Page 1 of 6 12345 ... LastLast
Results 1 to 10 of 56

Thread: Computer locked with a FBI warning, cant use it at all

  1. #1
    Senior Member
    Join Date
    Jan 2009

    Default Computer locked with a FBI warning, cant use it at all

    Hello. I have a laptop that belongs to a friend's son. The laptop will not display anything other than this page that says FBI, please send $500 using a green-dot card to unlock it. I have never seen anything like it before. I have no idea of how to help him. Any and all help will be very much appreciated.

  2. #2
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    The Tundra



    Do you still require assistance ?

    If so merely acknowledge this post and also inform myself which exact Operating System is in use on the infected machine and do you have a USB type Flash drive we could make use of etc.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  3. #3
    Senior Member
    Join Date
    Jan 2009

    Unhappy FBI warning

    Yes, thank you, I am still in need of help.....the operating system is Windows 7....Yes I do have a flash drive that I can use..

  4. #4
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    The Tundra


    Acknowledged and you're welcome!

    Could you inform myself please which type of Windows 7 is in use, as in is it either a 32 Bit or 64 Bit architecture ?
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  5. #5
    Senior Member
    Join Date
    Jan 2009

    Default sorry

    I have no idea. Can you tell me how to find out?...It just says Windows 7 Home Premium.

  6. #6
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    The Tundra



    I have no idea. Can you tell me how to find out?...It just says Windows 7 Home Premium.
    OK we will merely have to work around this as with the machine in its current inoperable state we would be unable to find out etc.

    Unless any of the identifying stickers/logos on the machine state such and or you have the documentation on hand...

    Anyway most vendors tend to ship Windows 7 machines with the 64 Bit version so we will try a 64 Bit based tool first and if it does not run we will know it is 32 Bit and in turn use the appropriate.

    Scan with Farbar Recovery Scan Tool:

    Please download and save Farbar Recovery Scan Tool 64-Bit to a Flash/USB drive.

    Then insert the Flash/USB drive into the infected machine....

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:

    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste the contents of the aforementioned notepad file in your next reply.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  7. #7
    Senior Member
    Join Date
    Jan 2009

    Default It is running now

    I am running the tool now ans I also see in the command prompt that it says X:windows\system32...If that helps at all..
    The scan is complete now:
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 23 days old)
    Ran by SYSTEM at 05-04-2013 11:58:30
    Running from H:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6602856 2011-01-11] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)
    HKLM\...\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-07-05] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [168504 2011-06-28] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2010-11-15] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-15] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [982880 2012-04-14] ()
    HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [Clearwire Connection Manager] "C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe" -a [59224 2011-11-22] (ClearwireCM)
    HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [295072 2012-12-20] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [InboxToolbar] "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /STARTUP [1685792 2012-12-20] (, Inc.)
    HKU\Shermqn Cooper\...\Run: [GenieoUpdaterService] "C:\Users\Shermqn Cooper\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe" -wait 5 [290144 2012-11-26] ()
    HKU\Shermqn Cooper\...\Run: [GenieoSystemTray] "C:\Users\Shermqn Cooper\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe" [526688 2012-11-26] ()
    HKU\Shermqn Cooper\...\Run: [Google Update] "C:\Users\Shermqn Cooper\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-02-11] (Google Inc.)
    HKU\Shermqn Cooper\...\Run: [Linkury Chrome Smartbar] C:\Program Files (x86)\Linkury\Linkury.exe startup [103224 2011-09-25] (Linkury)
    HKU\Shermqn Cooper\...\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 [1652736 2010-04-29] (AWS Convergence Technologies, Inc.)
    HKU\Shermqn Cooper\...\Run: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun [1179648 2011-10-11] (W3i, LLC)
    HKU\Shermqn Cooper\...\Run: [Akamai NetSession Interface] "C:\Users\Shermqn Cooper\AppData\Local\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.)
    HKU\Shermqn Cooper\...\Run: [Conduit] rundll32.exe "C:\Users\Shermqn Cooper\AppData\Local\CrashDumps\Conduit\zdszhbmq.dll",RunNtServiceW [348672 2012-11-18] (The GTK developer community)
    HKU\Shermqn Cooper\...\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup [55512 2012-12-14] (Raptr, Inc)
    HKU\Shermqn Cooper\...\Policies\system: [DisableRegedit] 0
    HKU\Shermqn Cooper\...\Policies\system: [DisableTaskMgr] 1
    HKLM\...\Winlogon: [Shell] explorer.exe, C:\Users\Shermqn Cooper\AppData\Roaming\_bd_uylzs [x ] ()
    IMEO\a.exe: [Debugger] svchost.exe
    IMEO\aAvgApi.exe: [Debugger] svchost.exe
    IMEO\AAWTray.exe: [Debugger] svchost.exe
    IMEO\About.exe: [Debugger] svchost.exe
    IMEO\ackwin32.exe: [Debugger] svchost.exe
    IMEO\Ad-Aware.exe: [Debugger] svchost.exe
    IMEO\adaware.exe: [Debugger] svchost.exe
    IMEO\advxdwin.exe: [Debugger] svchost.exe
    IMEO\AdwarePrj.exe: [Debugger] svchost.exe
    IMEO\agent.exe: [Debugger] svchost.exe
    IMEO\agentsvr.exe: [Debugger] svchost.exe
    IMEO\agentw.exe: [Debugger] svchost.exe
    IMEO\alertsvc.exe: [Debugger] svchost.exe
    IMEO\alevir.exe: [Debugger] svchost.exe
    IMEO\alogserv.exe: [Debugger] svchost.exe
    IMEO\AlphaAV: [Debugger] svchost.exe
    IMEO\AlphaAV.exe: [Debugger] svchost.exe
    IMEO\AluSchedulerSvc.exe: [Debugger] svchost.exe
    IMEO\amon9x.exe: [Debugger] svchost.exe
    IMEO\anti-trojan.exe: [Debugger] svchost.exe
    IMEO\Anti-Virus Professional.exe: [Debugger] svchost.exe
    IMEO\AntispywarXP2009.exe: [Debugger] svchost.exe
    IMEO\antivirus.exe: [Debugger] svchost.exe
    IMEO\AntivirusPlus: [Debugger] svchost.exe
    IMEO\AntivirusPlus.exe: [Debugger] svchost.exe
    IMEO\AntivirusPro_2010.exe: [Debugger] svchost.exe
    IMEO\AntivirusXP: [Debugger] svchost.exe
    IMEO\AntivirusXP.exe: [Debugger] svchost.exe
    IMEO\antivirusxppro2009.exe: [Debugger] svchost.exe
    IMEO\AntiVirus_Pro.exe: [Debugger] svchost.exe
    IMEO\ants.exe: [Debugger] svchost.exe
    IMEO\apimonitor.exe: [Debugger] svchost.exe
    IMEO\aplica32.exe: [Debugger] svchost.exe
    IMEO\apvxdwin.exe: [Debugger] svchost.exe
    IMEO\arr.exe: [Debugger] svchost.exe
    IMEO\ashAvast.exe: [Debugger] svchost.exe
    IMEO\ashBug.exe: [Debugger] svchost.exe
    IMEO\ashChest.exe: [Debugger] svchost.exe
    IMEO\ashCnsnt.exe: [Debugger] svchost.exe
    IMEO\ashDisp.exe: [Debugger] svchost.exe
    IMEO\ashLogV.exe: [Debugger] svchost.exe
    IMEO\ashMaiSv.exe: [Debugger] svchost.exe
    IMEO\ashPopWz.exe: [Debugger] svchost.exe
    IMEO\ashQuick.exe: [Debugger] svchost.exe
    IMEO\ashServ.exe: [Debugger] svchost.exe
    IMEO\ashSimp2.exe: [Debugger] svchost.exe
    IMEO\ashSimpl.exe: [Debugger] svchost.exe
    IMEO\ashSkPcc.exe: [Debugger] svchost.exe
    IMEO\ashSkPck.exe: [Debugger] svchost.exe
    IMEO\ashUpd.exe: [Debugger] svchost.exe
    IMEO\ashWebSv.exe: [Debugger] svchost.exe
    IMEO\aswChLic.exe: [Debugger] svchost.exe
    IMEO\aswRegSvr.exe: [Debugger] svchost.exe
    IMEO\aswRunDll.exe: [Debugger] svchost.exe
    IMEO\aswUpdSv.exe: [Debugger] svchost.exe
    IMEO\atcon.exe: [Debugger] svchost.exe
    IMEO\atguard.exe: [Debugger] svchost.exe
    IMEO\atro55en.exe: [Debugger] svchost.exe
    IMEO\atupdater.exe: [Debugger] svchost.exe
    IMEO\atwatch.exe: [Debugger] svchost.exe
    IMEO\au.exe: [Debugger] svchost.exe
    IMEO\aupdate.exe: [Debugger] svchost.exe
    IMEO\auto-protect.nav80try.exe: [Debugger] svchost.exe
    IMEO\autodown.exe: [Debugger] svchost.exe
    IMEO\autotrace.exe: [Debugger] svchost.exe
    IMEO\autoupdate.exe: [Debugger] svchost.exe
    IMEO\av360.exe: [Debugger] svchost.exe
    IMEO\avadmin.exe: [Debugger] svchost.exe
    IMEO\avastSvc.exe: [Debugger] svchost.exe
    IMEO\avastUI.exe: [Debugger] svchost.exe
    IMEO\AVCare.exe: [Debugger] svchost.exe
    IMEO\avcenter.exe: [Debugger] svchost.exe
    IMEO\avciman.exe: [Debugger] svchost.exe
    IMEO\avconfig.exe: [Debugger] svchost.exe
    IMEO\avconsol.exe: [Debugger] svchost.exe
    IMEO\ave32.exe: [Debugger] svchost.exe
    IMEO\AVENGINE.EXE: [Debugger] svchost.exe
    IMEO\avgcc32.exe: [Debugger] svchost.exe
    IMEO\avgchk.exe: [Debugger] svchost.exe
    IMEO\avgcmgr.exe: [Debugger] svchost.exe
    IMEO\avgcsrvx.exe: [Debugger] svchost.exe
    IMEO\avgctrl.exe: [Debugger] svchost.exe
    IMEO\avgdumpx.exe: [Debugger] svchost.exe
    IMEO\avgemc.exe: [Debugger] svchost.exe
    IMEO\avgiproxy.exe: [Debugger] svchost.exe
    IMEO\avgnsx.exe: [Debugger] svchost.exe
    IMEO\avgnt.exe: [Debugger] svchost.exe
    IMEO\avgrsx.exe: [Debugger] svchost.exe
    IMEO\avgscanx.exe: [Debugger] svchost.exe
    IMEO\avgserv.exe: [Debugger] svchost.exe
    IMEO\avgserv9.exe: [Debugger] svchost.exe
    IMEO\avgsrmax.exe: [Debugger] svchost.exe
    IMEO\avgtray.exe: [Debugger] svchost.exe
    IMEO\avguard.exe: [Debugger] svchost.exe
    IMEO\avgui.exe: [Debugger] svchost.exe
    IMEO\avgupd.exe: [Debugger] svchost.exe
    IMEO\avgw.exe: [Debugger] svchost.exe
    IMEO\avgwdsvc.exe: [Debugger] svchost.exe
    IMEO\avkpop.exe: [Debugger] svchost.exe
    IMEO\avkserv.exe: [Debugger] svchost.exe
    IMEO\avkservice.exe: [Debugger] svchost.exe
    IMEO\avkwctl9.exe: [Debugger] svchost.exe
    IMEO\avltmain.exe: [Debugger] svchost.exe
    IMEO\avmailc.exe: [Debugger] svchost.exe
    IMEO\avmcdlg.exe: [Debugger] svchost.exe
    IMEO\avnotify.exe: [Debugger] svchost.exe
    IMEO\avnt.exe: [Debugger] svchost.exe
    IMEO\avp32.exe: [Debugger] svchost.exe
    IMEO\avpcc.exe: [Debugger] svchost.exe
    IMEO\avpdos32.exe: [Debugger] svchost.exe
    IMEO\avpm.exe: [Debugger] svchost.exe
    IMEO\avptc32.exe: [Debugger] svchost.exe
    IMEO\avpupd.exe: [Debugger] svchost.exe
    IMEO\avsched32.exe: [Debugger] svchost.exe
    IMEO\avshadow.exe: [Debugger] svchost.exe
    IMEO\avsynmgr.exe: [Debugger] svchost.exe
    IMEO\avupgsvc.exe: [Debugger] svchost.exe
    IMEO\AVWEBGRD.EXE: [Debugger] svchost.exe
    IMEO\avwin.exe: [Debugger] svchost.exe
    IMEO\avwin95.exe: [Debugger] svchost.exe
    IMEO\avwinnt.exe: [Debugger] svchost.exe
    IMEO\avwsc.exe: [Debugger] svchost.exe
    IMEO\avwupd.exe: [Debugger] svchost.exe
    IMEO\avwupd32.exe: [Debugger] svchost.exe
    IMEO\avwupsrv.exe: [Debugger] svchost.exe
    IMEO\avxmonitor9x.exe: [Debugger] svchost.exe
    IMEO\avxmonitornt.exe: [Debugger] svchost.exe
    IMEO\avxquar.exe: [Debugger] svchost.exe
    IMEO\b.exe: [Debugger] svchost.exe
    IMEO\backweb.exe: [Debugger] svchost.exe
    IMEO\bargains.exe: [Debugger] svchost.exe
    IMEO\bdfvcl.exe: [Debugger] svchost.exe
    IMEO\bdfvwiz.exe: [Debugger] svchost.exe
    IMEO\BDInProcPatch.exe: [Debugger] svchost.exe
    IMEO\bdmcon.exe: [Debugger] svchost.exe
    IMEO\BDMsnScan.exe: [Debugger] svchost.exe
    IMEO\BDSurvey.exe: [Debugger] svchost.exe
    IMEO\bd_professional.exe: [Debugger] svchost.exe
    IMEO\beagle.exe: [Debugger] svchost.exe
    IMEO\belt.exe: [Debugger] svchost.exe
    IMEO\bidef.exe: [Debugger] svchost.exe
    IMEO\bidserver.exe: [Debugger] svchost.exe
    IMEO\bipcp.exe: [Debugger] svchost.exe
    IMEO\bipcpevalsetup.exe: [Debugger] svchost.exe
    IMEO\bisp.exe: [Debugger] svchost.exe
    IMEO\blackd.exe: [Debugger] svchost.exe
    IMEO\blackice.exe: [Debugger] svchost.exe
    IMEO\blink.exe: [Debugger] svchost.exe
    IMEO\blss.exe: [Debugger] svchost.exe
    IMEO\bootconf.exe: [Debugger] svchost.exe
    IMEO\bootwarn.exe: [Debugger] svchost.exe
    IMEO\borg2.exe: [Debugger] svchost.exe
    IMEO\bpc.exe: [Debugger] svchost.exe
    IMEO\brasil.exe: [Debugger] svchost.exe
    IMEO\brastk.exe: [Debugger] svchost.exe
    IMEO\brw.exe: [Debugger] svchost.exe
    IMEO\bs120.exe: [Debugger] svchost.exe
    IMEO\bspatch.exe: [Debugger] svchost.exe
    IMEO\bundle.exe: [Debugger] svchost.exe
    IMEO\bvt.exe: [Debugger] svchost.exe
    IMEO\c.exe: [Debugger] svchost.exe
    IMEO\cavscan.exe: [Debugger] svchost.exe
    IMEO\ccapp.exe: [Debugger] svchost.exe
    IMEO\ccevtmgr.exe: [Debugger] svchost.exe
    IMEO\ccpxysvc.exe: [Debugger] svchost.exe
    IMEO\ccSvcHst.exe: [Debugger] svchost.exe
    IMEO\cdp.exe: [Debugger] svchost.exe
    IMEO\cfd.exe: [Debugger] svchost.exe
    IMEO\cfgwiz.exe: [Debugger] svchost.exe
    IMEO\cfiadmin.exe: [Debugger] svchost.exe
    IMEO\cfiaudit.exe: [Debugger] svchost.exe
    IMEO\cfinet.exe: [Debugger] svchost.exe
    IMEO\cfinet32.exe: [Debugger] svchost.exe
    IMEO\cfp.exe: [Debugger] svchost.exe
    IMEO\cfpconfg.exe: [Debugger] svchost.exe
    IMEO\cfplogvw.exe: [Debugger] svchost.exe
    IMEO\cfpupdat.exe: [Debugger] svchost.exe
    IMEO\claw95.exe: [Debugger] svchost.exe
    IMEO\claw95cf.exe: [Debugger] svchost.exe
    IMEO\clean.exe: [Debugger] svchost.exe
    IMEO\cleaner.exe: [Debugger] svchost.exe
    IMEO\cleaner3.exe: [Debugger] svchost.exe
    IMEO\cleanIELow.exe: [Debugger] svchost.exe
    IMEO\cleanpc.exe: [Debugger] svchost.exe
    IMEO\click.exe: [Debugger] svchost.exe
    IMEO\cmd32.exe: [Debugger] svchost.exe
    IMEO\cmdagent.exe: [Debugger] svchost.exe
    IMEO\cmesys.exe: [Debugger] svchost.exe
    IMEO\cmgrdian.exe: [Debugger] svchost.exe
    IMEO\cmon016.exe: [Debugger] svchost.exe
    IMEO\connectionmonitor.exe: [Debugger] svchost.exe
    IMEO\control: [Debugger] svchost.exe
    IMEO\cpd.exe: [Debugger] svchost.exe
    IMEO\cpf9x206.exe: [Debugger] svchost.exe
    IMEO\cpfnt206.exe: [Debugger] svchost.exe
    IMEO\crashrep.exe: [Debugger] svchost.exe
    IMEO\csc.exe: [Debugger] svchost.exe
    IMEO\cssconfg.exe: [Debugger] svchost.exe
    IMEO\cssupdat.exe: [Debugger] svchost.exe
    IMEO\cssurf.exe: [Debugger] svchost.exe
    IMEO\ctrl.exe: [Debugger] svchost.exe
    IMEO\cv.exe: [Debugger] svchost.exe
    IMEO\cwnb181.exe: [Debugger] svchost.exe
    IMEO\cwntdwmo.exe: [Debugger] svchost.exe
    IMEO\d.exe: [Debugger] svchost.exe
    IMEO\datemanager.exe: [Debugger] svchost.exe
    IMEO\dcomx.exe: [Debugger] svchost.exe
    IMEO\defalert.exe: [Debugger] svchost.exe
    IMEO\defscangui.exe: [Debugger] svchost.exe
    IMEO\defwatch.exe: [Debugger] svchost.exe
    IMEO\deloeminfs.exe: [Debugger] svchost.exe
    IMEO\deputy.exe: [Debugger] svchost.exe
    IMEO\divx.exe: [Debugger] svchost.exe
    IMEO\dllcache.exe: [Debugger] svchost.exe
    IMEO\dllreg.exe: [Debugger] svchost.exe
    IMEO\doors.exe: [Debugger] svchost.exe
    IMEO\dop.exe: [Debugger] svchost.exe
    IMEO\dpf.exe: [Debugger] svchost.exe
    IMEO\dpfsetup.exe: [Debugger] svchost.exe
    IMEO\dpps2.exe: [Debugger] svchost.exe
    IMEO\driverctrl.exe: [Debugger] svchost.exe
    IMEO\drwatson.exe: [Debugger] svchost.exe
    IMEO\drweb32.exe: [Debugger] svchost.exe
    IMEO\drwebupw.exe: [Debugger] svchost.exe
    IMEO\dssagent.exe: [Debugger] svchost.exe
    IMEO\dvp95.exe: [Debugger] svchost.exe
    IMEO\dvp95_0.exe: [Debugger] svchost.exe
    IMEO\ecengine.exe: [Debugger] svchost.exe
    IMEO\efpeadm.exe: [Debugger] svchost.exe
    IMEO\emsw.exe: [Debugger] svchost.exe
    IMEO\ent.exe: [Debugger] svchost.exe
    IMEO\esafe.exe: [Debugger] svchost.exe
    IMEO\escanhnt.exe: [Debugger] svchost.exe
    IMEO\escanv95.exe: [Debugger] svchost.exe
    IMEO\espwatch.exe: [Debugger] svchost.exe
    IMEO\ethereal.exe: [Debugger] svchost.exe
    IMEO\etrustcipe.exe: [Debugger] svchost.exe
    IMEO\evpn.exe: [Debugger] svchost.exe
    IMEO\exantivirus-cnet.exe: [Debugger] svchost.exe
    IMEO\exe.avxw.exe: [Debugger] svchost.exe
    IMEO\expert.exe: [Debugger] svchost.exe
    IMEO\explore.exe: [Debugger] svchost.exe
    IMEO\f-agnt95.exe: [Debugger] svchost.exe
    IMEO\f-prot.exe: [Debugger] svchost.exe
    IMEO\f-prot95.exe: [Debugger] svchost.exe
    IMEO\f-stopw.exe: [Debugger] svchost.exe
    IMEO\fact.exe: [Debugger] svchost.exe
    IMEO\fameh32.exe: [Debugger] svchost.exe
    IMEO\fast.exe: [Debugger] svchost.exe
    IMEO\fch32.exe: [Debugger] svchost.exe
    IMEO\fih32.exe: [Debugger] svchost.exe
    IMEO\findviru.exe: [Debugger] svchost.exe
    IMEO\firewall.exe: [Debugger] svchost.exe
    IMEO\fixcfg.exe: [Debugger] svchost.exe
    IMEO\fixfp.exe: [Debugger] svchost.exe
    IMEO\fnrb32.exe: [Debugger] svchost.exe
    IMEO\fp-win.exe: [Debugger] svchost.exe
    IMEO\fp-win_trial.exe: [Debugger] svchost.exe
    IMEO\fprot.exe: [Debugger] svchost.exe
    IMEO\frmwrk32.exe: [Debugger] svchost.exe
    IMEO\frw.exe: [Debugger] svchost.exe
    IMEO\fsaa.exe: [Debugger] svchost.exe
    IMEO\fsav.exe: [Debugger] svchost.exe
    IMEO\fsav32.exe: [Debugger] svchost.exe
    IMEO\fsav530stbyb.exe: [Debugger] svchost.exe
    IMEO\fsav530wtbyb.exe: [Debugger] svchost.exe
    IMEO\fsav95.exe: [Debugger] svchost.exe
    IMEO\fsgk32.exe: [Debugger] svchost.exe
    IMEO\fsm32.exe: [Debugger] svchost.exe
    IMEO\fsma32.exe: [Debugger] svchost.exe
    IMEO\fsmb32.exe: [Debugger] svchost.exe
    IMEO\gator.exe: [Debugger] svchost.exe
    IMEO\gav.exe: [Debugger] svchost.exe
    IMEO\gbmenu.exe: [Debugger] svchost.exe
    IMEO\gbn976rl.exe: [Debugger] svchost.exe
    IMEO\gbpoll.exe: [Debugger] svchost.exe
    IMEO\generics.exe: [Debugger] svchost.exe
    IMEO\gmt.exe: [Debugger] svchost.exe
    IMEO\guard.exe: [Debugger] svchost.exe
    IMEO\guarddog.exe: [Debugger] svchost.exe
    IMEO\guardgui.exe: [Debugger] svchost.exe
    IMEO\hacktracersetup.exe: [Debugger] svchost.exe
    IMEO\hbinst.exe: [Debugger] svchost.exe
    IMEO\hbsrv.exe: [Debugger] svchost.exe
    IMEO\History.exe: [Debugger] svchost.exe
    IMEO\homeav2010.exe: [Debugger] svchost.exe
    IMEO\hotactio.exe: [Debugger] svchost.exe
    IMEO\hotpatch.exe: [Debugger] svchost.exe
    IMEO\htlog.exe: [Debugger] svchost.exe
    IMEO\htpatch.exe: [Debugger] svchost.exe
    IMEO\hwpe.exe: [Debugger] svchost.exe
    IMEO\hxdl.exe: [Debugger] svchost.exe
    IMEO\hxiul.exe: [Debugger] svchost.exe
    IMEO\iamapp.exe: [Debugger] svchost.exe
    IMEO\iamserv.exe: [Debugger] svchost.exe
    IMEO\iamstats.exe: [Debugger] svchost.exe
    IMEO\ibmasn.exe: [Debugger] svchost.exe
    IMEO\ibmavsp.exe: [Debugger] svchost.exe
    IMEO\icload95.exe: [Debugger] svchost.exe
    IMEO\icloadnt.exe: [Debugger] svchost.exe
    IMEO\icmon.exe: [Debugger] svchost.exe
    IMEO\icsupp95.exe: [Debugger] svchost.exe
    IMEO\icsuppnt.exe: [Debugger] svchost.exe
    IMEO\Identity.exe: [Debugger] svchost.exe
    IMEO\idle.exe: [Debugger] svchost.exe
    IMEO\iedll.exe: [Debugger] svchost.exe
    IMEO\iedriver.exe: [Debugger] svchost.exe
    IMEO\IEShow.exe: [Debugger] svchost.exe
    IMEO\iface.exe: [Debugger] svchost.exe
    IMEO\ifw2000.exe: [Debugger] svchost.exe
    IMEO\inetlnfo.exe: [Debugger] svchost.exe
    IMEO\infus.exe: [Debugger] svchost.exe
    IMEO\infwin.exe: [Debugger] svchost.exe
    IMEO\init.exe: [Debugger] svchost.exe
    IMEO\init32.exe : [Debugger] svchost.exe
    IMEO\install[1].exe: [Debugger] svchost.exe
    IMEO\install[2].exe: [Debugger] svchost.exe
    IMEO\install[3].exe: [Debugger] svchost.exe
    IMEO\install[4].exe: [Debugger] svchost.exe
    IMEO\install[5].exe: [Debugger] svchost.exe
    IMEO\intdel.exe: [Debugger] svchost.exe
    IMEO\intren.exe: [Debugger] svchost.exe
    IMEO\iomon98.exe: [Debugger] svchost.exe
    IMEO\istsvc.exe: [Debugger] svchost.exe
    IMEO\jammer.exe: [Debugger] svchost.exe
    IMEO\jdbgmrg.exe: [Debugger] svchost.exe
    IMEO\jedi.exe: [Debugger] svchost.exe
    IMEO\JsRcGen.exe: [Debugger] svchost.exe
    IMEO\kavlite40eng.exe: [Debugger] svchost.exe
    IMEO\kavpers40eng.exe: [Debugger] svchost.exe
    IMEO\kavpf.exe: [Debugger] svchost.exe
    IMEO\kazza.exe: [Debugger] svchost.exe
    IMEO\keenvalue.exe: [Debugger] svchost.exe
    IMEO\kerio-pf-213-en-win.exe: [Debugger] svchost.exe
    IMEO\kerio-wrl-421-en-win.exe: [Debugger] svchost.exe
    IMEO\kerio-wrp-421-en-win.exe: [Debugger] svchost.exe
    IMEO\killprocesssetup161.exe: [Debugger] svchost.exe
    IMEO\ldnetmon.exe: [Debugger] svchost.exe
    IMEO\ldpro.exe: [Debugger] svchost.exe
    IMEO\ldpromenu.exe: [Debugger] svchost.exe
    IMEO\ldscan.exe: [Debugger] svchost.exe
    IMEO\licmgr.exe: [Debugger] svchost.exe
    IMEO\lnetinfo.exe: [Debugger] svchost.exe
    IMEO\loader.exe: [Debugger] svchost.exe
    IMEO\localnet.exe: [Debugger] svchost.exe
    IMEO\lockdown.exe: [Debugger] svchost.exe
    IMEO\lockdown2000.exe: [Debugger] svchost.exe
    IMEO\lookout.exe: [Debugger] svchost.exe
    IMEO\lordpe.exe: [Debugger] svchost.exe
    IMEO\lsetup.exe: [Debugger] svchost.exe
    IMEO\luall.exe: [Debugger] svchost.exe
    IMEO\luau.exe: [Debugger] svchost.exe
    IMEO\lucomserver.exe: [Debugger] svchost.exe
    IMEO\luinit.exe: [Debugger] svchost.exe
    IMEO\luspt.exe: [Debugger] svchost.exe
    IMEO\MalwareRemoval.exe: [Debugger] svchost.exe
    IMEO\mapisvc32.exe: [Debugger] svchost.exe
    IMEO\mbam.exe: [Debugger] svchost.exe
    IMEO\mbamgui.exe: [Debugger] svchost.exe
    IMEO\mbamservice.exe: [Debugger] svchost.exe
    IMEO\mcagent.exe: [Debugger] svchost.exe
    IMEO\mcmnhdlr.exe: [Debugger] svchost.exe
    IMEO\mcmpeng.exe: [Debugger] svchost.exe
    IMEO\mcmscsvc.exe: [Debugger] svchost.exe
    IMEO\mcnasvc.exe: [Debugger] svchost.exe
    IMEO\mcproxy.exe: [Debugger] svchost.exe
    IMEO\McSACore.exe: [Debugger] svchost.exe
    IMEO\mcshell.exe: [Debugger] svchost.exe
    IMEO\mcshield.exe: [Debugger] svchost.exe
    IMEO\mcsysmon.exe: [Debugger] svchost.exe
    IMEO\mctool.exe: [Debugger] svchost.exe
    IMEO\mcupdate.exe: [Debugger] svchost.exe
    IMEO\mcvsrte.exe: [Debugger] svchost.exe
    IMEO\mcvsshld.exe: [Debugger] svchost.exe
    IMEO\md.exe: [Debugger] svchost.exe
    IMEO\mfin32.exe: [Debugger] svchost.exe
    IMEO\mfw2en.exe: [Debugger] svchost.exe
    IMEO\mfweng3.02d30.exe: [Debugger] svchost.exe
    IMEO\mgavrtcl.exe: [Debugger] svchost.exe
    IMEO\mgavrte.exe: [Debugger] svchost.exe
    IMEO\mghtml.exe: [Debugger] svchost.exe
    IMEO\mgui.exe: [Debugger] svchost.exe
    IMEO\minilog.exe: [Debugger] svchost.exe
    IMEO\mmod.exe: [Debugger] svchost.exe
    IMEO\monitor.exe: [Debugger] svchost.exe
    IMEO\moolive.exe: [Debugger] svchost.exe
    IMEO\mostat.exe: [Debugger] svchost.exe
    IMEO\mpfagent.exe: [Debugger] svchost.exe
    IMEO\mpfservice.exe: [Debugger] svchost.exe
    IMEO\MPFSrv.exe: [Debugger] svchost.exe
    IMEO\mpftray.exe: [Debugger] svchost.exe
    IMEO\mrflux.exe: [Debugger] svchost.exe
    IMEO\mrt.exe: [Debugger] svchost.exe
    IMEO\msa.exe: [Debugger] svchost.exe
    IMEO\msapp.exe: [Debugger] svchost.exe
    IMEO\MSASCui.exe: [Debugger] svchost.exe
    IMEO\msbb.exe: [Debugger] svchost.exe
    IMEO\msblast.exe: [Debugger] svchost.exe
    IMEO\mscache.exe: [Debugger] svchost.exe
    IMEO\msccn32.exe: [Debugger] svchost.exe
    IMEO\mscman.exe: [Debugger] svchost.exe
    IMEO\msconfig: [Debugger] svchost.exe
    IMEO\msdm.exe: [Debugger] svchost.exe
    IMEO\msdos.exe: [Debugger] svchost.exe
    IMEO\msiexec16.exe: [Debugger] svchost.exe
    IMEO\mslaugh.exe: [Debugger] svchost.exe
    IMEO\msmgt.exe: [Debugger] svchost.exe
    IMEO\msmsgri32.exe: [Debugger] svchost.exe
    IMEO\msseces.exe: [Debugger] svchost.exe
    IMEO\mssmmc32.exe: [Debugger] svchost.exe
    IMEO\mssys.exe: [Debugger] svchost.exe
    IMEO\msvxd.exe: [Debugger] svchost.exe
    IMEO\mu0311ad.exe: [Debugger] svchost.exe
    IMEO\mwatch.exe: [Debugger] svchost.exe
    IMEO\n32scanw.exe: [Debugger] svchost.exe
    IMEO\nav.exe: [Debugger] svchost.exe
    IMEO\navap.navapsvc.exe: [Debugger] svchost.exe
    IMEO\navapsvc.exe: [Debugger] svchost.exe
    IMEO\navapw32.exe: [Debugger] svchost.exe
    IMEO\navdx.exe: [Debugger] svchost.exe
    IMEO\navlu32.exe: [Debugger] svchost.exe
    IMEO\navnt.exe: [Debugger] svchost.exe
    IMEO\navstub.exe: [Debugger] svchost.exe
    IMEO\navw32.exe: [Debugger] svchost.exe
    IMEO\navwnt.exe: [Debugger] svchost.exe
    IMEO\nc2000.exe: [Debugger] svchost.exe
    IMEO\ncinst4.exe: [Debugger] svchost.exe
    IMEO\ndd32.exe: [Debugger] svchost.exe
    IMEO\neomonitor.exe: [Debugger] svchost.exe
    IMEO\neowatchlog.exe: [Debugger] svchost.exe
    IMEO\netarmor.exe: [Debugger] svchost.exe
    IMEO\netd32.exe: [Debugger] svchost.exe
    IMEO\netinfo.exe: [Debugger] svchost.exe
    IMEO\netmon.exe: [Debugger] svchost.exe
    IMEO\netscanpro.exe: [Debugger] svchost.exe
    IMEO\netspyhunter-1.2.exe: [Debugger] svchost.exe
    IMEO\netutils.exe: [Debugger] svchost.exe
    IMEO\nisserv.exe: [Debugger] svchost.exe
    IMEO\nisum.exe: [Debugger] svchost.exe
    IMEO\nmain.exe: [Debugger] svchost.exe
    IMEO\nod32.exe: [Debugger] svchost.exe
    IMEO\normist.exe: [Debugger] svchost.exe
    IMEO\norton_internet_secu_3.0_407.exe: [Debugger] svchost.exe
    IMEO\notstart.exe: [Debugger] svchost.exe
    IMEO\npf40_tw_98_nt_me_2k.exe: [Debugger] svchost.exe
    IMEO\npfmessenger.exe: [Debugger] svchost.exe
    IMEO\nprotect.exe: [Debugger] svchost.exe
    IMEO\npscheck.exe: [Debugger] svchost.exe
    IMEO\npssvc.exe: [Debugger] svchost.exe
    IMEO\nsched32.exe: [Debugger] svchost.exe
    IMEO\nssys32.exe: [Debugger] svchost.exe
    IMEO\nstask32.exe: [Debugger] svchost.exe
    IMEO\nsupdate.exe: [Debugger] svchost.exe
    IMEO\nt.exe: [Debugger] svchost.exe
    IMEO\ntrtscan.exe: [Debugger] svchost.exe
    IMEO\ntvdm.exe: [Debugger] svchost.exe
    IMEO\ntxconfig.exe: [Debugger] svchost.exe
    IMEO\nui.exe: [Debugger] svchost.exe
    IMEO\nupgrade.exe: [Debugger] svchost.exe
    IMEO\nvarch16.exe: [Debugger] svchost.exe
    IMEO\nvc95.exe: [Debugger] svchost.exe
    IMEO\nvsvc32.exe: [Debugger] svchost.exe
    IMEO\nwinst4.exe: [Debugger] svchost.exe
    IMEO\nwservice.exe: [Debugger] svchost.exe
    IMEO\nwtool16.exe: [Debugger] svchost.exe
    IMEO\OAcat.exe: [Debugger] svchost.exe
    IMEO\OAhlp.exe: [Debugger] svchost.exe
    IMEO\OAReg.exe: [Debugger] svchost.exe
    IMEO\oasrv.exe: [Debugger] svchost.exe
    IMEO\oaui.exe: [Debugger] svchost.exe
    IMEO\oaview.exe: [Debugger] svchost.exe
    IMEO\ODSW.exe: [Debugger] svchost.exe
    IMEO\ollydbg.exe: [Debugger] svchost.exe
    IMEO\onsrvr.exe: [Debugger] svchost.exe
    IMEO\optimize.exe: [Debugger] svchost.exe
    IMEO\ostronet.exe: [Debugger] svchost.exe
    IMEO\otfix.exe: [Debugger] svchost.exe
    IMEO\outpost.exe: [Debugger] svchost.exe
    IMEO\outpostinstall.exe: [Debugger] svchost.exe
    IMEO\outpostproinstall.exe: [Debugger] svchost.exe
    IMEO\ozn695m5.exe: [Debugger] svchost.exe
    IMEO\padmin.exe: [Debugger] svchost.exe
    IMEO\panixk.exe: [Debugger] svchost.exe
    IMEO\patch.exe: [Debugger] svchost.exe
    IMEO\pav.exe: [Debugger] svchost.exe
    IMEO\pavcl.exe: [Debugger] svchost.exe
    IMEO\PavFnSvr.exe: [Debugger] svchost.exe
    IMEO\pavproxy.exe: [Debugger] svchost.exe
    IMEO\pavprsrv.exe: [Debugger] svchost.exe
    IMEO\pavsched.exe: [Debugger] svchost.exe
    IMEO\pavsrv51.exe: [Debugger] svchost.exe
    IMEO\pavw.exe: [Debugger] svchost.exe
    IMEO\pc.exe: [Debugger] svchost.exe
    IMEO\pccwin98.exe: [Debugger] svchost.exe
    IMEO\pcfwallicon.exe: [Debugger] svchost.exe
    IMEO\pcip10117_0.exe: [Debugger] svchost.exe
    IMEO\pcscan.exe: [Debugger] svchost.exe
    IMEO\pctsAuxs.exe: [Debugger] svchost.exe
    IMEO\pctsGui.exe: [Debugger] svchost.exe
    IMEO\pctsSvc.exe: [Debugger] svchost.exe
    IMEO\pctsTray.exe: [Debugger] svchost.exe
    IMEO\PC_Antispyware2010.exe: [Debugger] svchost.exe
    IMEO\pdfndr.exe: [Debugger] svchost.exe
    IMEO\pdsetup.exe: [Debugger] svchost.exe
    IMEO\PerAvir.exe: [Debugger] svchost.exe
    IMEO\periscope.exe: [Debugger] svchost.exe
    IMEO\persfw.exe: [Debugger] svchost.exe
    IMEO\personalguard: [Debugger] svchost.exe
    IMEO\personalguard.exe: [Debugger] svchost.exe
    IMEO\perswf.exe: [Debugger] svchost.exe
    IMEO\pf2.exe: [Debugger] svchost.exe
    IMEO\pfwadmin.exe: [Debugger] svchost.exe
    IMEO\pgmonitr.exe: [Debugger] svchost.exe
    IMEO\pingscan.exe: [Debugger] svchost.exe
    IMEO\platin.exe: [Debugger] svchost.exe
    IMEO\pop3trap.exe: [Debugger] svchost.exe
    IMEO\poproxy.exe: [Debugger] svchost.exe
    IMEO\popscan.exe: [Debugger] svchost.exe
    IMEO\portdetective.exe: [Debugger] svchost.exe
    IMEO\portmonitor.exe: [Debugger] svchost.exe
    IMEO\powerscan.exe: [Debugger] svchost.exe
    IMEO\ppinupdt.exe: [Debugger] svchost.exe
    IMEO\pptbc.exe: [Debugger] svchost.exe
    IMEO\ppvstop.exe: [Debugger] svchost.exe
    IMEO\prizesurfer.exe: [Debugger] svchost.exe
    IMEO\prmt.exe: [Debugger] svchost.exe
    IMEO\prmvr.exe: [Debugger] svchost.exe
    IMEO\procdump.exe: [Debugger] svchost.exe
    IMEO\processmonitor.exe: [Debugger] svchost.exe
    IMEO\procexplorerv1.0.exe: [Debugger] svchost.exe
    IMEO\programauditor.exe: [Debugger] svchost.exe
    IMEO\proport.exe: [Debugger] svchost.exe
    IMEO\protector.exe: [Debugger] svchost.exe
    IMEO\protectx.exe: [Debugger] svchost.exe
    IMEO\PSANCU.exe: [Debugger] svchost.exe
    IMEO\PSANHost.exe: [Debugger] svchost.exe
    IMEO\PSANToManager.exe: [Debugger] svchost.exe
    IMEO\PsCtrls.exe: [Debugger] svchost.exe
    IMEO\PsImSvc.exe: [Debugger] svchost.exe
    IMEO\PskSvc.exe: [Debugger] svchost.exe
    IMEO\pspf.exe: [Debugger] svchost.exe
    IMEO\PSUNMain.exe: [Debugger] svchost.exe
    IMEO\purge.exe: [Debugger] svchost.exe
    IMEO\qconsole.exe: [Debugger] svchost.exe
    IMEO\qh.exe: [Debugger] svchost.exe
    IMEO\qserver.exe: [Debugger] svchost.exe
    IMEO\Quick Heal.exe: [Debugger] svchost.exe
    IMEO\QuickHealCleaner.exe: [Debugger] svchost.exe
    IMEO\rapapp.exe: [Debugger] svchost.exe
    IMEO\rav7.exe: [Debugger] svchost.exe
    IMEO\rav7win.exe: [Debugger] svchost.exe
    IMEO\rav8win32eng.exe: [Debugger] svchost.exe
    IMEO\ray.exe: [Debugger] svchost.exe
    IMEO\rb32.exe: [Debugger] svchost.exe
    IMEO\rcsync.exe: [Debugger] svchost.exe
    IMEO\realmon.exe: [Debugger] svchost.exe
    IMEO\reged.exe: [Debugger] svchost.exe
    IMEO\regedt32.exe: [Debugger] svchost.exe
    IMEO\rescue.exe: [Debugger] svchost.exe
    IMEO\rescue32.exe: [Debugger] svchost.exe
    IMEO\rrguard.exe: [Debugger] svchost.exe
    IMEO\rscdwld.exe: [Debugger] svchost.exe
    IMEO\rshell.exe: [Debugger] svchost.exe
    IMEO\rtvscan.exe: [Debugger] svchost.exe
    IMEO\rtvscn95.exe: [Debugger] svchost.exe
    IMEO\rulaunch.exe: [Debugger] svchost.exe
    IMEO\rwg: [Debugger] svchost.exe
    IMEO\rwg.exe: [Debugger] svchost.exe
    IMEO\SafetyKeeper.exe: [Debugger] svchost.exe
    IMEO\safeweb.exe: [Debugger] svchost.exe
    IMEO\sahagent.exe: [Debugger] svchost.exe
    IMEO\Save.exe: [Debugger] svchost.exe
    IMEO\SaveArmor.exe: [Debugger] svchost.exe
    IMEO\SaveDefense.exe: [Debugger] svchost.exe
    IMEO\SaveKeep.exe: [Debugger] svchost.exe
    IMEO\savenow.exe: [Debugger] svchost.exe
    IMEO\sbserv.exe: [Debugger] svchost.exe
    IMEO\sc.exe: [Debugger] svchost.exe
    IMEO\scam32.exe: [Debugger] svchost.exe
    IMEO\scan32.exe: [Debugger] svchost.exe
    IMEO\scan95.exe: [Debugger] svchost.exe
    IMEO\scanpm.exe: [Debugger] svchost.exe
    IMEO\scrscan.exe: [Debugger] svchost.exe
    IMEO\Secure Veteran.exe: [Debugger] svchost.exe
    IMEO\secureveteran.exe: [Debugger] svchost.exe
    IMEO\Security Center.exe: [Debugger] svchost.exe
    IMEO\SecurityFighter.exe: [Debugger] svchost.exe
    IMEO\securitysoldier.exe: [Debugger] svchost.exe
    IMEO\serv95.exe: [Debugger] svchost.exe
    IMEO\setloadorder.exe: [Debugger] svchost.exe
    IMEO\setupvameeval.exe: [Debugger] svchost.exe
    IMEO\setup_flowprotector_us.exe: [Debugger] svchost.exe
    IMEO\sgssfw32.exe: [Debugger] svchost.exe
    IMEO\sh.exe: [Debugger] svchost.exe
    IMEO\shellspyinstall.exe: [Debugger] svchost.exe
    IMEO\shield.exe: [Debugger] svchost.exe
    IMEO\shn.exe: [Debugger] svchost.exe
    IMEO\showbehind.exe: [Debugger] svchost.exe
    IMEO\signcheck.exe: [Debugger] svchost.exe
    IMEO\smart.exe: [Debugger] svchost.exe
    IMEO\smartprotector.exe: [Debugger] svchost.exe
    IMEO\smc.exe: [Debugger] svchost.exe
    IMEO\smrtdefp.exe: [Debugger] svchost.exe
    IMEO\sms.exe: [Debugger] svchost.exe
    IMEO\smss32.exe: [Debugger] svchost.exe
    IMEO\snetcfg.exe: [Debugger] svchost.exe
    IMEO\soap.exe: [Debugger] svchost.exe
    IMEO\sofi.exe: [Debugger] svchost.exe
    IMEO\SoftSafeness.exe: [Debugger] svchost.exe
    IMEO\sperm.exe: [Debugger] svchost.exe
    IMEO\spf.exe: [Debugger] svchost.exe
    IMEO\sphinx.exe: [Debugger] svchost.exe
    IMEO\spoler.exe: [Debugger] svchost.exe
    IMEO\spoolcv.exe: [Debugger] svchost.exe
    IMEO\spoolsv32.exe: [Debugger] svchost.exe
    IMEO\spywarexpguard.exe: [Debugger] svchost.exe
    IMEO\spyxx.exe: [Debugger] svchost.exe
    IMEO\srexe.exe: [Debugger] svchost.exe
    IMEO\srng.exe: [Debugger] svchost.exe
    IMEO\ss3edit.exe: [Debugger] svchost.exe
    IMEO\ssgrate.exe: [Debugger] svchost.exe
    IMEO\ssg_4104.exe: [Debugger] svchost.exe
    IMEO\st2.exe: [Debugger] svchost.exe
    IMEO\start.exe: [Debugger] svchost.exe
    IMEO\stcloader.exe: [Debugger] svchost.exe
    IMEO\supftrl.exe: [Debugger] svchost.exe
    IMEO\support.exe: [Debugger] svchost.exe
    IMEO\supporter5.exe: [Debugger] svchost.exe
    IMEO\svc.exe: [Debugger] svchost.exe
    IMEO\svchostc.exe: [Debugger] svchost.exe
    IMEO\svchosts.exe: [Debugger] svchost.exe
    IMEO\svshost.exe: [Debugger] svchost.exe
    IMEO\sweep95.exe: [Debugger] svchost.exe
    IMEO\sweepnet.sweepsrv.sys.swnetsup.exe: [Debugger] svchost.exe
    IMEO\symlcsvc.exe: [Debugger] svchost.exe
    IMEO\symproxysvc.exe: [Debugger] svchost.exe
    IMEO\symtray.exe: [Debugger] svchost.exe
    IMEO\system.exe: [Debugger] svchost.exe
    IMEO\system32.exe: [Debugger] svchost.exe
    IMEO\sysupd.exe: [Debugger] svchost.exe
    IMEO\tapinstall.exe: [Debugger] svchost.exe
    IMEO\taumon.exe: [Debugger] svchost.exe
    IMEO\tbscan.exe: [Debugger] svchost.exe
    IMEO\tc.exe: [Debugger] svchost.exe
    IMEO\tca.exe: [Debugger] svchost.exe
    IMEO\tcm.exe: [Debugger] svchost.exe
    IMEO\tds-3.exe: [Debugger] svchost.exe
    IMEO\tds2-98.exe: [Debugger] svchost.exe
    IMEO\tds2-nt.exe: [Debugger] svchost.exe
    IMEO\teekids.exe: [Debugger] svchost.exe
    IMEO\tfak.exe: [Debugger] svchost.exe
    IMEO\tfak5.exe: [Debugger] svchost.exe
    IMEO\tgbob.exe: [Debugger] svchost.exe
    IMEO\titanin.exe: [Debugger] svchost.exe
    IMEO\titaninxp.exe: [Debugger] svchost.exe
    IMEO\TPSrv.exe: [Debugger] svchost.exe
    IMEO\trickler.exe: [Debugger] svchost.exe
    IMEO\trjscan.exe: [Debugger] svchost.exe
    IMEO\trjsetup.exe: [Debugger] svchost.exe
    IMEO\trojantrap3.exe: [Debugger] svchost.exe
    IMEO\TrustWarrior.exe: [Debugger] svchost.exe
    IMEO\tsadbot.exe: [Debugger] svchost.exe
    IMEO\tsc.exe: [Debugger] svchost.exe
    IMEO\tvmd.exe: [Debugger] svchost.exe
    IMEO\tvtmd.exe: [Debugger] svchost.exe
    IMEO\undoboot.exe: [Debugger] svchost.exe
    IMEO\updat.exe: [Debugger] svchost.exe
    IMEO\upgrad.exe: [Debugger] svchost.exe
    IMEO\utpost.exe: [Debugger] svchost.exe
    IMEO\vbcmserv.exe: [Debugger] svchost.exe
    IMEO\vbcons.exe: [Debugger] svchost.exe
    IMEO\vbust.exe: [Debugger] svchost.exe
    IMEO\vbwin9x.exe: [Debugger] svchost.exe
    IMEO\vbwinntw.exe: [Debugger] svchost.exe
    IMEO\vcsetup.exe: [Debugger] svchost.exe
    IMEO\vet32.exe: [Debugger] svchost.exe
    IMEO\vet95.exe: [Debugger] svchost.exe
    IMEO\vettray.exe: [Debugger] svchost.exe
    IMEO\vfsetup.exe: [Debugger] svchost.exe
    IMEO\vir-help.exe: [Debugger] svchost.exe
    IMEO\virusmdpersonalfirewall.exe: [Debugger] svchost.exe
    IMEO\VisthAux.exe: [Debugger] svchost.exe
    IMEO\VisthLic.exe: [Debugger] svchost.exe
    IMEO\VisthUpd.exe: [Debugger] svchost.exe
    IMEO\vnlan300.exe: [Debugger] svchost.exe
    IMEO\vnpc3000.exe: [Debugger] svchost.exe
    IMEO\vpc32.exe: [Debugger] svchost.exe
    IMEO\vpc42.exe: [Debugger] svchost.exe
    IMEO\vpfw30s.exe: [Debugger] svchost.exe
    IMEO\vptray.exe: [Debugger] svchost.exe
    IMEO\vscan40.exe: [Debugger] svchost.exe
    IMEO\vscenu6.02d30.exe: [Debugger] svchost.exe
    IMEO\vsched.exe: [Debugger] svchost.exe
    IMEO\vsecomr.exe: [Debugger] svchost.exe
    IMEO\vshwin32.exe: [Debugger] svchost.exe
    IMEO\vsisetup.exe: [Debugger] svchost.exe
    IMEO\vsmain.exe: [Debugger] svchost.exe
    IMEO\vsmon.exe: [Debugger] svchost.exe
    IMEO\vsstat.exe: [Debugger] svchost.exe
    IMEO\vswin9xe.exe: [Debugger] svchost.exe
    IMEO\vswinntse.exe: [Debugger] svchost.exe
    IMEO\vswinperse.exe: [Debugger] svchost.exe
    IMEO\w32dsm89.exe: [Debugger] svchost.exe
    IMEO\W3asbas.exe: [Debugger] svchost.exe
    IMEO\w9x.exe: [Debugger] svchost.exe
    IMEO\watchdog.exe: [Debugger] svchost.exe
    IMEO\webdav.exe: [Debugger] svchost.exe
    IMEO\WebProxy.exe: [Debugger] svchost.exe
    IMEO\webscanx.exe: [Debugger] svchost.exe
    IMEO\webtrap.exe: [Debugger] svchost.exe
    IMEO\wfindv32.exe: [Debugger] svchost.exe
    IMEO\whoswatchingme.exe: [Debugger] svchost.exe
    IMEO\wimmun32.exe: [Debugger] svchost.exe
    IMEO\win-bugsfix.exe: [Debugger] svchost.exe
    IMEO\win32.exe: [Debugger] svchost.exe
    IMEO\win32us.exe: [Debugger] svchost.exe
    IMEO\winactive.exe: [Debugger] svchost.exe
    IMEO\winav.exe: [Debugger] svchost.exe
    IMEO\windll32.exe: [Debugger] svchost.exe
    IMEO\window.exe: [Debugger] svchost.exe
    IMEO\windows Police Pro.exe: [Debugger] svchost.exe
    IMEO\windows.exe: [Debugger] svchost.exe
    IMEO\wininetd.exe: [Debugger] svchost.exe
    IMEO\wininitx.exe: [Debugger] svchost.exe
    IMEO\winlogin.exe: [Debugger] svchost.exe
    IMEO\winmain.exe: [Debugger] svchost.exe
    IMEO\winppr32.exe: [Debugger] svchost.exe
    IMEO\winrecon.exe: [Debugger] svchost.exe
    IMEO\winservn.exe: [Debugger] svchost.exe
    IMEO\winssk32.exe: [Debugger] svchost.exe
    IMEO\winstart.exe: [Debugger] svchost.exe
    IMEO\winstart001.exe: [Debugger] svchost.exe
    IMEO\wintsk32.exe: [Debugger] svchost.exe
    IMEO\winupdate.exe: [Debugger] svchost.exe
    IMEO\wkufind.exe: [Debugger] svchost.exe
    IMEO\wnad.exe: [Debugger] svchost.exe
    IMEO\wnt.exe: [Debugger] svchost.exe
    IMEO\wradmin.exe: [Debugger] svchost.exe
    IMEO\wrctrl.exe: [Debugger] svchost.exe
    IMEO\wsbgate.exe: [Debugger] svchost.exe
    IMEO\wscfxas.exe: [Debugger] svchost.exe
    IMEO\wscfxav.exe: [Debugger] svchost.exe
    IMEO\wscfxfw.exe: [Debugger] svchost.exe
    IMEO\wsctool.exe: [Debugger] svchost.exe
    IMEO\wupdater.exe: [Debugger] svchost.exe
    IMEO\wupdt.exe: [Debugger] svchost.exe
    IMEO\wyvernworksfirewall.exe: [Debugger] svchost.exe
    IMEO\xpdeluxe.exe: [Debugger] svchost.exe
    IMEO\xpf202en.exe: [Debugger] svchost.exe
    IMEO\xp_antispyware.exe: [Debugger] svchost.exe
    IMEO\zapro.exe: [Debugger] svchost.exe
    IMEO\zapsetup3001.exe: [Debugger] svchost.exe
    IMEO\zatutor.exe: [Debugger] svchost.exe
    IMEO\zonalm2601.exe: [Debugger] svchost.exe
    IMEO\zonealarm.exe: [Debugger] svchost.exe
    IMEO\_avp32.exe: [Debugger] svchost.exe
    IMEO\_avpcc.exe: [Debugger] svchost.exe
    IMEO\_avpm.exe: [Debugger] svchost.exe
    IMEO\~1.exe: [Debugger] svchost.exe
    IMEO\~2.exe: [Debugger] svchost.exe
    Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\Users\Shermqn Cooper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fliptoast.lnk
    ShortcutTarget: fliptoast.lnk -> C:\Program Files (x86)\fliptoast\fliptoast.exe ()

    ==================== Services (Whitelisted) ===================

    3 CACLEARWIRE; "C:\Program Files (x86)\Clearwire\Connection Manager\ConAppsSvc.exe" /n "CACLEARWIRE" [124760 2011-11-22] (SmithMicro Inc.)
    2 clearwireDeviceDiagnosticsService; "C:\Program Files (x86)\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe" [407552 2011-03-29] ()
    3 CLEARWIRERcAppSvc; "C:\Program Files (x86)\Clearwire\Connection Manager\RcAppSvc.exe" /n "CLEARWIRERcAppSvc" [120664 2011-11-22] (SmithMicro Inc.)
    2 HPAuto; "C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe" [682040 2011-02-16] (Hewlett-Packard)
    3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe" [234776 2012-09-05] (McAfee, Inc.)
    2 RealNetworks Downloader Resolver Service; "C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe" [38608 2012-11-29] ()
    2 SMSI Device Launch Service; "C:\Program Files (x86)\Clearwire\Connection Manager\DeviceLaunchSvc.exe" /n "SMSI Device Launch Service" [108376 2011-11-22] ()
    2 WajamUpdater; "C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe" [109064 2012-04-24] (Wajam)
    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [x]

    ==================== Drivers (Whitelisted) =====================

    3 bcm; C:\Windows\System32\DRIVERS\drxvi314_64.sys [382848 2011-10-17] (Beceem communications pvt ltd.)
    3 bcmbusctr; C:\Windows\System32\DRIVERS\BcmBusCtr_64.sys [60416 2011-10-17] (Beceem communications pvt ltd.)
    3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [43032 2010-08-05] (Smith Micro Inc.)
    3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
    3 X6va005; \??\C:\Users\SHERMQ~1\AppData\Local\Temp\005A236.tmp [x]
    3 X6va006; \??\C:\Users\SHERMQ~1\AppData\Local\Temp\0064119.tmp [x]
    3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [x]
    3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x]

    ==================== NetSvcs (Whitelisted) ====================

    ==================== One Month Created Files and Folders ========

    2013-04-05 11:58 - 2013-04-05 11:58 - 00000000 ____D C:\FRST

    ==================== One Month Modified Files and Folders =======

    2013-04-05 11:58 - 2013-04-05 11:58 - 00000000 ____D C:\FRST
    2013-04-05 07:25 - 2011-12-26 01:25 - 01432921 ____A C:\Windows\WindowsUpdate.log
    2013-04-05 07:24 - 2012-07-10 13:08 - 00000412 ____A C:\Windows\Tasks\ActiveMail Chrome Watcher.job
    2013-04-05 07:20 - 2012-02-11 22:09 - 00000944 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-884558749-3894208209-999701670-1001UA.job
    2013-04-05 07:08 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-04-05 07:08 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-04-05 07:04 - 2009-07-13 21:13 - 00742690 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-04-05 07:01 - 2012-07-06 13:07 - 00000396 ____A C:\Windows\Tasks\ActiveMail Updater.job
    2013-04-05 06:59 - 2012-02-20 05:41 - 00000000 ____D C:\Program Files (x86)\Linkury
    2013-04-05 06:58 - 2012-12-30 16:31 - 00113664 ____A (Usip) C:\Users\Shermqn Cooper\AppData\Roaming\_bd_uylzs.exe
    2013-04-05 06:58 - 2012-12-30 16:15 - 00113664 ____A (Usip) C:\Users\Shermqn Cooper\AppData\Local\_bd_uylzs.exe
    2013-04-05 06:57 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-04-05 06:57 - 2009-07-13 20:51 - 00068283 ____A C:\Windows\setupact.log
    2013-04-05 06:53 - 2012-12-30 16:15 - 00113664 ____A (Usip) C:\ProgramData\_bd_uylzs.exe
    2013-03-11 13:19 - 2012-05-18 13:48 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-12-14 03:29:51
    Restore point made on: 2012-12-20 21:51:52
    Restore point made on: 2012-12-22 03:00:58
    Restore point made on: 2012-12-25 08:20:13
    Restore point made on: 2012-12-29 13:38:29
    Restore point made on: 2012-12-31 21:37:38

    ==================== Memory info ===========================

    Percentage of memory in use: 18%
    Total physical RAM: 3690.91 MB
    Available physical RAM: 3016.7 MB
    Total Pagefile: 3689.05 MB
    Available Pagefile: 3005.18 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions =============================

    1 Drive c: () (Fixed) (Total:446.98 GB) (Free:336.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive e: (Recovery) (Fixed) (Total:14.62 GB) (Free:1.62 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive f: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
    5 Drive h: () (Removable) (Total:1.88 GB) (Free:1.88 GB) FAT
    6 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
    7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 0 B
    Disk 1 Online 1928 MB 0 B

    Partitions of Disk 0:

    Disk ID: 27DA6E45

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 199 MB 1024 KB
    Partition 2 Primary 446 GB 200 MB
    Partition 3 Primary 14 GB 447 GB
    Partition 4 Primary 4063 MB 461 GB


    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy


    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 446 GB Healthy


    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E Recovery NTFS Partition 14 GB Healthy


    Disk: 0
    Partition 4
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F HP_TOOLS FAT32 Partition 4063 MB Healthy


    Partitions of Disk 1:

    Disk ID: 00000001

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    * Partition 1 Primary 1928 MB 0 B


    Disk: 1
    There is no partition selected.

    There is no partition selected.
    Please select a partition and try again.

    ============================== MBR Partition Table ==================

    Partitions of Disk 0:
    Disk ID: 27DA6E45

    Partition 1:
    Hex: 80202100077E25190008000000380600
    Active: YES
    Type: 07 (NTFS)
    Size: 199 MB

    Partition 2:
    Hex: 007E261907FEFFFF004006000060DF37
    Active: NO
    Type: 07 (NTFS)
    Size: 447 GB

    Partition 3:
    Hex: 00FEFFFF07FEFFFF00A0E53700C0D301
    Active: NO
    Type: 07 (NTFS)
    Size: 15 GB

    Partition 4:
    Hex: 00FEFFFF0CFEFFFF0060B93930F87E00
    Active: NO
    Type: 0C
    Size: 4 GB

    Partitions of Disk 1:
    Disk ID: 6B736964

    Partition 1:
    Hex: 616E64207468656E2070726573732061
    Active: NO
    Type: 74
    Size: 777 GB

    Partition 2:
    Hex: 6E79206B65790D0A0000494F20202020
    Active: NO
    Type: 65
    Size: 257 GB

    Partition 3:
    Hex: 20205359534D53444F53202020535953
    Active: NO
    Type: 53
    Size: 667 GB

    Partition 4:
    Hex: 7F010041BB0007807E020EE940FF0000
    Active: NO
    Type: BB
    Size: 32 MB

    Last Boot: 2013-01-06 11:51

    ==================== End Of Log =============================

  8. #8
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    The Tundra



    Lets proceed as follows shall we...

    Custom FRST Script:

    Please download the attached fixlist.txt(see below) and save it to your flash drive.

    • Now please enter System Recovery Options on the infected machine again and then select Command Prompt.
    • Run FRST64 again as outlined in my prior post and then press the Fix button just once and wait.
    • The tool will make a log on the flashdrive (Fixlog.txt). Please copy and paste the contents of the aforementioned notepad file in your next reply
    • Reboot the machine back into Normal Mode.

    Note: This above custom script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

    Download/Run ComboFix:

    Please visit this webpage for download links, and instructions for running the tool:

    How to use ComboFix

    * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    Please include the C:\ComboFix.txt in your next reply for further review.

    Note: If ComboFix detects Rootkit activity and asks to reboot the system, please allow this to be done.

    If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer.

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
    This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a trained Anti-Malware helper.


    When completed the above, please post back the following in the order asked for:

    • How is the computer performing now, any other symptoms and or problems encountered?
    • New FRST Log
    • ComboFix Log.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  9. #9
    Senior Member
    Join Date
    Jan 2009

    Default Hello

    Hi...I did as you instructed but nothing is happening..It has been over an hour and the computer just sits. Should there be something to show that it is working?

  10. #10
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    The Tundra


    Please elaborate for myself...

    Do you mean this has occurred after running the Custom FRST Script or ComboFix ?
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts