SVChost.exe trojan, memory process help!

Solved
By BWashburn
Aug 3, 2012
Topic Status:
Not open for further replies.
  1. BWashburn

    BWashburn TechSpot Member Topic Starter Posts: 58

    Check this out Jay. I found my restore discs for my HP (one that BSOD) and I restored it to an earlier state 9/5/2012 to be exact. Now my question is how do I have a restore point at that date when it wasn't letting my create one or at least it didn't confirm that it successfully created a new restore point? All I know is I am happy. computer is running good not slow. Going to run an AVG scan and this time I wont delete anything. Then run a MBAM scan and ill let you know how it goes.
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Okay. Not sure about that Restore Point. Weird...but let me know what happens.
  3. BWashburn

    BWashburn TechSpot Member Topic Starter Posts: 58

    Ran both AVG and MBAM and nothing detected! Not sure what we should do at this point..
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Let's go ahead and finish up. You can always post in the Windows OS section of the site, or similar, and some of the techies here on the site can all collaborate on a good opinion on how to approach remaining issues...

    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    Download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    * Double-click the CCleaner shortcut on the desktop to start the program.
    * Click on the Options block on the left, then choose Cookies.
    * Under Cookies to Delete, highlight any cookies you would like to retain permanently
    * Click the right arrow > to move them to the Cookies to Keep window.
    * Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
    * Click Cleaner on the left then Run Cleaner on the right to run the program.
    * Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  5. BWashburn

    BWashburn TechSpot Member Topic Starter Posts: 58

    Here is the log from Security Check..

    Results of screen317's Security Check version 0.99.51
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    AVG Anti-Virus Free Edition 2012
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.0.1400
    AVG PC Tuneup
    Java(TM) 6 Update 29
    Java version out of Date!
    Adobe Flash Player 11.3.300.268 Flash Player out of Date!
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    AVG avgwdsvc.exe
    AVG avgtray.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Java Update!

    Please download the newest version of Java from Java.com.

    Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

    Once old versions are gone, please install the newest version.

    Read more about Java exploit problems

    Adobe Flash Player Update!

    Please download the newest version of Adobe Flash Player from Adobe.com

    Before installing: it is important to remove older versions of Flash Player since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Adobe Flash Player. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.

    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.


    Topic solved and closed. :) Thanks!
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Tell me the errors reported...
  8. BWashburn

    BWashburn TechSpot Member Topic Starter Posts: 58

    Firewall error code 0x80070424

    I have realised I cannot turn on my firewall and I get this error code. I have so far uninstalled AVG and installed microsoft security essentials and MBAM (free version) I have ran scans on both to find no sort of malware yet I still cannot turn on my firewall
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    I doubt it has anything to do with malware.

    Download and save the zip file attached...extract its contents to reveal the REG file enclosed.

    Once extracted, double-click on the file and merge it in to the Registry.

    Reboot your computer. Let me know if the Firewall is working fine.

    Attached Files:

  10. BWashburn

    BWashburn TechSpot Member Topic Starter Posts: 58

    I tried merging that registry file and it said error accessing the registry.
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Try again in Safe Mode, and let me know if it works.
     
  12. BWashburn

    BWashburn TechSpot Member Topic Starter Posts: 58

    Cannot import C:\Users\Uer\Downloads\Fixseccenter.reg: Error accessing the registry.
    Also I noticed something in MSE that ididnt notice before under my history tab for my daily scans.
    Trojan;DOS/Alureon.j Action Taken:Removed
    Rouge:JS/FakePAV Action Taken Quarantined (there were two of those)
    Troajan:Win32/Sirefef!cfg Action Taken Quarantined
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Back to this tool. Topic marked Active again. :)

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  14. BWashburn

    BWashburn TechSpot Member Topic Starter Posts: 58

    Here is what I got when I ran it and when it installed the recovery console:
    The contents of folder C:\Windows\Erdnt\Hiv-backup could not be completely deleted.
    Let it run for about an hour and a half and still the same getting stuck on stage 4. Closed it rebooted.
  15. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Go to Start and type in ComboFix /uninstall and hit Enter.

    Then, try to download and run ComboFix again.
  16. BWashburn

    BWashburn TechSpot Member Topic Starter Posts: 58

    Finally got it past stage 4!!! It's at stage 27 right now have been running it for 3 hours now. Will continue to let it run overnight (going to bed work in the am) will post soon as it finishes.
  17. BWashburn

    BWashburn TechSpot Member Topic Starter Posts: 58

    Here is the long awaited log from ComboFix!!!!
    ComboFix 12-09-27.03 - Uer 09/27/2012 15:48:18.5.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.6302 [GMT -5:00]
    Running from: c:\users\Uer\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Uer\Documents\~WRL0930.tmp
    c:\windows\svchost.exe
    c:\windows\SysWow64\Packet.dll
    c:\windows\SysWow64\pthreadVC.dll
    c:\windows\SysWow64\wpcap.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_NPF
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-28 )))))))))))))))))))))))))))))))
    .
    .
    2012-09-28 03:21 . 2012-09-28 03:21--------d-----w-c:\users\Mcx1-UER-HP\AppData\Local\temp
    2012-09-28 03:21 . 2012-09-28 03:21--------d-----w-c:\users\Mcx1-UER-HP.Uer-HP\AppData\Local\temp
    2012-09-28 03:21 . 2012-09-28 03:21--------d-----w-c:\users\Default\AppData\Local\temp
    2012-09-27 08:31 . 2012-09-19 05:589308616----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D60B47B9-D3E2-4547-8642-63F082023459}\mpengine.dll
    2012-09-26 22:45 . 2012-09-19 05:589308616----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-09-25 21:19 . 2012-08-21 21:01245760----a-w-c:\windows\system32\OxpsConverter.exe
    2012-09-25 21:16 . 2012-05-05 08:36503808----a-w-c:\windows\system32\srcore.dll
    2012-09-25 21:16 . 2012-05-05 07:4643008----a-w-c:\windows\SysWow64\srclient.dll
    2012-09-25 21:15 . 2012-02-11 06:43751104----a-w-c:\windows\system32\win32spl.dll
    2012-09-25 21:15 . 2012-02-11 06:36559104----a-w-c:\windows\system32\spoolsv.exe
    2012-09-25 21:15 . 2012-02-11 06:3667072----a-w-c:\windows\splwow64.exe
    2012-09-25 21:15 . 2012-02-11 05:43492032----a-w-c:\windows\SysWow64\win32spl.dll
    2012-09-25 21:15 . 2012-08-22 18:12950128----a-w-c:\windows\system32\drivers\ndis.sys
    2012-09-25 21:15 . 2012-07-04 20:2641472----a-w-c:\windows\system32\drivers\RNDISMP.sys
    2012-09-25 21:15 . 2012-08-02 17:58574464----a-w-c:\windows\system32\d3d10level9.dll
    2012-09-25 21:15 . 2012-08-02 16:57490496----a-w-c:\windows\SysWow64\d3d10level9.dll
    2012-09-25 21:15 . 2012-08-22 18:121913200----a-w-c:\windows\system32\drivers\tcpip.sys
    2012-09-25 21:15 . 2012-08-22 18:12376688----a-w-c:\windows\system32\drivers\netio.sys
    2012-09-25 21:15 . 2012-08-22 18:12288624----a-w-c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-09-25 21:12 . 2012-07-04 22:1673216----a-w-c:\windows\system32\netapi32.dll
    2012-09-25 21:12 . 2012-07-04 22:1359392----a-w-c:\windows\system32\browcli.dll
    2012-09-25 21:12 . 2012-07-04 22:13136704----a-w-c:\windows\system32\browser.dll
    2012-09-25 21:12 . 2012-07-04 21:1441984----a-w-c:\windows\SysWow64\browcli.dll
    2012-09-25 21:12 . 2012-07-18 18:153148800----a-w-c:\windows\system32\win32k.sys
    2012-09-25 21:12 . 2012-05-14 05:26956928----a-w-c:\windows\system32\localspl.dll
    2012-09-19 22:54 . 2012-09-19 22:54--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-09-19 22:54 . 2012-09-07 22:0425928----a-w-c:\windows\system32\drivers\mbam.sys
    2012-09-19 22:37 . 2012-02-09 19:17927800------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8FD0399C-E913-4F6A-B145-D8AAD6BB2C25}\gapaengine.dll
    2012-09-19 22:25 . 2012-09-19 22:25--------d-----w-c:\program files (x86)\Microsoft Security Client
    2012-09-19 22:25 . 2012-09-19 22:25--------d-----w-c:\program files\Microsoft Security Client
    2012-09-19 22:15 . 2012-09-19 22:15--------d-----w-c:\windows\SysWow64\drivers\AVG
    2012-09-19 00:24 . 2012-09-19 00:2473136----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-19 00:24 . 2012-09-19 00:24696240----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-09-19 00:14 . 2012-09-19 00:13916456----a-w-c:\windows\system32\deployJava1.dll
    2012-09-19 00:14 . 2012-09-19 00:13289768----a-w-c:\windows\system32\javaws.exe
    2012-09-19 00:14 . 2012-09-19 00:131034216----a-w-c:\windows\system32\npDeployJava1.dll
    2012-09-19 00:14 . 2012-09-19 00:13189416----a-w-c:\windows\system32\javaw.exe
    2012-09-19 00:14 . 2012-09-19 00:13188904----a-w-c:\windows\system32\java.exe
    2012-09-19 00:14 . 2012-09-19 00:13108008----a-w-c:\windows\system32\WindowsAccessBridge-64.dll
    2012-09-19 00:13 . 2012-09-19 00:13--------d-----w-c:\program files\Java
    2012-09-07 19:43 . 2012-09-07 19:43--------d-----w-c:\users\Uer\AppData\Local\Ilivid Player
    2012-09-07 19:41 . 2012-09-07 19:41--------d-----w-c:\programdata\boost_interprocess
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-25 22:23 . 2011-02-19 21:132876528----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2012-09-25 22:03 . 2011-02-19 21:1242776----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2012-09-25 08:24 . 2011-04-10 22:05737072----a-w-c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2012-09-25 08:24 . 2011-04-10 23:172876528----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2012-09-25 08:23 . 2011-04-10 23:0642776----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2012-09-25 08:23 . 2011-02-19 21:12539984----a-w-c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2012-08-31 05:43 . 2010-11-20 10:5064462936----a-w-c:\windows\system32\MRT.exe
    2012-08-30 20:48 . 2012-07-20 23:3331080----a-w-c:\windows\system32\drivers\avgtpx64.sys
    2012-08-08 21:39 . 2011-02-19 21:13737072----a-w-c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2012-08-08 21:33 . 2011-04-10 22:04539984----a-w-c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-08-08 16:11 . 2012-08-13 23:25460888----a-w-c:\windows\system32\drivers\72847843.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-09-28 1715768]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
    "Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2010-10-29 1652736]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2011-11-2 4577760]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Online Backup]
    2010-06-01 22:331155928----a-w-c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-18 136176]
    R2 WSWNDA3100;WSWNDA3100;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2010-08-19 272864]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-19 250288]
    R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-06-30 35840]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-18 136176]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-20 1255736]
    R4 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]
    R4 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
    S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-08-30 31080]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-23 254528]
    S1 nnfwdk;Nielsen WFP Driver;c:\program files (x86)\NetRatingsNetSight\NetSight\meter1\nnfwdk64.sys [2009-12-29 23120]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-30 204288]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-05-04 81408]
    S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-08-30 722528]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-30 9371136]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-30 309760]
    S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2011-04-19 1254464]
    S3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2010-01-18 4608]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-28 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-19 00:24]
    .
    2012-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-18 16:09]
    .
    2012-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-18 16:09]
    .
    2012-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2308464352-3331396735-3360041561-1000Core.job
    - c:\users\Uer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-19 21:07]
    .
    2012-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2308464352-3331396735-3360041561-1000UA.job
    - c:\users\Uer\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-19 21:07]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
    "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uLocal Page = c:\windows\system32\blank.htm
    mDefault_Page_URL = hxxp://www.yahoo.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
    IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    TCP: DhcpNameServer = 10.0.0.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - c:\program files (x86)\somototoolbar\vmntemplateX.dll
    Toolbar-{c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - c:\program files (x86)\somototoolbar\vmntemplateX.dll
    Toolbar-10 - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
    Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe
    Wow6432Node-HKLM-Run-ROC_ROC_JULY_P1 - c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe
    Toolbar-10 - (no file)
    AddRemove-1ClickDownload - c:\program files (x86)\1ClickDownload\uninst.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-THUG1 Fix - c:\program files (x86)\Activision\Tony Hawk's Underground\Uninstall THUG1 Fix.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
    "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{C3721E85-F0AC-4B7E-AE4C-3E738011DC9D}"=hex:51,66,7a,6c,4c,1d,38,12,eb,1d,61,
    c7,9e,be,10,0e,d1,5a,7d,33,85,4f,98,89
    "{99079A25-328F-4BD4-BE04-00955ACAA0A7}"=hex:51,66,7a,6c,4c,1d,38,12,4b,99,14,
    9d,bd,7c,ba,0e,c1,12,43,d5,5f,94,e4,b3
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
    d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
    91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
    27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
    "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
    38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{9D717F81-9148-4F12-8568-69135F087DB0}"=hex:51,66,7a,6c,4c,1d,38,12,ef,7c,62,
    99,7a,df,7c,0a,fa,7e,2a,53,5a,56,39,a4
    "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
    ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:3e,46,9f,13,57,26,cd,01
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\NetRatingsNetSight]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-09-27 22:26:58 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-28 03:26
    .
    Pre-Run: 830,936,748,032 bytes free
    Post-Run: 830,410,166,272 bytes free
    .
    - - End Of File - - D3200A5B09B538A8BEBB680C52C81527
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Still same issue? I need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
  19. BWashburn

    BWashburn TechSpot Member Topic Starter Posts: 58

    I still was not able to turn on my firewall. I don't get the error message anymore but when I click turn on firewall nothing happens.
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Method 1: Diagnose and fix Windows Firewall service problems automatically

    Method 2: How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
    Note: It may ask for windows DVD to fix and to enable SFC to make more than minor repairs. Some files saved on your computer might get deleted when fixing corrupted files.

    You can use the Windows Repair Tool to automate it.

    Method 3: Fix: Windows 7 or Vista Firewall Fails To Start At Startup

    Method 4: Please run "services.msc", stop "Windows Event Controller" service first, then make sure "Base Filtering Engine" service is started.
    In the Start Menu type devmgmt.msc, and open Device Manager. On the View tab, choose "Devices by connection" and put a check next to "Show hidden devices". Look for Windows Firewall Authorization Driver (it will have a gold gear icon).Double-click that, and on the Driver tab, make sure the Startup type is set to "Demand".
    Then start "Windows Firewall" service, and check if the issue gets resolved.

    Let me know if any of the above methods worked, and if you can start Windows Firewall.
  21. BWashburn

    BWashburn TechSpot Member Topic Starter Posts: 58

    Method 1 did not work. Method 2 did not work, it said:Cannot repair member file [l:24{12}]"services.exe" of Microsoft-Windows-Services-ServiceController, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
    2012-09-30 15:17:57, Info CSI 000002ea [SR] Repaired file \SystemRoot\WinSxS\Manifests\\[ml:28{14},l:24{12}]"services.exe" by copying from backup
    Method 3 was of no help because I cannot stop the service Windows Event Log..it said access is denied Error 5.I tried starting windows firewall again and the same thing happens...which is nothing.No errors just a loading symbol on my cursor then nothing.
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Copy the following code and under the Custom Scans/Fixes box paste this in :

    • Click the None button and then the Run Scan button. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time
    Note: in the event that OTL fails to run, please use alternate download links to try again:

    http://oldtimer.geekstogo.com/OTL.com
    http://oldtimer.geekstogo.com/OTL.scr
  23. BWashburn

    BWashburn TechSpot Member Topic Starter Posts: 58

    OTL log...there was not a log for extras.
    OTL logfile created on: 10/2/2012 3:21:26 PM - Run 1
    OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\Uer\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.75 Gb Total Physical Memory | 5.94 Gb Available Physical Memory | 76.66% Memory free
    15.50 Gb Paging File | 13.51 Gb Available in Paging File | 87.17% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 919.35 Gb Total Space | 774.11 Gb Free Space | 84.20% Space Free | Partition Type: NTFS
    Drive D: | 12.07 Gb Total Space | 1.47 Gb Free Space | 12.21% Space Free | Partition Type: NTFS
    Drive E: | 2.50 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: UER-HP | User Name: Uer | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

    ========== Custom Scans ==========

    < MD5 for: SERVICES.EXE >
    [2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
    [2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
    [2012/09/30 15:17:57 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

    < MD5 for: VOLSNAP.SYS >
    [2010/11/20 08:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
    [2010/11/20 08:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
    [2010/11/20 08:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
    [2009/07/13 20:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys

    < End of report >
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

  25. BWashburn

    BWashburn TechSpot Member Topic Starter Posts: 58

    Pleased to say my firewall is working now all thanks to you DragonMaster. Ran a scan with MSE and MBAM and so far so good! I really appreciate everything you have helped me with sir. May you have a blessed day.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.