Jump to content

Malwarebytes not opening


Recommended Posts

Hello, My windows 7 Laptop is infected. I am unable to open malwarebytes. I have tried Malware Chameleon(all options) and also Rkill as per the FAQ's in the forum. None of the options have worked and I am not able to open Malwarebytes. I have Mcafee installed on the system and I am also not able to open Mcafee too. I am also note able to open task manager (shows disabled). I have run DDS and attaching the logs. Please help

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16470

Run by Mahendran at 20:18:19 on 2013-04-03

.

============== Running Processes ================

.

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Windows\SysWOW64\IoctlSvc.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\SysWOW64\config\systemprofile\423405D2E4142544E4548414D4\winlogon.exe

C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe

C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe

C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe

C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe

C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe

C:\Users\Mahendran\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mahendran\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mahendran\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mahendran\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Mahendran\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Users\Mahendran\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\sysWOW64\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://40v8m72k3358976.directorio-w.com

uLocal Page = hxxp://hy1607i95u65t02.directorio-w.com

uSearch Page = hxxp://x5h1791cy7php72.directorio-w.com

uDefault_Page_URL = hxxp://l9k7915ivi839qb.directorio-w.com

uDefault_Search_URL = hxxp://5s5tjj78emv48rz.directorio-w.com

mStart Page = hxxp://26m2x2yglfl03cj.directorio-w.com

mLocal Page = hxxp://0kjz0og707t1ci4.directorio-w.com

mSearch Page = hxxp://r775118i1vd0ow1.directorio-w.com

mDefault_Page_URL = hxxp://eq70k0k926br4o1.directorio-w.com

mDefault_Search_URL = hxxp://mjz3h99049b9d58.directorio-w.com

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>

BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120821140947.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} -

TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

uRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray

uRun: [3405D2E4142544E4548414D4] C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe

uRunOnce: [uninstall C:\Users\Mahendran\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Mahendran\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64"

uRunOnce: [uninstall C:\Users\Mahendran\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Mahendran\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"

mRun: [instantBurn] C:\PROGRA~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe

mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe

mRun: [3405D2E4142544E4548414D4] C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoFile = dword:1

uPolicies-Explorer: NoFolderOptions = dword:1

uPolicies-Explorer: NoRun = dword:1

uPolicies-System: DisableRegistryTools = dword:1

uPolicies-System: DisableTaskMgr = dword:1

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoFolderOptions = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://asia-ml04.asia.csc.com/dwa8W.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{A4EDE4BF-2498-4C9F-AA76-1ADCB6E4E1CB} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{DDC75227-7677-4D61-9127-DC8A42B7C631} : DHCPNameServer = 192.168.1.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

IFEO: a2servic.exe - "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IFEO: ackwin32.exe - "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IFEO: acs.exe - "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IFEO: advxdwin.exe - "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IFEO: agentsvr.exe - "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

x64-mWinlogon: Userinit = userinit.exe

x64-BHO: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - <orphaned>

x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll

x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120821140947.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [RunDLLEntry] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\AmbRunE.dll,RunDLLEntry

x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-IFEO: a2servic.exe - "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

x64-IFEO: ackwin32.exe - "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

x64-IFEO: acs.exe - "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

x64-IFEO: advxdwin.exe - "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

x64-IFEO: agentsvr.exe - "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

.

Note: multiple IFEO entries found. Please refer to Attach.txt

Hosts: 208.109.220.97 viabcp.com

Hosts: 208.109.220.97 www.viabcp.com

Hosts: 208.109.220.97 bcpzonasegura.viabcp.com

Hosts: 173.236.65.144 www.produbanco.com

Hosts: 173.236.65.144 produbanco.com

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Mahendran\AppData\Roaming\Mozilla\Firefox\Profiles\9rgbcmep.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://i6k751ekh9drkwz.directorio-w.com

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112555&tt=060612_5_&babsrc=KW_ss&mntrId=9264cb080000000000000026b90a2841&q=

FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Mahendran\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Users\Mahendran\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Users\Mahendran\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Mahendran\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\System32\Adobe\Director\np32dsw_1167637.dll

FF - plugin: C:\Windows\System32\Adobe\Director\np32dsw_1168638.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=060612_5_

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 9264cb080000000000000026b90a2841

FF - user.js: extensions.BabylonToolbar_i.hardId - 9264cb080000000000000026b90a2841

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15518

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:39:53

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

============= SERVICES / DRIVERS ===============

.

R? CLBStor;InstantBurn Storage Helper Driver

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64

R? Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service

R? Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service

R? fssfltr;fssfltr

R? fsssvc;Windows Live Family Safety Service

R? HipShieldK;McAfee Inc. HipShieldK

R? McShield;McAfee McShield

R? SkypeUpdate;Skype Updater

R? Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service

R? UDisk Monitor;UDisk Monitor

R? USBAAPL64;Apple Mobile USB Driver

R? WatAdminSvc;Windows Activation Technologies Service

R? ztemtusbser;ZTEMT Legacy Serial Communication

S? AMD External Events Utility;AMD External Events Utility

S? cfwids;McAfee Inc. cfwids

S? CLBUDF;CyberLink InstantBurn UDF Filesystem

S? k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0

S? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service

S? McMPFSvc;McAfee Personal Firewall Service

S? McNaiAnn;McAfee VirusScan Announcer

S? McProxy;McAfee Proxy Service

S? mfeavfk;McAfee Inc. mfeavfk

S? mfefire;McAfee Firewall Core Service

S? mfefirek;McAfee Inc. mfefirek

S? mfehidk;McAfee Inc. mfehidk

S? mfevtp;McAfee Validation Trust Protection Service

S? mfewfpk;McAfee Inc. mfewfpk

S? netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit

S? Skype C2C Service;Skype C2C Service

.

=============== Created Last 30 ================

.

2013-04-03 04:20:14 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-04-03 04:20:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-04-03 03:43:07 -------- d-----w- C:\Users\Mahendran\AppData\Local\Programs

2013-04-03 03:41:31 -------- d-----w- C:\Stinger_Quarantine

2013-04-03 03:41:21 -------- d-----w- C:\Program Files (x86)\stinger

2013-04-02 05:14:17 -------- d-sha-r- C:\Users\Mahendran\E6162746E6568616D4

2013-03-25 20:39:46 4546560 ----a-w- C:\Windows\SysWow64\GPhotos.scr

2013-03-17 02:39:00 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

.

==================== Find3M ====================

.

2013-03-15 06:15:26 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-15 06:15:26 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-02-19 08:29:06 70112 ----a-w- C:\Windows\System32\drivers\cfwids.sys

2013-02-19 08:26:26 340216 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys

2013-02-19 08:26:14 182752 ----a-w- C:\Windows\System32\mfevtps.exe

2013-02-19 08:25:26 10728 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys

2013-02-19 08:25:14 106552 ----a-w- C:\Windows\System32\drivers\mferkdet.sys

2013-02-19 08:24:32 771536 ----a-w- C:\Windows\System32\drivers\mfehidk.sys

2013-02-19 08:23:42 515968 ----a-w- C:\Windows\System32\drivers\mfefirek.sys

2013-02-19 08:23:02 309840 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys

2013-02-19 08:22:44 179280 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys

2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-05 05:57:43 5500776 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-01-05 05:02:17 3957608 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-01-05 05:02:17 3902312 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-01-04 05:41:01 1893224 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-01-04 05:40:54 287576 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2013-01-04 05:37:01 362496 ----a-w- C:\Windows\System32\wow64win.dll

2013-01-04 05:37:00 243200 ----a-w- C:\Windows\System32\wow64.dll

2013-01-04 05:37:00 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2013-01-04 05:36:33 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-01-04 05:33:49 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2013-01-04 05:30:34 424960 ----a-w- C:\Windows\System32\KernelBase.dll

2013-01-04 05:27:03 6144 ---ha-w- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll

2013-01-04 05:27:03 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll

2013-01-04 05:27:03 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll

2013-01-04 05:27:02 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll

2013-01-04 05:27:02 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-01-04 05:27:02 4096 ---ha-w- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll

2013-01-04 05:27:01 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-01-04 05:27:01 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll

2013-01-04 05:27:00 4608 ---ha-w- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll

2013-01-04 05:27:00 3584 ---ha-w- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-01-04 05:27:00 3072 ---ha-w- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll

2013-01-04 04:51:09 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-01-04 04:51:08 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2013-01-04 03:22:49 3150848 ----a-w- C:\Windows\System32\win32k.sys

2013-01-04 03:19:55 338432 ----a-w- C:\Windows\System32\conhost.exe

2013-01-04 02:48:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-01-04 02:48:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-01-04 02:48:34 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-01-04 02:48:33 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-01-04 02:43:35 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2013-01-04 02:43:34 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2013-01-04 02:43:34 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2013-01-04 02:43:34 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 20:19:08.29 ===============

.

Attach.txt

Link to post
Share on other sites

Hello email2mahen and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Step 1

Please uninstall this application: µTorrent

Step 2

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Please see the results

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

Run date: 2013-04-04 21:09:14

-----------------------------

21:09:14.120 OS Version: Windows x64 6.1.7600

21:09:14.120 Number of processors: 2 586 0x170A

21:09:14.121 ComputerName: MAHENDRAN-PC UserName: Mahendran

21:09:15.425 Initialize success

21:09:29.893 AVAST engine download error: 0

21:09:37.111 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

21:09:37.115 Disk 0 Vendor: TOSHIBA_MK5065GSX GJ001D Size: 476940MB BusType: 11

21:09:37.232 Disk 0 MBR read successfully

21:09:37.236 Disk 0 MBR scan

21:09:37.241 Disk 0 Windows 7 default MBR code

21:09:37.275 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

21:09:37.310 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 24899 MB offset 206848

21:09:37.329 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 451939 MB offset 51200000

21:09:37.429 Disk 0 scanning C:\Windows\system32\drivers

21:09:46.531 Service scanning

21:10:23.784 Modules scanning

21:10:23.797 Disk 0 trace - called modules:

21:10:23.835 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys

21:10:24.174 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a7b790]

21:10:24.182 3 CLASSPNP.SYS[fffff8800179b43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046da060]

21:10:24.191 Scan finished successfully

21:11:59.944 Disk 0 MBR has been saved successfully to "C:\Users\Mahendran\Documents\MBR.dat"

21:11:59.955 The log file has been saved successfully to "C:\Users\Mahendran\Documents\aswMBR.txt"

Link to post
Share on other sites

Please note that every time when you ask me to execute a file, I had to download the file from another PC and then access it through my gmail on the affected PC. A lot of websites like malwarebytes are not opening in the affected system. Only few sites like gmail works. when I open some sites, chrome or IE just crashes. This is FYI

Link to post
Share on other sites

Hello, Thanks again. Unfortunately I am not able to download files from the infected laptop as the browsers gets closed. My other PC is also having some issues which I am fixing right now. Meanwhile I would like to update you that I have a Ubuntu partition on the infected laptop and I am able to boot to ubuntu. Is there something be done through ubuntu to fix the issues? I will keep trying to download RogueKiller. Thanks once again for all your assistance.

Link to post
Share on other sites

I have another suggestion. Do you have a chance to burn a CD? This should be great.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 23 days old)

Ran by SYSTEM at 05-04-2013 21:02:54

Running from G:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [17920 2009-02-25] (Creative Technology Ltd.)

HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2726728 2010-03-24] (CANON INC.)

HKLM-x32\...\Run: [instantBurn] C:\PROGRA~2\CYBERL~1\INSTAN~1\Win2K\IBurn.exe [681256 2009-01-12] (CyberLink Corporation.)

HKLM-x32\...\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [218408 2008-12-03] (CyberLink Corp.)

HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r [241789 2009-05-04] (Creative Technology Ltd)

HKLM-x32\...\Run: [updReg] C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-08] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-12-05] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1185112 2010-04-01] (CANON INC.)

HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1534504 2013-01-14] (McAfee, Inc.)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [151952 2012-11-28] (Apple Inc.)

HKLM-x32\...\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe [583016 2009-11-19] (Sony Corporation)

HKLM-x32\...\Run: [3405D2E4142544E4548414D4] C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe [195072 2013-04-01] ()

HKU\Mahendran\...\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 [1688872 2008-01-14] (Nero AG)

HKU\Mahendran\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-09-14] (Google Inc.)

HKU\Mahendran\...\Run: [] [x]

HKU\Mahendran\...\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray [1090040 2012-12-21] (Nokia)

HKU\Mahendran\...\Run: [3405D2E4142544E4548414D4] C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe [195072 2013-04-01] ()

HKU\Mahendran\...\RunOnce: [uninstall C:\Users\Mahendran\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mahendran\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\amd64" [344576 2009-07-13] (Microsoft Corporation)

HKU\Mahendran\...\RunOnce: [uninstall C:\Users\Mahendran\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Mahendran\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" [344576 2009-07-13] (Microsoft Corporation)

HKU\Mahendran\...\Policies\system: [LogonHoursAction] 2

HKU\Mahendran\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\Mahendran\...\Policies\system: [DisableRegistryTools] 1

HKU\Mahendran\...\Policies\system: [DisableTaskMgr] 1

HKU\Sudha\...\Policies\system: [LogonHoursAction] 2

HKU\Sudha\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

IMEO\a2servic.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ackwin32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\acs.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\advxdwin.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\agentsvr.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\agentw.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ahnsd.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\alerter.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\alertsvc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\alogserv.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\amon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\amon9x.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\anti-trojan.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\antigen.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\antivirus.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ants.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\apimonitor.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\aplica32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\apvxdwin.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ashWebSv.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\atcon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\atguard.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\atro55en.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\atupdater.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\atwatch.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\aupdate.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\autodown.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\autotrace.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\autoupdate.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avcenter.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avconfig.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avconsol.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ave32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avgcc32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avgctrl.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avgemc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avgnt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avgserv.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avgserv9.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avguard.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avgw.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avkpop.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avkserv.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avkservice.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avkwcl9.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avkwctl9.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avnotify.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avnt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avp.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avp32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avpcc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avpdos32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avpexec.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avpinst.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avpm.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avpmon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avpnt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avptc32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avpupd.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avrescue.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avscanavshadow.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avsched32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avsynmgr.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avupgsvc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avwebloader.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avwin95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avwinnt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avwsc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avwupd32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avxmonitor9x.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avxmonitornt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avxquar.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\avxw.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\azonealarm.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\bd_professional.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\bidef.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\bidserver.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\bipcp.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\bipcpevalsetup.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\bisp.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\blackd.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\blackice.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\boot.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\bootwarn.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\borg2.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\bs120.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\BullGuard.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\callmsi.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ccapp.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ccevtmgr.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\cclaw.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ccpxysvc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ccsetmgr.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ccshtdwn.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\cdp.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\cfgwiz.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\cfiadmin.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\cfiaudit.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\cfind.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\cfinet.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\cfinet32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ChromeSetup.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\clamauto.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\claw95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\claw95cf.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\claw95ct.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\clean.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\cleaner.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\cleaner3.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\cleanpc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\cmd.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\cmgrdian.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\cmon016.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ComboFix.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\connectionmonitor.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\cpd.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\cpdclnt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\cpf.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\cpf9x206.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\cpfnt206.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\csinject.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\csinsm32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\css1631.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ctfmon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ctrl.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\cv.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\cwnb181.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\cwntdwmo.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\defalert.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\defscangui.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\defwatch.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\deputy.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\Diskmon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\doors.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\dpf.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\drvins32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\drwatson.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\drweb32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\dumphive.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\dv95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\dv95_o.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\dvp95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\dvp95_0.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\earthagent.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ecengine.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ecls.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ecmd.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\edi.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\efinet32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\efpeadm.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\egui.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\EHttpSrv.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ekrn.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ent.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\esafe.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\escanh95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\escanhnt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\escanv95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\espwatch.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\etrustcipe.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\evpn.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ewido.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\exantivirus-cnet.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\exit.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\expert.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\explored.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\f-agnt95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\f-prot.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\f-prot95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\f-stopw.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\fa-setup.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\fact.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\fameh32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\fast.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\fch32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\fih32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\Filemon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\findviru.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\firewall.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\FirewallControlPanel.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\FirewallSettings.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\fix-it.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\flowprotector.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\fnrb32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\fp-win.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\fp-win_trial.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\FPAVServer.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\fprot.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\fprot95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\frw.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\fsaa.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\fsav.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\fsav32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\fsav530stbyb.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\fsav530wtbyb.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\fsav95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\fsave32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\fsgk32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\fslaunch.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\fsm32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\fsma32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\fsmb32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\fssm32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\fwenc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\fwinstall.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\gbmenu.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\gbpoll.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\GenericRenosFix.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\generics.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\gibe.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\GoogleToolbarInstaller_download_signed.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\gpedit.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\guard.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\guarddog.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\guardgui.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\guardhlp.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\hacktracersetup.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\HelpPane.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\hidec.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\HiJackThis.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\HJTInstall.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\HostsChk.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\htlog.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\hwpe.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\iamapp.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\iamserv.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\iamstats.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ibmasn.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ibmavsp.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\icload95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\icloadnt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\icmon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\icmoon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\icssuppnt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\icsupp.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\icsupp95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\icsuppnt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\IEDFix.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\iface.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ifw2000.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\iomon98.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\iparmor.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\iris.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\isrv95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\jammer.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\jed.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\jedi.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\kav8.0.0.357es.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\kavlite40eng.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\kavpers40eng.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\kavsvc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\kerio-pf-213-en-win.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\kerio-wrl-421-en-win.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\kerio-wrp-421-en-win.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\killprocesssetup161.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\kis8.0.0.506latam.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\kpf.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\kpfw32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ldnetmon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ldpro.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ldpromenu.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ldscan.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\licmgr.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\localnet.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\lockdown.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\lockdown2000.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\lookout.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\lsetup.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\luall.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\luau.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\lucomserver.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\luinit.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\luspt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\mbam.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\mbamgui.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\mbamservice.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\mcagent.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\mcmnhdlr.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\mcshield.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\mctool.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\mcuimgr.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\mcupdate.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\mcvsrte.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\mcvsshld.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\mdll.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\mfw2en.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\mfweng3.02d30.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\mgavrtcl.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\mgavrte.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\mghtml.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\mgui.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\minilog.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\monitor.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\monsys32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\monsysnt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\monwow.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\moolive.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\mpfagent.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\mpfservice.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\mpftray.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\mrflux.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\MSASCui.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\msblast.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\msconfig.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\msinfo32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\msn.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\mspatch.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\mssmmc32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\mu0311ad.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\mwatch.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\mxtask.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\n32scan.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\n32scanw.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\nai_vs_stat.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\nav32_loader.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\nav80try.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\navap.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\navapsvc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\navapw32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\navauto-protect.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\navdx.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\naveng.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\navengnavex15.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\navex15.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\navlu32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\navnt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\navrunr.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\navsched.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\navstub.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\navw.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\navw32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\navwnt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\nc2000.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ncinst4.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\nd98spst.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ndd32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ndntspst.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\neomonitor.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\neowatchlog.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\netarmor.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\netcfg.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\netinfo.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\netmon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\netscanpro.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\Netscape.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\netspyhunter-1.2.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\netstat.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\netutils.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\nisserv.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\nisum.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\nmain.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\nod32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\normist.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\norton_internet_secu_3.0_407.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\notstart.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\npf40_tw_98_nt_me_2k.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\npfmessenger.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\nprotect.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\npscheck.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\npssvc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\nsched32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ntdetect.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ntrtscan.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ntxconfig.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\nui.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\nupdate.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\nupgrade.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\nvapsvc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\nvarch16.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\nvc95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\nvlaunch.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\nvsvc32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\nwinst4.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\nwservice.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\nwtool16.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\offguard.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ogrc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\opera.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\Opera_964_int_Setup.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ostronet.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\outpost.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\outpostinstall.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\outpostproinstall.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\padmin.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\panixk.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\pathping.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\pavcl.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\pavproxy.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\pavsched.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\pavw.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\pcc2002s902.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\pcc2k_76_1436.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\pccclient.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\pccguide.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\pcciomon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\pccmain.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\pccntmon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\pccpfw.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\pccwin97.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\pccwin98.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\pcdsetup.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\pcfwallicon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\pcip10117_0.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\pcscan.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\pcscanpdsetup.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\penis32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\periscope.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\persfw.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\perswf.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\pev.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\pf2.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\pfwadmin.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ping.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\pingscan.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\platin.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\pop3trap.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\poproxy.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\popscan.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\portdetective.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\portmon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\portmonitor.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ppinupdt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\pptbc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ppvstop.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\prckiller.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\Process.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\processmonitor.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\procexp.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\procexplorerv1.0.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\Procmon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\programauditor.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\proport.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\protectx.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\pspf.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\purge.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\pview.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\pview95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\qconsole.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\qserver.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\rapapp.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\rav.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\rav7.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\rav7win.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\rav8win32eng.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\realmon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\regedit.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\regedt32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\Regmon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\rescue.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\rescue32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\Restart.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\route.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\routemon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\rrguard.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\rshell.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\rstrui.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\rtvscn95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\rulaunch.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\Safari.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\safeweb.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\SandboxieBITS.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\SandboxieCrypto.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\SandboxieDcomLaunch.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\SandboxieRpcSs.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\SandboxieWUAU.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\SbieCtrl.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\SbieSvc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\sbserv.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\scan32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\scan95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\scanpm.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\sched.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\schedapp.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\scrscan.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\scvhosl.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\sd.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\sdclt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\serv95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\setupvameeval.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\setup_flowprotector_us.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\sgssfw32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\sh.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\sharedaccess.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\shellspyinstall.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\shn.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\smc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\SmitfraudFix.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\sofi.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\spf.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\sphinx.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\spider.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\spysweeper.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\spyxx.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\SrchSTS.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\srwatch.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\ss3edit.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\st2.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\supftrl.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\supporter5.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\sweep.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\sweep95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\sweepnet.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\sweepsrv.sys.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\swnetsup.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\swreg.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\swsc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\swxcacls.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\symproxysvc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\symtray.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\sysdoc32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\syshelp.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\taskkill.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\tasklist.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\taskmgr.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\taskmon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\taumon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\tauscan.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\tbscan.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\tc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\tca.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\tcm.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\tcpsvs32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\tds-3.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\tds2-98.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\tds2-nt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\tds2.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\tfak.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\tfak5.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\tftpd.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\tgbob.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\titanin.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\titaninxp.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\tmlisten.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\tmntsrv.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\tracerpt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\tracert.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\trjscan.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\trjsetup.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\trojantrap3.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\UCCLSID.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\UI0Detect.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\undoboot.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\unzip.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\update.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\UserAccountControlSettings.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\VACFix.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vbcmserv.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vbcons.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vbust.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vbwin9x.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vbwinntw.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vccmserv.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vcleaner.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vcontrol.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vcsetup.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vet32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vet95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vet98.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vettray.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vfsetup.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vir-help.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\virusmdpersonalfirewall.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vmsrvc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vnlan300.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vnpc3000.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vpc32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vpc42.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vpcmap.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vpfw30s.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vptray.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vscan.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vscan40.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vscenu6.02d30.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vsched.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vsecomr.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vshwin32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vsisetup.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vsmain.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vsmon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vsscan40.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vsstat.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vswin9xe.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vswinntse.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vswinperse.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\vvstat.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\w32dsm89.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\w9x.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\watchdog.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\webscan.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\webscanx.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\webtrap.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\WerFault.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\wfindv32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\wgfe95.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\whoswatchingme.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\wimmun32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\wingate.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\winhlpp32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\wink.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\winmgm32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\winppr32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\winrecon.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\winroute.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\winservices.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\winsfcm.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\wmias.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\wmiav.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\wnt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\wradmin.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\wrctrl.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\WS2Fix.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\wsbgate.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\wuauclt.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\wyvernworksfirewall.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\xpf202en.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\xscan.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\zapro.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\zapsetup3001.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\zatutor.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\zatutorzauinst.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\zauinst.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\zlh.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\zonalarm.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\zonalm2601.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\zonealarm.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\_avp.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\_avp32.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\_avpcc.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\_avpm.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

IMEO\_findviru.exe: [Debugger] "C:\Users\Mahendran\E6162746E6568616D4\winlogon.exe"

Startup: C:\Users\Mahendran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KeePass.exe - Shortcut.lnk

ShortcutTarget: KeePass.exe - Shortcut.lnk -> (No File)

==================== Services (Whitelisted) ===================

2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-30] (McAfee, Inc.)

2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-30] (McAfee, Inc.)

2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-30] (McAfee, Inc.)

2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-30] (McAfee, Inc.)

2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-30] (McAfee, Inc.)

3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [383608 2012-11-16] (McAfee, Inc.)

2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-30] (McAfee, Inc.)

2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [241456 2013-02-19] (McAfee, Inc.)

2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218760 2013-02-19] (McAfee, Inc.)

2 mfevtp; "C:\Windows\system32\mfevtps.exe" [182752 2013-02-19] (McAfee, Inc.)

2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-30] (McAfee, Inc.)

2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [869672 2007-12-03] (Nero AG)

3 NMIndexingService; "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe" [447784 2008-01-14] (Nero AG)

2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-18] (Prolific Technology Inc.)

4 TVersityMediaServer; "C:\ProgramData\TVersity\Media Server\MediaServer.exe" [1249064 2011-07-29] ()

4 UDisk Monitor; C:\Program Files\Reliance Netconnect\bin\MonServiceUDisk.exe [405504 2011-07-06] ()

==================== Drivers (Whitelisted) =====================

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)

2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [371696 2008-12-31] (CyberLink Corporation.)

3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)

3 mbamchameleon; C:\Windows\System32\Drivers\mbamchameleon.sys [36680 2013-04-03] ()

3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)

3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)

3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)

0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)

1 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)

3 ztemtusbser; C:\Windows\System32\DRIVERS\CT_ZTEMT_U_USBSER.sys [120704 2010-11-10] (ZTEMT Incorporated)

1 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [x]

4 sr; [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2013-04-05 21:02 - 2013-04-05 21:02 - 00000000 ____D C:\FRST

2013-04-04 23:30 - 2013-04-04 23:30 - 00132151 ____A C:\wubildr

2013-04-04 23:30 - 2013-04-04 23:30 - 00008192 ____A C:\wubildr.mbr

2013-04-04 23:09 - 2013-04-04 23:30 - 00000000 ____D C:\ubuntu

2013-04-04 23:06 - 2013-04-04 23:06 - 00003352 ____N C:\bootsqm.dat

2013-04-04 23:05 - 2013-04-04 23:05 - 00000000 __SHD C:\found.000

2013-04-04 22:16 - 2013-04-04 22:16 - 02501520 ____A C:\Users\Mahendran\Downloads\wubi.exe

2013-04-04 22:02 - 2013-04-04 22:02 - 00000000 ____D C:\Users\Mahendran\AppData\Local\NeoSmart_Technologies

2013-04-04 21:58 - 2013-04-04 21:58 - 00001213 ____A C:\Users\Public\Desktop\EasyBCD 2.1.2.lnk

2013-04-04 21:58 - 2013-04-04 21:58 - 00000000 ____D C:\Program Files (x86)\NeoSmart Technologies

2013-04-04 21:55 - 2013-04-04 21:58 - 01528448 ____A C:\Users\Mahendran\Downloads\EasyBCD 2.2.exe

2013-04-04 07:41 - 2013-04-04 07:41 - 00001681 ____A C:\Users\Mahendran\Documents\aswMBR.txt

2013-04-04 07:41 - 2013-04-04 07:41 - 00000512 ____A C:\Users\Mahendran\Documents\MBR.dat

2013-04-04 07:39 - 2013-04-04 07:39 - 00000000 ____D C:\Users\Mahendran\Downloads\aswMBR

2013-04-04 07:38 - 2013-04-04 07:38 - 02117706 ____A C:\Users\Mahendran\Downloads\aswMBR.zip

2013-04-03 18:37 - 2013-04-03 18:37 - 05046606 ____A (Swearware) C:\Users\Mahendran\Desktop\ComboFix.exe

2013-04-03 07:59 - 2013-04-03 07:59 - 00036680 ____A C:\Windows\System32\Drivers\mbamchameleon.sys

2013-04-03 06:49 - 2013-04-03 06:49 - 00132790 ____A C:\Users\Mahendran\Desktop\attach.txt

2013-04-03 06:49 - 2013-04-03 06:49 - 00023403 ____A C:\Users\Mahendran\Desktop\dds.txt

2013-04-03 06:47 - 2013-04-03 06:47 - 00000000 ____D C:\Users\Mahendran\Downloads\dds

2013-04-03 06:46 - 2013-04-03 06:46 - 00686688 ____A C:\Users\Mahendran\Downloads\dds.zip

2013-04-03 06:14 - 2013-04-03 18:40 - 00000000 ____D C:\Users\Mahendran\Desktop\rkill

2013-04-03 06:13 - 2013-04-03 18:40 - 00046840 ____A C:\Users\Mahendran\Desktop\Rkill.txt

2013-04-03 06:13 - 2013-04-03 18:40 - 00000000 ____D C:\Users\Mahendran\Downloads\uSeRiNiT

2013-04-03 06:12 - 2013-04-03 06:13 - 00835760 ____A C:\Users\Mahendran\Downloads\uSeRiNiT.zip

2013-04-03 05:51 - 2013-04-03 05:52 - 05046606 ____A (Swearware) C:\Users\Mahendran\Downloads\ComboFix.exe

2013-04-03 05:45 - 2013-04-03 05:45 - 00000000 ____D C:\Users\Mahendran\Downloads\ComboFix

2013-04-03 05:44 - 2013-04-03 05:44 - 05043052 ____A C:\Users\Mahendran\Downloads\ComboFix.zip

2013-04-03 05:36 - 2013-04-03 05:36 - 00000000 ____D C:\Users\Mahendran\Downloads\tdsskiller

2013-04-03 05:35 - 2013-04-03 05:35 - 02218636 ____A C:\Users\Mahendran\Downloads\tdsskiller.zip

2013-04-02 20:32 - 2013-04-02 20:32 - 00000005 ____A C:\Users\Mahendran\AppData\Roaming\mbam.context.scan

2013-04-02 20:20 - 2013-04-02 20:20 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-04-02 20:20 - 2013-04-02 20:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-04-02 20:20 - 2012-12-14 03:19 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2013-04-02 19:41 - 2013-04-03 04:24 - 00000000 ____D C:\Program Files (x86)\stinger

2013-04-02 19:41 - 2013-04-02 23:21 - 00000000 ____D C:\Users\Mahendran\Downloads\scan

2013-04-02 19:41 - 2013-04-02 23:21 - 00000000 ____D C:\Stinger_Quarantine

2013-04-02 19:40 - 2013-04-02 19:40 - 21250271 ____A C:\Users\Mahendran\Downloads\scan.zip

2013-04-02 03:24 - 2013-04-02 03:24 - 00002212 ____A C:\Users\Public\Desktop\Google Earth.lnk

2013-04-01 21:14 - 2013-04-01 21:14 - 00000000 RASHD C:\Users\Mahendran\E6162746E6568616D4

2013-04-01 20:03 - 2013-04-01 20:03 - 00014782 ____A C:\Users\Mahendran\Downloads\[MP3]~Settai~[2013]~CBR~320Kbps~[MD Thasneen].torrent

2013-04-01 20:01 - 2013-04-01 20:01 - 00018353 ____A C:\Users\Mahendran\Downloads\[MP3]Udhayam NH4 (2013) ~ ORG ACD RIP ~ CBR ~ 320kbps ~ TC Rajni.torrent

2013-03-27 05:47 - 2013-03-27 05:47 - 00015254 ____A C:\Users\Mahendran\Downloads\[kat.ph]the.big.bang.theory.s06e02.hdtv.xvid.afg.torrent

2013-03-27 05:47 - 2013-03-27 05:47 - 00013520 ____A C:\Users\Mahendran\Downloads\[kat.ph]the.big.bang.theory.s06e01.hdtv.x264.lol.ettv.torrent

2013-03-25 12:39 - 2013-03-25 12:39 - 04546560 ____A (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr

2013-03-23 19:04 - 2013-03-23 19:04 - 00025658 ____A C:\Users\Mahendran\Downloads\[kat.ph]person.of.interest.s02e06.hdtv.x264.lol.ettv.torrent

2013-03-23 19:03 - 2013-03-23 19:03 - 00021606 ____A C:\Users\Mahendran\Downloads\[kat.ph]person.of.interest.s02e03.hdtv.x264.lol.ettv.torrent

2013-03-23 19:03 - 2013-03-23 19:03 - 00011031 ____A C:\Users\Mahendran\Downloads\[kat.ph]person.of.interest.s02e04.hdtv.x264.lol.torrent

2013-03-23 19:03 - 2013-03-23 19:03 - 00010711 ____A C:\Users\Mahendran\Downloads\[kat.ph]person.of.interest.s02e05.hdtv.x264.lol.eztv.torrent

2013-03-23 19:02 - 2013-03-23 19:02 - 00010150 ____A C:\Users\Mahendran\Downloads\[kat.ph]person.of.interest.s02e02.hdtv.x264.lol.eztv.torrent

2013-03-23 08:10 - 2013-03-23 08:10 - 00024063 ____A C:\Users\Mahendran\Downloads\[kat.ph]person.of.interest.s02e01.hdtv.x264.lol.ettv.torrent

2013-03-22 19:30 - 2013-03-22 19:30 - 00012686 ____A C:\Users\Mahendran\Downloads\[kat.ph]kadal.2013.dvd5.dd.5.1.untouched.torrent

2013-03-16 18:41 - 2013-03-16 18:41 - 00014852 ____A C:\Users\Mahendran\Downloads\[kat.ph]moonrise.kingdom.2012.limited.brrip.xvid.absurdity.torrent

2013-03-16 18:39 - 2013-02-12 06:02 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys

2013-03-15 09:39 - 2013-02-01 23:31 - 17815040 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-03-15 09:39 - 2013-02-01 22:58 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-03-15 09:39 - 2013-02-01 22:57 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-03-15 09:39 - 2013-02-01 22:48 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-03-15 09:39 - 2013-02-01 22:47 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-03-15 09:39 - 2013-02-01 22:47 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-03-15 09:39 - 2013-02-01 22:46 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-03-15 09:39 - 2013-02-01 22:43 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-03-15 09:39 - 2013-02-01 22:42 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-03-15 09:39 - 2013-02-01 22:42 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-03-15 09:39 - 2013-02-01 22:41 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-03-15 09:39 - 2013-02-01 22:40 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-03-15 09:39 - 2013-02-01 22:39 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-03-15 09:39 - 2013-02-01 22:38 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-03-15 09:39 - 2013-02-01 22:38 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-03-15 09:39 - 2013-02-01 22:34 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-03-15 09:39 - 2013-02-01 20:09 - 12321792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-03-15 09:39 - 2013-02-01 19:42 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-03-15 09:39 - 2013-02-01 19:38 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-03-15 09:39 - 2013-02-01 19:31 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-03-15 09:39 - 2013-02-01 19:30 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-03-15 09:39 - 2013-02-01 19:30 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-03-15 09:39 - 2013-02-01 19:29 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-03-15 09:39 - 2013-02-01 19:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-03-15 09:39 - 2013-02-01 19:26 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-03-15 09:39 - 2013-02-01 19:26 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-03-15 09:39 - 2013-02-01 19:26 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-03-15 09:39 - 2013-02-01 19:25 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-03-15 09:39 - 2013-02-01 19:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-03-15 09:39 - 2013-02-01 19:23 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-03-15 09:39 - 2013-02-01 19:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-03-15 09:39 - 2013-02-01 19:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-03-14 19:51 - 2013-03-14 19:51 - 00012190 ____A C:\Users\Mahendran\Downloads\[kat.ph]special.26.2013.hindi.720p.dvdrip.charmeleon.silverrg.torrent

2013-03-08 23:23 - 2013-03-08 23:23 - 00020318 ____A C:\Users\Mahendran\Downloads\[kat.ph]person.of.interest.season.1.480p.bluray.150mb.mrlss.torrent

2013-03-08 23:14 - 2013-03-08 23:14 - 00015092 ____A C:\Users\Mahendran\Downloads\[kat.ph]the.big.bang.theory.s05e24.hdtv.xvid.afg.ettv.torrent

2013-03-08 23:13 - 2013-03-08 23:13 - 00006591 ____A C:\Users\Mahendran\Downloads\[kat.ph]the.big.bang.theory.s05e22.hdtv.x264.lol.torrent

2013-03-08 23:13 - 2013-03-08 23:13 - 00006128 ____A C:\Users\Mahendran\Downloads\[kat.ph]the.big.bang.theory.s05e23.hdtv.x264.lol.torrent

==================== One Month Modified Files and Folders =======

2013-04-04 23:30 - 2013-04-04 23:30 - 00132151 ____A C:\wubildr

2013-04-04 23:30 - 2013-04-04 23:30 - 00008192 ____A C:\wubildr.mbr

2013-04-04 23:30 - 2013-04-04 23:09 - 00000000 ____D C:\ubuntu

2013-04-04 23:30 - 2012-10-04 03:29 - 00000000 ____D C:\Users\Mahendran\Documents\KeePass-2.20

2013-04-04 23:30 - 2010-05-18 11:35 - 01976715 ____A C:\Windows\WindowsUpdate.log

2013-04-04 23:15 - 2012-06-26 01:11 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-04-04 23:15 - 2009-07-13 20:45 - 00014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-04-04 23:15 - 2009-07-13 20:45 - 00014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-04-04 23:13 - 2010-09-14 20:13 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-04-04 23:07 - 2010-09-14 20:13 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-04-04 23:07 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-04-04 23:07 - 2009-07-13 20:51 - 00327845 ____A C:\Windows\setupact.log

2013-04-04 23:06 - 2013-04-04 23:06 - 00003352 ____N C:\bootsqm.dat

2013-04-04 23:05 - 2013-04-04 23:05 - 00000000 __SHD C:\found.000

2013-04-04 22:16 - 2013-04-04 22:16 - 02501520 ____A C:\Users\Mahendran\Downloads\wubi.exe

2013-04-04 22:02 - 2013-04-04 22:02 - 00000000 ____D C:\Users\Mahendran\AppData\Local\NeoSmart_Technologies

2013-04-04 21:58 - 2013-04-04 21:58 - 00001213 ____A C:\Users\Public\Desktop\EasyBCD 2.1.2.lnk

2013-04-04 21:58 - 2013-04-04 21:58 - 00000000 ____D C:\Program Files (x86)\NeoSmart Technologies

2013-04-04 21:58 - 2013-04-04 21:55 - 01528448 ____A C:\Users\Mahendran\Downloads\EasyBCD 2.2.exe

2013-04-04 07:41 - 2013-04-04 07:41 - 00001681 ____A C:\Users\Mahendran\Documents\aswMBR.txt

2013-04-04 07:41 - 2013-04-04 07:41 - 00000512 ____A C:\Users\Mahendran\Documents\MBR.dat

2013-04-04 07:39 - 2013-04-04 07:39 - 00000000 ____D C:\Users\Mahendran\Downloads\aswMBR

2013-04-04 07:38 - 2013-04-04 07:38 - 02117706 ____A C:\Users\Mahendran\Downloads\aswMBR.zip

2013-04-03 18:40 - 2013-04-03 06:14 - 00000000 ____D C:\Users\Mahendran\Desktop\rkill

2013-04-03 18:40 - 2013-04-03 06:13 - 00046840 ____A C:\Users\Mahendran\Desktop\Rkill.txt

2013-04-03 18:40 - 2013-04-03 06:13 - 00000000 ____D C:\Users\Mahendran\Downloads\uSeRiNiT

2013-04-03 18:37 - 2013-04-03 18:37 - 05046606 ____A (Swearware) C:\Users\Mahendran\Desktop\ComboFix.exe

2013-04-03 07:59 - 2013-04-03 07:59 - 00036680 ____A C:\Windows\System32\Drivers\mbamchameleon.sys

2013-04-03 06:51 - 2013-01-22 19:06 - 00000000 ____D C:\Users\Mahendran\Documents\Pers

2013-04-03 06:49 - 2013-04-03 06:49 - 00132790 ____A C:\Users\Mahendran\Desktop\attach.txt

2013-04-03 06:49 - 2013-04-03 06:49 - 00023403 ____A C:\Users\Mahendran\Desktop\dds.txt

2013-04-03 06:47 - 2013-04-03 06:47 - 00000000 ____D C:\Users\Mahendran\Downloads\dds

2013-04-03 06:46 - 2013-04-03 06:46 - 00686688 ____A C:\Users\Mahendran\Downloads\dds.zip

2013-04-03 06:45 - 2012-05-19 03:33 - 00000944 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-291058343-1587379842-3624846313-1000UA.job

2013-04-03 06:13 - 2013-04-03 06:12 - 00835760 ____A C:\Users\Mahendran\Downloads\uSeRiNiT.zip

2013-04-03 05:52 - 2013-04-03 05:51 - 05046606 ____A (Swearware) C:\Users\Mahendran\Downloads\ComboFix.exe

2013-04-03 05:45 - 2013-04-03 05:45 - 00000000 ____D C:\Users\Mahendran\Downloads\ComboFix

2013-04-03 05:44 - 2013-04-03 05:44 - 05043052 ____A C:\Users\Mahendran\Downloads\ComboFix.zip

2013-04-03 05:36 - 2013-04-03 05:36 - 00000000 ____D C:\Users\Mahendran\Downloads\tdsskiller

2013-04-03 05:35 - 2013-04-03 05:35 - 02218636 ____A C:\Users\Mahendran\Downloads\tdsskiller.zip

2013-04-03 04:24 - 2013-04-02 19:41 - 00000000 ____D C:\Program Files (x86)\stinger

2013-04-03 00:43 - 2012-05-19 03:33 - 00000922 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-291058343-1587379842-3624846313-1000Core.job

2013-04-02 23:21 - 2013-04-02 19:41 - 00000000 ____D C:\Users\Mahendran\Downloads\scan

2013-04-02 23:21 - 2013-04-02 19:41 - 00000000 ____D C:\Stinger_Quarantine

2013-04-02 20:32 - 2013-04-02 20:32 - 00000005 ____A C:\Users\Mahendran\AppData\Roaming\mbam.context.scan

2013-04-02 20:20 - 2013-04-02 20:20 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-04-02 20:20 - 2013-04-02 20:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-04-02 19:40 - 2013-04-02 19:40 - 21250271 ____A C:\Users\Mahendran\Downloads\scan.zip

2013-04-02 18:35 - 2011-04-03 05:43 - 00000069 ____A C:\Windows\NeroDigital.ini

2013-04-02 18:35 - 2010-10-24 05:44 - 00000107 ____A C:\Users\Mahendran\AppData\default.pls

2013-04-02 03:44 - 2012-01-19 04:15 - 00000000 ____D C:\Users\Mahendran\AppData\Roaming\Mozilla

2013-04-02 03:24 - 2013-04-02 03:24 - 00002212 ____A C:\Users\Public\Desktop\Google Earth.lnk

2013-04-02 03:24 - 2010-09-14 20:12 - 00000000 ____D C:\Program Files (x86)\Google

2013-04-01 21:14 - 2013-04-01 21:14 - 00000000 RASHD C:\Users\Mahendran\E6162746E6568616D4

2013-04-01 21:14 - 2010-05-18 11:33 - 00000000 ____D C:\users\Mahendran

2013-04-01 21:08 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI

2013-04-01 21:03 - 2012-08-21 00:39 - 00000000 ____D C:\Program Files (x86)\McAfee

2013-04-01 21:03 - 2010-05-22 23:07 - 00119272 ____A C:\Windows\PFRO.log

2013-04-01 20:36 - 2010-12-13 03:33 - 00000000 ____D C:\Users\Mahendran\Downloads\Torrent downloading

2013-04-01 20:36 - 2010-12-13 03:33 - 00000000 ____D C:\Users\Mahendran\Downloads\Torrent Completed

2013-04-01 20:36 - 2010-12-13 03:32 - 00000000 ____D C:\Users\Mahendran\Downloads\Downloading

2013-04-01 20:36 - 2010-12-13 03:32 - 00000000 ____D C:\Users\Mahendran\Downloads\Download Completed

2013-04-01 20:03 - 2013-04-01 20:03 - 00014782 ____A C:\Users\Mahendran\Downloads\[MP3]~Settai~[2013]~CBR~320Kbps~[MD Thasneen].torrent

2013-04-01 20:01 - 2013-04-01 20:01 - 00018353 ____A C:\Users\Mahendran\Downloads\[MP3]Udhayam NH4 (2013) ~ ORG ACD RIP ~ CBR ~ 320kbps ~ TC Rajni.torrent

2013-04-01 06:17 - 2010-05-21 04:56 - 00000000 ____D C:\Users\Mahendran\AppData\Roaming\vlc

2013-03-27 05:47 - 2013-03-27 05:47 - 00015254 ____A C:\Users\Mahendran\Downloads\[kat.ph]the.big.bang.theory.s06e02.hdtv.xvid.afg.torrent

2013-03-27 05:47 - 2013-03-27 05:47 - 00013520 ____A C:\Users\Mahendran\Downloads\[kat.ph]the.big.bang.theory.s06e01.hdtv.x264.lol.ettv.torrent

2013-03-25 12:39 - 2013-03-25 12:39 - 04546560 ____A (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr

2013-03-23 19:04 - 2013-03-23 19:04 - 00025658 ____A C:\Users\Mahendran\Downloads\[kat.ph]person.of.interest.s02e06.hdtv.x264.lol.ettv.torrent

2013-03-23 19:03 - 2013-03-23 19:03 - 00021606 ____A C:\Users\Mahendran\Downloads\[kat.ph]person.of.interest.s02e03.hdtv.x264.lol.ettv.torrent

2013-03-23 19:03 - 2013-03-23 19:03 - 00011031 ____A C:\Users\Mahendran\Downloads\[kat.ph]person.of.interest.s02e04.hdtv.x264.lol.torrent

2013-03-23 19:03 - 2013-03-23 19:03 - 00010711 ____A C:\Users\Mahendran\Downloads\[kat.ph]person.of.interest.s02e05.hdtv.x264.lol.eztv.torrent

2013-03-23 19:02 - 2013-03-23 19:02 - 00010150 ____A C:\Users\Mahendran\Downloads\[kat.ph]person.of.interest.s02e02.hdtv.x264.lol.eztv.torrent

2013-03-23 08:10 - 2013-03-23 08:10 - 00024063 ____A C:\Users\Mahendran\Downloads\[kat.ph]person.of.interest.s02e01.hdtv.x264.lol.ettv.torrent

2013-03-22 19:30 - 2013-03-22 19:30 - 00012686 ____A C:\Users\Mahendran\Downloads\[kat.ph]kadal.2013.dvd5.dd.5.1.untouched.torrent

2013-03-16 18:41 - 2013-03-16 18:41 - 00014852 ____A C:\Users\Mahendran\Downloads\[kat.ph]moonrise.kingdom.2012.limited.brrip.xvid.absurdity.torrent

2013-03-15 09:51 - 2013-01-22 04:45 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-03-15 09:42 - 2010-05-18 20:29 - 72013344 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-03-14 22:15 - 2012-06-26 01:11 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-03-14 22:15 - 2012-06-26 01:11 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-03-14 19:51 - 2013-03-14 19:51 - 00012190 ____A C:\Users\Mahendran\Downloads\[kat.ph]special.26.2013.hindi.720p.dvdrip.charmeleon.silverrg.torrent

2013-03-08 23:23 - 2013-03-08 23:23 - 00020318 ____A C:\Users\Mahendran\Downloads\[kat.ph]person.of.interest.season.1.480p.bluray.150mb.mrlss.torrent

2013-03-08 23:14 - 2013-03-08 23:14 - 00015092 ____A C:\Users\Mahendran\Downloads\[kat.ph]the.big.bang.theory.s05e24.hdtv.xvid.afg.ettv.torrent

2013-03-08 23:13 - 2013-03-08 23:13 - 00006591 ____A C:\Users\Mahendran\Downloads\[kat.ph]the.big.bang.theory.s05e22.hdtv.x264.lol.torrent

2013-03-08 23:13 - 2013-03-08 23:13 - 00006128 ____A C:\Users\Mahendran\Downloads\[kat.ph]the.big.bang.theory.s05e23.hdtv.x264.lol.torrent

2013-03-07 23:44 - 2012-12-09 08:18 - 00262144 ____A C:\Windows\System32\config\ELAM

2013-03-07 22:27 - 2012-08-21 00:14 - 00000000 ____D C:\Program Files\Common Files\McAfee

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-02-13 20:26:08

Restore point made on: 2013-02-18 19:37:05

Restore point made on: 2013-02-19 22:24:42

Restore point made on: 2013-03-07 19:26:36

Restore point made on: 2013-03-14 21:00:12

Restore point made on: 2013-03-15 09:38:24

Restore point made on: 2013-03-17 02:42:12

==================== Memory info ===========================

Percentage of memory in use: 21%

Total physical RAM: 4060.86 MB

Available physical RAM: 3189.49 MB

Total Pagefile: 4059 MB

Available Pagefile: 3177.07 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:441.35 GB) (Free:16.33 GB) NTFS

2 Drive d: (New Volume) (Fixed) (Total:24.32 GB) (Free:13.2 GB) NTFS

4 Drive g: (MAHE) (Fixed) (Total:149.01 GB) (Free:13.47 GB) FAT32

5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 0 B

Disk 1 Online 149 GB 0 B

Partitions of Disk 0:

===============

Disk ID: EA551FB1

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 24 GB 101 MB

Partition 3 Primary 441 GB 24 GB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 D New Volume NTFS Partition 24 GB Healthy

=========================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 C NTFS Partition 441 GB Healthy

=========================================================

Partitions of Disk 1:

===============

Disk ID: B28F8E57

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 149 GB 31 KB

==================================================================================

Disk: 1

Partition 1

Type : 0B

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G MAHE FAT32 Partition 149 GB Healthy

=========================================================

============================== MBR Partition Table ==================

==============================

Partitions of Disk 0:

===============

Disk ID: EA551FB1

Partition 1:

=========

Hex: 8020210007DF130C0008000000200300

Active: YES

Type: 07 (NTFS)

Size: 100 MB

Partition 2:

=========

Hex: 00DF140C07FEFFFF0028030000180A03

Active: NO

Type: 07 (NTFS)

Size: 24 GB

Partition 3:

=========

Hex: 00FEFFFF07FEFFFF00400D0300182B37

Active: NO

Type: 07 (NTFS)

Size: 441 GB

==============================

Partitions of Disk 1:

===============

Disk ID: B28F8E57

Partition 1:

=========

Hex: 000101000BFE3F003F000000828AA112

Active: NO

Type: 0B

Size: 149 GB

Last Boot: 2013-03-14 20:51

==================== End Of Log =============================

Link to post
Share on other sites

I attach a script for FRST. Transfer it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

fixlist.txt

Link to post
Share on other sites

Hello, even before your post, I used Kaspersky boot disk and did a scan. It did clean couple of malwares. I rebooted the system and I was able to open Mcafee and Malwarebytes. The PC started behaving normally. I did run Malwarebytes and it found a lot of secuirty hijacks. I cleaned them all and ran Malwarebytes agan and it came out clean. Please see the logs and let me know if I have to do anything else.

Sorry I had to attach the file as I am not able to post the log in the response as it is too long

mbam-log-2013-04-07 (12-08-31).txt

mbam-log-2013-04-07 (12-24-17).txt

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.