GSi-R own

[GSi-R 0]

Another successful completed Full scan !!!!!!

 

Im confident that the issue was indeed the item removed from my HJT scan.

 

You can now close this thread.

 

Thanks for everyones input. I was happy to help.

[maceman 0]

Calamity or who ever checks the trash.

 

I'm deleting this topic. We or GSI-r discovered the cause after getting rid of virus he found in the hijack this log. He or she let us know in the original post which is now closed.

 

Txnnok

[LS CalamityJane 13]

Hi All,

 

Sorry that I have to reopen this topic as the item removed using HijackThis is NOT malware.

 

Those entries belong there if you have installed AVG 8.0 and Comodo Firewall.

 

So, we are back to the drawing board and this may well hint at some sort of undiscovered software incompatibility with the mentioned software installed.

 

Meanwhile, you need to restore the item you removed and you should be able to do that with the Misc. Tools that makes backups of HJT entries that you can restore after removal. To do that, just Open HijackThis and instead of *scan* choose: Open Misc Tools Section Then choose *backups* and find this entry in the list:

 

O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll,avgrsstx.dll

 

Highlight it and press the *Restore* button.

 

I don't know where you got your information about those being malware because using the "official" list of HJT entries for that section shows those are proven to be legitimate entries for AVG and Comodo Firewall

 

See the reference here for avgrsstx.dll :

http://www.castlecops.com/o20list-487.html

 

and here for guard32.dll

http://www.castlecops.com/o20list-445.html

 

FYI, I went ahead and put the orginal posted HJT log back into this thread to keep it consistent.

[gelert 0]

Out of curiosity, as I have AVG 7.5 installed, I searched my Desktop PC for C:\Windows\system32\guard32.dll,avgrsstx.dll...in a variety of connotations, and...

 

...Nope - I ain't got it....anywhere...

 

*edit* I've just googled avgrsstx.dll, and in one result there is a Castlecops link direct to AVG 8.0, that declares avgrsstx.dll to be LEGITIMATE...

 

I couldn't get on with AVG 8.0 in any event, which is why I reverted to v7.5 - but BEFORE I installed AAW 2008.

 

So maybe this an AVG 8.0 / AAW 2008 incompatibility issue after all...?

 

 

There are 12,000 hits there and it seems related to Comodo firewall. I run AVG Pro Ver 8 with no problems. There is NO guard32.dll file in my system32 folder.

 

 

Bugger....

Edited June 25, 2008 by gelert

[Pierre67 209]

Never mind, gelert. These things are set to try us. I have Zone Alarm Pro installed hence no guard32.dll file. Maybe try a free version of Zone Alarm????

[GSi-R 0]

Well it may of been a sheer coincidence then, as since removing that, I have managed several full Ad-Aware full scans now, and AVG is working fully, so too is Spybot, and now I dont get that warning from Spybot either when lauching it.

 

The info on the maleware, I read I Beeping computers, that its mailware disguised as avg related in the hope people leave it alone.

[LS CalamityJane 13]

No, it's definitely NOT malware

 

I just downloaded AVG 8 free and it does add a file to the appinit dlls

O20 - AppInit_DLLs: avgrsstx.dll

 

And that file scans clean at VirusTotal

 

File avgrsstx.dll received on 06.26.2008 19:54:51 (CET)

Current status: finished

Result: 0/33 (0%)

 

Antivirus Version Last Update Result

AhnLab-V3 2008.6.26.0 2008.06.26 -

AntiVir 7.8.0.59 2008.06.26 -

Authentium 5.1.0.4 2008.06.25 -

Avast 4.8.1195.0 2008.06.26 -

AVG 7.5.0.516 2008.06.26 -

BitDefender 7.2 2008.06.26 -

CAT-QuickHeal 9.50 2008.06.26 -

ClamAV 0.93.1 2008.06.26 -

DrWeb 4.44.0.09170 2008.06.26 -

eSafe 7.0.17.0 2008.06.26 -

eTrust-Vet 31.6.5907 2008.06.26 -

Ewido 4.0 2008.06.26 -

F-Prot 4.4.4.56 2008.06.25 -

F-Secure 7.60.13501.0 2008.06.24 -

Fortinet 3.14.0.0 2008.06.26 -

GData 2.0.7306.1023 2008.06.26 -

Ikarus T3.1.1.26.0 2008.06.26 -

Kaspersky 7.0.0.125 2008.06.26 -

McAfee 5326 2008.06.26 -

Microsoft None 2008.06.26 -

NOD32v2 3222 2008.06.26 -

Norman 5.80.02 2008.06.26 -

Panda 9.0.0.4 2008.06.26 -

Prevx1 V2 2008.06.26 -

Rising 20.50.32.00 2008.06.26 -

Sophos 4.30.0 2008.06.26 -

Sunbelt 3.0.1153.1 2008.06.15 -

Symantec 10 2008.06.26 -

TheHacker 6.2.92.362 2008.06.26 -

TrendMicro 8.700.0.1004 2008.06.26 -

VBA32 3.12.6.8 2008.06.26 -

VirusBuster 4.5.11.0 2008.06.23 -

Webwasher-Gateway 6.6.2 2008.06.26 -

Additional information

File size: 10520 bytes

MD5...: 42185b132ede421ad40610427453641e

SHA1..: 21e3d93742ab6daad180b0ee18cf78d222cc5d43

SHA256: 194de6022c63ae9fb71663088381de4939e209fea699e5fe335a74d4f2ba16f8

SHA512: a46d833f763a1010de51edb33a23219be56e5919e4dca9ecc784a432030fe80f

ab5d9c4a50b5d07be6b893f7aa637f51a7783d79f5de88cf943e3ef3a43b7386

PEiD..: -

PEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0x10001000

timedatestamp.....: 0x47bf0a9c (Fri Feb 22 17:47:08 2008)

machinetype.......: 0x14c (I386)

 

( 4 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x183 0x200 4.51 6d17f426b218ce29f2e38978758760e7

.rdata 0x2000 0x28b 0x400 3.31 d465cd12a0512b6294b55fed99bdbe84

.rsrc 0x3000 0x624 0x800 4.50 8dda5cca763642a306896cae6e4a9e7b

.reloc 0x4000 0x48 0x200 0.49 98a6624c974a31b10078ecd2b042f684

 

( 2 imports )

> KERNEL32.dll: CloseHandle, CreateProcessW, DisableThreadLibraryCalls, GetLastError, CreateEventW

> ADVAPI32.dll: RegCloseKey, RegOpenKeyExW, RegQueryValueExW

 

( 0 exports )

............

I'll see if it freezes my Ad-Aware scans, but it is definitely not malware. And I expect it is there for a reason, perhaps a function you cannot see or examine.

[GSi-R 0]

Let us know how you get on.

[LS CalamityJane 13]

I did 3 full system scans - all completed in about 1 hour. I didn't even turn off the resident AV/AS features of AVG since I could not figure out how to do that. So even with the resident action active, I could not duplicate the freezing issue. It doesn't seem to conflict at all even with Ad-Aware Pro running.

[GSi-R 0]

Same here too, having run several successful full scans now, im starting to think that removing that object was a coincidence, but having said that, prior to removing it, my installed Spybot, upon launch would flag up a compatibility issue with Ad-Aware, like the image below.

 

 

Now I don't get the above warning when launching SpyBot.

 

My AVG 8.0 is working 100%, Spybot, and Ad-Aware 2008 too, so who knows, must be coincidental

[LS CalamityJane 13]

Right you are and I just trying to help you understand that the AVG dll file is not malware and doesn't appear to be conflict with Ad-Aware.

 

I've run Spybot alongside Ad-Aware for years. Many users do so with no problem. Certain features and functions within Spybot can cause issues but if you are aware of them and know how to avoid them, you can usually just use the ignore button in the Spybot notice to get rid of it. It is simply recognizing that you have Ad-Aware installed. If you are using one of the paid versions of Ad-Aware with realtime protection, then you would want to turn off the teatimer function in Spybot so you don't have conflicts, for instance.

 

I agree with you in that I also think AVG is not the problem with the freezing you were experiencing, but until I can duplicate it (IF) I can't report it as such. I didn't even bother with Comodo so I can't say that is it either. But since you have got it resolved, if it should reappear and you find the cause of it, please do let us know and we'll be happy to investigate.

 

It isn't possible to test all environments with each and every third party security software (and the various combinations of setttings possible), but we do try address those that are known so that any conflict can be resolved.

[GSi-R 0]

Many thanks! I will indeed stick around these parts, and of course post should the problem return, at least then, we can cross reference HJT logs also.

[GSi-R 0]

Im afraid Im back guys. Its frozen again.

[GSi-R 0]

Ok, new day, a new start. I really was ready to give up, but thought about trying one last thing.

 

Completely removing all Lavasoft related software from my laptop.

 

Uninstall Ad-Aware 2008

Delete (Lavasoft) folders in Program Files, and Program Data.

 

Ran cCleaner.

 

Rebooted laptop

 

Then downloaded aaw2008.exe once again, but this time from another source. The last three times, i have always downloaded from download.com which is link to from the Lavasoft website.

 

This time, i downloaded from PCWorld.com

 

http://www.pcworld.com/downloads/file/fid,...escription.html

 

I was not put off by the poor rating Ad-Aware has on there...

 

 

>downloaded it, and before I installed it, I checked in my program files for any traces of any other spyware software that i have previously removed, such as superantispyware etc. I found a couple of items, which I removed.

 

I switched off, both my firewall, and AVG prior to installation, and closed all applications.

 

Then installed the newly downloaded Ad-Aware 2008. Then rebooted my pc.

 

Then, launched Ad-Aware 2008, and promptly ran a full scan.

 

It completed in just over an hour. happy days.!

 

Lets just hope the freezing has ended, if not, it has to be a bug.

[maceman 0]

Glad you figured it out,lol, I think your becoming an install & uninstall expert. If it does it again, try downloading with the firewall off and the other security too. It can make a difference. If one little file become corrupt, then the whole the whole download is shot. Just when you shut it down and start the download, make sure what your saving to disk is adaware. That's how those guys get you, your not paying attention, and click to go ahead click download the open or run & by the time you realize what happened, your infected.

 

I did that exact thing about a two weeks ago or so and I know better. Never ever,run or open the file, always save it. I was downloading a coupon and they wanted you to put some sort of installer. Well, the company in question was Fresh Step, I was getting a coupon for cat litter as you can guess. I thought their a reputable company, so the installer should be ok, I can always uninstall it. I was in a rush and wasn't paying attention, when another company put a file for download in there. I click open, instead of save. I immediately noticed what I did and almost had a heart attack. Adaware got it as data miner,tai 5 and 6, and it installed like 5 or 6 in there. The company that hijacked the page, coolsavings.

 

My point being its ok to shutdown security for a download, just make sure you always save it and watch what your saving. Ten you can run antivirus scan on it to make sure or upload to virustotal. Those people who get mad on PC world want the old se and 2007, but as you know it doesn't catch them anymore. The old ones are just a glorified cookie deleter, se no protection,2007 very little. The ones that get mad about the it not installing,don't take the time to follow our advise. They think, it's not a corrupted download or it installed just fine, but it didn't. Programs are getting more sensitive and the information for them must be without flaws and that doesn't include errors and glitches with pc's and program's on them that screw things up. I know, I and most of us helping on this site have had to go through it, several times. Especially during beta.

 

lol, kinda got going there. I was bored, been shopping online half the day for some pc parts. Gota save every buck with gas prices going op & up & up & up.

 

Hope to hear good news with the next scan, goodluck GSi-R

 

edit: Did you notice over 15 million downloads?

Edited July 4, 2008 by Txnnok

[GSi-R 0]

Yes, noticed that, quite a lot of users.!

 

Well, my second full scan today frozen again, so im now in the process of removing everything once again, and will download again, with firewall and other security switched off.

 

Im determined to get this sorted, can you tell?

[gelert 0]

Im determined to get this sorted, can you tell?

If at first you don't succeed....don't take-up hang-gliding...

 

Here's wishing you luck, GSi-R.

[GSi-R 0]

Ok, done all the required action prior to downloading Ad-Aware 2008 again, again, I downloaded from yet another source, this time, from here

 

http://www.net-security.org/software.php?id=135

 

Before download, i unsured my firewall was disabled, and AVG was closed. Once downloaded, I ran ccleaner, then rebooted.

 

Then, with firewall still disabled, and AVG closed, I installed Ad-Aware 2008 once again.

 

I have switched my firewall back on, and activated AVG.

 

Im just about to run my first full scan after doing all the above.

 

Wish me luck.!

[GSi-R 0]

Well, guess what.!

 

It froze again. I'm 100% certain this is a bug.

 

[gelert 0]

Well, guess what.!

 

It froze again. I'm 100% certain this is a bug.

 

Bugger.... again...

 

BTW...You run AVG 8.???

 

There's been a new release of the AVG8 Free platform (2nd July 2008 or thereabouts) that's meant to be curing bugs. Are you running the latest version...? AVG Forums state that the latest release of AVG 8 Free requires a two-part download.

 

I haven't subscribed to AVG 8, as one new software package-at-a-time is more than enough for my miniscule brain to handle...hence I reverted to 7.5.xxx

 

Dunno - may be a direction to pursue...?

 

 

BTW...as the LS Forums' Official Actual Guinea-Pig, are you getting something out of it...? Free popcorn or something perhaps...?

[maceman 0]

That net security is the one I was using, but on my laptop I kept getting a corrupted download o something and changed to that geek one. I did a clean uninstall and then loaded it with no problems. With this computer I had to do an advanced uninstall with revo (by the way was first time I used revo), I installed adaware again and went off without a hitch. I have never supported the uninstallers, but maybe in your case, it maybe worth a try. The download was from the geek one. I think when the download places get slammed, which can be at any time, it causes problems.

 

Do you know if you have any programs that protect system file's or lock them in other word's. I also noticed that,Global Startup: BTTray.lnk = ?, causes problems in some computers.

 

Sorry your having such a hard time. Well get Calamity to take another look, she'll probably be back after this weekend. She' probably at the beach popping fireworks sipping on margarita's for the fourth of july.JK

Actually that sounds like fun.

 

Does xp have were you can change the compatibility?Maybe try changing it sp1 or 2000, just a thought. I had to do it with the laptop, but its a vista.

[GSi-R 0]

Cheers guys.! yes, Im running ABG 8 too. i will look into their new version released 2nd of July. Thanks for the link.

 

I will report back with my findings.

[GSi-R 0]

Ok, Im running the latest version of AVG, and all is AOK there.

 

i have downloaded Ad-Aware2008 once again from Geek forums this time, and now running a full scan. I removed everything Lavasoft related prior to installation, ran ccleaner, and rebooted, switched firewall off etc.

 

Fingers crossed.

[GSi-R 0]

Full scan completed.!

 

Will keep you lot updated on further full scans.

[Pierre67 209]

Just finished a full scan on desktop. Took 5 hrs 47 min 31 sec and scanned 323132 objects with no errors. See screen shot.

 

Also full scan on laptop but only took 47 odd minutes with no errors or hang ups.