Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI Ransomware


  • This topic is locked This topic is locked
2 replies to this topic

#1 tsimmons52

tsimmons52

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 30 July 2013 - 07:03 PM

Hi, I Have Seem to Have The Same Infection That This, http://www.bleepingcomputer.com/forums/t/479932/fbi-ransomware-in-safemode-also/ user has. Im running Windows 7 Home Premium (x64).

I Have Already Scaned And Gotten A Log From Farbar, Results Below.

 

Thanks,

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by SYSTEM on 30-07-2013 18:47:35
Running from D:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2104104 2010-04-09] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-02-01] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-01-20] ()
HKLM\...\Run: [HPToneControl] - C:\Program Files\Hewlett-Packard\HPToneControl\HPTonectl.exe [107832 2009-08-19] (Hewlett-Packard )
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [172032 2010-04-25] (Sun Microsystems, Inc.)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-01-27] (Hewlett-Packard)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,
HKLM\...\InprocServer32: [Default-cscui]  <==== ATTENTION!
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-04-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2010-12-13] (Apple Inc.)
HKLM-x32\...\Run: [ROC_roc_ssl_v12] - "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 [x]
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Jacob\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-01-22] (Hewlett-Packard Company)
HKU\Jacob\...\Run: [Smad] - C:\Users\Jacob\AppData\Local\SanctionedMedia\Smad\Smad.exe [37376 2011-12-23] (SanctionedMedia)
HKU\Jacob\...\Run: [Advanced SystemCare 5] - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe [288128 2012-05-28] (IObit)
HKU\Jacob\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-23] (Google Inc.)
HKU\Jacob\...\Winlogon: [Shell] explorer.exe,C:\Users\Jacob\AppData\Roaming\skype.dat [139264 2011-11-16] (ImDev Software Group) <==== ATTENTION
HKU\Jessica\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Jessica\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-01-22] (Hewlett-Packard Company)
HKU\Jessica\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWow64\Macromed\Flash\FlashUtil10d.exe [x]
IMEO\a.exe: [Debugger] svchost.exe
IMEO\aAvgApi.exe: [Debugger] svchost.exe
IMEO\AAWTray.exe: [Debugger] svchost.exe
IMEO\About.exe: [Debugger] svchost.exe
IMEO\ackwin32.exe: [Debugger] svchost.exe
IMEO\Ad-Aware.exe: [Debugger] svchost.exe
IMEO\adaware.exe: [Debugger] svchost.exe
IMEO\advxdwin.exe: [Debugger] svchost.exe
IMEO\AdwarePrj.exe: [Debugger] svchost.exe
IMEO\agent.exe: [Debugger] svchost.exe
IMEO\agentsvr.exe: [Debugger] svchost.exe
IMEO\agentw.exe: [Debugger] svchost.exe
IMEO\alertsvc.exe: [Debugger] svchost.exe
IMEO\alevir.exe: [Debugger] svchost.exe
IMEO\alogserv.exe: [Debugger] svchost.exe
IMEO\AlphaAV: [Debugger] svchost.exe
IMEO\AlphaAV.exe: [Debugger] svchost.exe
IMEO\AluSchedulerSvc.exe: [Debugger] svchost.exe
IMEO\amon9x.exe: [Debugger] svchost.exe
IMEO\anti-trojan.exe: [Debugger] svchost.exe
IMEO\Anti-Virus Professional.exe: [Debugger] svchost.exe
IMEO\AntispywarXP2009.exe: [Debugger] svchost.exe
IMEO\antivirus.exe: [Debugger] svchost.exe
IMEO\AntivirusPlus: [Debugger] svchost.exe
IMEO\AntivirusPlus.exe: [Debugger] svchost.exe
IMEO\AntivirusPro_2010.exe: [Debugger] svchost.exe
IMEO\AntivirusXP: [Debugger] svchost.exe
IMEO\AntivirusXP.exe: [Debugger] svchost.exe
IMEO\antivirusxppro2009.exe: [Debugger] svchost.exe
IMEO\AntiVirus_Pro.exe: [Debugger] svchost.exe
IMEO\ants.exe: [Debugger] svchost.exe
IMEO\apimonitor.exe: [Debugger] svchost.exe
IMEO\aplica32.exe: [Debugger] svchost.exe
IMEO\apvxdwin.exe: [Debugger] svchost.exe
IMEO\arr.exe: [Debugger] svchost.exe
IMEO\ashAvast.exe: [Debugger] svchost.exe
IMEO\ashBug.exe: [Debugger] svchost.exe
IMEO\ashChest.exe: [Debugger] svchost.exe
IMEO\ashCnsnt.exe: [Debugger] svchost.exe
IMEO\ashDisp.exe: [Debugger] svchost.exe
IMEO\ashLogV.exe: [Debugger] svchost.exe
IMEO\ashMaiSv.exe: [Debugger] svchost.exe
IMEO\ashPopWz.exe: [Debugger] svchost.exe
IMEO\ashQuick.exe: [Debugger] svchost.exe
IMEO\ashServ.exe: [Debugger] svchost.exe
IMEO\ashSimp2.exe: [Debugger] svchost.exe
IMEO\ashSimpl.exe: [Debugger] svchost.exe
IMEO\ashSkPcc.exe: [Debugger] svchost.exe
IMEO\ashSkPck.exe: [Debugger] svchost.exe
IMEO\ashUpd.exe: [Debugger] svchost.exe
IMEO\ashWebSv.exe: [Debugger] svchost.exe
IMEO\aswChLic.exe: [Debugger] svchost.exe
IMEO\aswRegSvr.exe: [Debugger] svchost.exe
IMEO\aswRunDll.exe: [Debugger] svchost.exe
IMEO\aswUpdSv.exe: [Debugger] svchost.exe
IMEO\atcon.exe: [Debugger] svchost.exe
IMEO\atguard.exe: [Debugger] svchost.exe
IMEO\atro55en.exe: [Debugger] svchost.exe
IMEO\atupdater.exe: [Debugger] svchost.exe
IMEO\atwatch.exe: [Debugger] svchost.exe
IMEO\au.exe: [Debugger] svchost.exe
IMEO\aupdate.exe: [Debugger] svchost.exe
IMEO\auto-protect.nav80try.exe: [Debugger] svchost.exe
IMEO\autodown.exe: [Debugger] svchost.exe
IMEO\autotrace.exe: [Debugger] svchost.exe
IMEO\autoupdate.exe: [Debugger] svchost.exe
IMEO\av360.exe: [Debugger] svchost.exe
IMEO\avadmin.exe: [Debugger] svchost.exe
IMEO\avastSvc.exe: [Debugger] svchost.exe
IMEO\avastUI.exe: [Debugger] svchost.exe
IMEO\AVCare.exe: [Debugger] svchost.exe
IMEO\avcenter.exe: [Debugger] svchost.exe
IMEO\avciman.exe: [Debugger] svchost.exe
IMEO\avconfig.exe: [Debugger] svchost.exe
IMEO\avconsol.exe: [Debugger] svchost.exe
IMEO\ave32.exe: [Debugger] svchost.exe
IMEO\AVENGINE.EXE: [Debugger] svchost.exe
IMEO\avgcc32.exe: [Debugger] svchost.exe
IMEO\avgchk.exe: [Debugger] svchost.exe
IMEO\avgcmgr.exe: [Debugger] svchost.exe
IMEO\avgcsrvx.exe: [Debugger] svchost.exe
IMEO\avgctrl.exe: [Debugger] svchost.exe
IMEO\avgdumpx.exe: [Debugger] svchost.exe
IMEO\avgemc.exe: [Debugger] svchost.exe
IMEO\avgiproxy.exe: [Debugger] svchost.exe
IMEO\avgnsx.exe: [Debugger] svchost.exe
IMEO\avgnt.exe: [Debugger] svchost.exe
IMEO\avgrsx.exe: [Debugger] svchost.exe
IMEO\avgscanx.exe: [Debugger] svchost.exe
IMEO\avgserv.exe: [Debugger] svchost.exe
IMEO\avgserv9.exe: [Debugger] svchost.exe
IMEO\avgsrmax.exe: [Debugger] svchost.exe
IMEO\avgtray.exe: [Debugger] svchost.exe
IMEO\avguard.exe: [Debugger] svchost.exe
IMEO\avgui.exe: [Debugger] svchost.exe
IMEO\avgupd.exe: [Debugger] svchost.exe
IMEO\avgw.exe: [Debugger] svchost.exe
IMEO\avgwdsvc.exe: [Debugger] svchost.exe
IMEO\avkpop.exe: [Debugger] svchost.exe
IMEO\avkserv.exe: [Debugger] svchost.exe
IMEO\avkservice.exe: [Debugger] svchost.exe
IMEO\avkwctl9.exe: [Debugger] svchost.exe
IMEO\avltmain.exe: [Debugger] svchost.exe
IMEO\avmailc.exe: [Debugger] svchost.exe
IMEO\avmcdlg.exe: [Debugger] svchost.exe
IMEO\avnotify.exe: [Debugger] svchost.exe
IMEO\avnt.exe: [Debugger] svchost.exe
IMEO\avp32.exe: [Debugger] svchost.exe
IMEO\avpcc.exe: [Debugger] svchost.exe
IMEO\avpdos32.exe: [Debugger] svchost.exe
IMEO\avpm.exe: [Debugger] svchost.exe
IMEO\avptc32.exe: [Debugger] svchost.exe
IMEO\avpupd.exe: [Debugger] svchost.exe
IMEO\avsched32.exe: [Debugger] svchost.exe
IMEO\avshadow.exe: [Debugger] svchost.exe
IMEO\avsynmgr.exe: [Debugger] svchost.exe
IMEO\avupgsvc.exe: [Debugger] svchost.exe
IMEO\AVWEBGRD.EXE: [Debugger] svchost.exe
IMEO\avwin.exe: [Debugger] svchost.exe
IMEO\avwin95.exe: [Debugger] svchost.exe
IMEO\avwinnt.exe: [Debugger] svchost.exe
IMEO\avwsc.exe: [Debugger] svchost.exe
IMEO\avwupd.exe: [Debugger] svchost.exe
IMEO\avwupd32.exe: [Debugger] svchost.exe
IMEO\avwupsrv.exe: [Debugger] svchost.exe
IMEO\avxmonitor9x.exe: [Debugger] svchost.exe
IMEO\avxmonitornt.exe: [Debugger] svchost.exe
IMEO\avxquar.exe: [Debugger] svchost.exe
IMEO\b.exe: [Debugger] svchost.exe
IMEO\backweb.exe: [Debugger] svchost.exe
IMEO\bargains.exe: [Debugger] svchost.exe
IMEO\bdfvcl.exe: [Debugger] svchost.exe
IMEO\bdfvwiz.exe: [Debugger] svchost.exe
IMEO\BDInProcPatch.exe: [Debugger] svchost.exe
IMEO\bdmcon.exe: [Debugger] svchost.exe
IMEO\BDMsnScan.exe: [Debugger] svchost.exe
IMEO\BDSurvey.exe: [Debugger] svchost.exe
IMEO\bd_professional.exe: [Debugger] svchost.exe
IMEO\beagle.exe: [Debugger] svchost.exe
IMEO\belt.exe: [Debugger] svchost.exe
IMEO\bidef.exe: [Debugger] svchost.exe
IMEO\bidserver.exe: [Debugger] svchost.exe
IMEO\bipcp.exe: [Debugger] svchost.exe
IMEO\bipcpevalsetup.exe: [Debugger] svchost.exe
IMEO\bisp.exe: [Debugger] svchost.exe
IMEO\blackd.exe: [Debugger] svchost.exe
IMEO\blackice.exe: [Debugger] svchost.exe
IMEO\blink.exe: [Debugger] svchost.exe
IMEO\blss.exe: [Debugger] svchost.exe
IMEO\bootconf.exe: [Debugger] svchost.exe
IMEO\bootwarn.exe: [Debugger] svchost.exe
IMEO\borg2.exe: [Debugger] svchost.exe
IMEO\bpc.exe: [Debugger] svchost.exe
IMEO\brasil.exe: [Debugger] svchost.exe
IMEO\brastk.exe: [Debugger] svchost.exe
IMEO\brw.exe: [Debugger] svchost.exe
IMEO\bs120.exe: [Debugger] svchost.exe
IMEO\bspatch.exe: [Debugger] svchost.exe
IMEO\bundle.exe: [Debugger] svchost.exe
IMEO\bvt.exe: [Debugger] svchost.exe
IMEO\c.exe: [Debugger] svchost.exe
IMEO\cavscan.exe: [Debugger] svchost.exe
IMEO\ccapp.exe: [Debugger] svchost.exe
IMEO\ccevtmgr.exe: [Debugger] svchost.exe
IMEO\ccpxysvc.exe: [Debugger] svchost.exe
IMEO\ccSvcHst.exe: [Debugger] svchost.exe
IMEO\cdp.exe: [Debugger] svchost.exe
IMEO\cfd.exe: [Debugger] svchost.exe
IMEO\cfgwiz.exe: [Debugger] svchost.exe
IMEO\cfiadmin.exe: [Debugger] svchost.exe
IMEO\cfiaudit.exe: [Debugger] svchost.exe
IMEO\cfinet.exe: [Debugger] svchost.exe
IMEO\cfinet32.exe: [Debugger] svchost.exe
IMEO\cfp.exe: [Debugger] svchost.exe
IMEO\cfpconfg.exe: [Debugger] svchost.exe
IMEO\cfplogvw.exe: [Debugger] svchost.exe
IMEO\cfpupdat.exe: [Debugger] svchost.exe
IMEO\claw95.exe: [Debugger] svchost.exe
IMEO\claw95cf.exe: [Debugger] svchost.exe
IMEO\clean.exe: [Debugger] svchost.exe
IMEO\cleaner.exe: [Debugger] svchost.exe
IMEO\cleaner3.exe: [Debugger] svchost.exe
IMEO\cleanIELow.exe: [Debugger] svchost.exe
IMEO\cleanpc.exe: [Debugger] svchost.exe
IMEO\click.exe: [Debugger] svchost.exe
IMEO\cmd32.exe: [Debugger] svchost.exe
IMEO\cmdagent.exe: [Debugger] svchost.exe
IMEO\cmesys.exe: [Debugger] svchost.exe
IMEO\cmgrdian.exe: [Debugger] svchost.exe
IMEO\cmon016.exe: [Debugger] svchost.exe
IMEO\connectionmonitor.exe: [Debugger] svchost.exe
IMEO\control: [Debugger] svchost.exe
IMEO\cpd.exe: [Debugger] svchost.exe
IMEO\cpf9x206.exe: [Debugger] svchost.exe
IMEO\cpfnt206.exe: [Debugger] svchost.exe
IMEO\crashrep.exe: [Debugger] svchost.exe
IMEO\csc.exe: [Debugger] svchost.exe
IMEO\cssconfg.exe: [Debugger] svchost.exe
IMEO\cssupdat.exe: [Debugger] svchost.exe
IMEO\cssurf.exe: [Debugger] svchost.exe
IMEO\ctrl.exe: [Debugger] svchost.exe
IMEO\cv.exe: [Debugger] svchost.exe
IMEO\cwnb181.exe: [Debugger] svchost.exe
IMEO\cwntdwmo.exe: [Debugger] svchost.exe
IMEO\d.exe: [Debugger] svchost.exe
IMEO\datemanager.exe: [Debugger] svchost.exe
IMEO\dcomx.exe: [Debugger] svchost.exe
IMEO\defalert.exe: [Debugger] svchost.exe
IMEO\defscangui.exe: [Debugger] svchost.exe
IMEO\defwatch.exe: [Debugger] svchost.exe
IMEO\deloeminfs.exe: [Debugger] svchost.exe
IMEO\deputy.exe: [Debugger] svchost.exe
IMEO\divx.exe: [Debugger] svchost.exe
IMEO\dllcache.exe: [Debugger] svchost.exe
IMEO\dllreg.exe: [Debugger] svchost.exe
IMEO\doors.exe: [Debugger] svchost.exe
IMEO\dop.exe: [Debugger] svchost.exe
IMEO\dpf.exe: [Debugger] svchost.exe
IMEO\dpfsetup.exe: [Debugger] svchost.exe
IMEO\dpps2.exe: [Debugger] svchost.exe
IMEO\driverctrl.exe: [Debugger] svchost.exe
IMEO\drwatson.exe: [Debugger] svchost.exe
IMEO\drweb32.exe: [Debugger] svchost.exe
IMEO\drwebupw.exe: [Debugger] svchost.exe
IMEO\dssagent.exe: [Debugger] svchost.exe
IMEO\dvp95.exe: [Debugger] svchost.exe
IMEO\dvp95_0.exe: [Debugger] svchost.exe
IMEO\ecengine.exe: [Debugger] svchost.exe
IMEO\efpeadm.exe: [Debugger] svchost.exe
IMEO\emsw.exe: [Debugger] svchost.exe
IMEO\ent.exe: [Debugger] svchost.exe
IMEO\esafe.exe: [Debugger] svchost.exe
IMEO\escanhnt.exe: [Debugger] svchost.exe
IMEO\escanv95.exe: [Debugger] svchost.exe
IMEO\espwatch.exe: [Debugger] svchost.exe
IMEO\ethereal.exe: [Debugger] svchost.exe
IMEO\etrustcipe.exe: [Debugger] svchost.exe
IMEO\evpn.exe: [Debugger] svchost.exe
IMEO\exantivirus-cnet.exe: [Debugger] svchost.exe
IMEO\exe.avxw.exe: [Debugger] svchost.exe
IMEO\expert.exe: [Debugger] svchost.exe
IMEO\explore.exe: [Debugger] svchost.exe
IMEO\f-agnt95.exe: [Debugger] svchost.exe
IMEO\f-prot.exe: [Debugger] svchost.exe
IMEO\f-prot95.exe: [Debugger] svchost.exe
IMEO\f-stopw.exe: [Debugger] svchost.exe
IMEO\fact.exe: [Debugger] svchost.exe
IMEO\fameh32.exe: [Debugger] svchost.exe
IMEO\fast.exe: [Debugger] svchost.exe
IMEO\fch32.exe: [Debugger] svchost.exe
IMEO\fih32.exe: [Debugger] svchost.exe
IMEO\findviru.exe: [Debugger] svchost.exe
IMEO\firewall.exe: [Debugger] svchost.exe
IMEO\fixcfg.exe: [Debugger] svchost.exe
IMEO\fixfp.exe: [Debugger] svchost.exe
IMEO\fnrb32.exe: [Debugger] svchost.exe
IMEO\fp-win.exe: [Debugger] svchost.exe
IMEO\fp-win_trial.exe: [Debugger] svchost.exe
IMEO\fprot.exe: [Debugger] svchost.exe
IMEO\frmwrk32.exe: [Debugger] svchost.exe
IMEO\frw.exe: [Debugger] svchost.exe
IMEO\fsaa.exe: [Debugger] svchost.exe
IMEO\fsav.exe: [Debugger] svchost.exe
IMEO\fsav32.exe: [Debugger] svchost.exe
IMEO\fsav530stbyb.exe: [Debugger] svchost.exe
IMEO\fsav530wtbyb.exe: [Debugger] svchost.exe
IMEO\fsav95.exe: [Debugger] svchost.exe
IMEO\fsgk32.exe: [Debugger] svchost.exe
IMEO\fsm32.exe: [Debugger] svchost.exe
IMEO\fsma32.exe: [Debugger] svchost.exe
IMEO\fsmb32.exe: [Debugger] svchost.exe
IMEO\gator.exe: [Debugger] svchost.exe
IMEO\gav.exe: [Debugger] svchost.exe
IMEO\gbmenu.exe: [Debugger] svchost.exe
IMEO\gbn976rl.exe: [Debugger] svchost.exe
IMEO\gbpoll.exe: [Debugger] svchost.exe
IMEO\generics.exe: [Debugger] svchost.exe
IMEO\gmt.exe: [Debugger] svchost.exe
IMEO\guard.exe: [Debugger] svchost.exe
IMEO\guarddog.exe: [Debugger] svchost.exe
IMEO\guardgui.exe: [Debugger] svchost.exe
IMEO\guardxkickoff.exe: [Debugger] svchost.exe
IMEO\hacktracersetup.exe: [Debugger] svchost.exe
IMEO\hbinst.exe: [Debugger] svchost.exe
IMEO\hbsrv.exe: [Debugger] svchost.exe
IMEO\History.exe: [Debugger] svchost.exe
IMEO\homeav2010.exe: [Debugger] svchost.exe
IMEO\hotactio.exe: [Debugger] svchost.exe
IMEO\hotpatch.exe: [Debugger] svchost.exe
IMEO\htlog.exe: [Debugger] svchost.exe
IMEO\htpatch.exe: [Debugger] svchost.exe
IMEO\hwpe.exe: [Debugger] svchost.exe
IMEO\hxdl.exe: [Debugger] svchost.exe
IMEO\hxiul.exe: [Debugger] svchost.exe
IMEO\iamapp.exe: [Debugger] svchost.exe
IMEO\iamserv.exe: [Debugger] svchost.exe
IMEO\iamstats.exe: [Debugger] svchost.exe
IMEO\ibmasn.exe: [Debugger] svchost.exe
IMEO\ibmavsp.exe: [Debugger] svchost.exe
IMEO\icload95.exe: [Debugger] svchost.exe
IMEO\icloadnt.exe: [Debugger] svchost.exe
IMEO\icmon.exe: [Debugger] svchost.exe
IMEO\icsupp95.exe: [Debugger] svchost.exe
IMEO\icsuppnt.exe: [Debugger] svchost.exe
IMEO\Identity.exe: [Debugger] svchost.exe
IMEO\idle.exe: [Debugger] svchost.exe
IMEO\iedll.exe: [Debugger] svchost.exe
IMEO\iedriver.exe: [Debugger] svchost.exe
IMEO\IEShow.exe: [Debugger] svchost.exe
IMEO\iface.exe: [Debugger] svchost.exe
IMEO\ifw2000.exe: [Debugger] svchost.exe
IMEO\inetlnfo.exe: [Debugger] svchost.exe
IMEO\infus.exe: [Debugger] svchost.exe
IMEO\infwin.exe: [Debugger] svchost.exe
IMEO\init.exe: [Debugger] svchost.exe
IMEO\init32.exe : [Debugger] svchost.exe
IMEO\install[1].exe: [Debugger] svchost.exe
IMEO\install[2].exe: [Debugger] svchost.exe
IMEO\install[3].exe: [Debugger] svchost.exe
IMEO\install[4].exe: [Debugger] svchost.exe
IMEO\install[5].exe: [Debugger] svchost.exe
IMEO\intdel.exe: [Debugger] svchost.exe
IMEO\intren.exe: [Debugger] svchost.exe
IMEO\iomon98.exe: [Debugger] svchost.exe
IMEO\istsvc.exe: [Debugger] svchost.exe
IMEO\jammer.exe: [Debugger] svchost.exe
IMEO\jdbgmrg.exe: [Debugger] svchost.exe
IMEO\jedi.exe: [Debugger] svchost.exe
IMEO\JsRcGen.exe: [Debugger] svchost.exe
IMEO\kavlite40eng.exe: [Debugger] svchost.exe
IMEO\kavpers40eng.exe: [Debugger] svchost.exe
IMEO\kavpf.exe: [Debugger] svchost.exe
IMEO\kazza.exe: [Debugger] svchost.exe
IMEO\keenvalue.exe: [Debugger] svchost.exe
IMEO\kerio-pf-213-en-win.exe: [Debugger] svchost.exe
IMEO\kerio-wrl-421-en-win.exe: [Debugger] svchost.exe
IMEO\kerio-wrp-421-en-win.exe: [Debugger] svchost.exe
IMEO\killprocesssetup161.exe: [Debugger] svchost.exe
IMEO\ldnetmon.exe: [Debugger] svchost.exe
IMEO\ldpro.exe: [Debugger] svchost.exe
IMEO\ldpromenu.exe: [Debugger] svchost.exe
IMEO\ldscan.exe: [Debugger] svchost.exe
IMEO\licmgr.exe: [Debugger] svchost.exe
IMEO\lnetinfo.exe: [Debugger] svchost.exe
IMEO\loader.exe: [Debugger] svchost.exe
IMEO\localnet.exe: [Debugger] svchost.exe
IMEO\lockdown.exe: [Debugger] svchost.exe
IMEO\lockdown2000.exe: [Debugger] svchost.exe
IMEO\lookout.exe: [Debugger] svchost.exe
IMEO\lordpe.exe: [Debugger] svchost.exe
IMEO\lsetup.exe: [Debugger] svchost.exe
IMEO\luall.exe: [Debugger] svchost.exe
IMEO\luau.exe: [Debugger] svchost.exe
IMEO\lucomserver.exe: [Debugger] svchost.exe
IMEO\luinit.exe: [Debugger] svchost.exe
IMEO\luspt.exe: [Debugger] svchost.exe
IMEO\MalwareRemoval.exe: [Debugger] svchost.exe
IMEO\mapisvc32.exe: [Debugger] svchost.exe
IMEO\mbam.exe: [Debugger] svchost.exe
IMEO\mbamgui.exe: [Debugger] svchost.exe
IMEO\mbamservice.exe: [Debugger] svchost.exe
IMEO\mcagent.exe: [Debugger] svchost.exe
IMEO\mcmnhdlr.exe: [Debugger] svchost.exe
IMEO\mcmpeng.exe: [Debugger] svchost.exe
IMEO\mcmscsvc.exe: [Debugger] svchost.exe
IMEO\mcnasvc.exe: [Debugger] svchost.exe
IMEO\mcproxy.exe: [Debugger] svchost.exe
IMEO\McSACore.exe: [Debugger] svchost.exe
IMEO\mcshell.exe: [Debugger] svchost.exe
IMEO\mcshield.exe: [Debugger] svchost.exe
IMEO\mcsysmon.exe: [Debugger] svchost.exe
IMEO\mctool.exe: [Debugger] svchost.exe
IMEO\mcupdate.exe: [Debugger] svchost.exe
IMEO\mcvsrte.exe: [Debugger] svchost.exe
IMEO\mcvsshld.exe: [Debugger] svchost.exe
IMEO\md.exe: [Debugger] svchost.exe
IMEO\mfin32.exe: [Debugger] svchost.exe
IMEO\mfw2en.exe: [Debugger] svchost.exe
IMEO\mfweng3.02d30.exe: [Debugger] svchost.exe
IMEO\mgavrtcl.exe: [Debugger] svchost.exe
IMEO\mgavrte.exe: [Debugger] svchost.exe
IMEO\mghtml.exe: [Debugger] svchost.exe
IMEO\mgui.exe: [Debugger] svchost.exe
IMEO\minilog.exe: [Debugger] svchost.exe
IMEO\mmod.exe: [Debugger] svchost.exe
IMEO\monitor.exe: [Debugger] svchost.exe
IMEO\moolive.exe: [Debugger] svchost.exe
IMEO\mostat.exe: [Debugger] svchost.exe
IMEO\mpfagent.exe: [Debugger] svchost.exe
IMEO\mpfservice.exe: [Debugger] svchost.exe
IMEO\MPFSrv.exe: [Debugger] svchost.exe
IMEO\mpftray.exe: [Debugger] svchost.exe
IMEO\mrflux.exe: [Debugger] svchost.exe
IMEO\mrt.exe: [Debugger] svchost.exe
IMEO\msa.exe: [Debugger] svchost.exe
IMEO\msapp.exe: [Debugger] svchost.exe
IMEO\MSASCui.exe: [Debugger] svchost.exe
IMEO\msbb.exe: [Debugger] svchost.exe
IMEO\msblast.exe: [Debugger] svchost.exe
IMEO\mscache.exe: [Debugger] svchost.exe
IMEO\msccn32.exe: [Debugger] svchost.exe
IMEO\mscman.exe: [Debugger] svchost.exe
IMEO\msconfig: [Debugger] svchost.exe
IMEO\msdm.exe: [Debugger] svchost.exe
IMEO\msdos.exe: [Debugger] svchost.exe
IMEO\msiexec16.exe: [Debugger] svchost.exe
IMEO\mslaugh.exe: [Debugger] svchost.exe
IMEO\msmgt.exe: [Debugger] svchost.exe
IMEO\msmsgri32.exe: [Debugger] svchost.exe
IMEO\msseces.exe: [Debugger] svchost.exe
IMEO\mssmmc32.exe: [Debugger] svchost.exe
IMEO\mssys.exe: [Debugger] svchost.exe
IMEO\msvxd.exe: [Debugger] svchost.exe
IMEO\mu0311ad.exe: [Debugger] svchost.exe
IMEO\mwatch.exe: [Debugger] svchost.exe
IMEO\n32scanw.exe: [Debugger] svchost.exe
IMEO\nav.exe: [Debugger] svchost.exe
IMEO\navap.navapsvc.exe: [Debugger] svchost.exe
IMEO\navapsvc.exe: [Debugger] svchost.exe
IMEO\navapw32.exe: [Debugger] svchost.exe
IMEO\navdx.exe: [Debugger] svchost.exe
IMEO\navlu32.exe: [Debugger] svchost.exe
IMEO\navnt.exe: [Debugger] svchost.exe
IMEO\navstub.exe: [Debugger] svchost.exe
IMEO\navw32.exe: [Debugger] svchost.exe
IMEO\navwnt.exe: [Debugger] svchost.exe
IMEO\nc2000.exe: [Debugger] svchost.exe
IMEO\ncinst4.exe: [Debugger] svchost.exe
IMEO\ndd32.exe: [Debugger] svchost.exe
IMEO\neomonitor.exe: [Debugger] svchost.exe
IMEO\neowatchlog.exe: [Debugger] svchost.exe
IMEO\netarmor.exe: [Debugger] svchost.exe
IMEO\netd32.exe: [Debugger] svchost.exe
IMEO\netinfo.exe: [Debugger] svchost.exe
IMEO\netmon.exe: [Debugger] svchost.exe
IMEO\netscanpro.exe: [Debugger] svchost.exe
IMEO\netspyhunter-1.2.exe: [Debugger] svchost.exe
IMEO\netutils.exe: [Debugger] svchost.exe
IMEO\nisserv.exe: [Debugger] svchost.exe
IMEO\nisum.exe: [Debugger] svchost.exe
IMEO\nmain.exe: [Debugger] svchost.exe
IMEO\nod32.exe: [Debugger] svchost.exe
IMEO\normist.exe: [Debugger] svchost.exe
IMEO\norton_internet_secu_3.0_407.exe: [Debugger] svchost.exe
IMEO\notstart.exe: [Debugger] svchost.exe
IMEO\npf40_tw_98_nt_me_2k.exe: [Debugger] svchost.exe
IMEO\npfmessenger.exe: [Debugger] svchost.exe
IMEO\nprotect.exe: [Debugger] svchost.exe
IMEO\npscheck.exe: [Debugger] svchost.exe
IMEO\npssvc.exe: [Debugger] svchost.exe
IMEO\nsched32.exe: [Debugger] svchost.exe
IMEO\nssys32.exe: [Debugger] svchost.exe
IMEO\nstask32.exe: [Debugger] svchost.exe
IMEO\nsupdate.exe: [Debugger] svchost.exe
IMEO\nt.exe: [Debugger] svchost.exe
IMEO\ntrtscan.exe: [Debugger] svchost.exe
IMEO\ntvdm.exe: [Debugger] svchost.exe
IMEO\ntxconfig.exe: [Debugger] svchost.exe
IMEO\nui.exe: [Debugger] svchost.exe
IMEO\nupgrade.exe: [Debugger] svchost.exe
IMEO\nvarch16.exe: [Debugger] svchost.exe
IMEO\nvc95.exe: [Debugger] svchost.exe
IMEO\nvsvc32.exe: [Debugger] svchost.exe
IMEO\nwinst4.exe: [Debugger] svchost.exe
IMEO\nwservice.exe: [Debugger] svchost.exe
IMEO\nwtool16.exe: [Debugger] svchost.exe
IMEO\OAcat.exe: [Debugger] svchost.exe
IMEO\OAhlp.exe: [Debugger] svchost.exe
IMEO\OAReg.exe: [Debugger] svchost.exe
IMEO\oasrv.exe: [Debugger] svchost.exe
IMEO\oaui.exe: [Debugger] svchost.exe
IMEO\oaview.exe: [Debugger] svchost.exe
IMEO\ODSW.exe: [Debugger] svchost.exe
IMEO\ollydbg.exe: [Debugger] svchost.exe
IMEO\onsrvr.exe: [Debugger] svchost.exe
IMEO\optimize.exe: [Debugger] svchost.exe
IMEO\ostronet.exe: [Debugger] svchost.exe
IMEO\otfix.exe: [Debugger] svchost.exe
IMEO\outpost.exe: [Debugger] svchost.exe
IMEO\outpostinstall.exe: [Debugger] svchost.exe
IMEO\outpostproinstall.exe: [Debugger] svchost.exe
IMEO\ozn695m5.exe: [Debugger] svchost.exe
IMEO\padmin.exe: [Debugger] svchost.exe
IMEO\panixk.exe: [Debugger] svchost.exe
IMEO\patch.exe: [Debugger] svchost.exe
IMEO\pav.exe: [Debugger] svchost.exe
IMEO\pavcl.exe: [Debugger] svchost.exe
IMEO\PavFnSvr.exe: [Debugger] svchost.exe
IMEO\pavproxy.exe: [Debugger] svchost.exe
IMEO\pavprsrv.exe: [Debugger] svchost.exe
IMEO\pavsched.exe: [Debugger] svchost.exe
IMEO\pavsrv51.exe: [Debugger] svchost.exe
IMEO\pavw.exe: [Debugger] svchost.exe
IMEO\pc.exe: [Debugger] svchost.exe
IMEO\pccwin98.exe: [Debugger] svchost.exe
IMEO\pcfwallicon.exe: [Debugger] svchost.exe
IMEO\pcip10117_0.exe: [Debugger] svchost.exe
IMEO\pcscan.exe: [Debugger] svchost.exe
IMEO\pctsAuxs.exe: [Debugger] svchost.exe
IMEO\pctsGui.exe: [Debugger] svchost.exe
IMEO\pctsSvc.exe: [Debugger] svchost.exe
IMEO\pctsTray.exe: [Debugger] svchost.exe
IMEO\PC_Antispyware2010.exe: [Debugger] svchost.exe
IMEO\pdfndr.exe: [Debugger] svchost.exe
IMEO\pdsetup.exe: [Debugger] svchost.exe
IMEO\PerAvir.exe: [Debugger] svchost.exe
IMEO\periscope.exe: [Debugger] svchost.exe
IMEO\persfw.exe: [Debugger] svchost.exe
IMEO\personalguard: [Debugger] svchost.exe
IMEO\personalguard.exe: [Debugger] svchost.exe
IMEO\perswf.exe: [Debugger] svchost.exe
IMEO\pf2.exe: [Debugger] svchost.exe
IMEO\pfwadmin.exe: [Debugger] svchost.exe
IMEO\pgmonitr.exe: [Debugger] svchost.exe
IMEO\pingscan.exe: [Debugger] svchost.exe
IMEO\platin.exe: [Debugger] svchost.exe
IMEO\pop3trap.exe: [Debugger] svchost.exe
IMEO\poproxy.exe: [Debugger] svchost.exe
IMEO\popscan.exe: [Debugger] svchost.exe
IMEO\portdetective.exe: [Debugger] svchost.exe
IMEO\portmonitor.exe: [Debugger] svchost.exe
IMEO\powerscan.exe: [Debugger] svchost.exe
IMEO\ppinupdt.exe: [Debugger] svchost.exe
IMEO\pptbc.exe: [Debugger] svchost.exe
IMEO\ppvstop.exe: [Debugger] svchost.exe
IMEO\prizesurfer.exe: [Debugger] svchost.exe
IMEO\prmt.exe: [Debugger] svchost.exe
IMEO\prmvr.exe: [Debugger] svchost.exe
IMEO\procdump.exe: [Debugger] svchost.exe
IMEO\processmonitor.exe: [Debugger] svchost.exe
IMEO\procexplorerv1.0.exe: [Debugger] svchost.exe
IMEO\programauditor.exe: [Debugger] svchost.exe
IMEO\proport.exe: [Debugger] svchost.exe
IMEO\protector.exe: [Debugger] svchost.exe
IMEO\protectx.exe: [Debugger] svchost.exe
IMEO\PSANCU.exe: [Debugger] svchost.exe
IMEO\PSANHost.exe: [Debugger] svchost.exe
IMEO\PSANToManager.exe: [Debugger] svchost.exe
IMEO\PsCtrls.exe: [Debugger] svchost.exe
IMEO\PsImSvc.exe: [Debugger] svchost.exe
IMEO\PskSvc.exe: [Debugger] svchost.exe
IMEO\pspf.exe: [Debugger] svchost.exe
IMEO\PSUNMain.exe: [Debugger] svchost.exe
IMEO\purge.exe: [Debugger] svchost.exe
IMEO\qconsole.exe: [Debugger] svchost.exe
IMEO\qh.exe: [Debugger] svchost.exe
IMEO\qserver.exe: [Debugger] svchost.exe
IMEO\Quick Heal.exe: [Debugger] svchost.exe
IMEO\QuickHealCleaner.exe: [Debugger] svchost.exe
IMEO\rapapp.exe: [Debugger] svchost.exe
IMEO\rav7.exe: [Debugger] svchost.exe
IMEO\rav7win.exe: [Debugger] svchost.exe
IMEO\rav8win32eng.exe: [Debugger] svchost.exe
IMEO\ray.exe: [Debugger] svchost.exe
IMEO\rb32.exe: [Debugger] svchost.exe
IMEO\rcsync.exe: [Debugger] svchost.exe
IMEO\realmon.exe: [Debugger] svchost.exe
IMEO\reged.exe: [Debugger] svchost.exe
IMEO\regedt32.exe: [Debugger] svchost.exe
IMEO\rescue.exe: [Debugger] svchost.exe
IMEO\rescue32.exe: [Debugger] svchost.exe
IMEO\rrguard.exe: [Debugger] svchost.exe
IMEO\rscdwld.exe: [Debugger] svchost.exe
IMEO\rshell.exe: [Debugger] svchost.exe
IMEO\rtvscan.exe: [Debugger] svchost.exe
IMEO\rtvscn95.exe: [Debugger] svchost.exe
IMEO\rulaunch.exe: [Debugger] svchost.exe
IMEO\rwg: [Debugger] svchost.exe
IMEO\rwg.exe: [Debugger] svchost.exe
IMEO\SafetyKeeper.exe: [Debugger] svchost.exe
IMEO\safeweb.exe: [Debugger] svchost.exe
IMEO\sahagent.exe: [Debugger] svchost.exe
IMEO\Save.exe: [Debugger] svchost.exe
IMEO\SaveArmor.exe: [Debugger] svchost.exe
IMEO\SaveDefense.exe: [Debugger] svchost.exe
IMEO\SaveKeep.exe: [Debugger] svchost.exe
IMEO\savenow.exe: [Debugger] svchost.exe
IMEO\sbserv.exe: [Debugger] svchost.exe
IMEO\sc.exe: [Debugger] svchost.exe
IMEO\scam32.exe: [Debugger] svchost.exe
IMEO\scan32.exe: [Debugger] svchost.exe
IMEO\scan95.exe: [Debugger] svchost.exe
IMEO\scanpm.exe: [Debugger] svchost.exe
IMEO\scrscan.exe: [Debugger] svchost.exe
IMEO\Secure Veteran.exe: [Debugger] svchost.exe
IMEO\secureveteran.exe: [Debugger] svchost.exe
IMEO\Security Center.exe: [Debugger] svchost.exe
IMEO\SecurityFighter.exe: [Debugger] svchost.exe
IMEO\securitysoldier.exe: [Debugger] svchost.exe
IMEO\serv95.exe: [Debugger] svchost.exe
IMEO\setloadorder.exe: [Debugger] svchost.exe
IMEO\setupvameeval.exe: [Debugger] svchost.exe
IMEO\setup_flowprotector_us.exe: [Debugger] svchost.exe
IMEO\sgssfw32.exe: [Debugger] svchost.exe
IMEO\sh.exe: [Debugger] svchost.exe
IMEO\shellspyinstall.exe: [Debugger] svchost.exe
IMEO\shield.exe: [Debugger] svchost.exe
IMEO\shn.exe: [Debugger] svchost.exe
IMEO\showbehind.exe: [Debugger] svchost.exe
IMEO\signcheck.exe: [Debugger] svchost.exe
IMEO\smart.exe: [Debugger] svchost.exe
IMEO\smartprotector.exe: [Debugger] svchost.exe
IMEO\smc.exe: [Debugger] svchost.exe
IMEO\smrtdefp.exe: [Debugger] svchost.exe
IMEO\sms.exe: [Debugger] svchost.exe
IMEO\smss32.exe: [Debugger] svchost.exe
IMEO\snetcfg.exe: [Debugger] svchost.exe
IMEO\soap.exe: [Debugger] svchost.exe
IMEO\sofi.exe: [Debugger] svchost.exe
IMEO\SoftSafeness.exe: [Debugger] svchost.exe
IMEO\sperm.exe: [Debugger] svchost.exe
IMEO\spf.exe: [Debugger] svchost.exe
IMEO\sphinx.exe: [Debugger] svchost.exe
IMEO\spoler.exe: [Debugger] svchost.exe
IMEO\spoolcv.exe: [Debugger] svchost.exe
IMEO\spoolsv32.exe: [Debugger] svchost.exe
IMEO\spywarexpguard.exe: [Debugger] svchost.exe
IMEO\spyxx.exe: [Debugger] svchost.exe
IMEO\srexe.exe: [Debugger] svchost.exe
IMEO\srng.exe: [Debugger] svchost.exe
IMEO\ss3edit.exe: [Debugger] svchost.exe
IMEO\ssgrate.exe: [Debugger] svchost.exe
IMEO\ssg_4104.exe: [Debugger] svchost.exe
IMEO\st2.exe: [Debugger] svchost.exe
IMEO\start.exe: [Debugger] svchost.exe
IMEO\stcloader.exe: [Debugger] svchost.exe
IMEO\supftrl.exe: [Debugger] svchost.exe
IMEO\support.exe: [Debugger] svchost.exe
IMEO\supporter5.exe: [Debugger] svchost.exe
IMEO\svc.exe: [Debugger] svchost.exe
IMEO\svchostc.exe: [Debugger] svchost.exe
IMEO\svchosts.exe: [Debugger] svchost.exe
IMEO\svshost.exe: [Debugger] svchost.exe
IMEO\sweep95.exe: [Debugger] svchost.exe
IMEO\sweepnet.sweepsrv.sys.swnetsup.exe: [Debugger] svchost.exe
IMEO\symlcsvc.exe: [Debugger] svchost.exe
IMEO\symproxysvc.exe: [Debugger] svchost.exe
IMEO\symtray.exe: [Debugger] svchost.exe
IMEO\system.exe: [Debugger] svchost.exe
IMEO\system32.exe: [Debugger] svchost.exe
IMEO\sysupd.exe: [Debugger] svchost.exe
IMEO\tapinstall.exe: [Debugger] svchost.exe
IMEO\taumon.exe: [Debugger] svchost.exe
IMEO\tbscan.exe: [Debugger] svchost.exe
IMEO\tc.exe: [Debugger] svchost.exe
IMEO\tca.exe: [Debugger] svchost.exe
IMEO\tcm.exe: [Debugger] svchost.exe
IMEO\tds-3.exe: [Debugger] svchost.exe
IMEO\tds2-98.exe: [Debugger] svchost.exe
IMEO\tds2-nt.exe: [Debugger] svchost.exe
IMEO\teekids.exe: [Debugger] svchost.exe
IMEO\tfak.exe: [Debugger] svchost.exe
IMEO\tfak5.exe: [Debugger] svchost.exe
IMEO\tgbob.exe: [Debugger] svchost.exe
IMEO\titanin.exe: [Debugger] svchost.exe
IMEO\titaninxp.exe: [Debugger] svchost.exe
IMEO\TPSrv.exe: [Debugger] svchost.exe
IMEO\trickler.exe: [Debugger] svchost.exe
IMEO\trjscan.exe: [Debugger] svchost.exe
IMEO\trjsetup.exe: [Debugger] svchost.exe
IMEO\trojantrap3.exe: [Debugger] svchost.exe
IMEO\TrustWarrior.exe: [Debugger] svchost.exe
IMEO\tsadbot.exe: [Debugger] svchost.exe
IMEO\tsc.exe: [Debugger] svchost.exe
IMEO\tvmd.exe: [Debugger] svchost.exe
IMEO\tvtmd.exe: [Debugger] svchost.exe
IMEO\undoboot.exe: [Debugger] svchost.exe
IMEO\updat.exe: [Debugger] svchost.exe
IMEO\upgrad.exe: [Debugger] svchost.exe
IMEO\utpost.exe: [Debugger] svchost.exe
IMEO\vbcmserv.exe: [Debugger] svchost.exe
IMEO\vbcons.exe: [Debugger] svchost.exe
IMEO\vbust.exe: [Debugger] svchost.exe
IMEO\vbwin9x.exe: [Debugger] svchost.exe
IMEO\vbwinntw.exe: [Debugger] svchost.exe
IMEO\vcsetup.exe: [Debugger] svchost.exe
IMEO\vet32.exe: [Debugger] svchost.exe
IMEO\vet95.exe: [Debugger] svchost.exe
IMEO\vettray.exe: [Debugger] svchost.exe
IMEO\vfsetup.exe: [Debugger] svchost.exe
IMEO\vir-help.exe: [Debugger] svchost.exe
IMEO\virusmdpersonalfirewall.exe: [Debugger] svchost.exe
IMEO\virusutilities.exe: [Debugger] svchost.exe
IMEO\VisthAux.exe: [Debugger] svchost.exe
IMEO\VisthLic.exe: [Debugger] svchost.exe
IMEO\VisthUpd.exe: [Debugger] svchost.exe
IMEO\vnlan300.exe: [Debugger] svchost.exe
IMEO\vnpc3000.exe: [Debugger] svchost.exe
IMEO\vpc32.exe: [Debugger] svchost.exe
IMEO\vpc42.exe: [Debugger] svchost.exe
IMEO\vpfw30s.exe: [Debugger] svchost.exe
IMEO\vptray.exe: [Debugger] svchost.exe
IMEO\vscan40.exe: [Debugger] svchost.exe
IMEO\vscenu6.02d30.exe: [Debugger] svchost.exe
IMEO\vsched.exe: [Debugger] svchost.exe
IMEO\vsecomr.exe: [Debugger] svchost.exe
IMEO\vshwin32.exe: [Debugger] svchost.exe
IMEO\vsisetup.exe: [Debugger] svchost.exe
IMEO\vsmain.exe: [Debugger] svchost.exe
IMEO\vsmon.exe: [Debugger] svchost.exe
IMEO\vsstat.exe: [Debugger] svchost.exe
IMEO\vswin9xe.exe: [Debugger] svchost.exe
IMEO\vswinntse.exe: [Debugger] svchost.exe
IMEO\vswinperse.exe: [Debugger] svchost.exe
IMEO\w32dsm89.exe: [Debugger] svchost.exe
IMEO\W3asbas.exe: [Debugger] svchost.exe
IMEO\w9x.exe: [Debugger] svchost.exe
IMEO\watchdog.exe: [Debugger] svchost.exe
IMEO\webdav.exe: [Debugger] svchost.exe
IMEO\WebProxy.exe: [Debugger] svchost.exe
IMEO\webscanx.exe: [Debugger] svchost.exe
IMEO\webtrap.exe: [Debugger] svchost.exe
IMEO\wfindv32.exe: [Debugger] svchost.exe
IMEO\whoswatchingme.exe: [Debugger] svchost.exe
IMEO\wimmun32.exe: [Debugger] svchost.exe
IMEO\win-bugsfix.exe: [Debugger] svchost.exe
IMEO\win32.exe: [Debugger] svchost.exe
IMEO\win32us.exe: [Debugger] svchost.exe
IMEO\winactive.exe: [Debugger] svchost.exe
IMEO\winav.exe: [Debugger] svchost.exe
IMEO\windll32.exe: [Debugger] svchost.exe
IMEO\window.exe: [Debugger] svchost.exe
IMEO\windows Police Pro.exe: [Debugger] svchost.exe
IMEO\windows.exe: [Debugger] svchost.exe
IMEO\wininetd.exe: [Debugger] svchost.exe
IMEO\wininitx.exe: [Debugger] svchost.exe
IMEO\winlogin.exe: [Debugger] svchost.exe
IMEO\winmain.exe: [Debugger] svchost.exe
IMEO\winppr32.exe: [Debugger] svchost.exe
IMEO\winrecon.exe: [Debugger] svchost.exe
IMEO\winservn.exe: [Debugger] svchost.exe
IMEO\winssk32.exe: [Debugger] svchost.exe
IMEO\winstart.exe: [Debugger] svchost.exe
IMEO\winstart001.exe: [Debugger] svchost.exe
IMEO\wintsk32.exe: [Debugger] svchost.exe
IMEO\winupdate.exe: [Debugger] svchost.exe
IMEO\wkufind.exe: [Debugger] svchost.exe
IMEO\wnad.exe: [Debugger] svchost.exe
IMEO\wnt.exe: [Debugger] svchost.exe
IMEO\wradmin.exe: [Debugger] svchost.exe
IMEO\wrctrl.exe: [Debugger] svchost.exe
IMEO\wsbgate.exe: [Debugger] svchost.exe
IMEO\wscfxas.exe: [Debugger] svchost.exe
IMEO\wscfxav.exe: [Debugger] svchost.exe
IMEO\wscfxfw.exe: [Debugger] svchost.exe
IMEO\wsctool.exe: [Debugger] svchost.exe
IMEO\wupdater.exe: [Debugger] svchost.exe
IMEO\wupdt.exe: [Debugger] svchost.exe
IMEO\wyvernworksfirewall.exe: [Debugger] svchost.exe
IMEO\xpdeluxe.exe: [Debugger] svchost.exe
IMEO\xpf202en.exe: [Debugger] svchost.exe
IMEO\xp_antispyware.exe: [Debugger] svchost.exe
IMEO\zapro.exe: [Debugger] svchost.exe
IMEO\zapsetup3001.exe: [Debugger] svchost.exe
IMEO\zatutor.exe: [Debugger] svchost.exe
IMEO\zonalm2601.exe: [Debugger] svchost.exe
IMEO\zonealarm.exe: [Debugger] svchost.exe
IMEO\_avp32.exe: [Debugger] svchost.exe
IMEO\_avpcc.exe: [Debugger] svchost.exe
IMEO\_avpm.exe: [Debugger] svchost.exe
IMEO\~1.exe: [Debugger] svchost.exe
IMEO\~2.exe: [Debugger] svchost.exe
Lsa: [Notification Packages] DPPassFilter scecli
SubSystems: [Windows] ATTENTION! ====> ZeroAccess
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG2013\avgrsa.exe /sync /restart

==================== Services (Whitelisted) =================

S2 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [913792 2012-05-26] (IObit)
S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
S2 DvmMDES; C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe [338168 2010-03-05] (DeviceVM, Inc.)
S2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] ()
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [126400 2011-08-03] (Symantec Corporation)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_471277d5d45019ea\STacSV64.exe [244736 2010-02-01] (IDT, Inc.)
S2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [x]

==================== Drivers (Whitelisted) ====================

S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx64.sys [954928 2010-08-31] (Symantec Corporation)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx64.sys [954928 2010-08-31] (Symantec Corporation)
S1 ccHP; C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [593544 2011-08-03] (Symantec Corporation)
S1 DVMIO; C:\Windows\System32\DRIVERS\dvmio.sys [20056 2009-11-11] (DeviceVM, Inc.)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2010-08-13] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2010-08-13] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101012.001\IDSvia64.sys [476720 2010-09-15] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20101012.001\IDSvia64.sys [476720 2010-09-15] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMDS64.SYS [433200 2009-08-29] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [221304 2011-08-21] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2010-08-13] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [150064 2010-04-28] (Symantec Corporation)
S1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [451704 2011-08-21] (Symantec Corporation)
S2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2010-02-22] (CyberLink Corp.)
S2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2010-02-22] (CyberLink Corp.)
S3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101013.022\ENG64.SYS [x]
S3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20101013.022\EX64.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-30 18:47 - 2013-07-30 18:47 - 00000000 ____D C:\FRST
2013-07-25 16:58 - 2013-07-27 20:58 - 00000004 _____ C:\Users\Jacob\AppData\Roaming\skype.ini

==================== One Month Modified Files and Folders =======

2013-07-27 21:26 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-27 21:26 - 2009-07-13 20:45 - 00023248 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-27 21:22 - 2012-10-03 15:18 - 00033500 _____ C:\Windows\setupact.log
2013-07-27 21:22 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-27 21:20 - 2012-06-12 14:21 - 00000000 ____D C:\ProgramData\HitmanPro
2013-07-27 21:09 - 2009-07-13 21:13 - 00726270 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-27 20:58 - 2013-07-25 16:58 - 00000004 _____ C:\Users\Jacob\AppData\Roaming\skype.ini
2013-07-27 20:58 - 2011-12-23 20:48 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-25 19:48 - 2013-01-30 15:49 - 00000000 ____D C:\Windows\Minidump
2013-07-25 19:48 - 2012-06-09 19:03 - 00000000 ____D C:\ProgramData\Skype
2013-07-25 19:48 - 2011-12-23 20:47 - 00000000 ____D C:\Windows\System32\Macromed
2013-07-25 19:48 - 2010-08-13 19:46 - 00000000 ____D C:\users\Jacob
2013-07-25 19:48 - 2010-07-21 01:41 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-25 19:48 - 2010-04-25 09:06 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2013-07-25 19:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-07-25 19:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
2013-07-25 17:56 - 2012-10-04 11:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-25 17:41 - 2011-12-23 20:48 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-25 10:34 - 2009-09-06 16:40 - 00000000 ____D C:\SwSetup
2013-07-22 18:23 - 2011-04-01 09:21 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-07-19 16:02 - 2012-06-09 19:03 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-07-15 13:36 - 2011-12-23 20:48 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-15 13:36 - 2011-12-23 20:48 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-14 18:14 - 2012-02-04 20:48 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-13 20:38 - 2012-10-03 15:16 - 00010632 _____ C:\Windows\PFRO.log
2013-07-02 06:59 - 2011-06-27 09:29 - 00001854 _____ C:\Users\Jacob\AppData\Roaming\GhostObjGAFix.xml

ZeroAccess:
C:\Windows\Installer\{481395a1-f057-fe91-5dbc-70fae573745a}

ZeroAccess:
C:\Windows\System32\consrv.dll

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1998021943-1006116369-3546059024-1001\$481395a1f057fe915dbc70fae573745a

ZeroAccess:
C:\Users\Jacob\AppData\Local\{481395a1-f057-fe91-5dbc-70fae573745a}
C:\Users\Jacob\AppData\Local\{481395a1-f057-fe91-5dbc-70fae573745a}\@

Files to move or delete:
====================
C:\Users\Jacob\AppData\Roaming\skype.dat
C:\Users\Jacob\AppData\Roaming\skype.ini

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2012-10-08 16:40:37
Restore point made on: 2012-10-08 16:42:54
Restore point made on: 2013-03-11 15:40:17
Restore point made on: 2013-06-12 18:17:40
Restore point made on: 2013-06-24 16:50:34

==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 3834.9 MB
Available physical RAM: 3117.43 MB
Total Pagefile: 3833.05 MB
Available Pagefile: 3108.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:444.89 GB) (Free:368.08 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive d: (HITMANPRO) (Removable) (Total:1.92 GB) (Free:1.92 GB) FAT32 (Disk=1 Partition=1)
Drive f: (RECOVERY) (Fixed) (Total:20.58 GB) (Free:2.99 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]
Drive g: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 (Disk=0 Partition=4)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: FE661C77)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=445 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 3E5954BC)
Partition 1: (Active) - (Size=2 GB) - (Type=0B)


LastRegBack: 2013-06-12 18:10

==================== End Of Log ============================

 



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:46 AM

Posted 31 July 2013 - 09:05 PM

Hello

Please run the following:
  • NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system
  • Please download [attachment=140449:FixList.txt]
  • Save it to your flash drive.
  • Boot to System Recovery Options as you did before and select "Command Prompt".
  • Run FRST64 and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your next reply.
NEXT

Refer to the ComboFix User's Guide
  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:03:46 AM

Posted 11 August 2013 - 06:23 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users