Radio Just Randomly comes ON!!

Spartan73 · May 10, 2008

Hi guys please help - I Installed Vista Ultimate - and 2 weeks later - what seems to be american radio stations just randomly start blasting through my speakers for about 5 secs and then stops. Happens 2 times a day normaly and i'm really freaked out! :(:(:(:(:( - Tried Anti Virusing - ad aware - spybot and they are all clean - there was some malware but thats been removed - and still radio gaga!!!

Anyone have any ides pleeeease?

:D

May 10, 2008

Hello Spartan

Welcome to Extreme Tech Support - Free PC Help

AdAware and Spybot are a bit long in the tooth now and are not the programs they once were.

We'd like to find out if your system may still contain Malware.

Follow the instructions below please.

Malware is software designed to infiltrate or damage a computer system without the owner's informed consent.
It is a combination of the words malicious and software.
The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.

Required Cleanup Steps
1. Disable the Spybot Search & Destroy TEA TIMER if enabled
2. Run a Temporary file and cache cleaner (ATF)
3. Run 2 Anti-Malware scanners
4. Run an Online Anti-Virus / Anti-Malware Scanner
5. Clear out old System Restore points
6. If continued Malware type activity is present you may be asked to post a TrendMicro™ HijackThis™ Log file

The reason to run multiple scanners is to ensure that no single scanner is missing something.

The time it takes will vary depending on your system and your internet connection speed.

Typically the SUPERAntiSpyware and Malwarebytes scanners will take between 10 to 90 minutes.

The ESET online scan should take between 1 to 3 hours.

In most cases, these scans will suffice to clean and disinfect your computer.

Heavily infected systems or slower PCs can take much longer to scan and clean.

For best results print the following instructions and bookmark this Web page

To keep this guide printer-friendly, use your cursor to highlight the contents below.

From your browser select File - Print and in the printer dialog box under "Print range"

click the

Selection

choice to print out these instructions for removal of malware.

http://kixhelp.com/wr/images-freepchelp/printer-selection.gif

__________________________________________________

STEP 1

Disable Spybot Search & Destroys' TEA TIMER: (if installed)
1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

__________________________________________________

STEP 2

Follow these instructions carefully.
Download ATF-Cleaner from
Snapfiles.com
to remove un-needed temporary files from your computer that may contain malware.
You can also download it from
Majorgeeks.com
When you run ATF-Cleaner, check the items as shown below for Main.
For FireFox, be sure to click on the FireFox tab on top and check the items as shown below for FireFox
NOTE:
If you don't have FireFox or Opera installed then they will be grayed out and can be ignored
Then click on "Empty Selected".

http://kixhelp.com/wr/images-freepchelp/atf-cleaner01.gif

.

http://kixhelp.com/wr/images-freepchelp/atf-cleaner02.gif

__________________________________________________

STEP 3

Install and run the free version (not the Professional version) of SUPERAntiSpyware from
SUPERAntiSpyware.com
- Accept any prompts to allow SUPERAntiSpyware to install the latest rules and infection definition files.
- You do not have to send them your e-mail address, just click next.
- You can leave the automated check for updates on.
- You can uncheck "Send a diagnostic report to research center" if you don't want to send the information.
- DO NOT
  allow SUPERAntiSpyware to protect your Home Page settings.
- On the
  Top Left
  select the
  Scan your computer
  button.
- Make sure there is a CHECK MARK on all
  Fixed Drives
  .
- Click "Perform a Complete Scan". Click "Next" to Repair issues found and reboot the computer when prompted to do so.

__________________________________________________

STEP 4

Install and run
Malwarebytes' Anti-Malware
from
Malwarebytes - (direct download)
- Accept all defaults for the installer
- Allow the program to update the definitions
- Click on the
  Quick Scan
  and click Next.
- If any items are found allow it to clean them and then Reboot your computer.

__________________________________________________

STEP 5

Run an online scan with ESET from
Free Virus Scan: Use ESET's Online Antivirus Scanner
- You
  must
  use Internet Explorer for this online scan. FireFox, Opera, etc will not work for this scan.
- Accept the terms and click "Start".
- Once the scanner is ready, check "Remove found threats" AND "Scan unwanted applications".
- Click "Start" to begin the scan.
- When completed restart your computer

__________________________________________________

Make sure your internet firewall security is enabled, and then please return to Extreme Tech Support - Free PC Help and tell us how the computer seems to be operating.

At that time, you will receive instructions to assist you in removing malicious programs from your Add/Remove program list if warranted.

If required this is the download link for TrendMicro™ HijackThis™

Unless instructed to by the Technician helping you then do not download this tool.

Once you and the Technician agree that your system appears to be clean then you should delete all your System Restore points and recreate a new one.

Please follow the instructions here

How to turn off and turn on System Restore in Windows XP

How to turn off and turn on System Restore in Windows Vista

Spartan73 · May 10, 2008

Wolfey -

Thanks I will try the above and let you know.

Probably Be in the next day or 2 so if you could look out that'd be great!

Thank you!

Spart:D

Spartan73 · May 18, 2008

Wolf HI Again -

Tried all of the above bar the online scanner - it keeps saying It needs Administrative rights to proceed - even though I'm logged in as the administrator. Hmmm

The malware detected some more items, and removed them etc, and I had hoped that solved my problem,bet then my whole pc woouldnt reboot - and was missing a file so i had to repair using the vista disc....

I thought that did it! till about an hour ago, where whats seemed to be a barrage of radio clips came through my speakers. I think these clips could even be recordings, as they are starting to sound familiar, and also one or 2 british voices, indicating the possibility that they may be uk stations. Last time it happened I opened task manager to see what was running, but I couldnt see anything before it stopped.

Im trying Housecall online scanner - seems to be working so far

Anything else I should try as the two malware programs didnt seem to do much...

Thanks loads for your help.

Spartan

Edited May 18, 2008 by Spartan73

maynardvdm · May 18, 2008

Hi

Right-click on the file for those programs and select "Run as Administrator".

Spartan73 · May 18, 2008

Hi

Right-click on the file for those programs and select "Run as Administrator".

Hi Thanks for the advice but I dont think it will work, as it is a browser based online virus scanner, and will not show files as such. They are ( I guess ) embeded in Internet explorer.

:)

:rolleyes:

I woke up this morning to find my PC off - after perhaps a scan by housecall - on rebooting, I was prompted to start using safe mode etc....

Im going nowhere fast, and rubbish is still making me jump out of my skin when it randomly decides to play!

:mad:

maynardvdm · May 18, 2008

Hi

Download Hijack This in the link in post #2. Then do a scan only and save log file. Then copy and paste that log here.

Spartan73 · May 18, 2008

Hi

Download Hijack This in the link in post #2. Then do a scan only and save log file. Then copy and paste that log here.

OK - Thanks will do

Im considering re intallation,as theyre isnt much to back up :confused:

:rolleyes:

Spartan73 · May 18, 2008

Hi

Download Hijack This in the link in post #2. Then do a scan only and save log file. Then copy and paste that log here.

Here goes - chinese to me. :)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:36:54, on 18/05/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Users\cunb3w\Program Files\DNA\btdna.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Sky.com - Home

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [iMON] C:\Program Files\SOUNDGRAPH\iMON\iMON.exe /startup

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [McRegWiz] C:\Program Files\McAfee.com\Agent\mcregwiz.exe /autorun

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\RunServices: [McShld9x] C:\Program Files\McAfee.com\VSO\mcshld9x.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Users\cunb3w\Program Files\DNA\btdna.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O13 - Gopher Prefix:

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\Windows\system32\afinding.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\Windows\system32\perfmonss.exe

O23 - Service: Routing Service (Routing) - Unknown owner - C:\Windows\system32\routing.exe

O23 - Service: WServing Service (WServing) - Unknown owner - C:\Windows\system32\wserving.exe (file missing)

O23 - Service: WUSB54GSv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--

End of file - 9265 bytes

RandyL · May 19, 2008

Your system is still infected. Quite honestly the malware removal process should have cleaned it even without the Eset scan. Malwarebytes and SuperAntiSpyware are two of the best programs to be found. Then your problem returned after running a Vista repair.

Where did you obtain Vista?

Did you let malwarebytes clean everything it found?

Did you let SuperAntispyware clean everything it found?

Did you remove the Restore points after cleaning?

Spartan73 · May 19, 2008

Your system is still infected. Quite honestly the malware removal process should have cleaned it even without the Eset scan. Malwarebytes and SuperAntiSpyware are two of the best programs to be found. Then your problem returned after running a Vista repair.

Where did you obtain Vista?
Did you let malwarebytes clean everything it found?
Did you let SuperAntispyware clean everything it found?
Did you remove the Restore points after cleaning?

Bought Vista from Overclockers

cleaned everything - but i didnt remove the restore points.

will try it all again today - with removing restore points

thanks

:)

RandyL · May 19, 2008

I would try that Spartan as Trojans can reside there and re-install from there. It seems you have them too. It's very important that you follow the guide as closely as you can.

Good luck and get back to us please.

Spartan73 · May 19, 2008

Your system is still infected. Quite honestly the malware removal process should have cleaned it even without the Eset scan. Malwarebytes and SuperAntiSpyware are two of the best programs to be found. Then your problem returned after running a Vista repair.

Where did you obtain Vista?
Did you let malwarebytes clean everything it found?
Did you let SuperAntispyware clean everything it found?
Did you remove the Restore points after cleaning?

I Bougfht Vista from overclockers.co.uk -

I thought it cleaned them but obviously not. I cannot remember removing restore points so I am doing it all again. I am going to remove Spybot aswell, as it keeps popping up with threats etc, and has caused me a crash.

The sound is deffinately recordings of tv or radio shows, and theyre being repeated in some sort of sequence. Its driving me nuts LOL.

Just running SAS again - and there is 42 threats so far - eeeeek

Thanks for your help guys...

:rolleyes:

Spartan73 · May 19, 2008

Your system is still infected. Quite honestly the malware removal process should have cleaned it even without the Eset scan. Malwarebytes and SuperAntiSpyware are two of the best programs to be found. Then your problem returned after running a Vista repair.

Where did you obtain Vista?
Did you let malwarebytes clean everything it found?
Did you let SuperAntispyware clean everything it found?
Did you remove the Restore points after cleaning?

Hi

I bought Vista From Overclockers.

I didnt remove the restore points. But I ran everything again, and a lot of malware was still present. And on rebooting, I had to do a windows repair, or Vista wouldnt start.

I did evrything and deleted retore points except very recent ones, and there is still malware in the PC.

:(

Edited May 19, 2008 by Spartan73

RandyL · May 19, 2008

Did you disable System Restore via this method?

How to turn off and turn on System Restore in Windows Vista

Spartan73 · May 27, 2008

Hi Guys

Sorry in the delay with this post, family and work commitments have kept me pretty tied up lately.

I appreciate all your help!

Right – getting somehwere removing this Malware, and the random noise seems to have stopped. :D

I started right from the beginning. just after i uninstalled AVG and Spybot.

This is what I have done – hopefully correctly this time :

Turned off System Restore ( yes as described above )

Ran ATF Cleaner as described

Ran SAS again, and again same result.

10 Unclassified Oreans.32

clicked Next and removed them!

Rebooted Pc - and started OK

Ran Malware and it came up CLEAN!

No Trojan BHO showing this time. YIPEE! It didnt ask me to reboot, but i did anyway, just to see if i was still getting a ci.dll error afterwards. - PC Booted OK - Yeeha.

Then I worked out how to run IE as administrator ( doh ) and managed and online scan with ESET - That also came up clean!

Turned ON System Restore

Well chuffed! However, i thought i'd double check ( as you do ) and restarted SAS and the same Unclassified Oreans.32 were still there. Are these " friendly bacteria " or something? When SAS was deleting them, i noticed something saying LEGACY oreans etc....

ALSO - when rebooting my PC - there are 5 internet ( user ) accounts as well as my User account to log into.... They appeared from nowhere lol. DO i remove these manually?

PC seems to be running much better now, but those Oreans are bugging me.

Here is a HTL - all chinese to me, but any feedback would be great!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:19:03, on 27/05/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Users\cunb3w\Program Files\DNA\btdna.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Adobe\Photoshop CS\Photoshop.exe