Jump to content

Entries about unsuccessful integrity check in Windows Event Log


Go to solution Solved by kevinf80,

Recommended Posts

Hey, I was playing Valorant a few days ago and suddenly game freezed and I heard a "beep" sound. Later after checking Windows Event Log I found out that there are many entries about unsuccesful check of code integrity (sorry if some names aren't correct, my Windows's language isn't English). It is event id 6281. I'm still using Windows 7 and want to install Windows 10 after the weekend but I still need to save some files so I want to ask if my PC is clear before doing that. I'll list a few examples of those entries:

\Device\Harddisk\Volume2\Windows\System32\comdlg32.dll

\Device\Harddisk\Volume2\Program Files (x86)\Valorant\Riot Games\live\engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll

\Device\Harddisk\Volume2\Windows\System32\WindowsPowerShell\v1.0\pwrsip.dll

\Device\Harddisk\Volume2\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

\Device\Harddisk\Volume2\Windows\System32\cryptui.dll

 

I made scans with Malwarebytes, Adwcleaner, ESET Online Scanner and AVAST and they didn't find anything. Also tried using sfc/ scannow but it also didn't find anything. Finally, I checked discs with that windows tool and Disc D was checked properly but the tool had a problem with Disc C. It said it couldn't access the disc due to some update or something and that I should restore my system to a date prior the update. The problem is that I don't have any restoration point that would work (tried with one and it didn't help, instead it created more problems - discord stopped working and there was some error while accessing the event log. I reverted that restoration and now everything works).

When I last checked those entries about unsuccesful code check were still appearing. My question is whether is my pc infected by some sort of malware or rather it is some problem with my system. And also: can I safely upload some files to Google Drive after scanning them with Malwarebytes?

 

Link to post
Share on other sites

Hello Manaphy0220 and welcome to Malwarebytes,

Run the following scan, lets see if anything shows up:

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English

 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Thank you,

Kevin
Link to post
Share on other sites

The picture file You're talking about is that hatsunemichu.jpg, right? It is a image I once did in Paint and put in somewhere. It is basically an image of Hatsune Miku with a face of a CS proplayer nicknamed Michu. I will send it in ZIP if it's needed but that was probably me putting it somewhere.

How do logs look like? Is my PC clear out of infections?

 

hatsunemichu.zip

Link to post
Share on other sites

21 minutes ago, kevinf80 said:

Hiya Manaphy0220,

I do not see any obvious malware or infection in your logs. I asked about the .jpg file due to where it was running from... Is your PC normal or do you have issues or concerns...

Thank you,

Kevin..

I'm not sure I understand. So there isn't any malware? This is what concerns me the most cause I want to install a new system soon anyway. So I can stop worrying and can upload my files to Google Drive without problems?

Link to post
Share on other sites

Run the following scan before going any further, FRST does not see everything...

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....



The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.


Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs
Link to post
Share on other sites

32 minutes ago, kevinf80 said:

Run the following scan before going any further, FRST does not see everything...

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....



The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.


Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs

One of the scanners on the virustotal (eGambit) finds that virus removal as unsafe.ai_score_98%. What does that mean? It is not dangerous, right?

I alsa made scanns with ESET Online Scanner, Malwarebytes, Adwcleaner and Avast. So can I assume that everything is good if this Sophos doesn't find anything?

Link to post
Share on other sites

4 hours ago, kevinf80 said:

Sophos AV is a very good and reliable scanner... I certainly recommend it.

Here are the logs. I had to turn on the option of showing hidden folders.

I cancelled the scan once when I realized that I had a few programs running. When the second scan was taking place only AVAST and Malwarebytes were running.

The program also made a file named instalation logs. Should I attach it as well?

 

BTW. I had some problems when navigating on the forum (had to click that arrow pointing to the left multiple times to get to the site I was previously on. Everything else works fine. Everything is good, right?

SophosVirusRemovalTool.log

Link to post
Share on other sites

  • Solution

Hiya Manaphy0220,

That log is also clean, whatever you plan to do before upgrading to W10 can go ahead... Continue to clean up:

Uninstall the following program (unless you prefer to keepit):

Sophos AV

http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/

Also delete this folder if still present: C:\ProgramData\Sophos

Next,

Right click on FRST here: C:\Users\Admin\Downloads\frst\FRST.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator"

If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST to uninstall

That action will remove FRST and all created files and folders...

Next,

Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2

Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point

Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/

Condsider the following:

Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/

Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee

PatchMyPC, keep all your software upto date - https://patchmypc.com/home-updater#download

From there you should be good to go...

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image

 

Link to post
Share on other sites

7 hours ago, kevinf80 said:

Hiya Manaphy0220,

That log is also clean, whatever you plan to do before upgrading to W10 can go ahead... Continue to clean up:

Uninstall the following program (unless you prefer to keepit):

Sophos AV

http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/

Also delete this folder if still present: C:\ProgramData\Sophos

Next,

Right click on FRST here: C:\Users\Admin\Downloads\frst\FRST.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator"

If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST to uninstall

That action will remove FRST and all created files and folders...

Next,

Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2

Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point

Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/

Condsider the following:

Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/

Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee

PatchMyPC, keep all your software upto date - https://patchmypc.com/home-updater#download

From there you should be good to go...

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image

 

So everything is good? I think I will keep the programs because I will most likely install W10 after the weekend.

I have a question about that Sophos. When I use right mouse button on the icon and click at the properties and that window with information appears I can't click that option which opens the localization on the file (it's inactive). Why is that?

Thank You very much for Your help.

Link to post
Share on other sites

Hiya Manaphy0220,

Regarding localization of Sophos, I assume you have Shortcut tab open on properties window? I believe that happens because Sophos has no active service. If you type services.msc into the search function and open that window you will note there is no active servoce for sophos, however a security program such as Malwarebytes does.

If you check the localization of Malwarebytes as you did for Sophos its target is not greyed out and is active... Does that help..? Sophos av does not give active realtime protection, it is basically a stand alone scanner...

Regarding your other query regarding logging out, i`m not really sure what you mean. Are you referring to logging out of Windows, if so I have no answer to that one. Maybe ask the question in general Windows PC help: https://forums.malwarebytes.com/forum/6-general-windows-pc-help/

Thank you,

Kevin...

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.