Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FSS Report shows files with incorrect MD5 hashes


  • Please log in to reply
3 replies to this topic

#1 TucanSam

TucanSam

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 18 August 2013 - 12:14 PM

I recently ran FSS on my PC and noticed a few files that did not have legitimate MD5 hashes. Below is the full FSS log:

 

Farbar Service Scanner Version: 27-06-2013
Ran by Trevor (administrator) on 18-08-2013 at 12:42:58
Running from "C:\Spike's Files\OpSec"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-08-17 11:40] - [2013-07-06 02:03] - 1910208 ____A (Microsoft Corporation) DB74544B75566C974815E79A62433F29
 
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2013-08-17 11:41] - [2013-07-09 01:46] - 0184320 ____A (Microsoft Corporation) 6B400F211BEE880A37A1ED0368776BF4
 
C:\Program Files\Windows Defender\MpSvc.dll
[2013-07-11 22:22] - [2013-05-27 01:50] - 1011712 ____A (Microsoft Corporation) 7CBB1D4D13DC62D7F529D87151FD3CD3
 
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****

 

 

Note, I have run AdwCleaner, TDSS, MBAM, MBAR regularly on this computer with no malware found going back months (in addition to passive AV and firewall programs). However, I did have an incident a few weeks back when upon turning on the computer I got an error message stating that the 'device could not be read' (I.e. the hard drive could not be accessed). I used Windows Repair to fix the problem(s) and was able to run the computer normally. In addition, after running FSS today I ran 'sfc /scannow' in the command prompt with admin privileges but it found no issue(s).

 

Thank you for your help.



BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:41 PM

Posted 18 August 2013 - 03:38 PM

All three files are listed as signed by Microsoft so you're fine.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 TucanSam

TucanSam
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:41 AM

Posted 18 August 2013 - 03:41 PM

Okay, thanks for the help and sorry for the bother: still learning about this stuff.

 

Cheers.



#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:41 PM

Posted 18 August 2013 - 03:47 PM

thumbsup-thumbs-up-approve-ok-smiley-emo


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users