Jump to content

email2mahen

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hello, even before your post, I used Kaspersky boot disk and did a scan. It did clean couple of malwares. I rebooted the system and I was able to open Mcafee and Malwarebytes. The PC started behaving normally. I did run Malwarebytes and it found a lot of secuirty hijacks. I cleaned them all and ran Malwarebytes agan and it came out clean. Please see the logs and let me know if I have to do anything else. Sorry I had to attach the file as I am not able to post the log in the response as it is too long mbam-log-2013-04-07 (12-08-31).txt mbam-log-2013-04-07 (12-24-17).txt
  2. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 23 days old) Ran by SYSTEM at 05-04-2013 21:02:54 Running from G:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [17920 2009-02-25] (Creative Technology Ltd.) HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2726728 2010-03-24] (CANON INC.) HKLM-x32\...\Run: [instantBurn] C:\PROGRA~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe [681256 2009-01-12] (CyberLink Corporation.) HKLM-x32\...\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [218408 2008-12-03] (CyberLink Corp.) HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r [241789 2009-05-04] (Creative Technology Ltd) HKLM-x32\...\Run: [updReg] C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-08] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-12-05] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1185112 2010-04-01] (CANON INC.) HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1534504 2013-01-14] (McAfee, Inc.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [151952 2012-11-28] (Apple Inc.) HKLM-x32\...\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe [583016 2009-11-19] (Sony Corporation) HKLM-x32\...\Run: [3405D2E4142544E4548414D4] C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe [195072 2013-04-01] () HKU\Mahendran\...\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 [1688872 2008-01-14] (Nero AG) HKU\Mahendran\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-09-14] (Google Inc.) HKU\Mahendran\...\Run: [] [x] HKU\Mahendran\...\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray [1090040 2012-12-21] (Nokia) HKU\Mahendran\...\Run: [3405D2E4142544E4548414D4] C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe [195072 2013-04-01] () HKU\Mahendran\...\RunOnce: [uninstall C:\Users\Mahendran\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mahendran\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64" [344576 2009-07-13] (Microsoft Corporation) HKU\Mahendran\...\RunOnce: [uninstall C:\Users\Mahendran\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mahendran\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" [344576 2009-07-13] (Microsoft Corporation) HKU\Mahendran\...\Policies\system: [LogonHoursAction] 2 HKU\Mahendran\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\Mahendran\...\Policies\system: [DisableRegistryTools] 1 HKU\Mahendran\...\Policies\system: [DisableTaskMgr] 1 HKU\Sudha\...\Policies\system: [LogonHoursAction] 2 HKU\Sudha\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 IMEO\a2servic.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ackwin32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\acs.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\advxdwin.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\agentsvr.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\agentw.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ahnsd.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\alerter.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\alertsvc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\alogserv.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\amon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\amon9x.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\anti-trojan.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\antigen.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\antivirus.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ants.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\apimonitor.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\aplica32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\apvxdwin.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ashWebSv.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\atcon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\atguard.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\atro55en.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\atupdater.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\atwatch.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\aupdate.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\autodown.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\autotrace.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\autoupdate.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avcenter.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avconfig.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avconsol.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ave32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avgcc32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avgctrl.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avgemc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avgnt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avgserv.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avgserv9.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avguard.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avgw.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avkpop.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avkserv.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avkservice.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avkwcl9.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avkwctl9.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avnotify.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avnt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avp.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avp32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avpcc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avpdos32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avpexec.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avpinst.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avpm.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avpmon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avpnt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avptc32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avpupd.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avrescue.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avscanavshadow.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avsched32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avsynmgr.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avupgsvc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avwebloader.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avwin95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avwinnt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avwsc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avwupd32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avxmonitor9x.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avxmonitornt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avxquar.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\avxw.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\azonealarm.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\bd_professional.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\bidef.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\bidserver.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\bipcp.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\bipcpevalsetup.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\bisp.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\blackd.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\blackice.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\boot.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\bootwarn.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\borg2.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\bs120.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\BullGuard.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\callmsi.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ccapp.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ccevtmgr.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\cclaw.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ccpxysvc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ccsetmgr.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ccshtdwn.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\cdp.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\cfgwiz.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\cfiadmin.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\cfiaudit.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\cfind.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\cfinet.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\cfinet32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ChromeSetup.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\clamauto.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\claw95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\claw95cf.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\claw95ct.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\clean.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\cleaner.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\cleaner3.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\cleanpc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\cmd.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\cmgrdian.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\cmon016.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ComboFix.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\connectionmonitor.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\cpd.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\cpdclnt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\cpf.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\cpf9x206.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\cpfnt206.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\csinject.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\csinsm32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\css1631.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ctfmon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ctrl.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\cv.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\cwnb181.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\cwntdwmo.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\defalert.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\defscangui.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\defwatch.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\deputy.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\Diskmon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\doors.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\dpf.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\drvins32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\drwatson.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\drweb32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\dumphive.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\dv95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\dv95_o.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\dvp95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\dvp95_0.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\earthagent.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ecengine.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ecls.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ecmd.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\edi.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\efinet32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\efpeadm.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\egui.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\EHttpSrv.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ekrn.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ent.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\esafe.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\escanh95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\escanhnt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\escanv95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\espwatch.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\etrustcipe.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\evpn.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ewido.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\exantivirus-cnet.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\exit.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\expert.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\explored.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\f-agnt95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\f-prot.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\f-prot95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\f-stopw.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\fa-setup.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\fact.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\fameh32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\fast.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\fch32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\fih32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\Filemon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\findviru.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\firewall.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\FirewallControlPanel.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\FirewallSettings.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\fix-it.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\flowprotector.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\fnrb32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\fp-win.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\fp-win_trial.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\FPAVServer.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\fprot.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\fprot95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\frw.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\fsaa.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\fsav.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\fsav32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\fsav530stbyb.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\fsav530wtbyb.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\fsav95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\fsave32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\fsgk32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\fslaunch.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\fsm32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\fsma32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\fsmb32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\fssm32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\fwenc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\fwinstall.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\gbmenu.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\gbpoll.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\GenericRenosFix.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\generics.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\gibe.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\GoogleToolbarInstaller_download_signed.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\gpedit.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\guard.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\guarddog.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\guardgui.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\guardhlp.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\hacktracersetup.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\HelpPane.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\hidec.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\HiJackThis.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\HJTInstall.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\HostsChk.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\htlog.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\hwpe.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\iamapp.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\iamserv.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\iamstats.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ibmasn.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ibmavsp.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\icload95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\icloadnt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\icmon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\icmoon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\icssuppnt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\icsupp.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\icsupp95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\icsuppnt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\IEDFix.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\iface.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ifw2000.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\iomon98.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\iparmor.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\iris.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\isrv95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\jammer.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\jed.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\jedi.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\kav8.0.0.357es.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\kavlite40eng.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\kavpers40eng.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\kavsvc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\kerio-pf-213-en-win.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\kerio-wrl-421-en-win.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\kerio-wrp-421-en-win.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\killprocesssetup161.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\kis8.0.0.506latam.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\kpf.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\kpfw32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ldnetmon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ldpro.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ldpromenu.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ldscan.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\licmgr.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\localnet.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\lockdown.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\lockdown2000.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\lookout.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\lsetup.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\luall.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\luau.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\lucomserver.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\luinit.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\luspt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\mbam.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\mbamgui.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\mbamservice.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\mcagent.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\mcmnhdlr.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\mcshield.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\mctool.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\mcuimgr.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\mcupdate.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\mcvsrte.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\mcvsshld.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\mdll.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\mfw2en.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\mfweng3.02d30.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\mgavrtcl.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\mgavrte.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\mghtml.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\mgui.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\minilog.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\monitor.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\monsys32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\monsysnt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\monwow.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\moolive.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\mpfagent.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\mpfservice.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\mpftray.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\mrflux.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\MSASCui.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\msblast.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\msconfig.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\msinfo32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\msn.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\mspatch.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\mssmmc32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\mu0311ad.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\mwatch.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\mxtask.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\n32scan.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\n32scanw.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\nai_vs_stat.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\nav32_loader.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\nav80try.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\navap.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\navapsvc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\navapw32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\navauto-protect.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\navdx.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\naveng.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\navengnavex15.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\navex15.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\navlu32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\navnt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\navrunr.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\navsched.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\navstub.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\navw.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\navw32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\navwnt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\nc2000.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ncinst4.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\nd98spst.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ndd32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ndntspst.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\neomonitor.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\neowatchlog.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\netarmor.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\netcfg.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\netinfo.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\netmon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\netscanpro.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\Netscape.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\netspyhunter-1.2.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\netstat.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\netutils.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\nisserv.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\nisum.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\nmain.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\nod32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\normist.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\norton_internet_secu_3.0_407.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\notstart.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\npf40_tw_98_nt_me_2k.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\npfmessenger.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\nprotect.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\npscheck.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\npssvc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\nsched32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ntdetect.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ntrtscan.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ntxconfig.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\nui.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\nupdate.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\nupgrade.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\nvapsvc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\nvarch16.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\nvc95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\nvlaunch.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\nvsvc32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\nwinst4.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\nwservice.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\nwtool16.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\offguard.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ogrc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\opera.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\Opera_964_int_Setup.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ostronet.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\outpost.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\outpostinstall.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\outpostproinstall.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\padmin.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\panixk.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\pathping.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\pavcl.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\pavproxy.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\pavsched.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\pavw.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\pcc2002s902.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\pcc2k_76_1436.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\pccclient.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\pccguide.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\pcciomon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\pccmain.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\pccntmon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\pccpfw.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\pccwin97.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\pccwin98.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\pcdsetup.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\pcfwallicon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\pcip10117_0.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\pcscan.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\pcscanpdsetup.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\penis32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\periscope.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\persfw.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\perswf.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\pev.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\pf2.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\pfwadmin.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ping.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\pingscan.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\platin.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\pop3trap.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\poproxy.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\popscan.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\portdetective.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\portmon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\portmonitor.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ppinupdt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\pptbc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ppvstop.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\prckiller.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\Process.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\processmonitor.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\procexp.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\procexplorerv1.0.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\Procmon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\programauditor.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\proport.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\protectx.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\pspf.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\purge.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\pview.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\pview95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\qconsole.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\qserver.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\rapapp.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\rav.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\rav7.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\rav7win.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\rav8win32eng.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\realmon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\regedit.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\regedt32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\Regmon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\rescue.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\rescue32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\Restart.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\route.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\routemon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\rrguard.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\rshell.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\rstrui.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\rtvscn95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\rulaunch.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\Safari.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\safeweb.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\SandboxieBITS.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\SandboxieCrypto.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\SandboxieDcomLaunch.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\SandboxieRpcSs.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\SandboxieWUAU.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\SbieCtrl.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\SbieSvc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\sbserv.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\scan32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\scan95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\scanpm.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\sched.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\schedapp.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\scrscan.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\scvhosl.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\sd.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\sdclt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\serv95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\setupvameeval.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\setup_flowprotector_us.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\sgssfw32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\sh.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\sharedaccess.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\shellspyinstall.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\shn.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\smc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\SmitfraudFix.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\sofi.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\spf.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\sphinx.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\spider.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\spysweeper.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\spyxx.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\SrchSTS.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\srwatch.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\ss3edit.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\st2.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\supftrl.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\supporter5.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\sweep.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\sweep95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\sweepnet.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\sweepsrv.sys.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\swnetsup.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\swreg.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\swsc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\swxcacls.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\symproxysvc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\symtray.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\sysdoc32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\syshelp.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\taskkill.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\tasklist.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\taskmgr.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\taskmon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\taumon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\tauscan.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\tbscan.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\tc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\tca.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\tcm.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\tcpsvs32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\tds-3.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\tds2-98.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\tds2-nt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\tds2.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\tfak.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\tfak5.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\tftpd.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\tgbob.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\titanin.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\titaninxp.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\tmlisten.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\tmntsrv.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\tracerpt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\tracert.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\trjscan.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\trjsetup.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\trojantrap3.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\UCCLSID.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\UI0Detect.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\undoboot.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\unzip.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\update.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\UserAccountControlSettings.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\VACFix.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vbcmserv.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vbcons.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vbust.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vbwin9x.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vbwinntw.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vccmserv.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vcleaner.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vcontrol.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vcsetup.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vet32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vet95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vet98.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vettray.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vfsetup.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vir-help.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\virusmdpersonalfirewall.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vmsrvc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vnlan300.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vnpc3000.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vpc32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vpc42.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vpcmap.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vpfw30s.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vptray.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vscan.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vscan40.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vscenu6.02d30.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vsched.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vsecomr.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vshwin32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vsisetup.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vsmain.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vsmon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vsscan40.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vsstat.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vswin9xe.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vswinntse.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vswinperse.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\vvstat.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\w32dsm89.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\w9x.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\watchdog.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\webscan.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\webscanx.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\webtrap.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\WerFault.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\wfindv32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\wgfe95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\whoswatchingme.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\wimmun32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\wingate.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\winhlpp32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\wink.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\winmgm32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\winppr32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\winrecon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\winroute.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\winservices.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\winsfcm.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\wmias.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\wmiav.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\wnt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\wradmin.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\wrctrl.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\WS2Fix.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\wsbgate.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\wuauclt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\wyvernworksfirewall.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\xpf202en.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\xscan.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\zapro.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\zapsetup3001.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\zatutor.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\zatutorzauinst.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\zauinst.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\zlh.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\zonalarm.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\zonalm2601.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\zonealarm.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\_avp.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\_avp32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\_avpcc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\_avpm.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IMEO\_findviru.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" Startup: C:\Users\Mahendran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KeePass.exe - Shortcut.lnk ShortcutTarget: KeePass.exe - Shortcut.lnk -> (No File) ==================== Services (Whitelisted) =================== 2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-30] (McAfee, Inc.) 2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-30] (McAfee, Inc.) 2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-30] (McAfee, Inc.) 2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-30] (McAfee, Inc.) 2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-30] (McAfee, Inc.) 3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [383608 2012-11-16] (McAfee, Inc.) 2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-30] (McAfee, Inc.) 2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [241456 2013-02-19] (McAfee, Inc.) 2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218760 2013-02-19] (McAfee, Inc.) 2 mfevtp; "C:\Windows\system32\mfevtps.exe" [182752 2013-02-19] (McAfee, Inc.) 2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-30] (McAfee, Inc.) 2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [869672 2007-12-03] (Nero AG) 3 NMIndexingService; "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe" [447784 2008-01-14] (Nero AG) 2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-18] (Prolific Technology Inc.) 4 TVersityMediaServer; "C:\ProgramData\TVersity\Media Server\MediaServer.exe" [1249064 2011-07-29] () 4 UDisk Monitor; C:\Program Files\Reliance Netconnect\bin\MonServiceUDisk.exe [405504 2011-07-06] () ==================== Drivers (Whitelisted) ===================== 3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.) 2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [371696 2008-12-31] (CyberLink Corporation.) 3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.) 3 mbamchameleon; C:\Windows\System32\Drivers\mbamchameleon.sys [36680 2013-04-03] () 3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.) 3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.) 3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.) 0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.) 1 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.) 3 ztemtusbser; C:\Windows\System32\DRIVERS\CT_ZTEMT_U_USBSER.sys [120704 2010-11-10] (ZTEMT Incorporated) 1 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [x] 4 sr; [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2013-04-05 21:02 - 2013-04-05 21:02 - 00000000 ____D C:\FRST 2013-04-04 23:30 - 2013-04-04 23:30 - 00132151 ____A C:\wubildr 2013-04-04 23:30 - 2013-04-04 23:30 - 00008192 ____A C:\wubildr.mbr 2013-04-04 23:09 - 2013-04-04 23:30 - 00000000 ____D C:\ubuntu 2013-04-04 23:06 - 2013-04-04 23:06 - 00003352 ____N C:\bootsqm.dat 2013-04-04 23:05 - 2013-04-04 23:05 - 00000000 __SHD C:\found.000 2013-04-04 22:16 - 2013-04-04 22:16 - 02501520 ____A C:\Users\Mahendran\Downloads\wubi.exe 2013-04-04 22:02 - 2013-04-04 22:02 - 00000000 ____D C:\Users\Mahendran\AppData\Local\NeoSmart_Technologies 2013-04-04 21:58 - 2013-04-04 21:58 - 00001213 ____A C:\Users\Public\Desktop\EasyBCD 2.1.2.lnk 2013-04-04 21:58 - 2013-04-04 21:58 - 00000000 ____D C:\Program Files (x86)\NeoSmart Technologies 2013-04-04 21:55 - 2013-04-04 21:58 - 01528448 ____A C:\Users\Mahendran\Downloads\EasyBCD 2.2.exe 2013-04-04 07:41 - 2013-04-04 07:41 - 00001681 ____A C:\Users\Mahendran\Documents\aswMBR.txt 2013-04-04 07:41 - 2013-04-04 07:41 - 00000512 ____A C:\Users\Mahendran\Documents\MBR.dat 2013-04-04 07:39 - 2013-04-04 07:39 - 00000000 ____D C:\Users\Mahendran\Downloads\aswMBR 2013-04-04 07:38 - 2013-04-04 07:38 - 02117706 ____A C:\Users\Mahendran\Downloads\aswMBR.zip 2013-04-03 18:37 - 2013-04-03 18:37 - 05046606 ____A (Swearware) C:\Users\Mahendran\Desktop\ComboFix.exe 2013-04-03 07:59 - 2013-04-03 07:59 - 00036680 ____A C:\Windows\System32\Drivers\mbamchameleon.sys 2013-04-03 06:49 - 2013-04-03 06:49 - 00132790 ____A C:\Users\Mahendran\Desktop\attach.txt 2013-04-03 06:49 - 2013-04-03 06:49 - 00023403 ____A C:\Users\Mahendran\Desktop\dds.txt 2013-04-03 06:47 - 2013-04-03 06:47 - 00000000 ____D C:\Users\Mahendran\Downloads\dds 2013-04-03 06:46 - 2013-04-03 06:46 - 00686688 ____A C:\Users\Mahendran\Downloads\dds.zip 2013-04-03 06:14 - 2013-04-03 18:40 - 00000000 ____D C:\Users\Mahendran\Desktop\rkill 2013-04-03 06:13 - 2013-04-03 18:40 - 00046840 ____A C:\Users\Mahendran\Desktop\Rkill.txt 2013-04-03 06:13 - 2013-04-03 18:40 - 00000000 ____D C:\Users\Mahendran\Downloads\uSeRiNiT 2013-04-03 06:12 - 2013-04-03 06:13 - 00835760 ____A C:\Users\Mahendran\Downloads\uSeRiNiT.zip 2013-04-03 05:51 - 2013-04-03 05:52 - 05046606 ____A (Swearware) C:\Users\Mahendran\Downloads\ComboFix.exe 2013-04-03 05:45 - 2013-04-03 05:45 - 00000000 ____D C:\Users\Mahendran\Downloads\ComboFix 2013-04-03 05:44 - 2013-04-03 05:44 - 05043052 ____A C:\Users\Mahendran\Downloads\ComboFix.zip 2013-04-03 05:36 - 2013-04-03 05:36 - 00000000 ____D C:\Users\Mahendran\Downloads\tdsskiller 2013-04-03 05:35 - 2013-04-03 05:35 - 02218636 ____A C:\Users\Mahendran\Downloads\tdsskiller.zip 2013-04-02 20:32 - 2013-04-02 20:32 - 00000005 ____A C:\Users\Mahendran\AppData\Roaming\mbam.context.scan 2013-04-02 20:20 - 2013-04-02 20:20 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-04-02 20:20 - 2013-04-02 20:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-04-02 20:20 - 2012-12-14 03:19 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-04-02 19:41 - 2013-04-03 04:24 - 00000000 ____D C:\Program Files (x86)\stinger 2013-04-02 19:41 - 2013-04-02 23:21 - 00000000 ____D C:\Users\Mahendran\Downloads\scan 2013-04-02 19:41 - 2013-04-02 23:21 - 00000000 ____D C:\Stinger_Quarantine 2013-04-02 19:40 - 2013-04-02 19:40 - 21250271 ____A C:\Users\Mahendran\Downloads\scan.zip 2013-04-02 03:24 - 2013-04-02 03:24 - 00002212 ____A C:\Users\Public\Desktop\Google Earth.lnk 2013-04-01 21:14 - 2013-04-01 21:14 - 00000000 RASHD C:\Users\Mahendran\E6162746E6568616D4 2013-04-01 20:03 - 2013-04-01 20:03 - 00014782 ____A C:\Users\Mahendran\Downloads\[MP3]~Settai~[2013]~CBR~320Kbps~[MD Thasneen].torrent 2013-04-01 20:01 - 2013-04-01 20:01 - 00018353 ____A C:\Users\Mahendran\Downloads\[MP3]Udhayam NH4 (2013) ~ ORG ACD RIP ~ CBR ~ 320kbps ~ TC Rajni.torrent 2013-03-27 05:47 - 2013-03-27 05:47 - 00015254 ____A C:\Users\Mahendran\Downloads\[kat.ph]the.big.bang.theory.s06e02.hdtv.xvid.afg.torrent 2013-03-27 05:47 - 2013-03-27 05:47 - 00013520 ____A C:\Users\Mahendran\Downloads\[kat.ph]the.big.bang.theory.s06e01.hdtv.x264.lol.ettv.torrent 2013-03-25 12:39 - 2013-03-25 12:39 - 04546560 ____A (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr 2013-03-23 19:04 - 2013-03-23 19:04 - 00025658 ____A C:\Users\Mahendran\Downloads\[kat.ph]person.of.interest.s02e06.hdtv.x264.lol.ettv.torrent 2013-03-23 19:03 - 2013-03-23 19:03 - 00021606 ____A C:\Users\Mahendran\Downloads\[kat.ph]person.of.interest.s02e03.hdtv.x264.lol.ettv.torrent 2013-03-23 19:03 - 2013-03-23 19:03 - 00011031 ____A C:\Users\Mahendran\Downloads\[kat.ph]person.of.interest.s02e04.hdtv.x264.lol.torrent 2013-03-23 19:03 - 2013-03-23 19:03 - 00010711 ____A C:\Users\Mahendran\Downloads\[kat.ph]person.of.interest.s02e05.hdtv.x264.lol.eztv.torrent 2013-03-23 19:02 - 2013-03-23 19:02 - 00010150 ____A C:\Users\Mahendran\Downloads\[kat.ph]person.of.interest.s02e02.hdtv.x264.lol.eztv.torrent 2013-03-23 08:10 - 2013-03-23 08:10 - 00024063 ____A C:\Users\Mahendran\Downloads\[kat.ph]person.of.interest.s02e01.hdtv.x264.lol.ettv.torrent 2013-03-22 19:30 - 2013-03-22 19:30 - 00012686 ____A C:\Users\Mahendran\Downloads\[kat.ph]kadal.2013.dvd5.dd.5.1.untouched.torrent 2013-03-16 18:41 - 2013-03-16 18:41 - 00014852 ____A C:\Users\Mahendran\Downloads\[kat.ph]moonrise.kingdom.2012.limited.brrip.xvid.absurdity.torrent 2013-03-16 18:39 - 2013-02-12 06:02 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys 2013-03-15 09:39 - 2013-02-01 23:31 - 17815040 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-03-15 09:39 - 2013-02-01 22:58 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-03-15 09:39 - 2013-02-01 22:57 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-03-15 09:39 - 2013-02-01 22:48 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-03-15 09:39 - 2013-02-01 22:47 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-03-15 09:39 - 2013-02-01 22:47 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-03-15 09:39 - 2013-02-01 22:46 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-03-15 09:39 - 2013-02-01 22:43 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-03-15 09:39 - 2013-02-01 22:42 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-03-15 09:39 - 2013-02-01 22:42 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-03-15 09:39 - 2013-02-01 22:41 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-03-15 09:39 - 2013-02-01 22:40 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-03-15 09:39 - 2013-02-01 22:39 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-03-15 09:39 - 2013-02-01 22:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-03-15 09:39 - 2013-02-01 22:38 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-03-15 09:39 - 2013-02-01 22:34 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-03-15 09:39 - 2013-02-01 20:09 - 12321792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-03-15 09:39 - 2013-02-01 19:42 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-03-15 09:39 - 2013-02-01 19:38 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-03-15 09:39 - 2013-02-01 19:31 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-03-15 09:39 - 2013-02-01 19:30 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-03-15 09:39 - 2013-02-01 19:30 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-03-15 09:39 - 2013-02-01 19:29 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-03-15 09:39 - 2013-02-01 19:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-03-15 09:39 - 2013-02-01 19:26 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-03-15 09:39 - 2013-02-01 19:26 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-03-15 09:39 - 2013-02-01 19:26 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-03-15 09:39 - 2013-02-01 19:25 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-03-15 09:39 - 2013-02-01 19:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-03-15 09:39 - 2013-02-01 19:23 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-03-15 09:39 - 2013-02-01 19:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-03-15 09:39 - 2013-02-01 19:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-03-14 19:51 - 2013-03-14 19:51 - 00012190 ____A C:\Users\Mahendran\Downloads\[kat.ph]special.26.2013.hindi.720p.dvdrip.charmeleon.silverrg.torrent 2013-03-08 23:23 - 2013-03-08 23:23 - 00020318 ____A C:\Users\Mahendran\Downloads\[kat.ph]person.of.interest.season.1.480p.bluray.150mb.mrlss.torrent 2013-03-08 23:14 - 2013-03-08 23:14 - 00015092 ____A C:\Users\Mahendran\Downloads\[kat.ph]the.big.bang.theory.s05e24.hdtv.xvid.afg.ettv.torrent 2013-03-08 23:13 - 2013-03-08 23:13 - 00006591 ____A C:\Users\Mahendran\Downloads\[kat.ph]the.big.bang.theory.s05e22.hdtv.x264.lol.torrent 2013-03-08 23:13 - 2013-03-08 23:13 - 00006128 ____A C:\Users\Mahendran\Downloads\[kat.ph]the.big.bang.theory.s05e23.hdtv.x264.lol.torrent ==================== One Month Modified Files and Folders ======= 2013-04-04 23:30 - 2013-04-04 23:30 - 00132151 ____A C:\wubildr 2013-04-04 23:30 - 2013-04-04 23:30 - 00008192 ____A C:\wubildr.mbr 2013-04-04 23:30 - 2013-04-04 23:09 - 00000000 ____D C:\ubuntu 2013-04-04 23:30 - 2012-10-04 03:29 - 00000000 ____D C:\Users\Mahendran\Documents\KeePass-2.20 2013-04-04 23:30 - 2010-05-18 11:35 - 01976715 ____A C:\Windows\WindowsUpdate.log 2013-04-04 23:15 - 2012-06-26 01:11 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-04-04 23:15 - 2009-07-13 20:45 - 00014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-04-04 23:15 - 2009-07-13 20:45 - 00014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-04-04 23:13 - 2010-09-14 20:13 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-04-04 23:07 - 2010-09-14 20:13 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-04-04 23:07 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-04-04 23:07 - 2009-07-13 20:51 - 00327845 ____A C:\Windows\setupact.log 2013-04-04 23:06 - 2013-04-04 23:06 - 00003352 ____N C:\bootsqm.dat 2013-04-04 23:05 - 2013-04-04 23:05 - 00000000 __SHD C:\found.000 2013-04-04 22:16 - 2013-04-04 22:16 - 02501520 ____A C:\Users\Mahendran\Downloads\wubi.exe 2013-04-04 22:02 - 2013-04-04 22:02 - 00000000 ____D C:\Users\Mahendran\AppData\Local\NeoSmart_Technologies 2013-04-04 21:58 - 2013-04-04 21:58 - 00001213 ____A C:\Users\Public\Desktop\EasyBCD 2.1.2.lnk 2013-04-04 21:58 - 2013-04-04 21:58 - 00000000 ____D C:\Program Files (x86)\NeoSmart Technologies 2013-04-04 21:58 - 2013-04-04 21:55 - 01528448 ____A C:\Users\Mahendran\Downloads\EasyBCD 2.2.exe 2013-04-04 07:41 - 2013-04-04 07:41 - 00001681 ____A C:\Users\Mahendran\Documents\aswMBR.txt 2013-04-04 07:41 - 2013-04-04 07:41 - 00000512 ____A C:\Users\Mahendran\Documents\MBR.dat 2013-04-04 07:39 - 2013-04-04 07:39 - 00000000 ____D C:\Users\Mahendran\Downloads\aswMBR 2013-04-04 07:38 - 2013-04-04 07:38 - 02117706 ____A C:\Users\Mahendran\Downloads\aswMBR.zip 2013-04-03 18:40 - 2013-04-03 06:14 - 00000000 ____D C:\Users\Mahendran\Desktop\rkill 2013-04-03 18:40 - 2013-04-03 06:13 - 00046840 ____A C:\Users\Mahendran\Desktop\Rkill.txt 2013-04-03 18:40 - 2013-04-03 06:13 - 00000000 ____D C:\Users\Mahendran\Downloads\uSeRiNiT 2013-04-03 18:37 - 2013-04-03 18:37 - 05046606 ____A (Swearware) C:\Users\Mahendran\Desktop\ComboFix.exe 2013-04-03 07:59 - 2013-04-03 07:59 - 00036680 ____A C:\Windows\System32\Drivers\mbamchameleon.sys 2013-04-03 06:51 - 2013-01-22 19:06 - 00000000 ____D C:\Users\Mahendran\Documents\Pers 2013-04-03 06:49 - 2013-04-03 06:49 - 00132790 ____A C:\Users\Mahendran\Desktop\attach.txt 2013-04-03 06:49 - 2013-04-03 06:49 - 00023403 ____A C:\Users\Mahendran\Desktop\dds.txt 2013-04-03 06:47 - 2013-04-03 06:47 - 00000000 ____D C:\Users\Mahendran\Downloads\dds 2013-04-03 06:46 - 2013-04-03 06:46 - 00686688 ____A C:\Users\Mahendran\Downloads\dds.zip 2013-04-03 06:45 - 2012-05-19 03:33 - 00000944 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-291058343-1587379842-3624846313-1000UA.job 2013-04-03 06:13 - 2013-04-03 06:12 - 00835760 ____A C:\Users\Mahendran\Downloads\uSeRiNiT.zip 2013-04-03 05:52 - 2013-04-03 05:51 - 05046606 ____A (Swearware) C:\Users\Mahendran\Downloads\ComboFix.exe 2013-04-03 05:45 - 2013-04-03 05:45 - 00000000 ____D C:\Users\Mahendran\Downloads\ComboFix 2013-04-03 05:44 - 2013-04-03 05:44 - 05043052 ____A C:\Users\Mahendran\Downloads\ComboFix.zip 2013-04-03 05:36 - 2013-04-03 05:36 - 00000000 ____D C:\Users\Mahendran\Downloads\tdsskiller 2013-04-03 05:35 - 2013-04-03 05:35 - 02218636 ____A C:\Users\Mahendran\Downloads\tdsskiller.zip 2013-04-03 04:24 - 2013-04-02 19:41 - 00000000 ____D C:\Program Files (x86)\stinger 2013-04-03 00:43 - 2012-05-19 03:33 - 00000922 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-291058343-1587379842-3624846313-1000Core.job 2013-04-02 23:21 - 2013-04-02 19:41 - 00000000 ____D C:\Users\Mahendran\Downloads\scan 2013-04-02 23:21 - 2013-04-02 19:41 - 00000000 ____D C:\Stinger_Quarantine 2013-04-02 20:32 - 2013-04-02 20:32 - 00000005 ____A C:\Users\Mahendran\AppData\Roaming\mbam.context.scan 2013-04-02 20:20 - 2013-04-02 20:20 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-04-02 20:20 - 2013-04-02 20:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-04-02 19:40 - 2013-04-02 19:40 - 21250271 ____A C:\Users\Mahendran\Downloads\scan.zip 2013-04-02 18:35 - 2011-04-03 05:43 - 00000069 ____A C:\Windows\NeroDigital.ini 2013-04-02 18:35 - 2010-10-24 05:44 - 00000107 ____A C:\Users\Mahendran\AppData\default.pls 2013-04-02 03:44 - 2012-01-19 04:15 - 00000000 ____D C:\Users\Mahendran\AppData\Roaming\Mozilla 2013-04-02 03:24 - 2013-04-02 03:24 - 00002212 ____A C:\Users\Public\Desktop\Google Earth.lnk 2013-04-02 03:24 - 2010-09-14 20:12 - 00000000 ____D C:\Program Files (x86)\Google 2013-04-01 21:14 - 2013-04-01 21:14 - 00000000 RASHD C:\Users\Mahendran\E6162746E6568616D4 2013-04-01 21:14 - 2010-05-18 11:33 - 00000000 ____D C:\users\Mahendran 2013-04-01 21:08 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI 2013-04-01 21:03 - 2012-08-21 00:39 - 00000000 ____D C:\Program Files (x86)\McAfee 2013-04-01 21:03 - 2010-05-22 23:07 - 00119272 ____A C:\Windows\PFRO.log 2013-04-01 20:36 - 2010-12-13 03:33 - 00000000 ____D C:\Users\Mahendran\Downloads\Torrent downloading 2013-04-01 20:36 - 2010-12-13 03:33 - 00000000 ____D C:\Users\Mahendran\Downloads\Torrent Completed 2013-04-01 20:36 - 2010-12-13 03:32 - 00000000 ____D C:\Users\Mahendran\Downloads\Downloading 2013-04-01 20:36 - 2010-12-13 03:32 - 00000000 ____D C:\Users\Mahendran\Downloads\Download Completed 2013-04-01 20:03 - 2013-04-01 20:03 - 00014782 ____A C:\Users\Mahendran\Downloads\[MP3]~Settai~[2013]~CBR~320Kbps~[MD Thasneen].torrent 2013-04-01 20:01 - 2013-04-01 20:01 - 00018353 ____A C:\Users\Mahendran\Downloads\[MP3]Udhayam NH4 (2013) ~ ORG ACD RIP ~ CBR ~ 320kbps ~ TC Rajni.torrent 2013-04-01 06:17 - 2010-05-21 04:56 - 00000000 ____D C:\Users\Mahendran\AppData\Roaming\vlc 2013-03-27 05:47 - 2013-03-27 05:47 - 00015254 ____A C:\Users\Mahendran\Downloads\[kat.ph]the.big.bang.theory.s06e02.hdtv.xvid.afg.torrent 2013-03-27 05:47 - 2013-03-27 05:47 - 00013520 ____A C:\Users\Mahendran\Downloads\[kat.ph]the.big.bang.theory.s06e01.hdtv.x264.lol.ettv.torrent 2013-03-25 12:39 - 2013-03-25 12:39 - 04546560 ____A (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr 2013-03-23 19:04 - 2013-03-23 19:04 - 00025658 ____A C:\Users\Mahendran\Downloads\[kat.ph]person.of.interest.s02e06.hdtv.x264.lol.ettv.torrent 2013-03-23 19:03 - 2013-03-23 19:03 - 00021606 ____A C:\Users\Mahendran\Downloads\[kat.ph]person.of.interest.s02e03.hdtv.x264.lol.ettv.torrent 2013-03-23 19:03 - 2013-03-23 19:03 - 00011031 ____A C:\Users\Mahendran\Downloads\[kat.ph]person.of.interest.s02e04.hdtv.x264.lol.torrent 2013-03-23 19:03 - 2013-03-23 19:03 - 00010711 ____A C:\Users\Mahendran\Downloads\[kat.ph]person.of.interest.s02e05.hdtv.x264.lol.eztv.torrent 2013-03-23 19:02 - 2013-03-23 19:02 - 00010150 ____A C:\Users\Mahendran\Downloads\[kat.ph]person.of.interest.s02e02.hdtv.x264.lol.eztv.torrent 2013-03-23 08:10 - 2013-03-23 08:10 - 00024063 ____A C:\Users\Mahendran\Downloads\[kat.ph]person.of.interest.s02e01.hdtv.x264.lol.ettv.torrent 2013-03-22 19:30 - 2013-03-22 19:30 - 00012686 ____A C:\Users\Mahendran\Downloads\[kat.ph]kadal.2013.dvd5.dd.5.1.untouched.torrent 2013-03-16 18:41 - 2013-03-16 18:41 - 00014852 ____A C:\Users\Mahendran\Downloads\[kat.ph]moonrise.kingdom.2012.limited.brrip.xvid.absurdity.torrent 2013-03-15 09:51 - 2013-01-22 04:45 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-03-15 09:42 - 2010-05-18 20:29 - 72013344 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-03-14 22:15 - 2012-06-26 01:11 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-03-14 22:15 - 2012-06-26 01:11 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-03-14 19:51 - 2013-03-14 19:51 - 00012190 ____A C:\Users\Mahendran\Downloads\[kat.ph]special.26.2013.hindi.720p.dvdrip.charmeleon.silverrg.torrent 2013-03-08 23:23 - 2013-03-08 23:23 - 00020318 ____A C:\Users\Mahendran\Downloads\[kat.ph]person.of.interest.season.1.480p.bluray.150mb.mrlss.torrent 2013-03-08 23:14 - 2013-03-08 23:14 - 00015092 ____A C:\Users\Mahendran\Downloads\[kat.ph]the.big.bang.theory.s05e24.hdtv.xvid.afg.ettv.torrent 2013-03-08 23:13 - 2013-03-08 23:13 - 00006591 ____A C:\Users\Mahendran\Downloads\[kat.ph]the.big.bang.theory.s05e22.hdtv.x264.lol.torrent 2013-03-08 23:13 - 2013-03-08 23:13 - 00006128 ____A C:\Users\Mahendran\Downloads\[kat.ph]the.big.bang.theory.s05e23.hdtv.x264.lol.torrent 2013-03-07 23:44 - 2012-12-09 08:18 - 00262144 ____A C:\Windows\System32\config\ELAM 2013-03-07 22:27 - 2012-08-21 00:14 - 00000000 ____D C:\Program Files\Common Files\McAfee ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-02-13 20:26:08 Restore point made on: 2013-02-18 19:37:05 Restore point made on: 2013-02-19 22:24:42 Restore point made on: 2013-03-07 19:26:36 Restore point made on: 2013-03-14 21:00:12 Restore point made on: 2013-03-15 09:38:24 Restore point made on: 2013-03-17 02:42:12 ==================== Memory info =========================== Percentage of memory in use: 21% Total physical RAM: 4060.86 MB Available physical RAM: 3189.49 MB Total Pagefile: 4059 MB Available Pagefile: 3177.07 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Partitions ============================= 1 Drive c: () (Fixed) (Total:441.35 GB) (Free:16.33 GB) NTFS 2 Drive d: (New Volume) (Fixed) (Total:24.32 GB) (Free:13.2 GB) NTFS 4 Drive g: (MAHE) (Fixed) (Total:149.01 GB) (Free:13.47 GB) FAT32 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 465 GB 0 B Disk 1 Online 149 GB 0 B Partitions of Disk 0: =============== Disk ID: EA551FB1 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 24 GB 101 MB Partition 3 Primary 441 GB 24 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y System Rese NTFS Partition 100 MB Healthy ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D New Volume NTFS Partition 24 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 C NTFS Partition 441 GB Healthy ========================================================= Partitions of Disk 1: =============== Disk ID: B28F8E57 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 149 GB 31 KB ================================================================================== Disk: 1 Partition 1 Type : 0B Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G MAHE FAT32 Partition 149 GB Healthy ========================================================= ============================== MBR Partition Table ================== ============================== Partitions of Disk 0: =============== Disk ID: EA551FB1 Partition 1: ========= Hex: 8020210007DF130C0008000000200300 Active: YES Type: 07 (NTFS) Size: 100 MB Partition 2: ========= Hex: 00DF140C07FEFFFF0028030000180A03 Active: NO Type: 07 (NTFS) Size: 24 GB Partition 3: ========= Hex: 00FEFFFF07FEFFFF00400D0300182B37 Active: NO Type: 07 (NTFS) Size: 441 GB ============================== Partitions of Disk 1: =============== Disk ID: B28F8E57 Partition 1: ========= Hex: 000101000BFE3F003F000000828AA112 Active: NO Type: 0B Size: 149 GB Last Boot: 2013-03-14 20:51 ==================== End Of Log =============================
  3. Hello, Thanks again. Unfortunately I am not able to download files from the infected laptop as the browsers gets closed. My other PC is also having some issues which I am fixing right now. Meanwhile I would like to update you that I have a Ubuntu partition on the infected laptop and I am able to boot to ubuntu. Is there something be done through ubuntu to fix the issues? I will keep trying to download RogueKiller. Thanks once again for all your assistance.
  4. Please note that every time when you ask me to execute a file, I had to download the file from another PC and then access it through my gmail on the affected PC. A lot of websites like malwarebytes are not opening in the affected system. Only few sites like gmail works. when I open some sites, chrome or IE just crashes. This is FYI
  5. Please see the results aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software Run date: 2013-04-04 21:09:14 ----------------------------- 21:09:14.120 OS Version: Windows x64 6.1.7600 21:09:14.120 Number of processors: 2 586 0x170A 21:09:14.121 ComputerName: MAHENDRAN-PC UserName: Mahendran 21:09:15.425 Initialize success 21:09:29.893 AVAST engine download error: 0 21:09:37.111 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 21:09:37.115 Disk 0 Vendor: TOSHIBA_MK5065GSX GJ001D Size: 476940MB BusType: 11 21:09:37.232 Disk 0 MBR read successfully 21:09:37.236 Disk 0 MBR scan 21:09:37.241 Disk 0 Windows 7 default MBR code 21:09:37.275 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 21:09:37.310 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 24899 MB offset 206848 21:09:37.329 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 451939 MB offset 51200000 21:09:37.429 Disk 0 scanning C:\Windows\system32\drivers 21:09:46.531 Service scanning 21:10:23.784 Modules scanning 21:10:23.797 Disk 0 trace - called modules: 21:10:23.835 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 21:10:24.174 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a7b790] 21:10:24.182 3 CLASSPNP.SYS[fffff8800179b43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046da060] 21:10:24.191 Scan finished successfully 21:11:59.944 Disk 0 MBR has been saved successfully to "C:\Users\Mahendran\Documents\MBR.dat" 21:11:59.955 The log file has been saved successfully to "C:\Users\Mahendran\Documents\aswMBR.txt"
  6. I deleted the file, downloaded again and tried executing on safe mode with networking. Still combofix doesn't run. Please help
  7. I have uninstalled Utorrent. I have disabled Mcafee services except Mcafee Personal firewall service, Core firewall service and Mcafee validation trust protection service. I am not able to disable them, Combofix is not opening. Please help.
  8. Hello, My windows 7 Laptop is infected. I am unable to open malwarebytes. I have tried Malware Chameleon(all options) and also Rkill as per the FAQ's in the forum. None of the options have worked and I am not able to open Malwarebytes. I have Mcafee installed on the system and I am also not able to open Mcafee too. I am also note able to open task manager (shows disabled). I have run DDS and attaching the logs. Please help DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16470 Run by Mahendran at 20:18:19 on 2013-04-03 . ============== Running Processes ================ . C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe C:\Windows\SysWOW64\IoctlSvc.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Windows\SysWOW64\config\systemprofile\423405D2E4142544E4548414D4\winlogon.exe C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe C:\Users\Mahendran\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mahendran\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mahendran\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mahendran\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mahendran\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Users\Mahendran\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\sysWOW64\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://40v8m72k3358976.directorio-w.com uLocal Page = hxxp://hy1607i95u65t02.directorio-w.com uSearch Page = hxxp://x5h1791cy7php72.directorio-w.com uDefault_Page_URL = hxxp://l9k7915ivi839qb.directorio-w.com uDefault_Search_URL = hxxp://5s5tjj78emv48rz.directorio-w.com mStart Page = hxxp://26m2x2yglfl03cj.directorio-w.com mLocal Page = hxxp://0kjz0og707t1ci4.directorio-w.com mSearch Page = hxxp://r775118i1vd0ow1.directorio-w.com mDefault_Page_URL = hxxp://eq70k0k926br4o1.directorio-w.com mDefault_Search_URL = hxxp://mjz3h99049b9d58.directorio-w.com uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned> BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120821140947.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED uRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray uRun: [3405D2E4142544E4548414D4] C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe uRunOnce: [uninstall C:\Users\Mahendran\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Mahendran\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64" uRunOnce: [uninstall C:\Users\Mahendran\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Mahendran\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" mRun: [instantBurn] C:\PROGRA~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r mRun: [updReg] C:\Windows\UpdReg.EXE mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe mRun: [3405D2E4142544E4548414D4] C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoFile = dword:1 uPolicies-Explorer: NoFolderOptions = dword:1 uPolicies-Explorer: NoRun = dword:1 uPolicies-System: DisableRegistryTools = dword:1 uPolicies-System: DisableTaskMgr = dword:1 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoFolderOptions = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://asia-ml04.asia.csc.com/dwa8W.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{A4EDE4BF-2498-4C9F-AA76-1ADCB6E4E1CB} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{DDC75227-7677-4D61-9127-DC8A42B7C631} : DHCPNameServer = 192.168.1.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> IFEO: a2servic.exe - "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IFEO: ackwin32.exe - "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IFEO: acs.exe - "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IFEO: advxdwin.exe - "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" IFEO: agentsvr.exe - "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" x64-mWinlogon: Userinit = userinit.exe x64-BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned> x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120821140947.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [RunDLLEntry] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\AmbRunE.dll,RunDLLEntry x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> x64-IFEO: a2servic.exe - "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" x64-IFEO: ackwin32.exe - "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" x64-IFEO: acs.exe - "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" x64-IFEO: advxdwin.exe - "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" x64-IFEO: agentsvr.exe - "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe" . Note: multiple IFEO entries found. Please refer to Attach.txt Hosts: 208.109.220.97 viabcp.com Hosts: 208.109.220.97 www.viabcp.com Hosts: 208.109.220.97 bcpzonasegura.viabcp.com Hosts: 173.236.65.144 www.produbanco.com Hosts: 173.236.65.144 produbanco.com . Note: multiple HOSTS entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Mahendran\AppData\Roaming\Mozilla\Firefox\Profiles\9rgbcmep.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://i6k751ekh9drkwz.directorio-w.com FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112555&tt=060612_5_&babsrc=KW_ss&mntrId=9264cb080000000000000026b90a2841&q= FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Mahendran\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll FF - plugin: C:\Users\Mahendran\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Users\Mahendran\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Mahendran\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\System32\Adobe\Director\np32dsw_1167637.dll FF - plugin: C:\Windows\System32\Adobe\Director\np32dsw_1168638.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=060612_5_ FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 9264cb080000000000000026b90a2841 FF - user.js: extensions.BabylonToolbar_i.hardId - 9264cb080000000000000026b90a2841 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15518 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:39:53 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . ============= SERVICES / DRIVERS =============== . R? CLBStor;InstantBurn Storage Helper Driver R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86 R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64 R? Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service R? Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service R? fssfltr;fssfltr R? fsssvc;Windows Live Family Safety Service R? HipShieldK;McAfee Inc. HipShieldK R? McShield;McAfee McShield R? SkypeUpdate;Skype Updater R? Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service R? UDisk Monitor;UDisk Monitor R? USBAAPL64;Apple Mobile USB Driver R? WatAdminSvc;Windows Activation Technologies Service R? ztemtusbser;ZTEMT Legacy Serial Communication S? AMD External Events Utility;AMD External Events Utility S? cfwids;McAfee Inc. cfwids S? CLBUDF;CyberLink InstantBurn UDF Filesystem S? k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0 S? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service S? McMPFSvc;McAfee Personal Firewall Service S? McNaiAnn;McAfee VirusScan Announcer S? McProxy;McAfee Proxy Service S? mfeavfk;McAfee Inc. mfeavfk S? mfefire;McAfee Firewall Core Service S? mfefirek;McAfee Inc. mfefirek S? mfehidk;McAfee Inc. mfehidk S? mfevtp;McAfee Validation Trust Protection Service S? mfewfpk;McAfee Inc. mfewfpk S? netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit S? Skype C2C Service;Skype C2C Service . =============== Created Last 30 ================ . 2013-04-03 04:20:14 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-04-03 04:20:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-04-03 03:43:07 -------- d-----w- C:\Users\Mahendran\AppData\Local\Programs 2013-04-03 03:41:31 -------- d-----w- C:\Stinger_Quarantine 2013-04-03 03:41:21 -------- d-----w- C:\Program Files (x86)\stinger 2013-04-02 05:14:17 -------- d-sha-r- C:\Users\Mahendran\E6162746E6568616D4 2013-03-25 20:39:46 4546560 ----a-w- C:\Windows\SysWow64\GPhotos.scr 2013-03-17 02:39:00 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys . ==================== Find3M ==================== . 2013-03-15 06:15:26 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-15 06:15:26 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-02-19 08:29:06 70112 ----a-w- C:\Windows\System32\drivers\cfwids.sys 2013-02-19 08:26:26 340216 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys 2013-02-19 08:26:14 182752 ----a-w- C:\Windows\System32\mfevtps.exe 2013-02-19 08:25:26 10728 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys 2013-02-19 08:25:14 106552 ----a-w- C:\Windows\System32\drivers\mferkdet.sys 2013-02-19 08:24:32 771536 ----a-w- C:\Windows\System32\drivers\mfehidk.sys 2013-02-19 08:23:42 515968 ----a-w- C:\Windows\System32\drivers\mfefirek.sys 2013-02-19 08:23:02 309840 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys 2013-02-19 08:22:44 179280 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys 2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-01-05 05:57:43 5500776 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-01-05 05:02:17 3957608 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-01-05 05:02:17 3902312 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-01-04 05:41:01 1893224 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-01-04 05:40:54 287576 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2013-01-04 05:37:01 362496 ----a-w- C:\Windows\System32\wow64win.dll 2013-01-04 05:37:00 243200 ----a-w- C:\Windows\System32\wow64.dll 2013-01-04 05:37:00 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2013-01-04 05:36:33 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-01-04 05:33:49 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2013-01-04 05:30:34 424960 ----a-w- C:\Windows\System32\KernelBase.dll 2013-01-04 05:27:03 6144 ---ha-w- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll 2013-01-04 05:27:03 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll 2013-01-04 05:27:03 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll 2013-01-04 05:27:02 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll 2013-01-04 05:27:02 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-01-04 05:27:02 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll 2013-01-04 05:27:01 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-01-04 05:27:01 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll 2013-01-04 05:27:00 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll 2013-01-04 05:27:00 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-01-04 05:27:00 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll 2013-01-04 04:51:09 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-01-04 04:51:08 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2013-01-04 03:22:49 3150848 ----a-w- C:\Windows\System32\win32k.sys 2013-01-04 03:19:55 338432 ----a-w- C:\Windows\System32\conhost.exe 2013-01-04 02:48:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-01-04 02:48:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-01-04 02:48:34 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-01-04 02:48:33 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-01-04 02:43:35 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2013-01-04 02:43:34 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2013-01-04 02:43:34 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2013-01-04 02:43:34 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll . ============= FINISH: 20:19:08.29 =============== . Attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.