1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

PC Cleaner infesting my machine?

Discussion in 'Virus & Other Malware Removal' started by Enegue, Dec 31, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Enegue

    Enegue Thread Starter

    Joined:
    Dec 31, 2012
    Messages:
    14
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 32 bit
    Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz, x64 Family 6 Model 23 Stepping 10
    Processor Count: 2
    RAM: 2939 Mb
    Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 3 Mb
    Hard Drives: C: Total - 295546 MB, Free - 256898 MB;
    Motherboard: TOSHIBA, Portable PC
    Antivirus: McAfee Anti-Virus and Anti-Spyware, Disabled



    I rate my computer skills on a 10 scale at about about 4¾,so, please reply using the KISS program.
    Advising me to FAQ the PDQ and double whammy the snerdling will go right over my head.
    My problem is my own ignorance in lending my laptop and getting it back with a program called "PC Cleaner "NOT PC Cleaner Pro. I also note that your website carries a banner for a similar named program? I believe this link is the culprit? http://www.ehow.com/how_5003975_remove-pc-cleaner.html
    however I can find none of the files or registry entries that they mention except for "pccleaner.exe", which I renamed and restarted my machine with the same problem.
    The problem is demonstrated by the fact that I am unable to access my McAfee Total Security program. After getting the machine back I went to update my McAfee files (subscription does not expire till 12/13) and the program would not open nor would it "scan" any files. In Windows McAfee shows to be incompatible and in the Win security it shows as "snoozed" The McAfee forum suggested Malwarebytes. I DL’d the Malwarebytes program and installed it BUT it wouldn’t open either. Their forum had no answer. Went back to McAfee and found your name so here I am.
    This PC Cleaner thing does not show up in Win7 “uninstall” nor does it show up in the program at Start.
    The McAfee “Security Advisor” seems to be working because when I went to “bleeping computer” to DL the files you want, McAfee warned it was a dangerous site.
    Thanks for any and all help you can give.


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:48:07 PM, on 12/30/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal
    Running processes:
    C:\windows\system32\taskhost.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\TOSHIBA\TECO\TEco.exe
    C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
    C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFBA.EXE
    C:\windows\system32\igfxext.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
    c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\beau mcmullen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VYGAZ996\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
    O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [IgfxTray] "C:\windows\system32\igfxtray.exe"
    O4 - HKLM\..\Run: [HotKeysCmds] "C:\windows\system32\hkcmd.exe"
    O4 - HKLM\..\Run: [Persistence] "C:\windows\system32\igfxpers.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe"
    O4 - HKLM\..\Run: [SynTPEnh] "%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [TPwrMain] "%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE"
    O4 - HKLM\..\Run: [HSON] "%ProgramFiles%\TOSHIBA\TBS\HSON.exe"
    O4 - HKLM\..\Run: [SmoothView] "%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe"
    O4 - HKLM\..\Run: [00TCrdMain] "%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe"
    O4 - HKLM\..\Run: [TosWaitSrv] "%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe"
    O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    O4 - HKLM\..\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
    O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    O4 - HKLM\..\Run: [SmartFaceVWatcher] "%ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe"
    O4 - HKLM\..\Run: [TosSENotify] "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe"
    O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
    O4 - HKLM\..\Run: [LTCM Client] "C:\Program Files\LTCM Client\ltcmClient.exe" /startup
    O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
    O4 - HKCU\..\Run: [MyTOSHIBA] "C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe" /AUTO
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [xoxuxkub] "C:\Users\beau mcmullen\AppData\Local\oirwha\vkaysftav.exe"
    O4 - HKCU\..\Run: [wokkkjsp] "C:\Users\beau mcmullen\AppData\Local\xjijvv\vyhlsftav.exe"
    O4 - HKCU\..\Run: [ifnndpev] "C:\Users\beau mcmullen\AppData\Local\ejaqpc\fcemsftav.exe"
    O4 - HKCU\..\Run: [anrspkym] C:\Users\beau mcmullen\AppData\Local\wqclar\mbycsftav.exe
    O4 - HKCU\..\Run: [yndhbfyr] C:\Users\beau mcmullen\AppData\Local\jydmnp\mryesftav.exe
    O4 - HKCU\..\Run: [EPSON NX110 Series (Copy 1)] "C:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIFBA.EXE" /FU "C:\windows\TEMP\E_S14C8.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [EPSON NX110 Series] "C:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIFBA.EXE" /FU "C:\windows\TEMP\E_SB57A.tmp" /EF "HKCU"
    O4 - Startup: Epson all-in-one Registration.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
    O23 - Service: AT&T Con App Svc (CAATT) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe
    O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\windows\system32\mfevtps.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
    O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    --
    End of file - 11166 bytes


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/9/2009 10:07:34 PM
    System Uptime: 12/30/2012 10:36:41 PM (2 hours ago)
    .
    Motherboard: TOSHIBA | | Portable PC
    Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz | CPU | 2100/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 289 GiB total, 250.801 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP232: 8/2/2012 3:00:17 AM - Windows Update
    RP233: 8/10/2012 1:50:37 AM - Removed Facebook Video Calling 1.2.0.159
    RP234: 8/10/2012 10:29:40 AM - Windows Update
    RP235: 9/30/2012 8:16:36 PM - Scheduled Checkpoint
    RP236: 10/1/2012 3:00:15 AM - Windows Update
    RP237: 10/23/2012 10:55:31 AM - Windows Update
    RP238: 12/25/2012 12:28:47 AM - Windows Update
    RP239: 12/27/2012 2:23:40 AM - Windows Update
    RP240: 12/29/2012 7:57:26 PM - Windows Update
    RP241: 12/29/2012 8:12:35 PM - Restore Operation
    RP243: 12/29/2012 9:39:10 PM - DCInstallRestorePoint
    RP244: 12/30/2012 10:25:14 PM - Removed Skype™ 5.10
    RP245: 12/30/2012 10:26:53 PM - Removed Skype Toolbars
    .
    ==== Image File Execution Options =============
    .
    IFEO: a.exe - svchost.exe
    IFEO: aAvgApi.exe - svchost.exe
    IFEO: AAWTray.exe - svchost.exe
    IFEO: About.exe - svchost.exe
    IFEO: ackwin32.exe - svchost.exe
    IFEO: Ad-Aware.exe - svchost.exe
    IFEO: adaware.exe - svchost.exe
    IFEO: advxdwin.exe - svchost.exe
    IFEO: AdwarePrj.exe - svchost.exe
    IFEO: agent.exe - svchost.exe
    IFEO: agentsvr.exe - svchost.exe
    IFEO: agentw.exe - svchost.exe
    IFEO: alertsvc.exe - svchost.exe
    IFEO: alevir.exe - svchost.exe
    IFEO: alogserv.exe - svchost.exe
    IFEO: AlphaAV - svchost.exe
    IFEO: AlphaAV.exe - svchost.exe
    IFEO: AluSchedulerSvc.exe - svchost.exe
    IFEO: amon9x.exe - svchost.exe
    IFEO: anti-trojan.exe - svchost.exe
    IFEO: Anti-Virus Professional.exe - svchost.exe
    IFEO: AntispywarXP2009.exe - svchost.exe
    IFEO: antivirus.exe - svchost.exe
    IFEO: AntivirusPlus - svchost.exe
    IFEO: AntivirusPlus.exe - svchost.exe
    IFEO: AntivirusPro_2010.exe - svchost.exe
    IFEO: AntivirusXP - svchost.exe
    IFEO: AntivirusXP.exe - svchost.exe
    IFEO: antivirusxppro2009.exe - svchost.exe
    IFEO: AntiVirus_Pro.exe - svchost.exe
    IFEO: ants.exe - svchost.exe
    IFEO: apimonitor.exe - svchost.exe
    IFEO: aplica32.exe - svchost.exe
    IFEO: apvxdwin.exe - svchost.exe
    IFEO: arr.exe - svchost.exe
    IFEO: ashAvast.exe - svchost.exe
    IFEO: ashBug.exe - svchost.exe
    IFEO: ashChest.exe - svchost.exe
    IFEO: ashCnsnt.exe - svchost.exe
    IFEO: ashDisp.exe - svchost.exe
    IFEO: ashLogV.exe - svchost.exe
    IFEO: ashMaiSv.exe - svchost.exe
    IFEO: ashPopWz.exe - svchost.exe
    IFEO: ashQuick.exe - svchost.exe
    IFEO: ashServ.exe - svchost.exe
    IFEO: ashSimp2.exe - svchost.exe
    IFEO: ashSimpl.exe - svchost.exe
    IFEO: ashSkPcc.exe - svchost.exe
    IFEO: ashSkPck.exe - svchost.exe
    IFEO: ashUpd.exe - svchost.exe
    IFEO: ashWebSv.exe - svchost.exe
    IFEO: aswChLic.exe - svchost.exe
    IFEO: aswRegSvr.exe - svchost.exe
    IFEO: aswRunDll.exe - svchost.exe
    IFEO: aswUpdSv.exe - svchost.exe
    IFEO: atcon.exe - svchost.exe
    IFEO: atguard.exe - svchost.exe
    IFEO: atro55en.exe - svchost.exe
    IFEO: atupdater.exe - svchost.exe
    IFEO: atwatch.exe - svchost.exe
    IFEO: au.exe - svchost.exe
    IFEO: aupdate.exe - svchost.exe
    IFEO: auto-protect.nav80try.exe - svchost.exe
    IFEO: autodown.exe - svchost.exe
    IFEO: autotrace.exe - svchost.exe
    IFEO: autoupdate.exe - svchost.exe
    IFEO: av360.exe - svchost.exe
    IFEO: avadmin.exe - svchost.exe
    IFEO: avastSvc.exe - svchost.exe
    IFEO: avastUI.exe - svchost.exe
    IFEO: AVCare.exe - svchost.exe
    IFEO: avcenter.exe - svchost.exe
    IFEO: avciman.exe - svchost.exe
    IFEO: avconfig.exe - svchost.exe
    IFEO: avconsol.exe - svchost.exe
    IFEO: ave32.exe - svchost.exe
    IFEO: AVENGINE.EXE - svchost.exe
    IFEO: avgcc32.exe - svchost.exe
    IFEO: avgchk.exe - svchost.exe
    IFEO: avgcmgr.exe - svchost.exe
    IFEO: avgcsrvx.exe - svchost.exe
    IFEO: avgctrl.exe - svchost.exe
    IFEO: avgdumpx.exe - svchost.exe
    IFEO: avgemc.exe - svchost.exe
    IFEO: avgiproxy.exe - svchost.exe
    IFEO: avgnsx.exe - svchost.exe
    IFEO: avgnt.exe - svchost.exe
    IFEO: avgrsx.exe - svchost.exe
    IFEO: avgscanx.exe - svchost.exe
    IFEO: avgserv.exe - svchost.exe
    IFEO: avgserv9.exe - svchost.exe
    IFEO: avgsrmax.exe - svchost.exe
    IFEO: avgtray.exe - svchost.exe
    IFEO: avguard.exe - svchost.exe
    IFEO: avgui.exe - svchost.exe
    IFEO: avgupd.exe - svchost.exe
    IFEO: avgw.exe - svchost.exe
    IFEO: avgwdsvc.exe - svchost.exe
    IFEO: avkpop.exe - svchost.exe
    IFEO: avkserv.exe - svchost.exe
    IFEO: avkservice.exe - svchost.exe
    IFEO: avkwctl9.exe - svchost.exe
    IFEO: avltmain.exe - svchost.exe
    IFEO: avmailc.exe - svchost.exe
    IFEO: avmcdlg.exe - svchost.exe
    IFEO: avnotify.exe - svchost.exe
    IFEO: avnt.exe - svchost.exe
    IFEO: avp32.exe - svchost.exe
    IFEO: avpcc.exe - svchost.exe
    IFEO: avpdos32.exe - svchost.exe
    IFEO: avpm.exe - svchost.exe
    IFEO: avptc32.exe - svchost.exe
    IFEO: avpupd.exe - svchost.exe
    IFEO: avsched32.exe - svchost.exe
    IFEO: avshadow.exe - svchost.exe
    IFEO: avsynmgr.exe - svchost.exe
    IFEO: avupgsvc.exe - svchost.exe
    IFEO: AVWEBGRD.EXE - svchost.exe
    IFEO: avwin.exe - svchost.exe
    IFEO: avwin95.exe - svchost.exe
    IFEO: avwinnt.exe - svchost.exe
    IFEO: avwsc.exe - svchost.exe
    IFEO: avwupd.exe - svchost.exe
    IFEO: avwupd32.exe - svchost.exe
    IFEO: avwupsrv.exe - svchost.exe
    IFEO: avxmonitor9x.exe - svchost.exe
    IFEO: avxmonitornt.exe - svchost.exe
    IFEO: avxquar.exe - svchost.exe
    IFEO: b.exe - svchost.exe
    IFEO: backweb.exe - svchost.exe
    IFEO: bargains.exe - svchost.exe
    IFEO: bdfvcl.exe - svchost.exe
    IFEO: bdfvwiz.exe - svchost.exe
    IFEO: BDInProcPatch.exe - svchost.exe
    IFEO: bdmcon.exe - svchost.exe
    IFEO: BDMsnScan.exe - svchost.exe
    IFEO: BDSurvey.exe - svchost.exe
    IFEO: bd_professional.exe - svchost.exe
    IFEO: beagle.exe - svchost.exe
    IFEO: belt.exe - svchost.exe
    IFEO: bidef.exe - svchost.exe
    IFEO: bidserver.exe - svchost.exe
    IFEO: bipcp.exe - svchost.exe
    IFEO: bipcpevalsetup.exe - svchost.exe
    IFEO: bisp.exe - svchost.exe
    IFEO: blackd.exe - svchost.exe
    IFEO: blackice.exe - svchost.exe
    IFEO: blink.exe - svchost.exe
    IFEO: blss.exe - svchost.exe
    IFEO: bootconf.exe - svchost.exe
    IFEO: bootwarn.exe - svchost.exe
    IFEO: borg2.exe - svchost.exe
    IFEO: bpc.exe - svchost.exe
    IFEO: brasil.exe - svchost.exe
    IFEO: brastk.exe - svchost.exe
    IFEO: brw.exe - svchost.exe
    IFEO: bs120.exe - svchost.exe
    IFEO: bspatch.exe - svchost.exe
    IFEO: bundle.exe - svchost.exe
    IFEO: bvt.exe - svchost.exe
    IFEO: c.exe - svchost.exe
    IFEO: cavscan.exe - svchost.exe
    IFEO: ccapp.exe - svchost.exe
    IFEO: ccevtmgr.exe - svchost.exe
    IFEO: ccpxysvc.exe - svchost.exe
    IFEO: ccSvcHst.exe - svchost.exe
    IFEO: cdp.exe - svchost.exe
    IFEO: cfd.exe - svchost.exe
    IFEO: cfgwiz.exe - svchost.exe
    IFEO: cfiadmin.exe - svchost.exe
    IFEO: cfiaudit.exe - svchost.exe
    IFEO: cfinet.exe - svchost.exe
    IFEO: cfinet32.exe - svchost.exe
    IFEO: cfp.exe - svchost.exe
    IFEO: cfpconfg.exe - svchost.exe
    IFEO: cfplogvw.exe - svchost.exe
    IFEO: cfpupdat.exe - svchost.exe
    IFEO: claw95.exe - svchost.exe
    IFEO: claw95cf.exe - svchost.exe
    IFEO: clean.exe - svchost.exe
    IFEO: cleaner.exe - svchost.exe
    IFEO: cleaner3.exe - svchost.exe
    IFEO: cleanIELow.exe - svchost.exe
    IFEO: cleanpc.exe - svchost.exe
    IFEO: click.exe - svchost.exe
    IFEO: cmd32.exe - svchost.exe
    IFEO: cmdagent.exe - svchost.exe
    IFEO: cmesys.exe - svchost.exe
    IFEO: cmgrdian.exe - svchost.exe
    IFEO: cmon016.exe - svchost.exe
    IFEO: connectionmonitor.exe - svchost.exe
    IFEO: control - svchost.exe
    IFEO: cpd.exe - svchost.exe
    IFEO: cpf9x206.exe - svchost.exe
    IFEO: cpfnt206.exe - svchost.exe
    IFEO: crashrep.exe - svchost.exe
    IFEO: csc.exe - svchost.exe
    IFEO: cssconfg.exe - svchost.exe
    IFEO: cssupdat.exe - svchost.exe
    IFEO: cssurf.exe - svchost.exe
    IFEO: ctrl.exe - svchost.exe
    IFEO: cv.exe - svchost.exe
    IFEO: cwnb181.exe - svchost.exe
    IFEO: cwntdwmo.exe - svchost.exe
    IFEO: d.exe - svchost.exe
    IFEO: datemanager.exe - svchost.exe
    IFEO: dcomx.exe - svchost.exe
    IFEO: defalert.exe - svchost.exe
    IFEO: defscangui.exe - svchost.exe
    IFEO: defwatch.exe - svchost.exe
    IFEO: deloeminfs.exe - svchost.exe
    IFEO: deputy.exe - svchost.exe
    IFEO: divx.exe - svchost.exe
    IFEO: dllcache.exe - svchost.exe
    IFEO: dllreg.exe - svchost.exe
    IFEO: doors.exe - svchost.exe
    IFEO: dop.exe - svchost.exe
    IFEO: dpf.exe - svchost.exe
    IFEO: dpfsetup.exe - svchost.exe
    IFEO: dpps2.exe - svchost.exe
    IFEO: driverctrl.exe - svchost.exe
    IFEO: drwatson.exe - svchost.exe
    IFEO: drweb32.exe - svchost.exe
    IFEO: drwebupw.exe - svchost.exe
    IFEO: dssagent.exe - svchost.exe
    IFEO: dvp95.exe - svchost.exe
    IFEO: dvp95_0.exe - svchost.exe
    IFEO: ecengine.exe - svchost.exe
    IFEO: efpeadm.exe - svchost.exe
    IFEO: emsw.exe - svchost.exe
    IFEO: ent.exe - svchost.exe
    IFEO: esafe.exe - svchost.exe
    IFEO: escanhnt.exe - svchost.exe
    IFEO: escanv95.exe - svchost.exe
    IFEO: espwatch.exe - svchost.exe
    IFEO: ethereal.exe - svchost.exe
    IFEO: etrustcipe.exe - svchost.exe
    IFEO: evpn.exe - svchost.exe
    IFEO: exantivirus-cnet.exe - svchost.exe
    IFEO: exe.avxw.exe - svchost.exe
    IFEO: expert.exe - svchost.exe
    IFEO: explore.exe - svchost.exe
    IFEO: f-agnt95.exe - svchost.exe
    IFEO: f-prot.exe - svchost.exe
    IFEO: f-prot95.exe - svchost.exe
    IFEO: f-stopw.exe - svchost.exe
    IFEO: fact.exe - svchost.exe
    IFEO: fameh32.exe - svchost.exe
    IFEO: fast.exe - svchost.exe
    IFEO: fch32.exe - svchost.exe
    IFEO: fih32.exe - svchost.exe
    IFEO: findviru.exe - svchost.exe
    IFEO: firewall.exe - svchost.exe
    IFEO: fixcfg.exe - svchost.exe
    IFEO: fixfp.exe - svchost.exe
    IFEO: fnrb32.exe - svchost.exe
    IFEO: fp-win.exe - svchost.exe
    IFEO: fp-win_trial.exe - svchost.exe
    IFEO: fprot.exe - svchost.exe
    IFEO: frmwrk32.exe - svchost.exe
    IFEO: frw.exe - svchost.exe
    IFEO: fsaa.exe - svchost.exe
    IFEO: fsav.exe - svchost.exe
    IFEO: fsav32.exe - svchost.exe
    IFEO: fsav530stbyb.exe - svchost.exe
    IFEO: fsav530wtbyb.exe - svchost.exe
    IFEO: fsav95.exe - svchost.exe
    IFEO: fsgk32.exe - svchost.exe
    IFEO: fsm32.exe - svchost.exe
    IFEO: fsma32.exe - svchost.exe
    IFEO: fsmb32.exe - svchost.exe
    IFEO: gator.exe - svchost.exe
    IFEO: gav.exe - svchost.exe
    IFEO: gbmenu.exe - svchost.exe
    IFEO: gbn976rl.exe - svchost.exe
    IFEO: gbpoll.exe - svchost.exe
    IFEO: generics.exe - svchost.exe
    IFEO: gmt.exe - svchost.exe
    IFEO: guard.exe - svchost.exe
    IFEO: guarddog.exe - svchost.exe
    IFEO: guardgui.exe - svchost.exe
    IFEO: guardxkickoff.exe - svchost.exe
    IFEO: hacktracersetup.exe - svchost.exe
    IFEO: hbinst.exe - svchost.exe
    IFEO: hbsrv.exe - svchost.exe
    IFEO: History.exe - svchost.exe
    IFEO: homeav2010.exe - svchost.exe
    IFEO: hotactio.exe - svchost.exe
    IFEO: hotpatch.exe - svchost.exe
    IFEO: htlog.exe - svchost.exe
    IFEO: htpatch.exe - svchost.exe
    IFEO: hwpe.exe - svchost.exe
    IFEO: hxdl.exe - svchost.exe
    IFEO: hxiul.exe - svchost.exe
    IFEO: iamapp.exe - svchost.exe
    IFEO: iamserv.exe - svchost.exe
    IFEO: iamstats.exe - svchost.exe
    IFEO: ibmasn.exe - svchost.exe
    IFEO: ibmavsp.exe - svchost.exe
    IFEO: icload95.exe - svchost.exe
    IFEO: icloadnt.exe - svchost.exe
    IFEO: icmon.exe - svchost.exe
    IFEO: icsupp95.exe - svchost.exe
    IFEO: icsuppnt.exe - svchost.exe
    IFEO: Identity.exe - svchost.exe
    IFEO: idle.exe - svchost.exe
    IFEO: iedll.exe - svchost.exe
    IFEO: iedriver.exe - svchost.exe
    IFEO: IEShow.exe - svchost.exe
    IFEO: iface.exe - svchost.exe
    IFEO: ifw2000.exe - svchost.exe
    IFEO: inetlnfo.exe - svchost.exe
    IFEO: infus.exe - svchost.exe
    IFEO: infwin.exe - svchost.exe
    IFEO: init.exe - svchost.exe
    IFEO: init32.exe - svchost.exe
    IFEO: install[1].exe - svchost.exe
    IFEO: install[2].exe - svchost.exe
    IFEO: install[3].exe - svchost.exe
    IFEO: install[4].exe - svchost.exe
    IFEO: install[5].exe - svchost.exe
    IFEO: intdel.exe - svchost.exe
    IFEO: intren.exe - svchost.exe
    IFEO: iomon98.exe - svchost.exe
    IFEO: istsvc.exe - svchost.exe
    IFEO: jammer.exe - svchost.exe
    IFEO: jdbgmrg.exe - svchost.exe
    IFEO: jedi.exe - svchost.exe
    IFEO: JsRcGen.exe - svchost.exe
    IFEO: kavlite40eng.exe - svchost.exe
    IFEO: kavpers40eng.exe - svchost.exe
    IFEO: kavpf.exe - svchost.exe
    IFEO: kazza.exe - svchost.exe
    IFEO: keenvalue.exe - svchost.exe
    IFEO: kerio-pf-213-en-win.exe - svchost.exe
    IFEO: kerio-wrl-421-en-win.exe - svchost.exe
    IFEO: kerio-wrp-421-en-win.exe - svchost.exe
    IFEO: killprocesssetup161.exe - svchost.exe
    IFEO: ldnetmon.exe - svchost.exe
    IFEO: ldpro.exe - svchost.exe
    IFEO: ldpromenu.exe - svchost.exe
    IFEO: ldscan.exe - svchost.exe
    IFEO: licmgr.exe - svchost.exe
    IFEO: lnetinfo.exe - svchost.exe
    IFEO: loader.exe - svchost.exe
    IFEO: localnet.exe - svchost.exe
    IFEO: lockdown.exe - svchost.exe
    IFEO: lockdown2000.exe - svchost.exe
    IFEO: lookout.exe - svchost.exe
    IFEO: lordpe.exe - svchost.exe
    IFEO: lsetup.exe - svchost.exe
    IFEO: luall.exe - svchost.exe
    IFEO: luau.exe - svchost.exe
    IFEO: lucomserver.exe - svchost.exe
    IFEO: luinit.exe - svchost.exe
    IFEO: luspt.exe - svchost.exe
    IFEO: MalwareRemoval.exe - svchost.exe
    IFEO: mapisvc32.exe - svchost.exe
    IFEO: mbam.exe - svchost.exe
    IFEO: mbamgui.exe - svchost.exe
    IFEO: mbamservice.exe - svchost.exe
    IFEO: mcagent.exe - svchost.exe
    IFEO: mcmnhdlr.exe - svchost.exe
    IFEO: mcmpeng.exe - svchost.exe
    IFEO: mcmscsvc.exe - svchost.exe
    IFEO: mcnasvc.exe - svchost.exe
    IFEO: mcproxy.exe - svchost.exe
    IFEO: McSACore.exe - svchost.exe
    IFEO: mcshell.exe - svchost.exe
    IFEO: mcshield.exe - svchost.exe
    IFEO: mcsysmon.exe - svchost.exe
    IFEO: mctool.exe - svchost.exe
    IFEO: mcupdate.exe - svchost.exe
    IFEO: mcvsrte.exe - svchost.exe
    IFEO: mcvsshld.exe - svchost.exe
    IFEO: md.exe - svchost.exe
    IFEO: mfin32.exe - svchost.exe
    IFEO: mfw2en.exe - svchost.exe
    IFEO: mfweng3.02d30.exe - svchost.exe
    IFEO: mgavrtcl.exe - svchost.exe
    IFEO: mgavrte.exe - svchost.exe
    IFEO: mghtml.exe - svchost.exe
    IFEO: mgui.exe - svchost.exe
    IFEO: minilog.exe - svchost.exe
    IFEO: mmod.exe - svchost.exe
    IFEO: monitor.exe - svchost.exe
    IFEO: moolive.exe - svchost.exe
    IFEO: mostat.exe - svchost.exe
    IFEO: mpfagent.exe - svchost.exe
    IFEO: mpfservice.exe - svchost.exe
    IFEO: MPFSrv.exe - svchost.exe
    IFEO: mpftray.exe - svchost.exe
    IFEO: mrflux.exe - svchost.exe
    IFEO: mrt.exe - svchost.exe
    IFEO: msa.exe - svchost.exe
    IFEO: msapp.exe - svchost.exe
    IFEO: MSASCui.exe - svchost.exe
    IFEO: msbb.exe - svchost.exe
    IFEO: msblast.exe - svchost.exe
    IFEO: mscache.exe - svchost.exe
    IFEO: msccn32.exe - svchost.exe
    IFEO: mscman.exe - svchost.exe
    IFEO: msconfig - svchost.exe
    IFEO: msdm.exe - svchost.exe
    IFEO: msdos.exe - svchost.exe
    IFEO: msiexec16.exe - svchost.exe
    IFEO: mslaugh.exe - svchost.exe
    IFEO: msmgt.exe - svchost.exe
    IFEO: msmsgri32.exe - svchost.exe
    IFEO: msseces.exe - svchost.exe
    IFEO: mssmmc32.exe - svchost.exe
    IFEO: mssys.exe - svchost.exe
    IFEO: msvxd.exe - svchost.exe
    IFEO: mu0311ad.exe - svchost.exe
    IFEO: mwatch.exe - svchost.exe
    IFEO: n32scanw.exe - svchost.exe
    IFEO: nav.exe - svchost.exe
    IFEO: navap.navapsvc.exe - svchost.exe
    IFEO: navapsvc.exe - svchost.exe
    IFEO: navapw32.exe - svchost.exe
    IFEO: navdx.exe - svchost.exe
    IFEO: navlu32.exe - svchost.exe
    IFEO: navnt.exe - svchost.exe
    IFEO: navstub.exe - svchost.exe
    IFEO: navw32.exe - svchost.exe
    IFEO: navwnt.exe - svchost.exe
    IFEO: nc2000.exe - svchost.exe
    IFEO: ncinst4.exe - svchost.exe
    IFEO: ndd32.exe - svchost.exe
    IFEO: neomonitor.exe - svchost.exe
    IFEO: neowatchlog.exe - svchost.exe
    IFEO: netarmor.exe - svchost.exe
    IFEO: netd32.exe - svchost.exe
    IFEO: netinfo.exe - svchost.exe
    IFEO: netmon.exe - svchost.exe
    IFEO: netscanpro.exe - svchost.exe
    IFEO: netspyhunter-1.2.exe - svchost.exe
    IFEO: netutils.exe - svchost.exe
    IFEO: nisserv.exe - svchost.exe
    IFEO: nisum.exe - svchost.exe
    IFEO: nmain.exe - svchost.exe
    IFEO: nod32.exe - svchost.exe
    IFEO: normist.exe - svchost.exe
    IFEO: norton_internet_secu_3.0_407.exe - svchost.exe
    IFEO: notstart.exe - svchost.exe
    IFEO: npf40_tw_98_nt_me_2k.exe - svchost.exe
    IFEO: npfmessenger.exe - svchost.exe
    IFEO: nprotect.exe - svchost.exe
    IFEO: npscheck.exe - svchost.exe
    IFEO: npssvc.exe - svchost.exe
    IFEO: nsched32.exe - svchost.exe
    IFEO: nssys32.exe - svchost.exe
    IFEO: nstask32.exe - svchost.exe
    IFEO: nsupdate.exe - svchost.exe
    IFEO: nt.exe - svchost.exe
    IFEO: ntrtscan.exe - svchost.exe
    IFEO: ntvdm.exe - svchost.exe
    IFEO: ntxconfig.exe - svchost.exe
    IFEO: nui.exe - svchost.exe
    IFEO: nupgrade.exe - svchost.exe
    IFEO: nvarch16.exe - svchost.exe
    IFEO: nvc95.exe - svchost.exe
    IFEO: nvsvc32.exe - svchost.exe
    IFEO: nwinst4.exe - svchost.exe
    IFEO: nwservice.exe - svchost.exe
    IFEO: nwtool16.exe - svchost.exe
    IFEO: OAcat.exe - svchost.exe
    IFEO: OAhlp.exe - svchost.exe
    IFEO: OAReg.exe - svchost.exe
    IFEO: oasrv.exe - svchost.exe
    IFEO: oaui.exe - svchost.exe
    IFEO: oaview.exe - svchost.exe
    IFEO: ODSW.exe - svchost.exe
    IFEO: ollydbg.exe - svchost.exe
    IFEO: onsrvr.exe - svchost.exe
    IFEO: optimize.exe - svchost.exe
    IFEO: ostronet.exe - svchost.exe
    IFEO: otfix.exe - svchost.exe
    IFEO: outpost.exe - svchost.exe
    IFEO: outpostinstall.exe - svchost.exe
    IFEO: outpostproinstall.exe - svchost.exe
    IFEO: ozn695m5.exe - svchost.exe
    IFEO: padmin.exe - svchost.exe
    IFEO: panixk.exe - svchost.exe
    IFEO: patch.exe - svchost.exe
    IFEO: pav.exe - svchost.exe
    IFEO: pavcl.exe - svchost.exe
    IFEO: PavFnSvr.exe - svchost.exe
    IFEO: pavproxy.exe - svchost.exe
    IFEO: pavprsrv.exe - svchost.exe
    IFEO: pavsched.exe - svchost.exe
    IFEO: pavsrv51.exe - svchost.exe
    IFEO: pavw.exe - svchost.exe
    IFEO: pc.exe - svchost.exe
    IFEO: pccwin98.exe - svchost.exe
    IFEO: pcfwallicon.exe - svchost.exe
    IFEO: pcip10117_0.exe - svchost.exe
    IFEO: pcscan.exe - svchost.exe
    IFEO: pctsAuxs.exe - svchost.exe
    IFEO: pctsGui.exe - svchost.exe
    IFEO: pctsSvc.exe - svchost.exe
    IFEO: pctsTray.exe - svchost.exe
    IFEO: PC_Antispyware2010.exe - svchost.exe
    IFEO: pdfndr.exe - svchost.exe
    IFEO: pdsetup.exe - svchost.exe
    IFEO: PerAvir.exe - svchost.exe
    IFEO: periscope.exe - svchost.exe
    IFEO: persfw.exe - svchost.exe
    IFEO: personalguard - svchost.exe
    IFEO: personalguard.exe - svchost.exe
    IFEO: perswf.exe - svchost.exe
    IFEO: pf2.exe - svchost.exe
    IFEO: pfwadmin.exe - svchost.exe
    IFEO: pgmonitr.exe - svchost.exe
    IFEO: pingscan.exe - svchost.exe
    IFEO: platin.exe - svchost.exe
    IFEO: pop3trap.exe - svchost.exe
    IFEO: poproxy.exe - svchost.exe
    IFEO: popscan.exe - svchost.exe
    IFEO: portdetective.exe - svchost.exe
    IFEO: portmonitor.exe - svchost.exe
    IFEO: powerscan.exe - svchost.exe
    IFEO: ppinupdt.exe - svchost.exe
    IFEO: pptbc.exe - svchost.exe
    IFEO: ppvstop.exe - svchost.exe
    IFEO: prizesurfer.exe - svchost.exe
    IFEO: prmt.exe - svchost.exe
    IFEO: prmvr.exe - svchost.exe
    IFEO: procdump.exe - svchost.exe
    IFEO: processmonitor.exe - svchost.exe
    IFEO: procexplorerv1.0.exe - svchost.exe
    IFEO: programauditor.exe - svchost.exe
    IFEO: proport.exe - svchost.exe
    IFEO: protector.exe - svchost.exe
    IFEO: protectx.exe - svchost.exe
    IFEO: PSANCU.exe - svchost.exe
    IFEO: PSANHost.exe - svchost.exe
    IFEO: PSANToManager.exe - svchost.exe
    IFEO: PsCtrls.exe - svchost.exe
    IFEO: PsImSvc.exe - svchost.exe
    IFEO: PskSvc.exe - svchost.exe
    IFEO: pspf.exe - svchost.exe
    IFEO: PSUNMain.exe - svchost.exe
    IFEO: purge.exe - svchost.exe
    IFEO: qconsole.exe - svchost.exe
    IFEO: qh.exe - svchost.exe
    IFEO: qserver.exe - svchost.exe
    IFEO: Quick Heal.exe - svchost.exe
    IFEO: QuickHealCleaner.exe - svchost.exe
    IFEO: rapapp.exe - svchost.exe
    IFEO: rav7.exe - svchost.exe
    IFEO: rav7win.exe - svchost.exe
    IFEO: rav8win32eng.exe - svchost.exe
    IFEO: ray.exe - svchost.exe
    IFEO: rb32.exe - svchost.exe
    IFEO: rcsync.exe - svchost.exe
    IFEO: realmon.exe - svchost.exe
    IFEO: reged.exe - svchost.exe
    IFEO: regedt32.exe - svchost.exe
    IFEO: rescue.exe - svchost.exe
    IFEO: rescue32.exe - svchost.exe
    IFEO: rrguard.exe - svchost.exe
    IFEO: rscdwld.exe - svchost.exe
    IFEO: rshell.exe - svchost.exe
    IFEO: rtvscan.exe - svchost.exe
    IFEO: rtvscn95.exe - svchost.exe
    IFEO: rulaunch.exe - svchost.exe
    IFEO: rwg - svchost.exe
    IFEO: rwg.exe - svchost.exe
    IFEO: SafetyKeeper.exe - svchost.exe
    IFEO: safeweb.exe - svchost.exe
    IFEO: sahagent.exe - svchost.exe
    IFEO: Save.exe - svchost.exe
    IFEO: SaveArmor.exe - svchost.exe
    IFEO: SaveDefense.exe - svchost.exe
    IFEO: SaveKeep.exe - svchost.exe
    IFEO: savenow.exe - svchost.exe
    IFEO: sbserv.exe - svchost.exe
    IFEO: sc.exe - svchost.exe
    IFEO: scam32.exe - svchost.exe
    IFEO: scan32.exe - svchost.exe
    IFEO: scan95.exe - svchost.exe
    IFEO: scanpm.exe - svchost.exe
    IFEO: scrscan.exe - svchost.exe
    IFEO: Secure Veteran.exe - svchost.exe
    IFEO: secureveteran.exe - svchost.exe
    IFEO: Security Center.exe - svchost.exe
    IFEO: SecurityFighter.exe - svchost.exe
    IFEO: securitysoldier.exe - svchost.exe
    IFEO: serv95.exe - svchost.exe
    IFEO: setloadorder.exe - svchost.exe
    IFEO: setupvameeval.exe - svchost.exe
    IFEO: setup_flowprotector_us.exe - svchost.exe
    IFEO: sgssfw32.exe - svchost.exe
    IFEO: sh.exe - svchost.exe
    IFEO: shellspyinstall.exe - svchost.exe
    IFEO: shield.exe - svchost.exe
    IFEO: shn.exe - svchost.exe
    IFEO: showbehind.exe - svchost.exe
    IFEO: signcheck.exe - svchost.exe
    IFEO: smart.exe - svchost.exe
    IFEO: smartprotector.exe - svchost.exe
    IFEO: smc.exe - svchost.exe
    IFEO: smrtdefp.exe - svchost.exe
    IFEO: sms.exe - svchost.exe
    IFEO: smss32.exe - svchost.exe
    IFEO: snetcfg.exe - svchost.exe
    IFEO: soap.exe - svchost.exe
    IFEO: sofi.exe - svchost.exe
    IFEO: SoftSafeness.exe - svchost.exe
    IFEO: sperm.exe - svchost.exe
    IFEO: spf.exe - svchost.exe
    IFEO: sphinx.exe - svchost.exe
    IFEO: spoler.exe - svchost.exe
    IFEO: spoolcv.exe - svchost.exe
    IFEO: spoolsv32.exe - svchost.exe
    IFEO: spywarexpguard.exe - svchost.exe
    IFEO: spyxx.exe - svchost.exe
    IFEO: srexe.exe - svchost.exe
    IFEO: srng.exe - svchost.exe
    IFEO: ss3edit.exe - svchost.exe
    IFEO: ssgrate.exe - svchost.exe
    IFEO: ssg_4104.exe - svchost.exe
    IFEO: st2.exe - svchost.exe
    IFEO: start.exe - svchost.exe
    IFEO: stcloader.exe - svchost.exe
    IFEO: supftrl.exe - svchost.exe
    IFEO: support.exe - svchost.exe
    IFEO: supporter5.exe - svchost.exe
    IFEO: svc.exe - svchost.exe
    IFEO: svchostc.exe - svchost.exe
    IFEO: svchosts.exe - svchost.exe
    IFEO: svshost.exe - svchost.exe
    IFEO: sweep95.exe - svchost.exe
    IFEO: sweepnet.sweepsrv.sys.swnetsup.exe - svchost.exe
    IFEO: symlcsvc.exe - svchost.exe
    IFEO: symproxysvc.exe - svchost.exe
    IFEO: symtray.exe - svchost.exe
    IFEO: system.exe - svchost.exe
    IFEO: system32.exe - svchost.exe
    IFEO: sysupd.exe - svchost.exe
    IFEO: tapinstall.exe - svchost.exe
    IFEO: taumon.exe - svchost.exe
    IFEO: tbscan.exe - svchost.exe
    IFEO: tc.exe - svchost.exe
    IFEO: tca.exe - svchost.exe
    IFEO: tcm.exe - svchost.exe
    IFEO: tds-3.exe - svchost.exe
    IFEO: tds2-98.exe - svchost.exe
    IFEO: tds2-nt.exe - svchost.exe
    IFEO: teekids.exe - svchost.exe
    IFEO: tfak.exe - svchost.exe
    IFEO: tfak5.exe - svchost.exe
    IFEO: tgbob.exe - svchost.exe
    IFEO: titanin.exe - svchost.exe
    IFEO: titaninxp.exe - svchost.exe
    IFEO: TPSrv.exe - svchost.exe
    IFEO: trickler.exe - svchost.exe
    IFEO: trjscan.exe - svchost.exe
    IFEO: trjsetup.exe - svchost.exe
    IFEO: trojantrap3.exe - svchost.exe
    IFEO: TrustWarrior.exe - svchost.exe
    IFEO: tsadbot.exe - svchost.exe
    IFEO: tsc.exe - svchost.exe
    IFEO: tvmd.exe - svchost.exe
    IFEO: tvtmd.exe - svchost.exe
    IFEO: undoboot.exe - svchost.exe
    IFEO: updat.exe - svchost.exe
    IFEO: upgrad.exe - svchost.exe
    IFEO: utpost.exe - svchost.exe
    IFEO: vbcmserv.exe - svchost.exe
    IFEO: vbcons.exe - svchost.exe
    IFEO: vbust.exe - svchost.exe
    IFEO: vbwin9x.exe - svchost.exe
    IFEO: vbwinntw.exe - svchost.exe
    IFEO: vcsetup.exe - svchost.exe
    IFEO: vet32.exe - svchost.exe
    IFEO: vet95.exe - svchost.exe
    IFEO: vettray.exe - svchost.exe
    IFEO: vfsetup.exe - svchost.exe
    IFEO: vir-help.exe - svchost.exe
    IFEO: virusmdpersonalfirewall.exe - svchost.exe
    IFEO: virusutilities.exe - svchost.exe
    IFEO: VisthAux.exe - svchost.exe
    IFEO: VisthLic.exe - svchost.exe
    IFEO: VisthUpd.exe - svchost.exe
    IFEO: vnlan300.exe - svchost.exe
    IFEO: vnpc3000.exe - svchost.exe
    IFEO: vpc32.exe - svchost.exe
    IFEO: vpc42.exe - svchost.exe
    IFEO: vpfw30s.exe - svchost.exe
    IFEO: vptray.exe - svchost.exe
    IFEO: vscan40.exe - svchost.exe
    IFEO: vscenu6.02d30.exe - svchost.exe
    IFEO: vsched.exe - svchost.exe
    IFEO: vsecomr.exe - svchost.exe
    IFEO: vshwin32.exe - svchost.exe
    IFEO: vsisetup.exe - svchost.exe
    IFEO: vsmain.exe - svchost.exe
    IFEO: vsmon.exe - svchost.exe
    IFEO: vsstat.exe - svchost.exe
    IFEO: vswin9xe.exe - svchost.exe
    IFEO: vswinntse.exe - svchost.exe
    IFEO: vswinperse.exe - svchost.exe
    IFEO: w32dsm89.exe - svchost.exe
    IFEO: W3asbas.exe - svchost.exe
    IFEO: w9x.exe - svchost.exe
    IFEO: watchdog.exe - svchost.exe
    IFEO: webdav.exe - svchost.exe
    IFEO: WebProxy.exe - svchost.exe
    IFEO: webscanx.exe - svchost.exe
    IFEO: webtrap.exe - svchost.exe
    IFEO: wfindv32.exe - svchost.exe
    IFEO: whoswatchingme.exe - svchost.exe
    IFEO: wimmun32.exe - svchost.exe
    IFEO: win-bugsfix.exe - svchost.exe
    IFEO: win32.exe - svchost.exe
    IFEO: win32us.exe - svchost.exe
    IFEO: winactive.exe - svchost.exe
    IFEO: winav.exe - svchost.exe
    IFEO: windll32.exe - svchost.exe
    IFEO: window.exe - svchost.exe
    IFEO: windows Police Pro.exe - svchost.exe
    IFEO: windows.exe - svchost.exe
    IFEO: wininetd.exe - svchost.exe
    IFEO: wininitx.exe - svchost.exe
    IFEO: winlogin.exe - svchost.exe
    IFEO: winmain.exe - svchost.exe
    IFEO: winppr32.exe - svchost.exe
    IFEO: winrecon.exe - svchost.exe
    IFEO: winservn.exe - svchost.exe
    IFEO: winssk32.exe - svchost.exe
    IFEO: winstart.exe - svchost.exe
    IFEO: winstart001.exe - svchost.exe
    IFEO: wintsk32.exe - svchost.exe
    IFEO: winupdate.exe - svchost.exe
    IFEO: wkufind.exe - svchost.exe
    IFEO: wnad.exe - svchost.exe
    IFEO: wnt.exe - svchost.exe
    IFEO: wradmin.exe - svchost.exe
    IFEO: wrctrl.exe - svchost.exe
    IFEO: wsbgate.exe - svchost.exe
    IFEO: wscfxas.exe - svchost.exe
    IFEO: wscfxav.exe - svchost.exe
    IFEO: wscfxfw.exe - svchost.exe
    IFEO: wsctool.exe - svchost.exe
    IFEO: wupdater.exe - svchost.exe
    IFEO: wupdt.exe - svchost.exe
    IFEO: wyvernworksfirewall.exe - svchost.exe
    IFEO: xpdeluxe.exe - svchost.exe
    IFEO: xpf202en.exe - svchost.exe
    IFEO: xp_antispyware.exe - svchost.exe
    IFEO: zapro.exe - svchost.exe
    IFEO: zapsetup3001.exe - svchost.exe
    IFEO: zatutor.exe - svchost.exe
    IFEO: zonalm2601.exe - svchost.exe
    IFEO: zonealarm.exe - svchost.exe
    IFEO: _avp32.exe - svchost.exe
    IFEO: _avpcc.exe - svchost.exe
    IFEO: _avpm.exe - svchost.exe
    IFEO: ~1.exe - svchost.exe
    IFEO: ~2.exe - svchost.exe
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Download Manager
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.4)
    Ask.com Toolbar
    AT&T Communication Manager
    Compatibility Pack for the 2007 Office system
    Epson CreativeZone
    Epson Easy Photo Print 2
    EPSON NX110 Series Printer Uninstall
    EPSON NX300 Series Printer Uninstall
    EPSON Scan
    Google Toolbar for Internet Explorer
    Google Update Helper
    Intel(R) Graphics Media Accelerator Driver
    Intel® Matrix Storage Manager
    Internet TV for Windows Media Center
    Java(TM) 6 Update 14
    Junk Mail filter update
    [email protected] 1.0
    LTCM Client
    Malwarebytes Anti-Malware version 1.70.0.1100
    McAfee Total Protection
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Mouse and Keyboard Center
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Suite Activation Assistant
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    Microsoft Works 4 Converter
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 and SOAP Toolkit 3.0
    MyToshiba
    Netflix in Windows Media Center
    NetZero Launcher
    Norton Internet Security
    OGA Notifier 2.0.0048.0
    PlayReady PC Runtime x86
    Quickbooks Financial Center
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Realtek WLAN Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Shared C Run-time for x86
    Skype Launcher
    Synaptics Pointing Device Driver
    Toshiba Application and Driver Installer
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Disc Creator
    TOSHIBA DVD PLAYER
    TOSHIBA eco Utility
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Face Recognition
    TOSHIBA Hardware Setup
    TOSHIBA HDD/SSD Alert
    Toshiba Online Backup
    TOSHIBA PC Health Monitor
    Toshiba Quality Application
    TOSHIBA Recovery Media Creator
    TOSHIBA Service Station
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    TOSHIBA Web Camera Application
    ToshibaRegistration
    WildTangent Games
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/30/2012 10:37:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee McShield service to connect.
    12/30/2012 10:37:07 PM, Error: Service Control Manager [7000] - The McAfee McShield service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/29/2012 8:27:46 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    12/29/2012 8:27:11 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
    .
    ==== End Of File ===========================


    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16457
    Run by beau at 23:52:03 on 2012-12-30
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2940.1853 [GMT -6:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    .
    ============== Running Processes ================
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\windows\system32\taskhost.exe
    C:\windows\system32\mfevtps.exe
    C:\Windows\system32\TODDSrv.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\rundll32.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\TOSHIBA\TECO\TEco.exe
    C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFBA.EXE
    C:\windows\system32\igfxext.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
    c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\conhost.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.aol.com/
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    BHO: Ask.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Ask.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
    TB: Ask.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [MyTOSHIBA] "c:\program files\toshiba\my toshiba\MyToshiba.exe" /AUTO
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [xoxuxkub] "c:\users\beau mcmullen\appdata\local\oirwha\vkaysftav.exe"
    uRun: [wokkkjsp] "c:\users\beau mcmullen\appdata\local\xjijvv\vyhlsftav.exe"
    uRun: [ifnndpev] "c:\users\beau mcmullen\appdata\local\ejaqpc\fcemsftav.exe"
    uRun: [anrspkym] c:\users\beau mcmullen\appdata\local\wqclar\mbycsftav.exe
    uRun: [yndhbfyr] c:\users\beau mcmullen\appdata\local\jydmnp\mryesftav.exe
    uRun: [EPSON NX110 Series (Copy 1)] "c:\windows\system32\spool\drivers\w32x86\3\e_fatifba.exe" /fu "c:\windows\temp\E_S14C8.tmp" /EF "HKCU"
    uRun: [EPSON NX110 Series] "c:\windows\system32\spool\drivers\w32x86\3\e_fatifba.exe" /fu "c:\windows\temp\E_SB57A.tmp" /EF "HKCU"
    mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
    mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
    mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
    mRun: [RtHDVCpl] "c:\program files\realtek\audio\hda\RtHDVCpl.exe"
    mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
    mRun: [TPwrMain] "c:\program files\toshiba\power saver\TPwrMain.EXE"
    mRun: [HSON] "c:\program files\toshiba\tbs\HSON.exe"
    mRun: [SmoothView] "c:\program files\toshiba\smoothview\SmoothView.exe"
    mRun: [00TCrdMain] "c:\program files\toshiba\flashcards\TCrdMain.exe"
    mRun: [TosWaitSrv] "c:\program files\toshiba\tphm\TosWaitSrv.exe"
    mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
    mRun: [Teco] "c:\program files\toshiba\teco\Teco.exe" /r
    mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
    mRun: [SmartFaceVWatcher] "c:\program files\toshiba\smartfacev\SmartFaceVWatcher.exe"
    mRun: [TosSENotify] "c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe"
    mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED
    mRun: [LTCM Client] "c:\program files\ltcm client\ltcmClient.exe" /startup
    mRun: [AT&T Communication Manager] "c:\program files\at&t\communication manager\ATTCM.exe" -a
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [IntelliType Pro] "c:\program files\microsoft mouse and keyboard center\itype.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft mouse and keyboard center\ipoint.exe"
    StartupFolder: c:\users\beaumc~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\epsona~1.lnk - d:\common\epsonreg\EpsonReg.exe
    uPolicies-Explorer: HideSCAHealth = dword:1
    uPolicies-System: DisableRegedit = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{3428C974-DC7B-4C28-8F08-0E4520B7D8E8} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{B02F80AC-3001-4F6A-AEE1-7F2CB6020C8F} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{B02F80AC-3001-4F6A-AEE1-7F2CB6020C8F}\34963736F61383530313 : DHCPNameServer = 71.15.32.8 97.81.22.195 66.189.0.100
    TCP: Interfaces\{B02F80AC-3001-4F6A-AEE1-7F2CB6020C8F}\4656E6E69737 : DHCPNameServer = 67.76.234.226 65.40.202.102
    TCP: Interfaces\{B02F80AC-3001-4F6A-AEE1-7F2CB6020C8F}\73134613 : DHCPNameServer = 71.92.29.130 97.81.22.195 68.113.206.10
    TCP: Interfaces\{B02F80AC-3001-4F6A-AEE1-7F2CB6020C8F}\841607079724561627D27657563747 : DHCPNameServer = 71.92.29.130 97.81.22.195 68.113.206.10
    TCP: Interfaces\{B02F80AC-3001-4F6A-AEE1-7F2CB6020C8F}\C696E6B6379737 : DHCPNameServer = 75.75.76.76 75.75.75.75 192.168.1.1
    TCP: Interfaces\{B02F80AC-3001-4F6A-AEE1-7F2CB6020C8F}\D41696E6D2C4962627162797 : DHCPNameServer = 172.16.1.1
    TCP: Interfaces\{B02F80AC-3001-4F6A-AEE1-7F2CB6020C8F}\D43674579627560213 : DHCPNameServer = 71.92.29.130 97.81.22.195 68.113.206.10
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WebCheck - <orphaned>
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u €
    Ïþ op €O
    mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP
    IFEO: a.exe - svchost.exe
    IFEO: aAvgApi.exe - svchost.exe
    IFEO: AAWTray.exe - svchost.exe
    IFEO: About.exe - svchost.exe
    IFEO: ackwin32.exe - svchost.exe
    .
    Note: multiple IFEO entries found. Please refer to Attach.txt
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2012-8-2 64832]
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-4-9 554048]
    R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-4-9 206784]
    R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
    R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-8-2 168280]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-8-2 168280]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-8-2 168280]
    R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-8-2 168280]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-4-9 168368]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-13 166320]
    R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-11 185712]
    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 12920]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-4-9 60480]
    R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-10-21 7680]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-4-9 230224]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-4-9 360792]
    R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2009-10-21 24064]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-10-21 187392]
    R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2009-10-21 859136]
    R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-10-21 51512]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]
    R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-6 685424]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-4-9 200816]
    S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2009-12-4 121416]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 CAATT;AT&T Con App Svc;c:\program files\at&t\communication manager\ConAppsSvc.exe [2009-12-4 125512]
    S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-8-2 146872]
    S3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2012-4-9 203080]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-4-9 61912]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-4-9 92192]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-10-21 171520]
    S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2009-5-13 90240]
    S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [2009-5-13 14976]
    S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [2009-5-13 121856]
    S3 ssecbus;Samsung Mobile Modem Device driver (WDM);c:\windows\system32\drivers\ssecbus.sys [2009-1-15 86528]
    S3 ssecmdfl;Samsung Mobile Modem Device 2 Filter;c:\windows\system32\drivers\ssecmdfl.sys [2009-1-15 14976]
    S3 ssecmdm;Samsung Mobile Modem Device 2 Driver;c:\windows\system32\drivers\ssecmdm.sys [2009-1-15 114304]
    S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [2009-3-31 190080]
    S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [2009-5-4 148096]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-5 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-4 1343400]
    S4 McOobeSv;McAfee OOBE Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-8-2 168280]
    .
    =============== Created Last 30 ================
    .
    2012-12-30 03:40:07 9728 ----a-w- c:\windows\system32\Wdfres.dll
    2012-12-30 03:40:07 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2012-12-30 03:40:07 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2012-12-30 03:39:30 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
    2012-12-30 02:41:52 -------- d-----w- c:\programdata\Malwarebytes
    2012-12-30 02:41:51 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-12-30 02:41:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-12-30 02:40:33 -------- d-----w- c:\users\beau mcmullen\appdata\local\Programs
    2012-12-27 08:25:37 34304 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-27 08:25:37 295424 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-27 06:30:29 2345984 ----a-w- c:\windows\system32\win32k.sys
    2012-12-03 07:18:10 78336 ----a-w- c:\windows\system32\synceng.dll
    .
    ==================== Find3M ====================
    .
    2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-11-02 21:37:10 862664 ----a-w- c:\windows\system32\msvcr110.dll
    2012-11-02 21:37:10 534480 ----a-w- c:\windows\system32\msvcp110.dll
    2012-11-02 21:37:10 44184 ----a-w- c:\windows\system32\drivers\point32.sys
    2012-11-02 21:37:10 251864 ----a-w- c:\windows\system32\vccorlib110.dll
    2012-11-02 21:37:10 1629040 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
    2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll
    2012-10-04 16:47:18 169984 ----a-w- c:\windows\system32\winsrv.dll
    2012-10-04 16:43:05 293376 ----a-w- c:\windows\system32\KernelBase.dll
    2012-10-04 14:57:58 271360 ----a-w- c:\windows\system32\conhost.exe
    2012-10-04 14:41:50 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-10-04 14:41:50 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-04 14:41:50 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-04 14:41:50 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    .
    ============= FINISH: 0:00:12.94 ===============
     
  2. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Hi, my name is Mark and I will be helping you.

    IMPORTANT: Please take the time to read this first.
    For the benefit of others that are waiting for help please try to respond as fast as you can and make sure you read all of the instructions I will be giving you to follow. Time spent waiting for replies or having to repeat questions keeps other people waiting in the queue for help.

    I am in Spain at GMT+1 hour, I check my emails several times a day so will usually reply to your responses within a few hours or less unless it is night time here. During the evening here I will usually reply within minutes. Please try to do the same for a swift clean up. Some Malware needs to be dealt with quickly or it will multiply and become deeply embedded in your system and more difficult to find and remove, so quick replies will have more than one benefit.

    Keep in mind that I cannot see your PC, so please give as much detail as possible if something goes wrong or you receive any error messages.

    Malware can be unpredictable and often time consuming to remove, on rare occasions something can go awry and your system may need to have Windows re-installed. Please make sure before we start that you have copies of all your important data saved to an external hard drive or CD/DVD's. Please make sure you disconnect any external hard drives and/or Flash drives during the clean up.

    If you have run any scans that found an infection please let me know.

    DO NOT run any scans or make any changes that I have not asked you to do as this can cause misleading results and make my job much harder in trying to help you. Please also uninstall any file sharing software i.e. uTorrent, BitTorrent, etc, if you insist on keeping it do not use it until we are finished. Use of file sharing software is one of the easiest ways to get your PC infected.

    If I get no reply from you for two days I will mark the thread as Solved and move on to helping someone else. If you know you will be unable to reply for any length of time please let me know in advance.

    Please don't abandon the thread as soon as your PC starts to work normally again as there will be other important checks to make to help protect your system from re-infection. It is also important to follow the correct procedure when removing the tools used to ensure all quarantined infections are completely removed and infected Restore Points are safely deleted.

    Stick with me and we can quickly clean up your PC, if you cannot dedicate the time then a Reformat and Re-install will be your quickest option.

    ===========================================================================

    You have quite a nasty infection which will block any attempt to run Anti Virus software.

    You also have a very out of date version of Java installed which is prone to get infected and a second Anti Virus program "Norton Internet Security" installed which needs to be removed, we will deal with those later.

    Please run Mbar as instructed below, if it won't download or run (which I suspect will be the case) please run RKill first.


    Please download RKill by Grinler and save it to your desktop.
    Link 2
    Link 3
    Link 4


    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
    • DO NOT reboot, run Mbar and post the resulting log.



    1. Download Malwarebytes Anti-Rootkit from this link mbar
    2. Unzip the File to a convenient location. (Recommend the Desktop)
    3. Open the folder where the contents were unzipped to run mbar.exe

    [​IMG]

    4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

    [​IMG]

    5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

    6. The following image opens, select Next.

    [​IMG]

    7. The following image opens, select Update

    [​IMG]

    8. When the Update completes, select Next

    [​IMG]

    9. In the following window ensure "Targets" are ticked. Then select "Scan"

    [​IMG]

    10. If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:

    [​IMG]

    11. Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:

    [​IMG]

    12. Select "Yes" to close down the program. If NO infections were found you will see the following image:

    [​IMG]

    13. Select "Exit" to close down.
    14. Copy and paste the two following logs from the mbar folder:

    System - log
    Mbar - log Date and time of scan will also be shown

    [​IMG]
     
  3. Enegue

    Enegue Thread Starter

    Joined:
    Dec 31, 2012
    Messages:
    14
    Mark,
    Thank you for your reply.
    I am in Houston Texas USA so as I compute it there is an 8 hour difference between us,so, please take that into consideration. As I am starting my work day you are ending yours.
    As soon as my New Years hangover goes away I shall commence with what you suggested.
    Gene
     
  4. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    I to am a little off color due to last nights celebrations, but it was worth it.

    I'm not sure what happened but half of the instructions I posted above had vanished from the post so I have made an edit to put it right.
     
  5. Enegue

    Enegue Thread Starter

    Joined:
    Dec 31, 2012
    Messages:
    14
    Mark,
    You're confusing an idiot here?
    You have four links listed above.
    RKill takes me to "bleeping computer" and RKill
    Link 2 also takes me to what appears as the same place?
    Links 3 and 4 take me to spywarehammer and a discussion similar to what we are doing here?
    Please confirm I need to download only 2 files, those being MBAR and RKill.
    You will need to point out whatever it is in links 3 &4 that you want me to know.
    Thanks
    Gene
     
  6. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Eeek, someone has changed the links. Use the first one named RKill. You will see three buttons with different names on the Bleeping Computer site, try the first one as per the instructions, if the black box does not flash up on screen when you run it delete the file and go back to the same link and try the next one. If they all fail let me know.
     
  7. Enegue

    Enegue Thread Starter

    Joined:
    Dec 31, 2012
    Messages:
    14
    I have downloaded Rkill and Mbar.
    What do you want me to do about Links 3 & 4?

    This is a second topic but salient to MY problem.. So if I should post it elsewhere let me know.

    I have not made my recovery discs for this machine. As I understand the instructions from Toshiba the "recovery discs are on a hidden part of the HD"..." and can only be accessed through Toshibas recovery program. Is your opinion that when I make my recovery disks (not backup) that the malware won't follow me?
    Regards
    Gene
     
  8. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Best to leave making the Recovery discs until the PC is clean, the Recovery partition is perfectly safe from infection.

    You can ignore links 3 & 4 as they have been changed without my knowledge and my instructions will be updated for future use. Try to run RKill from the first download, if you see the black box appear go ahead with running Mbar, if you don't see the black box delete the RKill file from your desktop and download the next one from the "RKill" link.

    All three download buttons on the Bleeping Computer will download RKill with different names. The idea is to try each one until you get one that works. Try the one you have and then move on to running Mbar if it works, or try the next one if it fails.
     
  9. Enegue

    Enegue Thread Starter

    Joined:
    Dec 31, 2012
    Messages:
    14
    Attached are all log files.
    MBAR detected 8 problems but per your instructions I did NOT delete them.
    Gene
    PS It's 7:20 PM here in Hiuston.....what time is it where you are?

    Sytem Log
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1011
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x86
    Account is Administrative
    Internet Explorer version: 9.0.8112.16421
    Java version: 1.6.0_14
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.094000 GHz
    Memory total: 3082801152, free: 2047860736
    ------------ Kernel report ------------
    01/02/2013 18:48:26
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntkrnlpa.exe
    \SystemRoot\system32\halmacpi.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\drivers\mfehidk.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\mfewfpk.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
    \SystemRoot\system32\DRIVERS\tos_sps32.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\system32\drivers\McPvDrv.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\TVALZFL.sys
    \SystemRoot\system32\DRIVERS\FwLnk.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\igdkmd32.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\drivers\usbuhci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\Rt86win7.sys
    \SystemRoot\system32\DRIVERS\rtl8192se.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\drivers\i8042prt.sys
    \SystemRoot\system32\drivers\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\tdcmdpst.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\System32\Drivers\RootMdm.sys
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\RimSerial.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\drivers\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHDA.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\mfeavfk.sys
    \SystemRoot\system32\drivers\mfefirek.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\point32.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\pgeffect.sys
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\drivers\cfwids.sys
    \??\C:\windows\system32\drivers\mbamchameleon.sys
    \??\C:\windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\gdi32.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\ole32.dll
    \Windows\System32\imm32.dll
    \Windows\System32\wininet.dll
    \Windows\System32\user32.dll
    \Windows\System32\lpk.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\sechost.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\usp10.dll
    \Windows\System32\shell32.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\nsi.dll
    \Windows\System32\msctf.dll
    \Windows\System32\psapi.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\devobj.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\msasn1.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff8701c030
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xffffffff861e8028
    Lower Device Driver Name: \Driver\iaStor\
    Driver name found: iaStor
    DriverEntry returned 0x0
    Function returned 0x0
    Downloaded database version: v2013.01.02.10
    Downloaded database version: v2012.12.27.02
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff8701c030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8701cd10, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff8701c030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff861e8028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Upper DeviceData: 0xffffffffc1572b70, 0xffffffff8701c030, 0xffffffff8a248530
    Lower DeviceData: 0xffffffffc19911d8, 0xffffffff861e8028, 0xffffffff8a1e63f8
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\windows\system32\drivers...
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 1902C2AF
    Partition information:
    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 3072000
    Partition file system is NTFS
    Partition is bootable
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048 Numsec = 605280256
    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 608354304 Numsec = 16787456
    Partition is not bootable
    Hidden partition VBR is not infected.
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 320072933376 bytes
    Sector size: 512 bytes
    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
    Done!
    Performing system, memory and registry scan...
    Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} --> [PUP.MyWebSearch]
    Infected: HKCU\SOFTWARE\avsoft --> [Trojan.Fraudpack]
    Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegedit --> [Hijack.Regedit]
    Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|xoxuxkub --> [Trojan.FakeAlert.Gen]
    Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wokkkjsp --> [Trojan.FakeAlert.Gen]
    Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ifnndpev --> [Trojan.FakeAlert.Gen]
    Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|anrspkym --> [Trojan.FakeAlert.Gen]
    Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|yndhbfyr --> [Trojan.FakeAlert.Gen]
    Done!
    Scan finished
    =======================================

    Mbar Log
    Malwarebytes Anti-Rootkit 1.01.0.1011
    www.malwarebytes.org
    Database version: v2013.01.02.10
    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    beau:: BEAU-PC [administrator]
    1/2/2013 7:00:38 PM
    mbar-log-2013-01-02 (19-00-38).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 28249
    Time elapsed: 11 minute(s), 41 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 2
    HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Delete on reboot.
    HKCU\SOFTWARE\avsoft (Trojan.Fraudpack) -> Delete on reboot.
    Registry Values Detected: 6
    HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegedit (Hijack.Regedit) -> Data: 0 -> Delete on reboot.
    HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|xoxuxkub (Trojan.FakeAlert.Gen) -> Data: "C:\Users\beau mcmullen\AppData\Local\oirwha\vkaysftav.exe" -> Delete on reboot.
    HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wokkkjsp (Trojan.FakeAlert.Gen) -> Data: "C:\Users\beau mcmullen\AppData\Local\xjijvv\vyhlsftav.exe" -> Delete on reboot.
    HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ifnndpev (Trojan.FakeAlert.Gen) -> Data: "C:\Users\beau mcmullen\AppData\Local\ejaqpc\fcemsftav.exe" -> Delete on reboot.
    HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|anrspkym (Trojan.FakeAlert.Gen) -> Data: C:\Users\beau mcmullen\AppData\Local\wqclar\mbycsftav.exe -> Delete on reboot.
    HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|yndhbfyr (Trojan.FakeAlert.Gen) -> Data: C:\Users\beau mcmullen\AppData\Local\jydmnp\mryesftav.exe -> Delete on reboot.
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)


    Rkill
    Rkill 2.4.5 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2013 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html
    Program started at: 01/02/2013 06:45:01 PM in x86 mode.
    Windows Version: Windows 7 Home Premium Service Pack 1
    Checking for Windows services to stop:
    * No malware services found to stop.
    Checking for processes to terminate:
    * No malware processes found to kill.
    Checking Registry for malware related settings:
    * _avp32.exe debugger. [IFEO Debugger Deleted]
    * _avpcc.exe debugger. [IFEO Debugger Deleted]
    * _avpm.exe debugger. [IFEO Debugger Deleted]
    * ~1.exe debugger. [IFEO Debugger Deleted]
    * ~2.exe debugger. [IFEO Debugger Deleted]
    * a.exe debugger. [IFEO Debugger Deleted]
    * aAvgApi.exe debugger. [IFEO Debugger Deleted]
    * AAWTray.exe debugger. [IFEO Debugger Deleted]
    * About.exe debugger. [IFEO Debugger Deleted]
    * ackwin32.exe debugger. [IFEO Debugger Deleted]
    * adaware.exe debugger. [IFEO Debugger Deleted]
    * Ad-Aware.exe debugger. [IFEO Debugger Deleted]
    * advxdwin.exe debugger. [IFEO Debugger Deleted]
    * AdwarePrj.exe debugger. [IFEO Debugger Deleted]
    * agent.exe debugger. [IFEO Debugger Deleted]
    * agentsvr.exe debugger. [IFEO Debugger Deleted]
    * agentw.exe debugger. [IFEO Debugger Deleted]
    * alertsvc.exe debugger. [IFEO Debugger Deleted]
    * alevir.exe debugger. [IFEO Debugger Deleted]
    * alogserv.exe debugger. [IFEO Debugger Deleted]
    * AlphaAV debugger. [IFEO Debugger Deleted]
    * AlphaAV.exe debugger. [IFEO Debugger Deleted]
    * AluSchedulerSvc.exe debugger. [IFEO Debugger Deleted]
    * amon9x.exe debugger. [IFEO Debugger Deleted]
    * AntispywarXP2009.exe debugger. [IFEO Debugger Deleted]
    * anti-trojan.exe debugger. [IFEO Debugger Deleted]
    * Anti-Virus Professional.exe debugger. [IFEO Debugger Deleted]
    * antivirus.exe debugger. [IFEO Debugger Deleted]
    * AntiVirus_Pro.exe debugger. [IFEO Debugger Deleted]
    * AntivirusPlus debugger. [IFEO Debugger Deleted]
    * AntivirusPlus.exe debugger. [IFEO Debugger Deleted]
    * AntivirusPro_2010.exe debugger. [IFEO Debugger Deleted]
    * AntivirusXP debugger. [IFEO Debugger Deleted]
    * AntivirusXP.exe debugger. [IFEO Debugger Deleted]
    * antivirusxppro2009.exe debugger. [IFEO Debugger Deleted]
    * ants.exe debugger. [IFEO Debugger Deleted]
    * apimonitor.exe debugger. [IFEO Debugger Deleted]
    * aplica32.exe debugger. [IFEO Debugger Deleted]
    * apvxdwin.exe debugger. [IFEO Debugger Deleted]
    * arr.exe debugger. [IFEO Debugger Deleted]
    * ashAvast.exe debugger. [IFEO Debugger Deleted]
    * ashBug.exe debugger. [IFEO Debugger Deleted]
    * ashChest.exe debugger. [IFEO Debugger Deleted]
    * ashCnsnt.exe debugger. [IFEO Debugger Deleted]
    * ashDisp.exe debugger. [IFEO Debugger Deleted]
    * ashLogV.exe debugger. [IFEO Debugger Deleted]
    * ashMaiSv.exe debugger. [IFEO Debugger Deleted]
    * ashPopWz.exe debugger. [IFEO Debugger Deleted]
    * ashQuick.exe debugger. [IFEO Debugger Deleted]
    * ashServ.exe debugger. [IFEO Debugger Deleted]
    * ashSimp2.exe debugger. [IFEO Debugger Deleted]
    * ashSimpl.exe debugger. [IFEO Debugger Deleted]
    * ashSkPcc.exe debugger. [IFEO Debugger Deleted]
    * ashSkPck.exe debugger. [IFEO Debugger Deleted]
    * ashUpd.exe debugger. [IFEO Debugger Deleted]
    * ashWebSv.exe debugger. [IFEO Debugger Deleted]
    * aswChLic.exe debugger. [IFEO Debugger Deleted]
    * aswRegSvr.exe debugger. [IFEO Debugger Deleted]
    * aswRunDll.exe debugger. [IFEO Debugger Deleted]
    * aswUpdSv.exe debugger. [IFEO Debugger Deleted]
    * atcon.exe debugger. [IFEO Debugger Deleted]
    * atguard.exe debugger. [IFEO Debugger Deleted]
    * atro55en.exe debugger. [IFEO Debugger Deleted]
    * atupdater.exe debugger. [IFEO Debugger Deleted]
    * atwatch.exe debugger. [IFEO Debugger Deleted]
    * au.exe debugger. [IFEO Debugger Deleted]
    * aupdate.exe debugger. [IFEO Debugger Deleted]
    * autodown.exe debugger. [IFEO Debugger Deleted]
    * auto-protect.nav80try.exe debugger. [IFEO Debugger Deleted]
    * autotrace.exe debugger. [IFEO Debugger Deleted]
    * autoupdate.exe debugger. [IFEO Debugger Deleted]
    * av360.exe debugger. [IFEO Debugger Deleted]
    * avadmin.exe debugger. [IFEO Debugger Deleted]
    * avastSvc.exe debugger. [IFEO Debugger Deleted]
    * avastUI.exe debugger. [IFEO Debugger Deleted]
    * AVCare.exe debugger. [IFEO Debugger Deleted]
    * avcenter.exe debugger. [IFEO Debugger Deleted]
    * avciman.exe debugger. [IFEO Debugger Deleted]
    * avconfig.exe debugger. [IFEO Debugger Deleted]
    * avconsol.exe debugger. [IFEO Debugger Deleted]
    * ave32.exe debugger. [IFEO Debugger Deleted]
    * AVENGINE.exe debugger. [IFEO Debugger Deleted]
    * avgcc32.exe debugger. [IFEO Debugger Deleted]
    * avgchk.exe debugger. [IFEO Debugger Deleted]
    * avgcmgr.exe debugger. [IFEO Debugger Deleted]
    * avgcsrvx.exe debugger. [IFEO Debugger Deleted]
    * avgctrl.exe debugger. [IFEO Debugger Deleted]
    * avgdumpx.exe debugger. [IFEO Debugger Deleted]
    * avgemc.exe debugger. [IFEO Debugger Deleted]
    * avgiproxy.exe debugger. [IFEO Debugger Deleted]
    * avgnsx.exe debugger. [IFEO Debugger Deleted]
    * avgnt.exe debugger. [IFEO Debugger Deleted]
    * avgrsx.exe debugger. [IFEO Debugger Deleted]
    * avgscanx.exe debugger. [IFEO Debugger Deleted]
    * avgserv.exe debugger. [IFEO Debugger Deleted]
    * avgserv9.exe debugger. [IFEO Debugger Deleted]
    * avgsrmax.exe debugger. [IFEO Debugger Deleted]
    * avgtray.exe debugger. [IFEO Debugger Deleted]
    * avguard.exe debugger. [IFEO Debugger Deleted]
    * avgui.exe debugger. [IFEO Debugger Deleted]
    * avgupd.exe debugger. [IFEO Debugger Deleted]
    * avgw.exe debugger. [IFEO Debugger Deleted]
    * avgwdsvc.exe debugger. [IFEO Debugger Deleted]
    * avkpop.exe debugger. [IFEO Debugger Deleted]
    * avkserv.exe debugger. [IFEO Debugger Deleted]
    * avkservice.exe debugger. [IFEO Debugger Deleted]
    * avkwctl9.exe debugger. [IFEO Debugger Deleted]
    * avltmain.exe debugger. [IFEO Debugger Deleted]
    * avmailc.exe debugger. [IFEO Debugger Deleted]
    * avmcdlg.exe debugger. [IFEO Debugger Deleted]
    * avnotify.exe debugger. [IFEO Debugger Deleted]
    * avnt.exe debugger. [IFEO Debugger Deleted]
    * avp32.exe debugger. [IFEO Debugger Deleted]
    * avpcc.exe debugger. [IFEO Debugger Deleted]
    * avpdos32.exe debugger. [IFEO Debugger Deleted]
    * avpm.exe debugger. [IFEO Debugger Deleted]
    * avptc32.exe debugger. [IFEO Debugger Deleted]
    * avpupd.exe debugger. [IFEO Debugger Deleted]
    * avsched32.exe debugger. [IFEO Debugger Deleted]
    * avshadow.exe debugger. [IFEO Debugger Deleted]
    * avsynmgr.exe debugger. [IFEO Debugger Deleted]
    * avupgsvc.exe debugger. [IFEO Debugger Deleted]
    * AVWEBGRD.exe debugger. [IFEO Debugger Deleted]
    * avwin.exe debugger. [IFEO Debugger Deleted]
    * avwin95.exe debugger. [IFEO Debugger Deleted]
    * avwinnt.exe debugger. [IFEO Debugger Deleted]
    * avwsc.exe debugger. [IFEO Debugger Deleted]
    * avwupd.exe debugger. [IFEO Debugger Deleted]
    * avwupd32.exe debugger. [IFEO Debugger Deleted]
    * avwupsrv.exe debugger. [IFEO Debugger Deleted]
    * avxmonitor9x.exe debugger. [IFEO Debugger Deleted]
    * avxmonitornt.exe debugger. [IFEO Debugger Deleted]
    * avxquar.exe debugger. [IFEO Debugger Deleted]
    * b.exe debugger. [IFEO Debugger Deleted]
    * backweb.exe debugger. [IFEO Debugger Deleted]
    * bargains.exe debugger. [IFEO Debugger Deleted]
    * bd_professional.exe debugger. [IFEO Debugger Deleted]
    * bdfvcl.exe debugger. [IFEO Debugger Deleted]
    * bdfvwiz.exe debugger. [IFEO Debugger Deleted]
    * BDInProcPatch.exe debugger. [IFEO Debugger Deleted]
    * bdmcon.exe debugger. [IFEO Debugger Deleted]
    * BDMsnScan.exe debugger. [IFEO Debugger Deleted]
    * BDSurvey.exe debugger. [IFEO Debugger Deleted]
    * beagle.exe debugger. [IFEO Debugger Deleted]
    * belt.exe debugger. [IFEO Debugger Deleted]
    * bidef.exe debugger. [IFEO Debugger Deleted]
    * bidserver.exe debugger. [IFEO Debugger Deleted]
    * bipcp.exe debugger. [IFEO Debugger Deleted]
    * bipcpevalsetup.exe debugger. [IFEO Debugger Deleted]
    * bisp.exe debugger. [IFEO Debugger Deleted]
    * blackd.exe debugger. [IFEO Debugger Deleted]
    * blackice.exe debugger. [IFEO Debugger Deleted]
    * blink.exe debugger. [IFEO Debugger Deleted]
    * blss.exe debugger. [IFEO Debugger Deleted]
    * bootconf.exe debugger. [IFEO Debugger Deleted]
    * bootwarn.exe debugger. [IFEO Debugger Deleted]
    * borg2.exe debugger. [IFEO Debugger Deleted]
    * bpc.exe debugger. [IFEO Debugger Deleted]
    * brasil.exe debugger. [IFEO Debugger Deleted]
    * brastk.exe debugger. [IFEO Debugger Deleted]
    * brw.exe debugger. [IFEO Debugger Deleted]
    * bs120.exe debugger. [IFEO Debugger Deleted]
    * bspatch.exe debugger. [IFEO Debugger Deleted]
    * bundle.exe debugger. [IFEO Debugger Deleted]
    * bvt.exe debugger. [IFEO Debugger Deleted]
    * c.exe debugger. [IFEO Debugger Deleted]
    * cavscan.exe debugger. [IFEO Debugger Deleted]
    * ccapp.exe debugger. [IFEO Debugger Deleted]
    * ccevtmgr.exe debugger. [IFEO Debugger Deleted]
    * ccpxysvc.exe debugger. [IFEO Debugger Deleted]
    * ccSvcHst.exe debugger. [IFEO Debugger Deleted]
    * cdp.exe debugger. [IFEO Debugger Deleted]
    * cfd.exe debugger. [IFEO Debugger Deleted]
    * cfgwiz.exe debugger. [IFEO Debugger Deleted]
    * cfiadmin.exe debugger. [IFEO Debugger Deleted]
    * cfiaudit.exe debugger. [IFEO Debugger Deleted]
    * cfinet.exe debugger. [IFEO Debugger Deleted]
    * cfinet32.exe debugger. [IFEO Debugger Deleted]
    * cfp.exe debugger. [IFEO Debugger Deleted]
    * cfpconfg.exe debugger. [IFEO Debugger Deleted]
    * cfplogvw.exe debugger. [IFEO Debugger Deleted]
    * cfpupdat.exe debugger. [IFEO Debugger Deleted]
    * claw95.exe debugger. [IFEO Debugger Deleted]
    * claw95cf.exe debugger. [IFEO Debugger Deleted]
    * clean.exe debugger. [IFEO Debugger Deleted]
    * cleaner.exe debugger. [IFEO Debugger Deleted]
    * cleaner3.exe debugger. [IFEO Debugger Deleted]
    * cleanIELow.exe debugger. [IFEO Debugger Deleted]
    * cleanpc.exe debugger. [IFEO Debugger Deleted]
    * click.exe debugger. [IFEO Debugger Deleted]
    * cmd32.exe debugger. [IFEO Debugger Deleted]
    * cmdagent.exe debugger. [IFEO Debugger Deleted]
    * cmesys.exe debugger. [IFEO Debugger Deleted]
    * cmgrdian.exe debugger. [IFEO Debugger Deleted]
    * cmon016.exe debugger. [IFEO Debugger Deleted]
    * connectionmonitor.exe debugger. [IFEO Debugger Deleted]
    * control debugger. [IFEO Debugger Deleted]
    * cpd.exe debugger. [IFEO Debugger Deleted]
    * cpf9x206.exe debugger. [IFEO Debugger Deleted]
    * cpfnt206.exe debugger. [IFEO Debugger Deleted]
    * crashrep.exe debugger. [IFEO Debugger Deleted]
    * csc.exe debugger. [IFEO Debugger Deleted]
    * cssconfg.exe debugger. [IFEO Debugger Deleted]
    * cssupdat.exe debugger. [IFEO Debugger Deleted]
    * cssurf.exe debugger. [IFEO Debugger Deleted]
    * ctrl.exe debugger. [IFEO Debugger Deleted]
    * cv.exe debugger. [IFEO Debugger Deleted]
    * cwnb181.exe debugger. [IFEO Debugger Deleted]
    * cwntdwmo.exe debugger. [IFEO Debugger Deleted]
    * d.exe debugger. [IFEO Debugger Deleted]
    * datemanager.exe debugger. [IFEO Debugger Deleted]
    * dcomx.exe debugger. [IFEO Debugger Deleted]
    * defalert.exe debugger. [IFEO Debugger Deleted]
    * defscangui.exe debugger. [IFEO Debugger Deleted]
    * defwatch.exe debugger. [IFEO Debugger Deleted]
    * deloeminfs.exe debugger. [IFEO Debugger Deleted]
    * deputy.exe debugger. [IFEO Debugger Deleted]
    * divx.exe debugger. [IFEO Debugger Deleted]
    * dllcache.exe debugger. [IFEO Debugger Deleted]
    * dllreg.exe debugger. [IFEO Debugger Deleted]
    * doors.exe debugger. [IFEO Debugger Deleted]
    * dop.exe debugger. [IFEO Debugger Deleted]
    * dpf.exe debugger. [IFEO Debugger Deleted]
    * dpfsetup.exe debugger. [IFEO Debugger Deleted]
    * dpps2.exe debugger. [IFEO Debugger Deleted]
    * driverctrl.exe debugger. [IFEO Debugger Deleted]
    * drwatson.exe debugger. [IFEO Debugger Deleted]
    * drweb32.exe debugger. [IFEO Debugger Deleted]
    * drwebupw.exe debugger. [IFEO Debugger Deleted]
    * dssagent.exe debugger. [IFEO Debugger Deleted]
    * dvp95.exe debugger. [IFEO Debugger Deleted]
    * dvp95_0.exe debugger. [IFEO Debugger Deleted]
    * ecengine.exe debugger. [IFEO Debugger Deleted]
    * efpeadm.exe debugger. [IFEO Debugger Deleted]
    * emsw.exe debugger. [IFEO Debugger Deleted]
    * ent.exe debugger. [IFEO Debugger Deleted]
    * esafe.exe debugger. [IFEO Debugger Deleted]
    * escanhnt.exe debugger. [IFEO Debugger Deleted]
    * escanv95.exe debugger. [IFEO Debugger Deleted]
    * espwatch.exe debugger. [IFEO Debugger Deleted]
    * ethereal.exe debugger. [IFEO Debugger Deleted]
    * etrustcipe.exe debugger. [IFEO Debugger Deleted]
    * evpn.exe debugger. [IFEO Debugger Deleted]
    * exantivirus-cnet.exe debugger. [IFEO Debugger Deleted]
    * exe.avxw.exe debugger. [IFEO Debugger Deleted]
    * expert.exe debugger. [IFEO Debugger Deleted]
    * explore.exe debugger. [IFEO Debugger Deleted]
    * fact.exe debugger. [IFEO Debugger Deleted]
    * f-agnt95.exe debugger. [IFEO Debugger Deleted]
    * fameh32.exe debugger. [IFEO Debugger Deleted]
    * fast.exe debugger. [IFEO Debugger Deleted]
    * fch32.exe debugger. [IFEO Debugger Deleted]
    * fih32.exe debugger. [IFEO Debugger Deleted]
    * findviru.exe debugger. [IFEO Debugger Deleted]
    * firewall.exe debugger. [IFEO Debugger Deleted]
    * fixcfg.exe debugger. [IFEO Debugger Deleted]
    * fixfp.exe debugger. [IFEO Debugger Deleted]
    * fnrb32.exe debugger. [IFEO Debugger Deleted]
    * fprot.exe debugger. [IFEO Debugger Deleted]
    * f-prot.exe debugger. [IFEO Debugger Deleted]
    * f-prot95.exe debugger. [IFEO Debugger Deleted]
    * fp-win.exe debugger. [IFEO Debugger Deleted]
    * fp-win_trial.exe debugger. [IFEO Debugger Deleted]
    * frmwrk32.exe debugger. [IFEO Debugger Deleted]
    * frw.exe debugger. [IFEO Debugger Deleted]
    * fsaa.exe debugger. [IFEO Debugger Deleted]
    * fsav.exe debugger. [IFEO Debugger Deleted]
    * fsav32.exe debugger. [IFEO Debugger Deleted]
    * fsav530stbyb.exe debugger. [IFEO Debugger Deleted]
    * fsav530wtbyb.exe debugger. [IFEO Debugger Deleted]
    * fsav95.exe debugger. [IFEO Debugger Deleted]
    * fsgk32.exe debugger. [IFEO Debugger Deleted]
    * fsm32.exe debugger. [IFEO Debugger Deleted]
    * fsma32.exe debugger. [IFEO Debugger Deleted]
    * fsmb32.exe debugger. [IFEO Debugger Deleted]
    * f-stopw.exe debugger. [IFEO Debugger Deleted]
    * gator.exe debugger. [IFEO Debugger Deleted]
    * gav.exe debugger. [IFEO Debugger Deleted]
    * gbmenu.exe debugger. [IFEO Debugger Deleted]
    * gbn976rl.exe debugger. [IFEO Debugger Deleted]
    * gbpoll.exe debugger. [IFEO Debugger Deleted]
    * generics.exe debugger. [IFEO Debugger Deleted]
    * gmt.exe debugger. [IFEO Debugger Deleted]
    * guard.exe debugger. [IFEO Debugger Deleted]
    * guarddog.exe debugger. [IFEO Debugger Deleted]
    * guardgui.exe debugger. [IFEO Debugger Deleted]
    * guardxkickoff.exe debugger. [IFEO Debugger Deleted]
    * hacktracersetup.exe debugger. [IFEO Debugger Deleted]
    * hbinst.exe debugger. [IFEO Debugger Deleted]
    * hbsrv.exe debugger. [IFEO Debugger Deleted]
    * History.exe debugger. [IFEO Debugger Deleted]
    * homeav2010.exe debugger. [IFEO Debugger Deleted]
    * hotactio.exe debugger. [IFEO Debugger Deleted]
    * hotpatch.exe debugger. [IFEO Debugger Deleted]
    * htlog.exe debugger. [IFEO Debugger Deleted]
    * htpatch.exe debugger. [IFEO Debugger Deleted]
    * hwpe.exe debugger. [IFEO Debugger Deleted]
    * hxdl.exe debugger. [IFEO Debugger Deleted]
    * hxiul.exe debugger. [IFEO Debugger Deleted]
    * iamapp.exe debugger. [IFEO Debugger Deleted]
    * iamserv.exe debugger. [IFEO Debugger Deleted]
    * iamstats.exe debugger. [IFEO Debugger Deleted]
    * ibmasn.exe debugger. [IFEO Debugger Deleted]
    * ibmavsp.exe debugger. [IFEO Debugger Deleted]
    * icload95.exe debugger. [IFEO Debugger Deleted]
    * icloadnt.exe debugger. [IFEO Debugger Deleted]
    * icmon.exe debugger. [IFEO Debugger Deleted]
    * icsupp95.exe debugger. [IFEO Debugger Deleted]
    * icsuppnt.exe debugger. [IFEO Debugger Deleted]
    * Identity.exe debugger. [IFEO Debugger Deleted]
    * idle.exe debugger. [IFEO Debugger Deleted]
    * iedll.exe debugger. [IFEO Debugger Deleted]
    * iedriver.exe debugger. [IFEO Debugger Deleted]
    * IEShow.exe debugger. [IFEO Debugger Deleted]
    * iface.exe debugger. [IFEO Debugger Deleted]
    * ifw2000.exe debugger. [IFEO Debugger Deleted]
    * inetlnfo.exe debugger. [IFEO Debugger Deleted]
    * infus.exe debugger. [IFEO Debugger Deleted]
    * infwin.exe debugger. [IFEO Debugger Deleted]
    * init.exe debugger. [IFEO Debugger Deleted]
    * init32.exe debugger. [IFEO Debugger Deleted]
    * install[1].exe debugger. [IFEO Debugger Deleted]
    * install[2].exe debugger. [IFEO Debugger Deleted]
    * install[3].exe debugger. [IFEO Debugger Deleted]
    * install[4].exe debugger. [IFEO Debugger Deleted]
    * install[5].exe debugger. [IFEO Debugger Deleted]
    * intdel.exe debugger. [IFEO Debugger Deleted]
    * intren.exe debugger. [IFEO Debugger Deleted]
    * iomon98.exe debugger. [IFEO Debugger Deleted]
    * istsvc.exe debugger. [IFEO Debugger Deleted]
    * jammer.exe debugger. [IFEO Debugger Deleted]
    * jdbgmrg.exe debugger. [IFEO Debugger Deleted]
    * jedi.exe debugger. [IFEO Debugger Deleted]
    * JsRcGen.exe debugger. [IFEO Debugger Deleted]
    * kavlite40eng.exe debugger. [IFEO Debugger Deleted]
    * kavpers40eng.exe debugger. [IFEO Debugger Deleted]
    * kavpf.exe debugger. [IFEO Debugger Deleted]
    * kazza.exe debugger. [IFEO Debugger Deleted]
    * keenvalue.exe debugger. [IFEO Debugger Deleted]
    * kerio-pf-213-en-win.exe debugger. [IFEO Debugger Deleted]
    * kerio-wrl-421-en-win.exe debugger. [IFEO Debugger Deleted]
    * kerio-wrp-421-en-win.exe debugger. [IFEO Debugger Deleted]
    * killprocesssetup161.exe debugger. [IFEO Debugger Deleted]
    * ldnetmon.exe debugger. [IFEO Debugger Deleted]
    * ldpro.exe debugger. [IFEO Debugger Deleted]
    * ldpromenu.exe debugger. [IFEO Debugger Deleted]
    * ldscan.exe debugger. [IFEO Debugger Deleted]
    * licmgr.exe debugger. [IFEO Debugger Deleted]
    * lnetinfo.exe debugger. [IFEO Debugger Deleted]
    * loader.exe debugger. [IFEO Debugger Deleted]
    * localnet.exe debugger. [IFEO Debugger Deleted]
    * lockdown.exe debugger. [IFEO Debugger Deleted]
    * lockdown2000.exe debugger. [IFEO Debugger Deleted]
    * lookout.exe debugger. [IFEO Debugger Deleted]
    * lordpe.exe debugger. [IFEO Debugger Deleted]
    * lsetup.exe debugger. [IFEO Debugger Deleted]
    * luall.exe debugger. [IFEO Debugger Deleted]
    * luau.exe debugger. [IFEO Debugger Deleted]
    * lucomserver.exe debugger. [IFEO Debugger Deleted]
    * luinit.exe debugger. [IFEO Debugger Deleted]
    * luspt.exe debugger. [IFEO Debugger Deleted]
    * MalwareRemoval.exe debugger. [IFEO Debugger Deleted]
    * mapisvc32.exe debugger. [IFEO Debugger Deleted]
    * mbam.exe debugger. [IFEO Debugger Deleted]
    * mbamgui.exe debugger. [IFEO Debugger Deleted]
    * mbamservice.exe debugger. [IFEO Debugger Deleted]
    * mcagent.exe debugger. [IFEO Debugger Deleted]
    * mcmnhdlr.exe debugger. [IFEO Debugger Deleted]
    * mcmpeng.exe debugger. [IFEO Debugger Deleted]
    * mcmscsvc.exe debugger. [IFEO Debugger Deleted]
    * mcnasvc.exe debugger. [IFEO Debugger Deleted]
    * mcproxy.exe debugger. [IFEO Debugger Deleted]
    * McSACore.exe debugger. [IFEO Debugger Deleted]
    * mcshell.exe debugger. [IFEO Debugger Deleted]
    * mcshield.exe debugger. [IFEO Debugger Deleted]
    * mcsysmon.exe debugger. [IFEO Debugger Deleted]
    * mctool.exe debugger. [IFEO Debugger Deleted]
    * mcupdate.exe debugger. [IFEO Debugger Deleted]
    * mcvsrte.exe debugger. [IFEO Debugger Deleted]
    * mcvsshld.exe debugger. [IFEO Debugger Deleted]
    * md.exe debugger. [IFEO Debugger Deleted]
    * mfin32.exe debugger. [IFEO Debugger Deleted]
    * mfw2en.exe debugger. [IFEO Debugger Deleted]
    * mfweng3.02d30.exe debugger. [IFEO Debugger Deleted]
    * mgavrtcl.exe debugger. [IFEO Debugger Deleted]
    * mgavrte.exe debugger. [IFEO Debugger Deleted]
    * mghtml.exe debugger. [IFEO Debugger Deleted]
    * mgui.exe debugger. [IFEO Debugger Deleted]
    * minilog.exe debugger. [IFEO Debugger Deleted]
    * mmod.exe debugger. [IFEO Debugger Deleted]
    * monitor.exe debugger. [IFEO Debugger Deleted]
    * moolive.exe debugger. [IFEO Debugger Deleted]
    * mostat.exe debugger. [IFEO Debugger Deleted]
    * mpfagent.exe debugger. [IFEO Debugger Deleted]
    * mpfservice.exe debugger. [IFEO Debugger Deleted]
    * MPFSrv.exe debugger. [IFEO Debugger Deleted]
    * mpftray.exe debugger. [IFEO Debugger Deleted]
    * mrflux.exe debugger. [IFEO Debugger Deleted]
    * mrt.exe debugger. [IFEO Debugger Deleted]
    * msa.exe debugger. [IFEO Debugger Deleted]
    * msapp.exe debugger. [IFEO Debugger Deleted]
    * MSASCui.exe debugger. [IFEO Debugger Deleted]
    * msbb.exe debugger. [IFEO Debugger Deleted]
    * msblast.exe debugger. [IFEO Debugger Deleted]
    * mscache.exe debugger. [IFEO Debugger Deleted]
    * msccn32.exe debugger. [IFEO Debugger Deleted]
    * mscman.exe debugger. [IFEO Debugger Deleted]
    * msconfig debugger. [IFEO Debugger Deleted]
    * msdm.exe debugger. [IFEO Debugger Deleted]
    * msdos.exe debugger. [IFEO Debugger Deleted]
    * msiexec16.exe debugger. [IFEO Debugger Deleted]
    * mslaugh.exe debugger. [IFEO Debugger Deleted]
    * msmgt.exe debugger. [IFEO Debugger Deleted]
    * msmsgri32.exe debugger. [IFEO Debugger Deleted]
    * msseces.exe debugger. [IFEO Debugger Deleted]
    * mssmmc32.exe debugger. [IFEO Debugger Deleted]
    * mssys.exe debugger. [IFEO Debugger Deleted]
    * msvxd.exe debugger. [IFEO Debugger Deleted]
    * mu0311ad.exe debugger. [IFEO Debugger Deleted]
    * mwatch.exe debugger. [IFEO Debugger Deleted]
    * n32scanw.exe debugger. [IFEO Debugger Deleted]
    * nav.exe debugger. [IFEO Debugger Deleted]
    * navap.navapsvc.exe debugger. [IFEO Debugger Deleted]
    * navapsvc.exe debugger. [IFEO Debugger Deleted]
    * navapw32.exe debugger. [IFEO Debugger Deleted]
    * navdx.exe debugger. [IFEO Debugger Deleted]
    * navlu32.exe debugger. [IFEO Debugger Deleted]
    * navnt.exe debugger. [IFEO Debugger Deleted]
    * navstub.exe debugger. [IFEO Debugger Deleted]
    * navw32.exe debugger. [IFEO Debugger Deleted]
    * navwnt.exe debugger. [IFEO Debugger Deleted]
    * nc2000.exe debugger. [IFEO Debugger Deleted]
    * ncinst4.exe debugger. [IFEO Debugger Deleted]
    * ndd32.exe debugger. [IFEO Debugger Deleted]
    * neomonitor.exe debugger. [IFEO Debugger Deleted]
    * neowatchlog.exe debugger. [IFEO Debugger Deleted]
    * netarmor.exe debugger. [IFEO Debugger Deleted]
    * netd32.exe debugger. [IFEO Debugger Deleted]
    * netinfo.exe debugger. [IFEO Debugger Deleted]
    * netmon.exe debugger. [IFEO Debugger Deleted]
    * netscanpro.exe debugger. [IFEO Debugger Deleted]
    * netspyhunter-1.2.exe debugger. [IFEO Debugger Deleted]
    * netutils.exe debugger. [IFEO Debugger Deleted]
    * nisserv.exe debugger. [IFEO Debugger Deleted]
    * nisum.exe debugger. [IFEO Debugger Deleted]
    * nmain.exe debugger. [IFEO Debugger Deleted]
    * nod32.exe debugger. [IFEO Debugger Deleted]
    * normist.exe debugger. [IFEO Debugger Deleted]
    * norton_internet_secu_3.0_407.exe debugger. [IFEO Debugger Deleted]
    * notstart.exe debugger. [IFEO Debugger Deleted]
    * npf40_tw_98_nt_me_2k.exe debugger. [IFEO Debugger Deleted]
    * npfmessenger.exe debugger. [IFEO Debugger Deleted]
    * nprotect.exe debugger. [IFEO Debugger Deleted]
    * npscheck.exe debugger. [IFEO Debugger Deleted]
    * npssvc.exe debugger. [IFEO Debugger Deleted]
    * nsched32.exe debugger. [IFEO Debugger Deleted]
    * nssys32.exe debugger. [IFEO Debugger Deleted]
    * nstask32.exe debugger. [IFEO Debugger Deleted]
    * nsupdate.exe debugger. [IFEO Debugger Deleted]
    * nt.exe debugger. [IFEO Debugger Deleted]
    * ntrtscan.exe debugger. [IFEO Debugger Deleted]
    * ntvdm.exe debugger. [IFEO Debugger Deleted]
    * ntxconfig.exe debugger. [IFEO Debugger Deleted]
    * nui.exe debugger. [IFEO Debugger Deleted]
    * nupgrade.exe debugger. [IFEO Debugger Deleted]
    * nvarch16.exe debugger. [IFEO Debugger Deleted]
    * nvc95.exe debugger. [IFEO Debugger Deleted]
    * nvsvc32.exe debugger. [IFEO Debugger Deleted]
    * nwinst4.exe debugger. [IFEO Debugger Deleted]
    * nwservice.exe debugger. [IFEO Debugger Deleted]
    * nwtool16.exe debugger. [IFEO Debugger Deleted]
    * OAcat.exe debugger. [IFEO Debugger Deleted]
    * OAhlp.exe debugger. [IFEO Debugger Deleted]
    * OAReg.exe debugger. [IFEO Debugger Deleted]
    * oasrv.exe debugger. [IFEO Debugger Deleted]
    * oaui.exe debugger. [IFEO Debugger Deleted]
    * oaview.exe debugger. [IFEO Debugger Deleted]
    * ODSW.exe debugger. [IFEO Debugger Deleted]
    * ollydbg.exe debugger. [IFEO Debugger Deleted]
    * onsrvr.exe debugger. [IFEO Debugger Deleted]
    * optimize.exe debugger. [IFEO Debugger Deleted]
    * ostronet.exe debugger. [IFEO Debugger Deleted]
    * otfix.exe debugger. [IFEO Debugger Deleted]
    * outpost.exe debugger. [IFEO Debugger Deleted]
    * outpostinstall.exe debugger. [IFEO Debugger Deleted]
    * outpostproinstall.exe debugger. [IFEO Debugger Deleted]
    * ozn695m5.exe debugger. [IFEO Debugger Deleted]
    * padmin.exe debugger. [IFEO Debugger Deleted]
    * panixk.exe debugger. [IFEO Debugger Deleted]
    * patch.exe debugger. [IFEO Debugger Deleted]
    * pav.exe debugger. [IFEO Debugger Deleted]
    * pavcl.exe debugger. [IFEO Debugger Deleted]
    * PavFnSvr.exe debugger. [IFEO Debugger Deleted]
    * pavproxy.exe debugger. [IFEO Debugger Deleted]
    * pavprsrv.exe debugger. [IFEO Debugger Deleted]
    * pavsched.exe debugger. [IFEO Debugger Deleted]
    * pavsrv51.exe debugger. [IFEO Debugger Deleted]
    * pavw.exe debugger. [IFEO Debugger Deleted]
    * pc.exe debugger. [IFEO Debugger Deleted]
    * PC_Antispyware2010.exe debugger. [IFEO Debugger Deleted]
    * pccwin98.exe debugger. [IFEO Debugger Deleted]
    * pcfwallicon.exe debugger. [IFEO Debugger Deleted]
    * pcip10117_0.exe debugger. [IFEO Debugger Deleted]
    * pcscan.exe debugger. [IFEO Debugger Deleted]
    * pctsAuxs.exe debugger. [IFEO Debugger Deleted]
    * pctsGui.exe debugger. [IFEO Debugger Deleted]
    * pctsSvc.exe debugger. [IFEO Debugger Deleted]
    * pctsTray.exe debugger. [IFEO Debugger Deleted]
    * pdfndr.exe debugger. [IFEO Debugger Deleted]
    * pdsetup.exe debugger. [IFEO Debugger Deleted]
    * PerAvir.exe debugger. [IFEO Debugger Deleted]
    * periscope.exe debugger. [IFEO Debugger Deleted]
    * persfw.exe debugger. [IFEO Debugger Deleted]
    * personalguard debugger. [IFEO Debugger Deleted]
    * personalguard.exe debugger. [IFEO Debugger Deleted]
    * perswf.exe debugger. [IFEO Debugger Deleted]
    * pf2.exe debugger. [IFEO Debugger Deleted]
    * pfwadmin.exe debugger. [IFEO Debugger Deleted]
    * pgmonitr.exe debugger. [IFEO Debugger Deleted]
    * pingscan.exe debugger. [IFEO Debugger Deleted]
    * platin.exe debugger. [IFEO Debugger Deleted]
    * pop3trap.exe debugger. [IFEO Debugger Deleted]
    * poproxy.exe debugger. [IFEO Debugger Deleted]
    * popscan.exe debugger. [IFEO Debugger Deleted]
    * portdetective.exe debugger. [IFEO Debugger Deleted]
    * portmonitor.exe debugger. [IFEO Debugger Deleted]
    * powerscan.exe debugger. [IFEO Debugger Deleted]
    * ppinupdt.exe debugger. [IFEO Debugger Deleted]
    * pptbc.exe debugger. [IFEO Debugger Deleted]
    * ppvstop.exe debugger. [IFEO Debugger Deleted]
    * prizesurfer.exe debugger. [IFEO Debugger Deleted]
    * prmt.exe debugger. [IFEO Debugger Deleted]
    * prmvr.exe debugger. [IFEO Debugger Deleted]
    * procdump.exe debugger. [IFEO Debugger Deleted]
    * processmonitor.exe debugger. [IFEO Debugger Deleted]
    * procexplorerv1.0.exe debugger. [IFEO Debugger Deleted]
    * programauditor.exe debugger. [IFEO Debugger Deleted]
    * proport.exe debugger. [IFEO Debugger Deleted]
    * protector.exe debugger. [IFEO Debugger Deleted]
    * protectx.exe debugger. [IFEO Debugger Deleted]
    * PSANCU.exe debugger. [IFEO Debugger Deleted]
    * PSANHost.exe debugger. [IFEO Debugger Deleted]
    * PSANToManager.exe debugger. [IFEO Debugger Deleted]
    * PsCtrls.exe debugger. [IFEO Debugger Deleted]
    * PsImSvc.exe debugger. [IFEO Debugger Deleted]
    * PskSvc.exe debugger. [IFEO Debugger Deleted]
    * pspf.exe debugger. [IFEO Debugger Deleted]
    * PSUNMain.exe debugger. [IFEO Debugger Deleted]
    * purge.exe debugger. [IFEO Debugger Deleted]
    * qconsole.exe debugger. [IFEO Debugger Deleted]
    * qh.exe debugger. [IFEO Debugger Deleted]
    * qserver.exe debugger. [IFEO Debugger Deleted]
    * Quick Heal.exe debugger. [IFEO Debugger Deleted]
    * QuickHealCleaner.exe debugger. [IFEO Debugger Deleted]
    * rapapp.exe debugger. [IFEO Debugger Deleted]
    * rav7.exe debugger. [IFEO Debugger Deleted]
    * rav7win.exe debugger. [IFEO Debugger Deleted]
    * rav8win32eng.exe debugger. [IFEO Debugger Deleted]
    * ray.exe debugger. [IFEO Debugger Deleted]
    * rb32.exe debugger. [IFEO Debugger Deleted]
    * rcsync.exe debugger. [IFEO Debugger Deleted]
    * realmon.exe debugger. [IFEO Debugger Deleted]
    * reged.exe debugger. [IFEO Debugger Deleted]
    * regedt32.exe debugger. [IFEO Debugger Deleted]
    * rescue.exe debugger. [IFEO Debugger Deleted]
    * rescue32.exe debugger. [IFEO Debugger Deleted]
    * rrguard.exe debugger. [IFEO Debugger Deleted]
    * rscdwld.exe debugger. [IFEO Debugger Deleted]
    * rshell.exe debugger. [IFEO Debugger Deleted]
    * rtvscan.exe debugger. [IFEO Debugger Deleted]
    * rtvscn95.exe debugger. [IFEO Debugger Deleted]
    * rulaunch.exe debugger. [IFEO Debugger Deleted]
    * rwg debugger. [IFEO Debugger Deleted]
    * rwg.exe debugger. [IFEO Debugger Deleted]
    * SafetyKeeper.exe debugger. [IFEO Debugger Deleted]
    * safeweb.exe debugger. [IFEO Debugger Deleted]
    * sahagent.exe debugger. [IFEO Debugger Deleted]
    * Save.exe debugger. [IFEO Debugger Deleted]
    * SaveArmor.exe debugger. [IFEO Debugger Deleted]
    * SaveDefense.exe debugger. [IFEO Debugger Deleted]
    * SaveKeep.exe debugger. [IFEO Debugger Deleted]
    * savenow.exe debugger. [IFEO Debugger Deleted]
    * sbserv.exe debugger. [IFEO Debugger Deleted]
    * sc.exe debugger. [IFEO Debugger Deleted]
    * scam32.exe debugger. [IFEO Debugger Deleted]
    * scan32.exe debugger. [IFEO Debugger Deleted]
    * scan95.exe debugger. [IFEO Debugger Deleted]
    * scanpm.exe debugger. [IFEO Debugger Deleted]
    * scrscan.exe debugger. [IFEO Debugger Deleted]
    * Secure Veteran.exe debugger. [IFEO Debugger Deleted]
    * secureveteran.exe debugger. [IFEO Debugger Deleted]
    * Security Center.exe debugger. [IFEO Debugger Deleted]
    * SecurityFighter.exe debugger. [IFEO Debugger Deleted]
    * securitysoldier.exe debugger. [IFEO Debugger Deleted]
    * serv95.exe debugger. [IFEO Debugger Deleted]
    * setloadorder.exe debugger. [IFEO Debugger Deleted]
    * setup_flowprotector_us.exe debugger. [IFEO Debugger Deleted]
    * setupvameeval.exe debugger. [IFEO Debugger Deleted]
    * sgssfw32.exe debugger. [IFEO Debugger Deleted]
    * sh.exe debugger. [IFEO Debugger Deleted]
    * shellspyinstall.exe debugger. [IFEO Debugger Deleted]
    * shield.exe debugger. [IFEO Debugger Deleted]
    * shn.exe debugger. [IFEO Debugger Deleted]
    * showbehind.exe debugger. [IFEO Debugger Deleted]
    * signcheck.exe debugger. [IFEO Debugger Deleted]
    * smart.exe debugger. [IFEO Debugger Deleted]
    * smartprotector.exe debugger. [IFEO Debugger Deleted]
    * smc.exe debugger. [IFEO Debugger Deleted]
    * smrtdefp.exe debugger. [IFEO Debugger Deleted]
    * sms.exe debugger. [IFEO Debugger Deleted]
    * smss32.exe debugger. [IFEO Debugger Deleted]
    * snetcfg.exe debugger. [IFEO Debugger Deleted]
    * soap.exe debugger. [IFEO Debugger Deleted]
    * sofi.exe debugger. [IFEO Debugger Deleted]
    * SoftSafeness.exe debugger. [IFEO Debugger Deleted]
    * sperm.exe debugger. [IFEO Debugger Deleted]
    * spf.exe debugger. [IFEO Debugger Deleted]
    * sphinx.exe debugger. [IFEO Debugger Deleted]
    * spoler.exe debugger. [IFEO Debugger Deleted]
    * spoolcv.exe debugger. [IFEO Debugger Deleted]
    * spoolsv32.exe debugger. [IFEO Debugger Deleted]
    * spywarexpguard.exe debugger. [IFEO Debugger Deleted]
    * spyxx.exe debugger. [IFEO Debugger Deleted]
    * srexe.exe debugger. [IFEO Debugger Deleted]
    * srng.exe debugger. [IFEO Debugger Deleted]
    * ss3edit.exe debugger. [IFEO Debugger Deleted]
    * ssg_4104.exe debugger. [IFEO Debugger Deleted]
    * ssgrate.exe debugger. [IFEO Debugger Deleted]
    * st2.exe debugger. [IFEO Debugger Deleted]
    * start.exe debugger. [IFEO Debugger Deleted]
    * stcloader.exe debugger. [IFEO Debugger Deleted]
    * supftrl.exe debugger. [IFEO Debugger Deleted]
    * support.exe debugger. [IFEO Debugger Deleted]
    * supporter5.exe debugger. [IFEO Debugger Deleted]
    * svc.exe debugger. [IFEO Debugger Deleted]
    * svchostc.exe debugger. [IFEO Debugger Deleted]
    * svchosts.exe debugger. [IFEO Debugger Deleted]
    * svshost.exe debugger. [IFEO Debugger Deleted]
    * sweep95.exe debugger. [IFEO Debugger Deleted]
    * sweepnet.sweepsrv.sys.swnetsup.exe debugger. [IFEO Debugger Deleted]
    * symlcsvc.exe debugger. [IFEO Debugger Deleted]
    * symproxysvc.exe debugger. [IFEO Debugger Deleted]
    * symtray.exe debugger. [IFEO Debugger Deleted]
    * system.exe debugger. [IFEO Debugger Deleted]
    * system32.exe debugger. [IFEO Debugger Deleted]
    * sysupd.exe debugger. [IFEO Debugger Deleted]
    * tapinstall.exe debugger. [IFEO Debugger Deleted]
    * taumon.exe debugger. [IFEO Debugger Deleted]
    * tbscan.exe debugger. [IFEO Debugger Deleted]
    * tc.exe debugger. [IFEO Debugger Deleted]
    * tca.exe debugger. [IFEO Debugger Deleted]
    * tcm.exe debugger. [IFEO Debugger Deleted]
    * tds2-98.exe debugger. [IFEO Debugger Deleted]
    * tds2-nt.exe debugger. [IFEO Debugger Deleted]
    * tds-3.exe debugger. [IFEO Debugger Deleted]
    * teekids.exe debugger. [IFEO Debugger Deleted]
    * tfak.exe debugger. [IFEO Debugger Deleted]
    * tfak5.exe debugger. [IFEO Debugger Deleted]
    * tgbob.exe debugger. [IFEO Debugger Deleted]
    * titanin.exe debugger. [IFEO Debugger Deleted]
    * titaninxp.exe debugger. [IFEO Debugger Deleted]
    * TPSrv.exe debugger. [IFEO Debugger Deleted]
    * trickler.exe debugger. [IFEO Debugger Deleted]
    * trjscan.exe debugger. [IFEO Debugger Deleted]
    * trjsetup.exe debugger. [IFEO Debugger Deleted]
    * trojantrap3.exe debugger. [IFEO Debugger Deleted]
    * TrustWarrior.exe debugger. [IFEO Debugger Deleted]
    * tsadbot.exe debugger. [IFEO Debugger Deleted]
    * tsc.exe debugger. [IFEO Debugger Deleted]
    * tvmd.exe debugger. [IFEO Debugger Deleted]
    * tvtmd.exe debugger. [IFEO Debugger Deleted]
    * undoboot.exe debugger. [IFEO Debugger Deleted]
    * updat.exe debugger. [IFEO Debugger Deleted]
    * upgrad.exe debugger. [IFEO Debugger Deleted]
    * utpost.exe debugger. [IFEO Debugger Deleted]
    * vbcmserv.exe debugger. [IFEO Debugger Deleted]
    * vbcons.exe debugger. [IFEO Debugger Deleted]
    * vbust.exe debugger. [IFEO Debugger Deleted]
    * vbwin9x.exe debugger. [IFEO Debugger Deleted]
    * vbwinntw.exe debugger. [IFEO Debugger Deleted]
    * vcsetup.exe debugger. [IFEO Debugger Deleted]
    * vet32.exe debugger. [IFEO Debugger Deleted]
    * vet95.exe debugger. [IFEO Debugger Deleted]
    * vettray.exe debugger. [IFEO Debugger Deleted]
    * vfsetup.exe debugger. [IFEO Debugger Deleted]
    * vir-help.exe debugger. [IFEO Debugger Deleted]
    * virusmdpersonalfirewall.exe debugger. [IFEO Debugger Deleted]
    * virusutilities.exe debugger. [IFEO Debugger Deleted]
    * VisthAux.exe debugger. [IFEO Debugger Deleted]
    * VisthLic.exe debugger. [IFEO Debugger Deleted]
    * VisthUpd.exe debugger. [IFEO Debugger Deleted]
    * vnlan300.exe debugger. [IFEO Debugger Deleted]
    * vnpc3000.exe debugger. [IFEO Debugger Deleted]
    * vpc32.exe debugger. [IFEO Debugger Deleted]
    * vpc42.exe debugger. [IFEO Debugger Deleted]
    * vpfw30s.exe debugger. [IFEO Debugger Deleted]
    * vptray.exe debugger. [IFEO Debugger Deleted]
    * vscan40.exe debugger. [IFEO Debugger Deleted]
    * vscenu6.02d30.exe debugger. [IFEO Debugger Deleted]
    * vsched.exe debugger. [IFEO Debugger Deleted]
    * vsecomr.exe debugger. [IFEO Debugger Deleted]
    * vshwin32.exe debugger. [IFEO Debugger Deleted]
    * vsisetup.exe debugger. [IFEO Debugger Deleted]
    * vsmain.exe debugger. [IFEO Debugger Deleted]
    * vsmon.exe debugger. [IFEO Debugger Deleted]
    * vsstat.exe debugger. [IFEO Debugger Deleted]
    * vswin9xe.exe debugger. [IFEO Debugger Deleted]
    * vswinntse.exe debugger. [IFEO Debugger Deleted]
    * vswinperse.exe debugger. [IFEO Debugger Deleted]
    * w32dsm89.exe debugger. [IFEO Debugger Deleted]
    * W3asbas.exe debugger. [IFEO Debugger Deleted]
    * w9x.exe debugger. [IFEO Debugger Deleted]
    * watchdog.exe debugger. [IFEO Debugger Deleted]
    * webdav.exe debugger. [IFEO Debugger Deleted]
    * WebProxy.exe debugger. [IFEO Debugger Deleted]
    * webscanx.exe debugger. [IFEO Debugger Deleted]
    * webtrap.exe debugger. [IFEO Debugger Deleted]
    * wfindv32.exe debugger. [IFEO Debugger Deleted]
    * whoswatchingme.exe debugger. [IFEO Debugger Deleted]
    * wimmun32.exe debugger. [IFEO Debugger Deleted]
    * win32.exe debugger. [IFEO Debugger Deleted]
    * win32us.exe debugger. [IFEO Debugger Deleted]
    * winactive.exe debugger. [IFEO Debugger Deleted]
    * winav.exe debugger. [IFEO Debugger Deleted]
    * win-bugsfix.exe debugger. [IFEO Debugger Deleted]
    * windll32.exe debugger. [IFEO Debugger Deleted]
    * window.exe debugger. [IFEO Debugger Deleted]
    * windows Police Pro.exe debugger. [IFEO Debugger Deleted]
    * windows.exe debugger. [IFEO Debugger Deleted]
    * wininetd.exe debugger. [IFEO Debugger Deleted]
    * wininitx.exe debugger. [IFEO Debugger Deleted]
    * winlogin.exe debugger. [IFEO Debugger Deleted]
    * winmain.exe debugger. [IFEO Debugger Deleted]
    * winppr32.exe debugger. [IFEO Debugger Deleted]
    * winrecon.exe debugger. [IFEO Debugger Deleted]
    * winservn.exe debugger. [IFEO Debugger Deleted]
    * winssk32.exe debugger. [IFEO Debugger Deleted]
    * winstart.exe debugger. [IFEO Debugger Deleted]
    * winstart001.exe debugger. [IFEO Debugger Deleted]
    * wintsk32.exe debugger. [IFEO Debugger Deleted]
    * winupdate.exe debugger. [IFEO Debugger Deleted]
    * wkufind.exe debugger. [IFEO Debugger Deleted]
    * wnad.exe debugger. [IFEO Debugger Deleted]
    * wnt.exe debugger. [IFEO Debugger Deleted]
    * wradmin.exe debugger. [IFEO Debugger Deleted]
    * wrctrl.exe debugger. [IFEO Debugger Deleted]
    * wsbgate.exe debugger. [IFEO Debugger Deleted]
    * wscfxas.exe debugger. [IFEO Debugger Deleted]
    * wscfxav.exe debugger. [IFEO Debugger Deleted]
    * wscfxfw.exe debugger. [IFEO Debugger Deleted]
    * wsctool.exe debugger. [IFEO Debugger Deleted]
    * wupdater.exe debugger. [IFEO Debugger Deleted]
    * wupdt.exe debugger. [IFEO Debugger Deleted]
    * wyvernworksfirewall.exe debugger. [IFEO Debugger Deleted]
    * xp_antispyware.exe debugger. [IFEO Debugger Deleted]
    * xpdeluxe.exe debugger. [IFEO Debugger Deleted]
    * xpf202en.exe debugger. [IFEO Debugger Deleted]
    * zapro.exe debugger. [IFEO Debugger Deleted]
    * zapsetup3001.exe debugger. [IFEO Debugger Deleted]
    * zatutor.exe debugger. [IFEO Debugger Deleted]
    * zonalm2601.exe debugger. [IFEO Debugger Deleted]
    * zonealarm.exe debugger. [IFEO Debugger Deleted]
    Backup Registry file created at:
    C:\Users\beau \Desktop\rkill\rkill-01-02-2013-06-45-10.reg
    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
    Performing miscellaneous checks:
    * Windows Defender Disabled
    [HKLM\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware" = dword:00000001
    Checking Windows Service Integrity:
    * Windows Defender (WinDefend) is not Running.
    Startup Type set to: Disabled
    Searching for Missing Digital Signatures:
    * No issues found.
    Checking HOSTS File:
    * No issues found.
    Program finished at: 01/02/2013 06:45:22 PM
    Execution time: 0 hours(s), 0 minute(s), and 20 seconds(s)
     
  10. Enegue

    Enegue Thread Starter

    Joined:
    Dec 31, 2012
    Messages:
    14
    Mark,
    Strange??????
    After running the scans I can now open McAfee!
    I've done nothing and will do nothing untill I hear from you.
    McAfee is requesting I update it's files.
    Gene
     
  11. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    Not strange, that was expected. If you look at the list of what Rkill deleted you may recognize some of the names as Anti Virus programs. The infection created those entries to block as many security programs from running as it possibly could, that is why RKill was required. As long as you do not reboot, those entries will remain deleted.

    If you have rebooted the system please run Rkill again, no need to post the log, then run Mbar again, as follows, and post both the logs:

    I am in Spain which is GMT+1.


    1. Download Malwarebytes Anti-Rootkit from this link Mbar
    2. Unzip the File to a convenient location. (Recommend the Desktop)
    3. Open the folder where the contents were unzipped to run mbar.exe

    [​IMG]

    4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

    [​IMG]

    5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

    6. The following image opens, select Next.

    [​IMG]

    7. The following image opens, select Update

    [​IMG]

    8. When the update completes select Next.

    [​IMG]

    9. In the following window ensure "Targets" are ticked. Then select "Scan"

    [​IMG]

    10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

    [​IMG]

    11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.
    12. If no threats were found you will see the following image, Select Exit:

    [​IMG]

    13. Verify that your system is now running normally, making sure that the following items are functional:

    • Internet access
    • Windows Update
    • Windows Firewall

    14. If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

    [​IMG]

    15. The following Window will open, Select "Y" from your Keyboard, tap Enter.

    [​IMG]

    16. The fix will be applied, select any key to Exit.

    [​IMG]

    15. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

    System - log
    Mbar - log Date and time of scan will also be shown

    [​IMG]
     
  12. Enegue

    Enegue Thread Starter

    Joined:
    Dec 31, 2012
    Messages:
    14
    Looks like all is well.Was able to update McAfee and their firewall seems be in place,not Windows firewall.
    Mbar reported no more problems.
    Logs are herewith. I leave it to your judgement IF we are done. If so please mark this as completed and put a BIG red feather in your hat! ( Or whatever color you like.)
    Thanks so much for your help!

    Malwarebytes Anti-Rootkit 1.01.0.1011
    www.malwarebytes.org
    Database version: v2013.01.03.07
    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    beau :: BEAU-PC [administrator]
    1/3/2013 5:15:20 PM
    mbar-log-2013-01-03 (17-15-20).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 28286
    Time elapsed: 16 minute(s), 14 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1011
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x86
    Account is Administrative
    Internet Explorer version: 9.0.8112.16421
    Java version: 1.6.0_14
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.094000 GHz
    Memory total: 3082801152, free: 2047860736
    ------------ Kernel report ------------
    01/02/2013 18:48:26
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntkrnlpa.exe
    \SystemRoot\system32\halmacpi.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\drivers\mfehidk.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\mfewfpk.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
    \SystemRoot\system32\DRIVERS\tos_sps32.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\system32\drivers\McPvDrv.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\TVALZFL.sys
    \SystemRoot\system32\DRIVERS\FwLnk.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\igdkmd32.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\drivers\usbuhci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\Rt86win7.sys
    \SystemRoot\system32\DRIVERS\rtl8192se.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\drivers\i8042prt.sys
    \SystemRoot\system32\drivers\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\tdcmdpst.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\System32\Drivers\RootMdm.sys
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\RimSerial.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\drivers\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHDA.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\mfeavfk.sys
    \SystemRoot\system32\drivers\mfefirek.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\point32.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\pgeffect.sys
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\drivers\cfwids.sys
    \??\C:\windows\system32\drivers\mbamchameleon.sys
    \??\C:\windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\gdi32.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\ole32.dll
    \Windows\System32\imm32.dll
    \Windows\System32\wininet.dll
    \Windows\System32\user32.dll
    \Windows\System32\lpk.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\sechost.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\usp10.dll
    \Windows\System32\shell32.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\nsi.dll
    \Windows\System32\msctf.dll
    \Windows\System32\psapi.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\devobj.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\msasn1.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff8701c030
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xffffffff861e8028
    Lower Device Driver Name: \Driver\iaStor\
    Driver name found: iaStor
    DriverEntry returned 0x0
    Function returned 0x0
    Downloaded database version: v2013.01.02.10
    Downloaded database version: v2012.12.27.02
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff8701c030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8701cd10, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff8701c030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff861e8028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Upper DeviceData: 0xffffffffc1572b70, 0xffffffff8701c030, 0xffffffff8a248530
    Lower DeviceData: 0xffffffffc19911d8, 0xffffffff861e8028, 0xffffffff8a1e63f8
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\windows\system32\drivers...
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 1902C2AF
    Partition information:
    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 3072000
    Partition file system is NTFS
    Partition is bootable
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048 Numsec = 605280256
    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 608354304 Numsec = 16787456
    Partition is not bootable
    Hidden partition VBR is not infected.
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 320072933376 bytes
    Sector size: 512 bytes
    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
    Done!
    Performing system, memory and registry scan...
    Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} --> [PUP.MyWebSearch]
    Infected: HKCU\SOFTWARE\avsoft --> [Trojan.Fraudpack]
    Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegedit --> [Hijack.Regedit]
    Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|xoxuxkub --> [Trojan.FakeAlert.Gen]
    Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wokkkjsp --> [Trojan.FakeAlert.Gen]
    Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ifnndpev --> [Trojan.FakeAlert.Gen]
    Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|anrspkym --> [Trojan.FakeAlert.Gen]
    Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|yndhbfyr --> [Trojan.FakeAlert.Gen]
    Done!
    Scan finished
    =======================================

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1011
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x86
    Account is Administrative
    Internet Explorer version: 9.0.8112.16421
    Java version: 1.6.0_14
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.094000 GHz
    Memory total: 3082801152, free: 2282098688
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1011
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x86
    Account is Administrative
    Internet Explorer version: 9.0.8112.16421
    Java version: 1.6.0_14
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.094000 GHz
    Memory total: 3082801152, free: 2329694208
    ------------ Kernel report ------------
    01/03/2013 12:58:22
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntkrnlpa.exe
    \SystemRoot\system32\halmacpi.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\drivers\mfehidk.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\mfewfpk.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
    \SystemRoot\system32\DRIVERS\tos_sps32.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\system32\drivers\McPvDrv.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\TVALZFL.sys
    \SystemRoot\system32\DRIVERS\FwLnk.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\igdkmd32.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\drivers\usbuhci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\Rt86win7.sys
    \SystemRoot\system32\DRIVERS\rtl8192se.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\drivers\i8042prt.sys
    \SystemRoot\system32\drivers\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\tdcmdpst.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\System32\Drivers\RootMdm.sys
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\RimSerial.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\drivers\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHDA.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\mfeavfk.sys
    \SystemRoot\system32\drivers\mfefirek.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\usbccgp.sys
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\pgeffect.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\point32.sys
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\drivers\mfeapfk.sys
    \SystemRoot\system32\drivers\mfebopk.sys
    \SystemRoot\system32\drivers\cfwids.sys
    \??\C:\windows\system32\drivers\mbamchameleon.sys
    \??\C:\windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\urlmon.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\nsi.dll
    \Windows\System32\msctf.dll
    \Windows\System32\usp10.dll
    \Windows\System32\ole32.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\shell32.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\sechost.dll
    \Windows\System32\user32.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\imm32.dll
    \Windows\System32\wininet.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\psapi.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\lpk.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\devobj.dll
    \Windows\System32\msasn1.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff8701c030
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xffffffff861e8028
    Lower Device Driver Name: \Driver\iaStor\
    Driver name found: iaStor
    DriverEntry returned 0x0
    Function returned 0x0
    Downloaded database version: v2013.01.03.01
    Downloaded database version: v2013.01.03.02
    Downloaded database version: v2013.01.03.03
    Downloaded database version: v2013.01.03.04
    Downloaded database version: v2013.01.03.05
    Downloaded database version: v2013.01.03.06
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff8701c030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff8701d830, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff8701c030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff861e8028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Upper DeviceData: 0xffffffffb5c72e00, 0xffffffff8701c030, 0xffffffff85deb808
    Lower DeviceData: 0xffffffffbb24d630, 0xffffffff861e8028, 0xffffffff85e485f0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\windows\system32\drivers...
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 1902C2AF
    Partition information:
    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 3072000
    Partition file system is NTFS
    Partition is bootable
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048 Numsec = 605280256
    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 608354304 Numsec = 16787456
    Partition is not bootable
    Hidden partition VBR is not infected.
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 320072933376 bytes
    Sector size: 512 bytes
    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
    Done!
    Performing system, memory and registry scan...
    Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} --> [PUP.MyWebSearch]
    Infected: HKCU\SOFTWARE\avsoft --> [Trojan.Fraudpack]
    Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegedit --> [Hijack.Regedit]
    Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|xoxuxkub --> [Trojan.FakeAlert.Gen]
    Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|wokkkjsp --> [Trojan.FakeAlert.Gen]
    Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ifnndpev --> [Trojan.FakeAlert.Gen]
    Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|anrspkym --> [Trojan.FakeAlert.Gen]
    Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|yndhbfyr --> [Trojan.FakeAlert.Gen]
    Done!
    Scan finished
    Creating System Restore point...
    Scheduling clean up...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1011
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x86
    Account is Administrative
    Internet Explorer version: 9.0.8112.16421
    Java version: 1.6.0_14
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.094000 GHz
    Memory total: 3082801152, free: 2349395968
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1011
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x86
    Account is Administrative
    Internet Explorer version: 9.0.8112.16421
    Java version: 1.6.0_14
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.094000 GHz
    Memory total: 3082801152, free: 2130354176
    ------------ Kernel report ------------
    01/03/2013 16:58:44
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntkrnlpa.exe
    \SystemRoot\system32\halmacpi.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\drivers\mfehidk.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\mfewfpk.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
    \SystemRoot\system32\DRIVERS\tos_sps32.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\system32\drivers\McPvDrv.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\TVALZFL.sys
    \SystemRoot\system32\DRIVERS\FwLnk.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\igdkmd32.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\drivers\usbuhci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\Rt86win7.sys
    \SystemRoot\system32\DRIVERS\rtl8192se.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\drivers\i8042prt.sys
    \SystemRoot\system32\drivers\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\tdcmdpst.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\System32\Drivers\RootMdm.sys
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\RimSerial.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\drivers\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHDA.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\mfeavfk.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\drivers\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\pgeffect.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\point32.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \Device\mfehidk01.sys
    \Device\mfeavfk01.sys
    \SystemRoot\system32\drivers\mfeapfk.sys
    \SystemRoot\system32\drivers\mfefirek.sys
    \SystemRoot\system32\drivers\cfwids.sys
    \??\C:\windows\system32\drivers\mbamchameleon.sys
    \??\C:\windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\ws2_32.dll
    \Windows\System32\usp10.dll
    \Windows\System32\lpk.dll
    \Windows\System32\imm32.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\user32.dll
    \Windows\System32\shell32.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\ole32.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\psapi.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\nsi.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\msctf.dll
    \Windows\System32\wininet.dll
    \Windows\System32\sechost.dll
    \Windows\System32\devobj.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\msasn1.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff87020030
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xffffffff861c6028
    Lower Device Driver Name: \Driver\iaStor\
    Driver name found: iaStor
    DriverEntry returned 0x0
    Function returned 0x0
    Downloaded database version: v2013.01.03.07
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff87020030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff87020d10, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff87020030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff861c6028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Upper DeviceData: 0xffffffffb9b04440, 0xffffffff87020030, 0xffffffff87418ac8
    Lower DeviceData: 0xffffffffbff46278, 0xffffffff861c6028, 0xffffffff86230048
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\windows\system32\drivers...
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 1902C2AF
    Partition information:
    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 3072000
    Partition file system is NTFS
    Partition is bootable
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048 Numsec = 605280256
    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 608354304 Numsec = 16787456
    Partition is not bootable
    Hidden partition VBR is not infected.
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 320072933376 bytes
    Sector size: 512 bytes
    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
    Done!
    Performing system, memory and registry scan...
    Done!
    Scan finished
    =======================================

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1011
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x86
    Account is Administrative
    Internet Explorer version: 9.0.8112.16421
    Java version: 1.6.0_14
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.094000 GHz
    Memory total: 3082801152, free: 2526093312
     
  13. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    It's looking good, but we still have Java to deal with and your use of more than one Anti Virus, but first I'd like you to do one more scan that will do some cleaning up.

    Please follow that with the quick scan at the bottom of this post and post the result into your next reply with the Combofix log.

    STEP 1
    NOTE: If you have already used Combofix please delete the icon from your desktop.

    • Please download DeFogger and save it to your desktop.
    • Once downloaded, double-click on the DeFogger icon to start the tool.
    • The application window will appear.
    • You should now click on the Disable button to disable your CD Emulation drivers.
    • When it prompts you whether or not you want to continue, please click on the Yes button to continue.
    • When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
    • If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.



    STEP 2
    Please download ComboFix [​IMG] from one of the locations below and save it to your Desktop. <-Important!!!


    Be sure to print out and follow these instructions: A guide and tutorial on using ComboFix

    Vista/Windows 7 users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. XP users need to install the Recovery Console first.

    • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click this link to see a list of such programs and how to disable them.
    • If ComboFix detects an older version of itself, you will be asked to update the program.
    • ComboFix will begin by showing a Disclaimer. Read it and click I Agree if you want to continue.
    • Follow the prompts and click on Yes to continue scanning for malware.
    • If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
    • When finished, please copy and paste the contents of C:\ComboFix.txt (which will open after reboot) in your next reply.
    • Be sure to re-enable your anti-virus and other security programs.

    -- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
    -- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
    -- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.


    If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier. Those instructions only apply to XP, for Vista and Windows 7 go here: Internet connection repair

    NOTE: if you see a message like this when you attempt to open anything after the reboot "Illegal Operation attempted on a registry key that has been marked for deletion" please reboot the system again and the warning should not return.

    ============================================================

    Download Security Check by screen317 from Here or Here.
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please Copy & Paste the contents of that document into your next reply.
     
  14. Enegue

    Enegue Thread Starter

    Joined:
    Dec 31, 2012
    Messages:
    14
    Mark,
    Couple of things.
    1. Can we start another thread, as the size of this file is slowing down my laptop. I'm now using my PC which as more memory.
    2.There is no Norton on the machine, just vestiges of it. When I installed McAfee I used the Norton uninstaller AND McAfee did not detect amything Norton. The only thing "Norton" I find on my machine is an empty folder named Norton in My Favorites.
    3.What is it we hope to "fix" with ComboFix?
    4.I'll be off line untill ,my time ,the evening of January 7,2013. I'm leaving town 1/4/2013 after work.
    Regards
    Gene
     
  15. Mark1956

    Mark1956

    Joined:
    May 7, 2011
    Messages:
    14,142
    1. Can we start another thread, as the size of this file is slowing down my laptop. I'm now using my PC which as more memory.

    No need to start another thread and I don't quite understand how the Combofix log could be slowing down you PC. Please copy and Paste the log into your next reply.

    2.There is no Norton on the machine, just vestiges of it. When I installed McAfee I used the Norton uninstaller AND McAfee did not detect amything Norton. The only thing "Norton" I find on my machine is an empty folder named Norton in My Favorites.

    McAfee would not detect old Norton files. Norton Internet Security is listed in the DDS Attach.txt log under the installed programs list. Remnants should have been removed with the uninstall tool, please run it again.

    3.What is it we hope to "fix" with ComboFix?

    Combofix should find any remnants of the infection that may still be there and its log may show us any other problems you may not be aware of.

    4.I'll be off line untill ,my time ,the evening of January 7,2013. I'm leaving town 1/4/2013 after work.

    No problem, please post the Combofix and Security Check logs when ready.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1083193

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice