Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

C:\WINDOWS\system32\svchost.exe (1328):\memory_001a0000


  • Please log in to reply
29 replies to this topic

#1 Wally'sWorld

Wally'sWorld

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 04 August 2012 - 07:16 PM

I have gotten a virus that would not let me goo to sights on google and instead redirected me to other websites. I THINK that I got side of it by scanning with Malware bytes and AVG while in safe mode, but now when I scan out of safe mode I see that I still have this new virus C:\WINDOWS\system32\svchost.exe (1328):\memory_001a0000 Trojan hourse Generic29.GJG.

I cannot seem to delete it and AVG can not find it to delete it I think. Malwarebytes does not even find it. I also cannot seem to restart my compute at an earlier time.

Help!

Edited by hamluis, 04 August 2012 - 07:54 PM.
Moved from XP to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:40 PM

Posted 05 August 2012 - 12:06 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Wally'sWorld

Wally'sWorld
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 05 August 2012 - 02:16 PM

OK, first, my computer is still up and I have not done anything to remove the located threats because I was not sure if i was supposed to. Let me know and I will.

Here are the results:

TDSSkiller found two threats:

Rootkit.Boot.Pihar.c
Physical Drive: \Device\Harddisk0\DRO
Malware object, high risk

TDSS File System
Physical Drive: \Device\Harddisk0\DRO
Suspicious object, medium risk



aswMBR's log says:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-05 15:08:29
-----------------------------
15:08:29.359 OS Version: Windows 5.1.2600 Service Pack 3
15:08:29.359 Number of processors: 1 586 0x1601
15:08:29.359 ComputerName: ******* UserName: *******
15:08:29.812 Initialize success
15:08:37.359 AVAST engine download error: 0
15:08:55.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:08:55.515 Disk 0 Vendor: ST980811 3.CD Size: 76319MB BusType: 3
15:08:55.578 Disk 0 MBR read successfully
15:08:55.578 Disk 0 MBR scan
15:08:55.578 Disk 0 unknown MBR code
15:08:55.578 Disk 0 MBR hidden
15:08:55.578 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
15:08:55.593 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 66278 MB offset 80325
15:08:55.625 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 9993 MB offset 135829575
15:08:55.625 Disk 0 scanning sectors +156296385
15:08:55.703 Disk 0 scanning C:\WINDOWS\system32\drivers
15:09:00.203 Service scanning
15:09:10.812 Modules scanning
15:09:16.500 Disk 0 trace - called modules:
15:09:16.500 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x85b094b1]<<
15:09:16.515 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8655aab8]
15:09:16.515 3 CLASSPNP.SYS[f75fdfd7] -> nt!IofCallDriver -> \Device\0000006f[0x86566910]
15:09:16.515 5 ACPI.sys[f7494620] -> nt!IofCallDriver -> [0x8654e030]
15:09:16.515 \Driver\iaStor[0x85b6c410] -> IRP_MJ_CREATE -> 0x85b094b1
15:09:16.515 Scan finished successfully





I downloaded ESET Online Scanner, but it is not letting me run it because: "Cannot get update, is proxy configured?" I do not know how to configure this.





Please let me know what to do next. Thanks for all this help.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:40 PM

Posted 05 August 2012 - 02:24 PM

TDSSkiller found two threats:

Rootkit.Boot.Pihar.c
Physical Drive: \Device\Harddisk0\DRO
Malware object, high risk

TDSS File System
Physical Drive: \Device\Harddisk0\DRO
Suspicious object, medium risk


Remove them

Restart the PC and try to run ESET online scanner log

#5 Wally'sWorld

Wally'sWorld
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 05 August 2012 - 02:54 PM

OK I had TDSSkiller remove the threats and restart the computer. The program said that it had removed 1 threat.

I downloaded the ESET Online Scanner, agreed to the terms and conditions, but it has been a while and I still only see a window come up that says "Cannot get update, is proxy configured?" at the top. Underneath it is says:

"ESET Scanner consists of three steps.
1.Component download.
2. Component Registration.
3. Start

Then there is a status bar that has not moved at all.

There is also a box I can check and another box opens for me to put in custom proxy settings. I do not know what to do with that.

Finally, there is a start button. When I press is it quickly flashes that it is starting to download components before it returns to saying "Cannot get update, is proxy configured?"

What am I doing wrong?

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:40 PM

Posted 05 August 2012 - 02:56 PM

Try to run it in safemode with networking

#7 Wally'sWorld

Wally'sWorld
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 05 August 2012 - 03:35 PM

That did work. I still have the folder open and below is the list of found threats from ESET

C:\Documents and Settings\Rex Graine\Application Data\Sun\Java\Deployment\cache\6.0\43\58630b2b-5166b5e2 Java/TrojanDownloader.OpenStream.NCM trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.08.2012_15.04.21\mbr0000\tdlfs0000\tsk0001.dta Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.08.2012_15.04.21\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.08.2012_15.04.21\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.08.2012_15.04.21\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AL trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.08.2012_15.04.21\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.NH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.08.2012_15.04.21\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.08.2012_15.04.21\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\05.08.2012_15.04.21\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined



What should do now?

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:40 PM

Posted 05 August 2012 - 03:43 PM

Reboot the PC into normal mode

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM until you get a clean log

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.


Download

adware cleaner

Launch it click on Delete

post the generated log

#9 Wally'sWorld

Wally'sWorld
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 05 August 2012 - 04:38 PM

I am running Malware right now and nothing is showing up so far, but an AVG Resident Shield security alert just popped up and us listing more and more Trojan horse PSW.Generic10.F(then the screen blocks it out)

What should I do? Do i keep doing what I am doing or change course?

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:40 PM

Posted 05 August 2012 - 04:51 PM

Continue with scans

#11 Wally'sWorld

Wally'sWorld
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 05 August 2012 - 04:54 PM

OK. I am continuing. Malware is almost done and it is not picking anything up, so I am going to be proceeding to the next stage in a few minutes. Should I "x-out" the AVG Residential Sheild Alert or leave it where it is?

#12 Wally'sWorld

Wally'sWorld
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 05 August 2012 - 05:02 PM

Here are the minitoolbox results. I am moving on to the FSS. AVG Resident Shield Alert is still up on the screen but I am ignoring it.






MiniToolBox by Farbar Version: 23-07-2012
Ran by Rex Graine (administrator) on 05-08-2012 at 18:00:19
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC = Local Area Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)
Dell Wireless 1395 WLAN Mini-Card = Wireless Network Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : Arcadia

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : att.net



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : att.net

Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC

Physical Address. . . . . . . . . : 00-21-70-A9-11-88

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.65

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.254

DHCP Server . . . . . . . . . . . : 192.168.1.254

DNS Servers . . . . . . . . . . . : 192.168.1.254

Lease Obtained. . . . . . . . . . : Sunday, August 05, 2012 4:47:08 PM

Lease Expires . . . . . . . . . . : Monday, August 06, 2012 4:47:08 PM



Ethernet adapter Wireless Network Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Dell Wireless 1395 WLAN Mini-Card

Physical Address. . . . . . . . . : 00-22-68-D2-F1-EF

Server: dsldevice.att.net
Address: 192.168.1.254

Name: google.com
Addresses: 173.194.37.64, 173.194.37.65, 173.194.37.66, 173.194.37.67
173.194.37.68, 173.194.37.69, 173.194.37.70, 173.194.37.71, 173.194.37.72
173.194.37.73, 173.194.37.78



Pinging google.com [173.194.37.78] with 32 bytes of data:



Reply from 173.194.37.78: bytes=32 time=38ms TTL=48

Reply from 173.194.37.78: bytes=32 time=39ms TTL=48



Ping statistics for 173.194.37.78:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 38ms, Maximum = 39ms, Average = 38ms

Server: dsldevice.att.net
Address: 192.168.1.254

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [72.30.38.140] with 32 bytes of data:



Reply from 72.30.38.140: bytes=32 time=69ms TTL=49

Reply from 72.30.38.140: bytes=32 time=77ms TTL=49



Ping statistics for 72.30.38.140:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 69ms, Maximum = 77ms, Average = 73ms

Server: dsldevice.att.net
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 21 70 a9 11 88 ...... Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport
0x3 ...00 22 68 d2 f1 ef ...... Dell Wireless 1395 WLAN Mini-Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.65 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.65 192.168.1.65 20
192.168.1.65 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.65 192.168.1.65 20
224.0.0.0 240.0.0.0 192.168.1.65 192.168.1.65 20
255.255.255.255 255.255.255.255 192.168.1.65 192.168.1.65 1
255.255.255.255 255.255.255.255 192.168.1.65 3 1
Default Gateway: 192.168.1.254
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/02/2012 06:13:55 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 14.0.1.4577, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/02/2012 06:13:54 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 14.0.1.4577, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/30/2012 08:44:54 AM) (Source: Application Hang) (User: )
Description: Hanging application avgui.exe, version 12.0.0.2164, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/29/2012 05:03:18 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/29/2012 05:03:09 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/29/2012 05:03:09 PM) (Source: crypt32) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/27/2012 06:33:51 AM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.62.0.87, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/23/2012 05:44:52 AM) (Source: Application Error) (User: )
Description: Faulting application skype.exe, version 5.10.0.115, faulting module kernel32.dll, version 5.1.2600.5781, fault address 0x0000984e.
Processing media-specific event for [skype.exe!ws!]

Error: (07/22/2012 06:25:07 PM) (Source: Application Error) (User: )
Description: Faulting application startfx.exe, version 2.12.1.0, faulting module msvcp71.dll, version 7.10.3077.0, fault address 0x0000557b.
Processing media-specific event for [startfx.exe!ws!]

Error: (07/22/2012 06:24:46 PM) (Source: ESENT) (User: )
Description: Catalog Database (1440) Database C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb was partially detached. Error -1032 encountered updating database headers.


System errors:
=============

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:40 PM

Posted 05 August 2012 - 05:04 PM

Here are the minitoolbox results. I am moving on to the FSS. AVG Resident Shield Alert is still up on the screen but I am ignoring it.


What is the exact path of the file it detects?

#14 Wally'sWorld

Wally'sWorld
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 05 August 2012 - 05:05 PM

Here are the FSS Results. I am moving onto adware cleaner. AVG Resident Shield Alert is still up on the screen but I am ignoring it.





Farbar Service Scanner Version: 04-08-2012 01
Ran by Rex Graine (administrator) on 05-08-2012 at 18:03:54
Running from "C:\Documents and Settings\Rex Graine\My Documents\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(8) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#15 Wally'sWorld

Wally'sWorld
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 05 August 2012 - 05:29 PM

The adware cleaner pulled up results but as soon as it did that an AVG Identity Protection window popped up saying that this was probably a rouge security software. This caused my computer to jam up and i had to restart. Do you want me to redo that scan?

Also, both of those AVG windows are popped up right now, still.

Finally, I am afraid that I do not know what you mean by "What is the exact path of the file it detects? "




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users