restart Now and this happened: -
CLOUDNET Virus Keeps Coming Back
Jeff7171 replied to Jeff7171's topic in Resolved Malware Removal Logs
-
CLOUDNET Virus Keeps Coming Back
Jeff7171 replied to Jeff7171's topic in Resolved Malware Removal Logs
Oh, crap. I think I did something bad. I quit Malwarebytes, and clicked Restart Now, and an error popped up: -
CLOUDNET Virus Keeps Coming Back
Jeff7171 replied to Jeff7171's topic in Resolved Malware Removal Logs
-
CLOUDNET Virus Keeps Coming Back
Jeff7171 replied to Jeff7171's topic in Resolved Malware Removal Logs
Something showed up, but It looks like it only detected Malwarebytes as my primary antivirus. Thanks. -
CLOUDNET Virus Keeps Coming Back
Jeff7171 replied to Jeff7171's topic in Resolved Malware Removal Logs
Be right back 20 mins top. Something came up my god -
CLOUDNET Virus Keeps Coming Back
Jeff7171 replied to Jeff7171's topic in Resolved Malware Removal Logs
Oh, you sent another file. My bad. -
CLOUDNET Virus Keeps Coming Back
Jeff7171 replied to Jeff7171's topic in Resolved Malware Removal Logs
I extracted it and run it on the desktop earlier. Please wait be right back. I'll do it again as soon as I can. -
CLOUDNET Virus Keeps Coming Back
Jeff7171 replied to Jeff7171's topic in Resolved Malware Removal Logs
Here it is. Thanks. Microsoft Windows [Version 10.0.18363.1379] (c) 2019 Microsoft Corporation. All rights reserved. C:\Windows\system32>reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend" /s ERROR: The system was unable to find the specified registry key or value. C:\Windows\system32>reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService" /s HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService DependOnService REG_MULTI_SZ RpcSs Description REG_SZ @%systemroot%\system32\SecurityHealthAgent.dll,-1001 DisplayName REG_SZ @%systemroot%\system32\SecurityHealthAgent.dll,-1002 ErrorControl REG_DWORD 0x1 FailureActions REG_BINARY 80510100000000000000000003000000140000000100000060EA00000100000060EA00000000000000000000 ImagePath REG_EXPAND_SZ %SystemRoot%\system32\SecurityHealthService.exe LaunchProtected REG_DWORD 0x2 ObjectName REG_SZ LocalSystem RequiredPrivileges REG_MULTI_SZ SeImpersonatePrivilege\0SeBackupPrivilege\0SeRestorePrivilege\0SeDebugPrivilege\0SeChangeNotifyPrivilege\0SeSecurityPrivilege\0SeAssignPrimaryTokenPrivilege\0SeTcbPrivilege\0SeSystemEnvironmentPrivilege\0SeShutdownPrivilege ServiceSidType REG_DWORD 0x1 Start REG_DWORD 0x3 Type REG_DWORD 0x10 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService\Security Security REG_BINARY 010014801C01000028010000140000003000000002001C000100000002801400FF010F000101000000000001000000000200EC0008000000000018009D00020001020000000000052000000021020000000014009D010200010100000000000512000000000018009D01020001020000000000052000000020020000000014009D000200010100000000000504000000000014009D00020001010000000000050600000000002800FD010200010600000000000550000000E5FE795FA0AE0D3B22FA0AC9015A413AE5A64AB700002800FF010F00010600000000000550000000B589FB381984C2CB5C6C236D5700776EC002648700002800FF010F00010600000000000550000000DB8C740FC27273F32B26B944771E4F027663B521010100000000000512000000010100000000000512000000 C:\Windows\system32> -
CLOUDNET Virus Keeps Coming Back
Jeff7171 replied to Jeff7171's topic in Resolved Malware Removal Logs
Here it is. Thanks. Microsoft Windows [Version 10.0.18363.1379] (c) 2019 Microsoft Corporation. All rights reserved. C:\Windows\system32>sc queryex WinDefend [SC] EnumQueryServicesStatus:OpenService FAILED 1060: The specified service does not exist as an installed service. C:\Windows\system32>sc qc WinDefend [SC] OpenService FAILED 1060: The specified service does not exist as an installed service. C:\Windows\system32>sc queryex SecurityHealthService [SC] EnumQueryServicesStatus:OpenService FAILED 1060: The specified service does not exist as an installed service. C:\Windows\system32>sc qc SecurityHealthService [SC] OpenService FAILED 1060: The specified service does not exist as an installed service. C:\Windows\system32> -
CLOUDNET Virus Keeps Coming Back
Jeff7171 replied to Jeff7171's topic in Resolved Malware Removal Logs
-
CLOUDNET Virus Keeps Coming Back
Jeff7171 replied to Jeff7171's topic in Resolved Malware Removal Logs
-
CLOUDNET Virus Keeps Coming Back
Jeff7171 replied to Jeff7171's topic in Resolved Malware Removal Logs
Here it is. Thanks. Microsoft Windows [Version 10.0.18363.1379] (c) 2019 Microsoft Corporation. All rights reserved. C:\Windows\system32>reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\WinDefend" /s HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\WinDefend EventMessageFile REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MpEvMsg.dll ParameterMessageFile REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MpEvMsg.dll ProviderGuid REG_SZ {11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78} TypesSupported REG_DWORD 0x7 C:\Windows\system32>dir /a "%ProgramFiles%\Windows Defender\MpEvMsg.dll" Volume in drive C is OS Volume Serial Number is 7C10-F903 Directory of C:\Program Files\Windows Defender 20/08/2020 02:45 pm 129,040 MpEvMsg.dll 1 File(s) 129,040 bytes 0 Dir(s) 40,370,851,840 bytes free C:\Windows\system32>sc queryex WinDefend [SC] EnumQueryServicesStatus:OpenService FAILED 1060: The specified service does not exist as an installed service. C:\Windows\system32>sc queryex WinDefend [SC] EnumQueryServicesStatus:OpenService FAILED 1060: The specified service does not exist as an installed service. C:\Windows\system32>reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc" /s HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc DelayedAutoStart REG_DWORD 0x1 DependOnService REG_MULTI_SZ RpcSs Description REG_SZ @%SystemRoot%\System32\wscsvc.dll,-201 DisplayName REG_SZ @%SystemRoot%\System32\wscsvc.dll,-200 ErrorControl REG_DWORD 0x1 FailureActions REG_BINARY 805101000000000000000000030000001400000001000000C0D4010001000000E09304000000000000000000 ImagePath REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p LaunchProtected REG_DWORD 0x2 ObjectName REG_SZ NT AUTHORITY\LocalService RequiredPrivileges REG_MULTI_SZ SeChangeNotifyPrivilege\0SeImpersonatePrivilege ServiceSidType REG_DWORD 0x1 Start REG_DWORD 0x2 Type REG_DWORD 0x20 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\wscsvc.dll ServiceDllUnloadOnStop REG_DWORD 0x1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Security Security REG_BINARY 010014801C01000028010000140000003000000002001C000100000002801400FF010F000101000000000001000000000200EC0008000000000018009D00020001020000000000052000000021020000000014009D010200010100000000000512000000000018009D01020001020000000000052000000020020000000014009D000200010100000000000504000000000014009D00020001010000000000050600000000002800FD010200010600000000000550000000E5FE795FA0AE0D3B22FA0AC9015A413AE5A64AB700002800FF010F00010600000000000550000000B589FB381984C2CB5C6C236D5700776EC002648700002800FF010F00010600000000000550000000DB8C740FC27273F32B26B944771E4F027663B521010100000000000512000000010100000000000512000000 C:\Windows\system32>